xref: /php-src/ext/standard/http_fopen_wrapper.c (revision 1cf98db4)
1 /*
2    +----------------------------------------------------------------------+
3    | Copyright (c) The PHP Group                                          |
4    +----------------------------------------------------------------------+
5    | This source file is subject to version 3.01 of the PHP license,      |
6    | that is bundled with this package in the file LICENSE, and is        |
7    | available through the world-wide-web at the following url:           |
8    | https://www.php.net/license/3_01.txt                                 |
9    | If you did not receive a copy of the PHP license and are unable to   |
10    | obtain it through the world-wide-web, please send a note to          |
11    | license@php.net so we can mail you a copy immediately.               |
12    +----------------------------------------------------------------------+
13    | Authors: Rasmus Lerdorf <rasmus@php.net>                             |
14    |          Jim Winstead <jimw@php.net>                                 |
15    |          Hartmut Holzgraefe <hholzgra@php.net>                       |
16    |          Wez Furlong <wez@thebrainroom.com>                          |
17    |          Sara Golemon <pollita@php.net>                              |
18    +----------------------------------------------------------------------+
19  */
20 
21 #include "php.h"
22 #include "php_globals.h"
23 #include "php_streams.h"
24 #include "php_network.h"
25 #include "php_ini.h"
26 #include "ext/standard/basic_functions.h"
27 #include "zend_smart_str.h"
28 
29 #include <stdio.h>
30 #include <stdlib.h>
31 #include <errno.h>
32 #include <sys/types.h>
33 #include <sys/stat.h>
34 #include <fcntl.h>
35 
36 #ifdef PHP_WIN32
37 #define O_RDONLY _O_RDONLY
38 #include "win32/param.h"
39 #else
40 #include <sys/param.h>
41 #endif
42 
43 #include "php_standard.h"
44 
45 #include <sys/types.h>
46 #ifdef HAVE_SYS_SOCKET_H
47 #include <sys/socket.h>
48 #endif
49 
50 #ifdef PHP_WIN32
51 #include <winsock2.h>
52 #else
53 #include <netinet/in.h>
54 #include <netdb.h>
55 #ifdef HAVE_ARPA_INET_H
56 #include <arpa/inet.h>
57 #endif
58 #endif
59 
60 #if defined(PHP_WIN32) || defined(__riscos__)
61 #undef AF_UNIX
62 #endif
63 
64 #if defined(AF_UNIX)
65 #include <sys/un.h>
66 #endif
67 
68 #include "php_fopen_wrappers.h"
69 
70 #define HTTP_HEADER_BLOCK_SIZE		1024
71 #define PHP_URL_REDIRECT_MAX		20
72 #define HTTP_HEADER_USER_AGENT		1
73 #define HTTP_HEADER_HOST			2
74 #define HTTP_HEADER_AUTH			4
75 #define HTTP_HEADER_FROM			8
76 #define HTTP_HEADER_CONTENT_LENGTH	16
77 #define HTTP_HEADER_TYPE			32
78 #define HTTP_HEADER_CONNECTION		64
79 
80 #define HTTP_WRAPPER_HEADER_INIT    1
81 #define HTTP_WRAPPER_REDIRECTED     2
82 #define HTTP_WRAPPER_KEEP_METHOD    4
83 
strip_header(char * header_bag,char * lc_header_bag,const char * lc_header_name)84 static inline void strip_header(char *header_bag, char *lc_header_bag,
85 		const char *lc_header_name)
86 {
87 	char *lc_header_start = strstr(lc_header_bag, lc_header_name);
88 	if (lc_header_start
89 	&& (lc_header_start == lc_header_bag || *(lc_header_start-1) == '\n')
90 	) {
91 		char *header_start = header_bag + (lc_header_start - lc_header_bag);
92 		char *lc_eol = strchr(lc_header_start, '\n');
93 
94 		if (lc_eol) {
95 			char *eol = header_start + (lc_eol - lc_header_start);
96 			size_t eollen = strlen(lc_eol);
97 
98 			memmove(lc_header_start, lc_eol+1, eollen);
99 			memmove(header_start, eol+1, eollen);
100 		} else {
101 			*lc_header_start = '\0';
102 			*header_start = '\0';
103 		}
104 	}
105 }
106 
check_has_header(const char * headers,const char * header)107 static bool check_has_header(const char *headers, const char *header) {
108 	const char *s = headers;
109 	while ((s = strstr(s, header))) {
110 		if (s == headers || *(s-1) == '\n') {
111 			return 1;
112 		}
113 		s++;
114 	}
115 	return 0;
116 }
117 
php_stream_handle_proxy_authorization_header(const char * s,smart_str * header)118 static zend_result php_stream_handle_proxy_authorization_header(const char *s, smart_str *header)
119 {
120 	const char *p;
121 
122 	do {
123 		while (*s == ' ' || *s == '\t') s++;
124 		p = s;
125 		while (*p != 0 && *p != ':' && *p != '\r' && *p !='\n') p++;
126 		if (*p == ':') {
127 			p++;
128 			if (p - s == sizeof("Proxy-Authorization:") - 1 &&
129 				zend_binary_strcasecmp(s, sizeof("Proxy-Authorization:") - 1,
130 									   "Proxy-Authorization:", sizeof("Proxy-Authorization:") - 1) == 0) {
131 				while (*p != 0 && *p != '\r' && *p !='\n') p++;
132 				smart_str_appendl(header, s, p - s);
133 				smart_str_appendl(header, "\r\n", sizeof("\r\n")-1);
134 				return SUCCESS;
135 			} else {
136 				while (*p != 0 && *p != '\r' && *p !='\n') p++;
137 			}
138 		}
139 		s = p;
140 		while (*s == '\r' || *s == '\n') s++;
141 	} while (*s != 0);
142 
143 	return FAILURE;
144 }
145 
