1 /***************************************************************************
2 * _ _ ____ _
3 * Project ___| | | | _ \| |
4 * / __| | | | |_) | |
5 * | (__| |_| | _ <| |___
6 * \___|\___/|_| \_\_____|
7 *
8 * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
9 *
10 * This software is licensed as described in the file COPYING, which
11 * you should have received as part of this distribution. The terms
12 * are also available at https://curl.se/docs/copyright.html.
13 *
14 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15 * copies of the Software, and permit persons to whom the Software is
16 * furnished to do so, under the terms of the COPYING file.
17 *
18 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19 * KIND, either express or implied.
20 *
21 * SPDX-License-Identifier: curl
22 *
23 ***************************************************************************/
24 #include "tool_setup.h"
25
26 #include "strcase.h"
27 #ifdef HAVE_UNISTD_H
28 #include <unistd.h>
29 #endif
30
31 #include "curlx.h"
32
33 #include "tool_cfgable.h"
34 #include "tool_doswin.h"
35 #include "tool_msgs.h"
36 #include "tool_cb_hdr.h"
37 #include "tool_cb_wrt.h"
38 #include "tool_operate.h"
39 #include "tool_libinfo.h"
40
41 #include "memdebug.h" /* keep this as LAST include */
42
43 static char *parse_filename(const char *ptr, size_t len);
44
45 #ifdef _WIN32
46 #define BOLD "\x1b[1m"
47 #define BOLDOFF "\x1b[22m"
48 #else
49 #define BOLD "\x1b[1m"
50 /* Switch off bold by setting "all attributes off" since the explicit
51 bold-off code (21) is not supported everywhere - like in the mac
52 Terminal. */
53 #define BOLDOFF "\x1b[0m"
54 /* OSC 8 hyperlink escape sequence */
55 #define LINK "\x1b]8;;"
56 #define LINKST "\x1b\\"
57 #define LINKOFF LINK LINKST
58 #endif
59
60 #ifdef LINK
61 static void write_linked_location(CURL *curl, const char *location,
62 size_t loclen, FILE *stream);
63 #endif
64
65 /*
66 ** callback for CURLOPT_HEADERFUNCTION
67 */
68
tool_header_cb(char * ptr,size_t size,size_t nmemb,void * userdata)69 size_t tool_header_cb(char *ptr, size_t size, size_t nmemb, void *userdata)
70 {
71 struct per_transfer *per = userdata;
72 struct HdrCbData *hdrcbdata = &per->hdrcbdata;
73 struct OutStruct *outs = &per->outs;
74 struct OutStruct *heads = &per->heads;
75 struct OutStruct *etag_save = &per->etag_save;
76 const char *str = ptr;
77 const size_t cb = size * nmemb;
78 const char *end = (char *)ptr + cb;
79 const char *scheme = NULL;
80
81 if(!per->config)
82 return CURL_WRITEFUNC_ERROR;
83
84 #ifdef DEBUGBUILD
85 if(size * nmemb > (size_t)CURL_MAX_HTTP_HEADER) {
86 warnf(per->config->global, "Header data exceeds single call write limit");
87 return CURL_WRITEFUNC_ERROR;
88 }
89 #endif
90
91 #ifdef _WIN32
92 /* Discard incomplete UTF-8 sequence buffered from body */
93 if(outs->utf8seq[0])
94 memset(outs->utf8seq, 0, sizeof(outs->utf8seq));
95 #endif
96
97 /*
98 * Write header data when curl option --dump-header (-D) is given.
99 */
100
101 if(per->config->headerfile && heads->stream) {
102 size_t rc = fwrite(ptr, size, nmemb, heads->stream);
103 if(rc != cb)
104 return rc;
105 /* flush the stream to send off what we got earlier */
106 if(fflush(heads->stream)) {
107 errorf(per->config->global, "Failed writing headers to %s",
108 per->config->headerfile);
109 return CURL_WRITEFUNC_ERROR;
110 }
111 }
112
113 curl_easy_getinfo(per->curl, CURLINFO_SCHEME, &scheme);
114 scheme = proto_token(scheme);
115 if((scheme == proto_http || scheme == proto_https)) {
116 long response = 0;
117 curl_easy_getinfo(per->curl, CURLINFO_RESPONSE_CODE, &response);
118
119 if((response/100 != 2) && (response/100 != 3))
120 /* only care about etag and content-disposition headers in 2xx and 3xx
121 responses */
122 ;
123 /*
124 * Write etag to file when --etag-save option is given.