php_stream_url_wrap_http_ex(php_stream_wrapper * wrapper,const char * path,const char * mode,int options,zend_string ** opened_path,php_stream_context * context,int redirect_max,int flags,zval * response_header STREAMS_DC)146 static php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper *wrapper,
147 		const char *path, const char *mode, int options, zend_string **opened_path,
148 		php_stream_context *context, int redirect_max, int flags,
149 		zval *response_header STREAMS_DC) /* {{{ */
150 {
151 	php_stream *stream = NULL;
152 	php_url *resource = NULL;
153 	int use_ssl;
154 	int use_proxy = 0;
155 	zend_string *tmp = NULL;
156 	char *ua_str = NULL;
157 	zval *ua_zval = NULL, *tmpzval = NULL, ssl_proxy_peer_name;
158 	char location[HTTP_HEADER_BLOCK_SIZE];
159 	int reqok = 0;
160 	char *http_header_line = NULL;
161 	char tmp_line[128];
162 	size_t chunk_size = 0, file_size = 0;
163 	int eol_detect = 0;
164 	zend_string *transport_string;
165 	zend_string *errstr = NULL;
166 	int have_header = 0;
167 	bool request_fulluri = false, ignore_errors = false;
168 	struct timeval timeout;
169 	char *user_headers = NULL;
170 	int header_init = ((flags & HTTP_WRAPPER_HEADER_INIT) != 0);
171 	int redirected = ((flags & HTTP_WRAPPER_REDIRECTED) != 0);
172 	int redirect_keep_method = ((flags & HTTP_WRAPPER_KEEP_METHOD) != 0);
173 	bool follow_location = 1;
174 	php_stream_filter *transfer_encoding = NULL;
175 	int response_code;
176 	smart_str req_buf = {0};
177 	bool custom_request_method;
178 
179 	tmp_line[0] = '\0';
180 
181 	if (redirect_max < 1) {
182 		php_stream_wrapper_log_error(wrapper, options, "Redirection limit reached, aborting");
183 		return NULL;
184 	}
185 
186 	resource = php_url_parse(path);
187 	if (resource == NULL) {
188 		return NULL;
189 	}
190 
191 	ZEND_ASSERT(resource->scheme);
192 	if (!zend_string_equals_literal_ci(resource->scheme, "http") &&
193 		!zend_string_equals_literal_ci(resource->scheme, "https")) {
194 		if (!context ||
195 			(tmpzval = php_stream_context_get_option(context, wrapper->wops->label, "proxy")) == NULL ||
196 			Z_TYPE_P(tmpzval) != IS_STRING ||
197 			Z_STRLEN_P(tmpzval) == 0) {
198 			php_url_free(resource);
199 			return php_stream_open_wrapper_ex(path, mode, REPORT_ERRORS, NULL, context);
200 		}
201 		/* Called from a non-http wrapper with http proxying requested (i.e. ftp) */
202 		request_fulluri = true;
203 		use_ssl = 0;
204 		use_proxy = 1;
205 		transport_string = zend_string_copy(Z_STR_P(tmpzval));
206 	} else {
207 		/* Normal http request (possibly with proxy) */
208 
209 		if (strpbrk(mode, "awx+")) {
210 			php_stream_wrapper_log_error(wrapper, options, "HTTP wrapper does not support writeable connections");
211 			php_url_free(resource);
212 			return NULL;
213 		}
214 
215 		use_ssl = (ZSTR_LEN(resource->scheme) > 4) && ZSTR_VAL(resource->scheme)[4] == 's';
216 		/* choose default ports */
217 		if (use_ssl && resource->port == 0)
218 			resource->port = 443;
219 		else if (resource->port == 0)
220 			resource->port = 80;
221 
222 		if (context &&
223 			(tmpzval = php_stream_context_get_option(context, wrapper->wops->label, "proxy")) != NULL &&
224 			Z_TYPE_P(tmpzval) == IS_STRING &&
225 			Z_STRLEN_P(tmpzval) > 0) {
226 			use_proxy = 1;
227 			transport_string = zend_string_copy(Z_STR_P(tmpzval));
228 		} else {
229 			transport_string = zend_strpprintf(0, "%s://%s:%d", use_ssl ? "ssl" : "tcp", ZSTR_VAL(resource->host), resource->port);
230 		}
231 	}
232 
233 	if (context && (tmpzval = php_stream_context_get_option(context, wrapper->wops->label, "timeout")) != NULL) {
234 		double d = zval_get_double(tmpzval);
235 #ifndef PHP_WIN32
236 		timeout.tv_sec = (time_t) d;
237 		timeout.tv_usec = (size_t) ((d - timeout.tv_sec) * 1000000);
238 #else
239 		timeout.tv_sec = (long) d;
240 		timeout.tv_usec = (long) ((d - timeout.tv_sec) * 1000000);
241 #endif
242 	} else {
243 #ifndef PHP_WIN32
244 		timeout.tv_sec = FG(default_socket_timeout);
245 #else
246 		timeout.tv_sec = (long)FG(default_socket_timeout);
247 #endif
248 		timeout.tv_usec = 0;
249 	}
250 
251 	stream = php_stream_xport_create(ZSTR_VAL(transport_string), ZSTR_LEN(transport_string), options,
252 			STREAM_XPORT_CLIENT | STREAM_XPORT_CONNECT,
253 			NULL, &timeout, context, &errstr, NULL);
254 
255 	if (stream) {
256 		php_stream_set_option(stream, PHP_STREAM_OPTION_READ_TIMEOUT, 0, &timeout);
257 	}
258 
259 	if (errstr) {
260 		php_stream_wrapper_log_error(wrapper, options, "%s", ZSTR_VAL(errstr));
261 		zend_string_release_ex(errstr, 0);
262 		errstr = NULL;
263 	}
264 
265 	zend_string_release(transport_string);
266 
267 	if (stream && use_proxy && use_ssl) {
268 		smart_str header = {0};
269 
270 		/* Set peer_name or name verification will try to use the proxy server name */
271 		if (!context || (tmpzval = php_stream_context_get_option(context, "ssl", "peer_name")) == NULL) {
272 			ZVAL_STR_COPY(&ssl_proxy_peer_name, resource->host);
273 			php_stream_context_set_option(PHP_STREAM_CONTEXT(stream), "ssl", "peer_name", &ssl_proxy_peer_name);
274 			zval_ptr_dtor(&ssl_proxy_peer_name);
275 		}
276 
277 		smart_str_appendl(&header, "CONNECT ", sizeof("CONNECT ")-1);
278 		smart_str_appends(&header, ZSTR_VAL(resource->host));
279 		smart_str_appendc(&header, ':');
280 		smart_str_append_unsigned(&header, resource->port);
281 		smart_str_appendl(&header, " HTTP/1.0\r\n", sizeof(" HTTP/1.0\r\n")-1);
282 
283 	    /* check if we have Proxy-Authorization header */
284 		if (context && (tmpzval = php_stream_context_get_option(context, "http", "header")) != NULL) {
285 			const char *s;
286 
287 			if (Z_TYPE_P(tmpzval) == IS_ARRAY) {
288 				zval *tmpheader = NULL;
289 
290 				ZEND_HASH_FOREACH_VAL(Z_ARRVAL_P(tmpzval), tmpheader) {
291 					if (Z_TYPE_P(tmpheader) == IS_STRING) {
292 						s = Z_STRVAL_P(tmpheader);
293 						if (php_stream_handle_proxy_authorization_header(s, &header) == SUCCESS) {
294 							goto finish;
295 						}
296 					}
297 				} ZEND_HASH_FOREACH_END();
298 			} else if (Z_TYPE_P(tmpzval) == IS_STRING && Z_STRLEN_P(tmpzval)) {
299 				s = Z_STRVAL_P(tmpzval);
300 				if (php_stream_handle_proxy_authorization_header(s, &header) == SUCCESS) {
301 					goto finish;
302 				}
303 			}
304 		}
305 finish:
306 		smart_str_appendl(&header, "\r\n", sizeof("\r\n")-1);
307 
308 		if (php_stream_write(stream, ZSTR_VAL(header.s), ZSTR_LEN(header.s)) != ZSTR_LEN(header.s)) {
309 			php_stream_wrapper_log_error(wrapper, options, "Cannot connect to HTTPS server through proxy");
310 			php_stream_close(stream);
311 			stream = NULL;
312 		}
313 		smart_str_free(&header);
314 
315 		if (stream) {
316 			char header_line[HTTP_HEADER_BLOCK_SIZE];
317 
318 			/* get response header */
319 			while (php_stream_gets(stream, header_line, HTTP_HEADER_BLOCK_SIZE-1) != NULL) {
320 				if (header_line[0] == '\n' ||
321 				    header_line[0] == '\r' ||
322 				    header_line[0] == '\0') {
323 				  break;
324 				}
325 			}
326 		}
327 
328 		/* enable SSL transport layer */
329 		if (stream) {
330 			if (php_stream_xport_crypto_setup(stream, STREAM_CRYPTO_METHOD_SSLv23_CLIENT, NULL) < 0 ||
331 			    php_stream_xport_crypto_enable(stream, 1) < 0) {
332 				php_stream_wrapper_log_error(wrapper, options, "Cannot connect to HTTPS server through proxy");
333 				php_stream_close(stream);
334 				stream = NULL;
335 			}
336 		}
337 	}
338 
339 	if (stream == NULL)
340 		goto out;
341 
342 	/* avoid buffering issues while reading header */
343 	if (options & STREAM_WILL_CAST)
344 		chunk_size = php_stream_set_chunk_size(stream, 1);
345 
346 	/* avoid problems with auto-detecting when reading the headers -> the headers
347 	 * are always in canonical \r\n format */
348 	eol_detect = stream->flags & (PHP_STREAM_FLAG_DETECT_EOL | PHP_STREAM_FLAG_EOL_MAC);
349 	stream->flags &= ~(PHP_STREAM_FLAG_DETECT_EOL | PHP_STREAM_FLAG_EOL_MAC);
350 
351 	php_stream_context_set(stream, context);
352 
353 	php_stream_notify_info(context, PHP_STREAM_NOTIFY_CONNECT, NULL, 0);
354 
355 	if (header_init && context && (tmpzval = php_stream_context_get_option(context, "http", "max_redirects")) != NULL) {
356 		redirect_max = (int)zval_get_long(tmpzval);
357 	}
358 
359 	custom_request_method = 0;
360 	if (context && (tmpzval = php_stream_context_get_option(context, "http", "method")) != NULL) {
361 		if (Z_TYPE_P(tmpzval) == IS_STRING && Z_STRLEN_P(tmpzval) > 0) {
362 			/* As per the RFC, automatically redirected requests MUST NOT use other methods than
363 			 * GET and HEAD unless it can be confirmed by the user. */
364 			if (!redirected || redirect_keep_method
365 				|| zend_string_equals_literal(Z_STR_P(tmpzval), "GET")
366 				|| zend_string_equals_literal(Z_STR_P(tmpzval), "HEAD")
367 			) {
368 				custom_request_method = 1;
369 				smart_str_append(&req_buf, Z_STR_P(tmpzval));
370 				smart_str_appendc(&req_buf, ' ');
371 			}
372 		}
373 	}
374 
375 	if (!custom_request_method) {
376 		smart_str_appends(&req_buf, "GET ");
377 	}
378 
379 	/* Should we send the entire path in the request line, default to no. */
380 	if (!request_fulluri && context &&
381 		(tmpzval = php_stream_context_get_option(context, "http", "request_fulluri")) != NULL) {
382 		request_fulluri = zend_is_true(tmpzval);
383 	}
384 
385 	if (request_fulluri) {
386 		/* Ask for everything */
387 		smart_str_appends(&req_buf, path);
388 	} else {
389 		/* Send the traditional /path/to/file?query_string */
390 
391 		/* file */
392 		if (resource->path && ZSTR_LEN(resource->path)) {
393 			smart_str_appends(&req_buf, ZSTR_VAL(resource->path));
394 		} else {
395 			smart_str_appendc(&req_buf, '/');
396 		}
397 
398 		/* query string */
399 		if (resource->query) {
400 			smart_str_appendc(&req_buf, '?');
401 			smart_str_appends(&req_buf, ZSTR_VAL(resource->query));
402 		}
403 	}
404 
405 	/* protocol version we are speaking */
406 	if (context && (tmpzval = php_stream_context_get_option(context, "http", "protocol_version")) != NULL) {
407 		char *protocol_version;
408 		spprintf(&protocol_version, 0, "%.1F", zval_get_double(tmpzval));
409 
410 		smart_str_appends(&req_buf, " HTTP/");