125 */
126 else if(per->config->etag_save_file && etag_save->stream &&
127 /* match only header that start with etag (case insensitive) */
128 checkprefix("etag:", str)) {
129 const char *etag_h = &str[5];
130 const char *eot = end - 1;
131 if(*eot == '\n') {
132 while(ISBLANK(*etag_h) && (etag_h < eot))
133 etag_h++;
134 while(ISSPACE(*eot))
135 eot--;
136
137 if(eot >= etag_h) {
138 size_t etag_length = eot - etag_h + 1;
139 /*
140 * Truncate the etag save stream, it can have an existing etag value.
141 */
142 #ifdef HAVE_FTRUNCATE
143 if(ftruncate(fileno(etag_save->stream), 0)) {
144 return CURL_WRITEFUNC_ERROR;
145 }
146 #else
147 if(fseek(etag_save->stream, 0, SEEK_SET)) {
148 return CURL_WRITEFUNC_ERROR;
149 }
150 #endif
151
152 fwrite(etag_h, size, etag_length, etag_save->stream);
153 /* terminate with newline */
154 fputc('\n', etag_save->stream);
155 (void)fflush(etag_save->stream);
156 }
157 }
158 }
159
160 /*
161 * This callback sets the filename where output shall be written when
162 * curl options --remote-name (-O) and --remote-header-name (-J) have
163 * been simultaneously given and additionally server returns an HTTP
164 * Content-Disposition header specifying a filename property.
165 */
166
167 else if(hdrcbdata->honor_cd_filename &&
168 (cb > 20) && checkprefix("Content-disposition:", str)) {
169 const char *p = str + 20;
170
171 /* look for the 'filename=' parameter
172 (encoded filenames (*=) are not supported) */
173 for(;;) {
174 char *filename;
175 size_t len;
176
177 while((p < end) && *p && !ISALPHA(*p))
178 p++;
179 if(p > end - 9)
180 break;
181
182 if(memcmp(p, "filename=", 9)) {
183 /* no match, find next parameter */
184 while((p < end) && *p && (*p != ';'))
185 p++;
186 if((p < end) && *p)
187 continue;
188 else
189 break;
190 }
191 p += 9;
192
193 len = cb - (size_t)(p - str);
194 filename = parse_filename(p, len);
195 if(filename) {
196 if(outs->stream) {
197 /* indication of problem, get out! */
198 free(filename);
199 return CURL_WRITEFUNC_ERROR;
200 }
201
202 if(per->config->output_dir) {
203 outs->filename = aprintf("%s/%s", per->config->output_dir,
204 filename);
205 free(filename);
206 if(!outs->filename)
207 return CURL_WRITEFUNC_ERROR;
208 }
209 else
210 outs->filename = filename;
211
212 outs->is_cd_filename = TRUE;
213 outs->s_isreg = TRUE;
214 outs->fopened = FALSE;
215 outs->alloc_filename = TRUE;
216 hdrcbdata->honor_cd_filename = FALSE; /* done now! */
217 if(!tool_create_output_file(outs, per->config))
218 return CURL_WRITEFUNC_ERROR;
219 }
220 break;
221 }
222 if(!outs->stream && !tool_create_output_file(outs, per->config))
223 return CURL_WRITEFUNC_ERROR;
224 }
225 }
226 if(hdrcbdata->config->writeout) {
227 char *value = memchr(ptr, ':', cb);
228 if(value) {
229 if(per->was_last_header_empty)
230 per->num_headers = 0;
231 per->was_last_header_empty = FALSE;
232 per->num_headers++;
233 }
234 else if(ptr[0] == '\r' || ptr[0] == '\n')
235 per->was_last_header_empty = TRUE;
236 }
237 if(hdrcbdata->config->show_headers &&
238 (scheme == proto_http || scheme == proto_https ||
239 scheme == proto_rtsp || scheme == proto_file)) {
240 /* bold headers only for selected protocols */
241 char *value = NULL;
242