411 		smart_str_appends(&req_buf, protocol_version);
412 		smart_str_appends(&req_buf, "\r\n");
413 		efree(protocol_version);
414 	} else {
415 		smart_str_appends(&req_buf, " HTTP/1.1\r\n");
416 	}
417 
418 	if (context && (tmpzval = php_stream_context_get_option(context, "http", "header")) != NULL) {
419 		tmp = NULL;
420 
421 		if (Z_TYPE_P(tmpzval) == IS_ARRAY) {
422 			zval *tmpheader = NULL;
423 			smart_str tmpstr = {0};
424 
425 			ZEND_HASH_FOREACH_VAL(Z_ARRVAL_P(tmpzval), tmpheader) {
426 				if (Z_TYPE_P(tmpheader) == IS_STRING) {
427 					smart_str_append(&tmpstr, Z_STR_P(tmpheader));
428 					smart_str_appendl(&tmpstr, "\r\n", sizeof("\r\n") - 1);
429 				}
430 			} ZEND_HASH_FOREACH_END();
431 			smart_str_0(&tmpstr);
432 			/* Remove newlines and spaces from start and end. there's at least one extra \r\n at the end that needs to go. */
433 			if (tmpstr.s) {
434 				tmp = php_trim(tmpstr.s, NULL, 0, 3);
435 				smart_str_free(&tmpstr);
436 			}
437 		} else if (Z_TYPE_P(tmpzval) == IS_STRING && Z_STRLEN_P(tmpzval)) {
438 			/* Remove newlines and spaces from start and end php_trim will estrndup() */
439 			tmp = php_trim(Z_STR_P(tmpzval), NULL, 0, 3);
440 		}
441 		if (tmp && ZSTR_LEN(tmp)) {
442 			char *s;
443 			char *t;
444 
445 			user_headers = estrndup(ZSTR_VAL(tmp), ZSTR_LEN(tmp));
446 
447 			if (ZSTR_IS_INTERNED(tmp)) {
448 				tmp = zend_string_init(ZSTR_VAL(tmp), ZSTR_LEN(tmp), 0);
449 			} else if (GC_REFCOUNT(tmp) > 1) {
450 				GC_DELREF(tmp);
451 				tmp = zend_string_init(ZSTR_VAL(tmp), ZSTR_LEN(tmp), 0);
452 			}
453 
454 			/* Make lowercase for easy comparison against 'standard' headers */
455 			zend_str_tolower(ZSTR_VAL(tmp), ZSTR_LEN(tmp));
456 			t = ZSTR_VAL(tmp);
457 
458 			if (!header_init && !redirect_keep_method) {
459 				/* strip POST headers on redirect */
460 				strip_header(user_headers, t, "content-length:");
461 				strip_header(user_headers, t, "content-type:");
462 			}
463 
464 			if (check_has_header(t, "user-agent:")) {
465 				have_header |= HTTP_HEADER_USER_AGENT;
466 			}
467 			if (check_has_header(t, "host:")) {
468 				have_header |= HTTP_HEADER_HOST;
469 			}
470 			if (check_has_header(t, "from:")) {
471 				have_header |= HTTP_HEADER_FROM;
472 			}
473 			if (check_has_header(t, "authorization:")) {
474 				have_header |= HTTP_HEADER_AUTH;
475 			}
476 			if (check_has_header(t, "content-length:")) {
477 				have_header |= HTTP_HEADER_CONTENT_LENGTH;
478 			}
479 			if (check_has_header(t, "content-type:")) {
480 				have_header |= HTTP_HEADER_TYPE;
481 			}
482 			if (check_has_header(t, "connection:")) {
483 				have_header |= HTTP_HEADER_CONNECTION;
484 			}
485 
486 			/* remove Proxy-Authorization header */
487 			if (use_proxy && use_ssl && (s = strstr(t, "proxy-authorization:")) &&
488 			    (s == t || *(s-1) == '\n')) {
489 				char *p = s + sizeof("proxy-authorization:") - 1;
490 
491 				while (s > t && (*(s-1) == ' ' || *(s-1) == '\t')) s--;
492 				while (*p != 0 && *p != '\r' && *p != '\n') p++;
493 				while (*p == '\r' || *p == '\n') p++;
494 				if (*p == 0) {
495 					if (s == t) {
496 						efree(user_headers);
497 						user_headers = NULL;
498 					} else {
499 						while (s > t && (*(s-1) == '\r' || *(s-1) == '\n')) s--;
500 						user_headers[s - t] = 0;
501 					}
502 				} else {
503 					memmove(user_headers + (s - t), user_headers + (p - t), strlen(p) + 1);
504 				}
505 			}
506 
507 		}
508 		if (tmp) {
509 			zend_string_release_ex(tmp, 0);
510 		}
511 	}
512 
513 	/* auth header if it was specified */
514 	if (((have_header & HTTP_HEADER_AUTH) == 0) && resource->user) {
515 		/* make scratch large enough to hold the whole URL (over-estimate) */
516 		size_t scratch_len = strlen(path) + 1;
517 		char *scratch = emalloc(scratch_len);
518 		zend_string *stmp;
519 
520 		/* decode the strings first */
521 		php_url_decode(ZSTR_VAL(resource->user), ZSTR_LEN(resource->user));
522 
523 		strcpy(scratch, ZSTR_VAL(resource->user));
524 		strcat(scratch, ":");
525 
526 		/* Note: password is optional! */
527 		if (resource->pass) {
528 			php_url_decode(ZSTR_VAL(resource->pass), ZSTR_LEN(resource->pass));
529 			strcat(scratch, ZSTR_VAL(resource->pass));
530 		}
531 
532 		stmp = php_base64_encode((unsigned char*)scratch, strlen(scratch));
533 
534 		smart_str_appends(&req_buf, "Authorization: Basic ");
535 		smart_str_appends(&req_buf, ZSTR_VAL(stmp));
536 		smart_str_appends(&req_buf, "\r\n");
537 
538 		php_stream_notify_info(context, PHP_STREAM_NOTIFY_AUTH_REQUIRED, NULL, 0);
539 
540 		zend_string_free(stmp);
541 		efree(scratch);
542 	}
543 
544 	/* if the user has configured who they are, send a From: line */
545 	if (!(have_header & HTTP_HEADER_FROM) && FG(from_address)) {
546 		smart_str_appends(&req_buf, "From: ");
547 		smart_str_appends(&req_buf, FG(from_address));
548 		smart_str_appends(&req_buf, "\r\n");
549 	}
550 
551 	/* Send Host: header so name-based virtual hosts work */
552 	if ((have_header & HTTP_HEADER_HOST) == 0) {
553 		smart_str_appends(&req_buf, "Host: ");
554 		smart_str_appends(&req_buf, ZSTR_VAL(resource->host));
555 		if ((use_ssl && resource->port != 443 && resource->port != 0) ||
556 			(!use_ssl && resource->port != 80 && resource->port != 0)) {
557 			smart_str_appendc(&req_buf, ':');
558 			smart_str_append_unsigned(&req_buf, resource->port);
559 		}
560 		smart_str_appends(&req_buf, "\r\n");
561 	}
562 
563 	/* Send a Connection: close header to avoid hanging when the server
564 	 * interprets the RFC literally and establishes a keep-alive connection,
565 	 * unless the user specifically requests something else by specifying a
566 	 * Connection header in the context options. Send that header even for
567 	 * HTTP/1.0 to avoid issues when the server respond with an HTTP/1.1
568 	 * keep-alive response, which is the preferred response type. */
569 	if ((have_header & HTTP_HEADER_CONNECTION) == 0) {
570 		smart_str_appends(&req_buf, "Connection: close\r\n");
571 	}
572 
573 	if (context &&
574 	    (ua_zval = php_stream_context_get_option(context, "http", "user_agent")) != NULL &&
575 		Z_TYPE_P(ua_zval) == IS_STRING) {
576 		ua_str = Z_STRVAL_P(ua_zval);
577 	} else if (FG(user_agent)) {
578 		ua_str = FG(user_agent);
579 	}
580 
581 	if (((have_header & HTTP_HEADER_USER_AGENT) == 0) && ua_str) {
582 #define _UA_HEADER "User-Agent: %s\r\n"
583 		char *ua;
584 		size_t ua_len;
585 
586 		ua_len = sizeof(_UA_HEADER) + strlen(ua_str);
587 
588 		/* ensure the header is only sent if user_agent is not blank */
589 		if (ua_len > sizeof(_UA_HEADER)) {
590 			ua = emalloc(ua_len + 1);
591 			if ((ua_len = slprintf(ua, ua_len, _UA_HEADER, ua_str)) > 0) {
592 				ua[ua_len] = 0;
593 				smart_str_appendl(&req_buf, ua, ua_len);
594 			} else {
595 				php_error_docref(NULL, E_WARNING, "Cannot construct User-agent header");
596 			}
597 			efree(ua);
598 		}
599 	}
600 
601 	if (user_headers) {
602 		/* A bit weird, but some servers require that Content-Length be sent prior to Content-Type for POST
603 		 * see bug #44603 for details. Since Content-Type maybe part of user's headers we need to do this check first.
604 		 */
605 		if (
606 				(header_init || redirect_keep_method) &&
607 				context &&
608 				!(have_header & HTTP_HEADER_CONTENT_LENGTH) &&
609 				(tmpzval = php_stream_context_get_option(context, "http", "content")) != NULL &&
610 				Z_TYPE_P(tmpzval) == IS_STRING && Z_STRLEN_P(tmpzval) > 0
611 		) {
612 			smart_str_appends(&req_buf, "Content-Length: ");
613 			smart_str_append_unsigned(&req_buf, Z_STRLEN_P(tmpzval));
614 			smart_str_appends(&req_buf, "\r\n");
615 			have_header |= HTTP_HEADER_CONTENT_LENGTH;
616 		}
617 
618 		smart_str_appends(&req_buf, user_headers);
619 		smart_str_appends(&req_buf, "\r\n");
620 		efree(user_headers);
621 	}
622 
623 	/* Request content, such as for POST requests */
624 	if ((header_init || redirect_keep_method) && context &&
625 		(tmpzval = php_stream_context_get_option(context, "http", "content")) != NULL &&
626 		Z_TYPE_P(tmpzval) == IS_STRING && Z_STRLEN_P(tmpzval) > 0) {
627 		if (!(have_header & HTTP_HEADER_CONTENT_LENGTH)) {
628 			smart_str_appends(&req_buf, "Content-Length: ");
629 			smart_str_append_unsigned(&req_buf, Z_STRLEN_P(tmpzval));
630 			smart_str_appends(&req_buf, "\r\n");
631 		}
632 		if (!(have_header & HTTP_HEADER_TYPE)) {
633 			smart_str_appends(&req_buf, "Content-Type: application/x-www-form-urlencoded\r\n");
634 			php_error_docref(NULL, E_NOTICE, "Content-type not specified assuming application/x-www-form-urlencoded");
635 		}
636 		smart_str_appends(&req_buf, "\r\n");
637 		smart_str_appendl(&req_buf, Z_STRVAL_P(tmpzval), Z_STRLEN_P(tmpzval));
638 	} else {
639 		smart_str_appends(&req_buf, "\r\n");
640 	}
641 
642 	/* send it */
643 	php_stream_write(stream, ZSTR_VAL(req_buf.s), ZSTR_LEN(req_buf.s));
644 
645 	location[0] = '\0';
646 
647 	if (Z_ISUNDEF_P(response_header)) {
648 		array_init(response_header);
649 	}
650 
651 	{
652 		/* get response header */
653 		size_t tmp_line_len;
654 		if (!php_stream_eof(stream) &&
655 			php_stream_get_line(stream, tmp_line, sizeof(tmp_line) - 1, &tmp_line_len) != NULL) {
656 			zval http_response;
657 
658 			if (tmp_line_len > 9) {
659 				response_code = atoi(tmp_line + 9);
660 			} else {
661 				response_code = 0;
662 			}
663 			if (context && NULL != (tmpzval = php_stream_context_get_option(context, "http", "ignore_errors"))) {
664 				ignore_errors = zend_is_true(tmpzval);
665 			}
666 			/* when we request only the header, don't fail even on error codes */
667 			if ((options & STREAM_ONLY_GET_HEADERS) || ignore_errors) {
668 				reqok = 1;
669 			}
670 
671 			/* status codes of 1xx are "informational", and will be followed by a real response
672 			 * e.g "100 Continue". RFC 7231 states that unexpected 1xx status MUST be parsed,
673 			 * and MAY be ignored. As such, we need to skip ahead to the "real" status*/
674 			if (response_code >= 100 && response_code < 200 && response_code != 101) {
675 				/* consume lines until we find a line starting 'HTTP/1' */
676 				while (
677 					!php_stream_eof(stream)
678 					&& php_stream_get_line(stream, tmp_line, sizeof(tmp_line) - 1, &tmp_line_len) != NULL
679 					&& ( tmp_line_len < sizeof("HTTP/1") - 1 || strncasecmp(tmp_line, "HTTP/1", sizeof("HTTP/1") - 1) )
680 				);
681 
682 				if (tmp_line_len > 9) {
683 					response_code = atoi(tmp_line + 9);
684 				} else {
685 					response_code = 0;
686 				}
687 			}
688 			/* all status codes in the 2xx range are defined by the specification as successful;
689 			 * all status codes in the 3xx range are for redirection, and so also should never
690 			 * fail */
691 			if (response_code >= 200 && response_code < 400) {
692 				reqok = 1;
693 			} else {
694 				switch(response_code) {
695 					case 403:
696 						php_stream_notify_error(context, PHP_STREAM_NOTIFY_AUTH_RESULT,
697 								tmp_line, response_code);
698 						break;
699 					default:
700 						/* safety net in the event tmp_line == NULL */
701 						if (!tmp_line_len) {
702 							tmp_line[0] = '\0';
703 						}
704 						php_stream_notify_error(context, PHP_STREAM_NOTIFY_FAILURE,
705 								tmp_line, response_code);
706 				}
707 			}
708 			if (tmp_line_len >= 1 && tmp_line[tmp_line_len - 1] == '\n') {
709 				--tmp_line_len;
710 				if (tmp_line_len >= 1 &&tmp_line[tmp_line_len - 1] == '\r') {
711 					--tmp_line_len;
712 				}
713 			} else {
714 				// read and discard rest of status line
715 				char *line = php_stream_get_line(stream, NULL, 0, NULL);
716 				efree(line);
717 			}
718 			ZVAL_STRINGL(&http_response, tmp_line, tmp_line_len);
719 			zend_hash_next_index_insert(Z_ARRVAL_P(response_header), &http_response);
720 		} else {
721 			php_stream_close(stream);
722 			stream = NULL;
723 			php_stream_wrapper_log_error(wrapper, options, "HTTP request failed!");
724 			goto out;
725 		}
726 	}
727 
728 	/* read past HTTP headers */
729 
730 	while (!php_stream_eof(stream)) {
731 		size_t http_header_line_length;
732 
733 		if (http_header_line != NULL) {
734 			efree(http_header_line);
735 		}
736 		if ((http_header_line = php_stream_get_line(stream, NULL, 0, &http_header_line_length)) && *http_header_line != '\n' && *http_header_line != '\r') {
737 			char *e = http_header_line + http_header_line_length - 1;
738 			char *http_header_value;
739 
740 			while (e >= http_header_line && (*e == '\n' || *e == '\r')) {
741 				e--;
742 			}
743 
744 			/* The primary definition of an HTTP header in RFC 7230 states:
745 			 * > Each header field consists of a case-insensitive field name followed
746 			 * > by a colon (":"), optional leading whitespace, the field value, and
747 			 * > optional trailing whitespace. */
748 
749 			/* Strip trailing whitespace */
750 			while (e >= http_header_line && (*e == ' ' || *e == '\t')) {
751 				e--;
752 			}
753 
754 			/* Terminate header line */
755 			e++;
756 			*e = '\0';
757 			http_header_line_length = e - http_header_line;
758 
759 			http_header_value = memchr(http_header_line, ':', http_header_line_length);
760 			if (http_header_value) {
761 				http_header_value++; /* Skip ':' */
762 
763 				/* Strip leading whitespace */
764 				while (http_header_value < e
765 						&& (*http_header_value == ' ' || *http_header_value == '\t')) {
766 					http_header_value++;
767 				}
768 			} else {
769 				/* There is no colon. Set the value to the end of the header line, which is
770 				 * effectively an empty string. */
771 				http_header_value = e;
772 			}
773 
774 			if (!strncasecmp(http_header_line, "Location:", sizeof("Location:")-1)) {
775 				if (context && (tmpzval = php_stream_context_get_option(context, "http", "follow_location")) != NULL) {
776 					follow_location = zval_is_true(tmpzval);
777 				} else if (!((response_code >= 300 && response_code < 304)
778 						|| 307 == response_code || 308 == response_code)) {
779 					/* we shouldn't redirect automatically
780 					if follow_location isn't set and response_code not in (300, 301, 302, 303 and 307)
781 					see http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.3.1
782 					RFC 7238 defines 308: http://tools.ietf.org/html/rfc7238 */
783 					follow_location = 0;
784 				}
785 				strlcpy(location, http_header_value, sizeof(location));
786 			} else if (!strncasecmp(http_header_line, "Content-Type:", sizeof("Content-Type:")-1)) {
787 				php_stream_notify_info(context, PHP_STREAM_NOTIFY_MIME_TYPE_IS, http_header_value, 0);
788 			} else if (!strncasecmp(http_header_line, "Content-Length:", sizeof("Content-Length:")-1)) {
789 				/* https://www.rfc-editor.org/rfc/rfc9110.html#name-content-length */
790 				const char *ptr = http_header_value;
791 				/* must contain only digits, no + or - symbols */
792 				if (*ptr >= '0' && *ptr <= '9') {
793 					char *endptr = NULL;
794 					size_t parsed = ZEND_STRTOUL(ptr, &endptr, 10);
795 					/* check whether there was no garbage in the header value and the conversion was successful */
796 					if (endptr && !*endptr) {
797 						/* truncate for 32-bit such that no negative file sizes occur */
798 						file_size = MIN(parsed, ZEND_LONG_MAX);
799 						php_stream_notify_file_size(context, file_size, http_header_line, 0);
800 					}
801 				}
802 			} else if (
803 				!strncasecmp(http_header_line, "Transfer-Encoding:", sizeof("Transfer-Encoding:")-1)
804 				&& !strncasecmp(http_header_value, "Chunked", sizeof("Chunked")-1)
805 			) {
806 
807 				/* create filter to decode response body */
808 				if (!(options & STREAM_ONLY_GET_HEADERS)) {
809 					bool decode = true;
810 
811 					if (context && (tmpzval = php_stream_context_get_option(context, "http", "auto_decode")) != NULL) {
812 						decode = zend_is_true(tmpzval);
813 					}
814 					if (decode) {
815 						transfer_encoding = php_stream_filter_create("dechunk", NULL, php_stream_is_persistent(stream));
816 						if (transfer_encoding) {
817 							/* don't store transfer-encodeing header */
818 							continue;
819 						}
820 					}
821 				}
822 			}
823 
824 			{
825 				zval http_header;
826 				ZVAL_STRINGL(&http_header, http_header_line, http_header_line_length);
827 				zend_hash_next_index_insert(Z_ARRVAL_P(response_header), &http_header);
828 			}
829 		} else {
830 			break;
831 		}
832 	}
833 
834 	if (!reqok || (location[0] != '\0' && follow_location)) {
835 		if (!follow_location || (((options & STREAM_ONLY_GET_HEADERS) || ignore_errors) && redirect_max <= 1)) {
836 			goto out;
837 		}
838 
839 		if (location[0] != '\0')
840 			php_stream_notify_info(context, PHP_STREAM_NOTIFY_REDIRECTED, location, 0);
841 
842 		php_stream_close(stream);
843 		stream = NULL;
844 
845 		if (transfer_encoding) {
846 			php_stream_filter_free(transfer_encoding);
847 			transfer_encoding = NULL;
848 		}
849 
850 		if (location[0] != '\0') {
851 
852 			char new_path[HTTP_HEADER_BLOCK_SIZE];
853 			char loc_path[HTTP_HEADER_BLOCK_SIZE];
854 
855 			*new_path='\0';
856 			if (strlen(location)<8 || (strncasecmp(location, "http://", sizeof("http://")-1) &&
857 							strncasecmp(location, "https://", sizeof("https://")-1) &&
858 							strncasecmp(location, "ftp://", sizeof("ftp://")-1) &&
859 							strncasecmp(location, "ftps://", sizeof("ftps://")-1)))
860 			{
861 				if (*location != '/') {
862 					if (*(location+1) != '\0' && resource->path) {
863 						char *s = strrchr(ZSTR_VAL(resource->path), '/');
864 						if (!s) {
865 							s = ZSTR_VAL(resource->path);
866 							if (!ZSTR_LEN(resource->path)) {
867 								zend_string_release_ex(resource->path, 0);
868 								resource->path = ZSTR_INIT_LITERAL("/", 0);
869 								s = ZSTR_VAL(resource->path);
870 							} else {
871 								*s = '/';
872 							}
873 						}
874 						s[1] = '\0';
875 						if (resource->path &&
876 							ZSTR_VAL(resource->path)[0] == '/' &&
877 							ZSTR_VAL(resource->path)[1] == '\0') {
878 							snprintf(loc_path, sizeof(loc_path) - 1, "%s%s", ZSTR_VAL(resource->path), location);
879 						} else {
880 							snprintf(loc_path, sizeof(loc_path) - 1, "%s/%s", ZSTR_VAL(resource->path), location);
881 						}
882 					} else {
883 						snprintf(loc_path, sizeof(loc_path) - 1, "/%s", location);
884 					}
885 				} else {
886 					strlcpy(loc_path, location, sizeof(loc_path));
887 				}
888 				if ((use_ssl && resource->port != 443) || (!use_ssl && resource->port != 80)) {
889 					snprintf(new_path, sizeof(new_path) - 1, "%s://%s:%d%s", ZSTR_VAL(resource->scheme), ZSTR_VAL(resource->host), resource->port, loc_path);
890 				} else {
891 					snprintf(new_path, sizeof(new_path) - 1, "%s://%s%s", ZSTR_VAL(resource->scheme), ZSTR_VAL(resource->host), loc_path);
892 				}
893 			} else {
894 				strlcpy(new_path, location, sizeof(new_path));
895 			}
896 
897 			php_url_free(resource);
898 			/* check for invalid redirection URLs */
899 			if ((resource = php_url_parse(new_path)) == NULL) {
900 				php_stream_wrapper_log_error(wrapper, options, "Invalid redirect URL! %s", new_path);
901 				goto out;
902 			}
903 
904 #define CHECK_FOR_CNTRL_CHARS(val) { \
905 	if (val) { \
906 		unsigned char *s, *e; \
907 		ZSTR_LEN(val) = php_url_decode(ZSTR_VAL(val), ZSTR_LEN(val)); \
908 		s = (unsigned char*)ZSTR_VAL(val); e = s + ZSTR_LEN(val); \
909 		while (s < e) { \
910 			if (iscntrl(*s)) { \
911 				php_stream_wrapper_log_error(wrapper, options, "Invalid redirect URL! %s", new_path); \
912 				goto out; \
913 			} \
914 			s++; \
915 		} \
916 	} \
917 }
918 			/* check for control characters in login, password & path */
919 			if (strncasecmp(new_path, "http://", sizeof("http://") - 1) || strncasecmp(new_path, "https://", sizeof("https://") - 1)) {
920 				CHECK_FOR_CNTRL_CHARS(resource->user);
921 				CHECK_FOR_CNTRL_CHARS(resource->pass);
922 				CHECK_FOR_CNTRL_CHARS(resource->path);
923 			}
924 			int new_flags = HTTP_WRAPPER_REDIRECTED;
925 			if (response_code == 307 || response_code == 308) {
926 				/* RFC 7538 specifies that status code 308 does not allow changing the request method from POST to GET.
927 				 * RFC 7231 does the same for status code 307.
928 				 * To keep consistency between POST and PATCH requests, we'll also not change the request method from PATCH to GET, even though it's allowed it's not mandated by the RFC. */
929 				new_flags |= HTTP_WRAPPER_KEEP_METHOD;
930 			}
931 			stream = php_stream_url_wrap_http_ex(
932 				wrapper, new_path, mode, options, opened_path, context,
933 				--redirect_max, new_flags, response_header STREAMS_CC);
934 		} else {
935 			php_stream_wrapper_log_error(wrapper, options, "HTTP request failed! %s", tmp_line);
936 		}
937 	}
938 out:
939 
940 	smart_str_free(&req_buf);
941 
942 	if (http_header_line) {
943 		efree(http_header_line);
944 	}
945 
946 	if (resource) {
947 		php_url_free(resource);
948 	}
949 
950 	if (stream) {
951 		if (header_init) {
952 			ZVAL_COPY(&stream->wrapperdata, response_header);
953 		}
954 		php_stream_notify_progress_init(context, 0, file_size);
955 
956 		/* Restore original chunk size now that we're done with headers */
957 		if (options & STREAM_WILL_CAST)
958 			php_stream_set_chunk_size(stream, (int)chunk_size);
959 
960 		/* restore the users auto-detect-line-endings setting */
961 		stream->flags |= eol_detect;
962 
963 		/* as far as streams are concerned, we are now at the start of
964 		 * the stream */
965 		stream->position = 0;
966 
967 		/* restore mode */
968 		strlcpy(stream->mode, mode, sizeof(stream->mode));
969 
970 		if (transfer_encoding) {
971 			php_stream_filter_append(&stream->readfilters, transfer_encoding);
972 		}
973 
974 		/* It's possible that the server already sent in more data than just the headers.
975 		 * We account for this by adjusting the progress counter by the difference of
976 		 * already read header data and the body. */
977 		if (stream->writepos > stream->readpos) {
978 			php_stream_notify_progress_increment(context, stream->writepos - stream->readpos, 0);
979 		}
980 	}
981 
982 	return stream;
983 }
984 /* }}} */
985 
php_stream_url_wrap_http(php_stream_wrapper * wrapper,const char * path,const char * mode,int options,zend_string ** opened_path,php_stream_context * context STREAMS_DC)986 php_stream *php_stream_url_wrap_http(php_stream_wrapper *wrapper, const char *path, const char *mode, int options, zend_string **opened_path, php_stream_context *context STREAMS_DC) /* {{{ */
987 {
988 	php_stream *stream;
989 	zval headers;
990 
991 	ZVAL_UNDEF(&headers);
992 
993 	zval_ptr_dtor(&BG(last_http_headers));
994 	ZVAL_UNDEF(&BG(last_http_headers));
995 
996 	stream = php_stream_url_wrap_http_ex(
997 		wrapper, path, mode, options, opened_path, context,
998 		PHP_URL_REDIRECT_MAX, HTTP_WRAPPER_HEADER_INIT, &headers STREAMS_CC);
999 
1000 	if (!Z_ISUNDEF(headers)) {
1001 		ZVAL_COPY(&BG(last_http_headers), &headers);
1002 
1003 		if (FAILURE == zend_set_local_var_str(
1004 				"http_response_header", sizeof("http_response_header")-1, &headers, 0)) {
1005 			zval_ptr_dtor(&headers);
1006 		}
1007 	}
1008 
1009 	return stream;
1010 }
1011 /* }}} */
1012 
php_stream_http_stream_stat(php_stream_wrapper * wrapper,php_stream * stream,php_stream_statbuf * ssb)1013 static int php_stream_http_stream_stat(php_stream_wrapper *wrapper, php_stream *stream, php_stream_statbuf *ssb) /* {{{ */
1014 {
1015 	/* one day, we could fill in the details based on Date: and Content-Length:
1016 	 * headers.  For now, we return with a failure code to prevent the underlying
1017 	 * file's details from being used instead. */
1018 	return -1;
1019 }
1020 /* }}} */
1021 
1022 static const php_stream_wrapper_ops http_stream_wops = {
1023 	php_stream_url_wrap_http,
1024 	NULL, /* stream_close */
1025 	php_stream_http_stream_stat,
1026 	NULL, /* stat_url */
1027 	NULL, /* opendir */
1028 	"http",
1029 	NULL, /* unlink */
1030 	NULL, /* rename */
1031 	NULL, /* mkdir */
1032 	NULL, /* rmdir */
1033 	NULL
1034 };
1035 
1036 PHPAPI const php_stream_wrapper php_stream_http_wrapper = {
1037 	&http_stream_wops,
1038 	NULL,
1039 	1 /* is_url */
1040 };
1041