243 if(!outs->stream && !tool_create_output_file(outs, per->config))
244 return CURL_WRITEFUNC_ERROR;
245
246 if(hdrcbdata->global->isatty &&
247 #ifdef _WIN32
248 tool_term_has_bold &&
249 #endif
250 hdrcbdata->global->styled_output)
251 value = memchr(ptr, ':', cb);
252 if(value) {
253 size_t namelen = value - ptr;
254 fprintf(outs->stream, BOLD "%.*s" BOLDOFF ":", (int)namelen, ptr);
255 #ifndef LINK
256 fwrite(&value[1], cb - namelen - 1, 1, outs->stream);
257 #else
258 if(curl_strnequal("Location", ptr, namelen)) {
259 write_linked_location(per->curl, &value[1], cb - namelen - 1,
260 outs->stream);
261 }
262 else
263 fwrite(&value[1], cb - namelen - 1, 1, outs->stream);
264 #endif
265 }
266 else
267 /* not "handled", just show it */
268 fwrite(ptr, cb, 1, outs->stream);
269 }
270 return cb;
271 }
272
273 /*
274 * Copies a filename part and returns an ALLOCATED data buffer.
275 */
parse_filename(const char * ptr,size_t len)276 static char *parse_filename(const char *ptr, size_t len)
277 {
278 char *copy;
279 char *p;
280 char *q;
281 char stop = '\0';
282
283 /* simple implementation of strndup() */
284 copy = malloc(len + 1);
285 if(!copy)
286 return NULL;
287 memcpy(copy, ptr, len);
288 copy[len] = '\0';
289
290 p = copy;
291 if(*p == '\'' || *p == '"') {
292 /* store the starting quote */
293 stop = *p;
294 p++;
295 }
296 else
297 stop = ';';
298
299 /* scan for the end letter and stop there */
300 q = strchr(p, stop);
301 if(q)
302 *q = '\0';
303
304 /* if the filename contains a path, only use filename portion */
305 q = strrchr(p, '/');
306 if(q) {
307 p = q + 1;
308 if(!*p) {
309 Curl_safefree(copy);
310 return NULL;
311 }
312 }
313
314 /* If the filename contains a backslash, only use filename portion. The idea
315 is that even systems that do not handle backslashes as path separators
316 probably want the path removed for convenience. */
317 q = strrchr(p, '\\');
318 if(q) {
319 p = q + 1;
320 if(!*p) {
321 Curl_safefree(copy);
322 return NULL;
323 }
324 }
325
326 /* make sure the filename does not end in \r or \n */
327 q = strchr(p, '\r');
328 if(q)
329 *q = '\0';
330
331 q = strchr(p, '\n');
332 if(q)
333 *q = '\0';
334
335 if(copy != p)
336 memmove(copy, p, strlen(p) + 1);
337
338 #if defined(_WIN32) || defined(MSDOS)
339 {
340 char *sanitized;
341 SANITIZEcode sc = sanitize_file_name(&sanitized, copy, 0);
342 Curl_safefree(copy);
343 if(sc)
344 return NULL;
345 copy = sanitized;
346 }
347 #endif /* _WIN32 || MSDOS */
348
349 /* in case we built debug enabled, we allow an environment variable
350 * named CURL_TESTDIR to prefix the given filename to put it into a
351 * specific directory
352 */
353 #ifdef DEBUGBUILD
354 {
355 char *tdir = curl_getenv("CURL_TESTDIR");
356 if(tdir) {
357 char buffer[512]; /* suitably large */
358 msnprintf(buffer, sizeof(buffer), "%s/%s", tdir, copy);
359 Curl_safefree(copy);
360 copy = strdup(buffer); /* clone the buffer, we do not use the libcurl
361 aprintf() or similar since we want to use the
362 same memory code as the "real" parse_filename
363 function */
364 curl_free(tdir);
365 }
366 }
367 #endif
368
369 return copy;
370 }
371
372 #ifdef LINK
373 /*
374 * Treat the Location: header specially, by writing a special escape
375 * sequence that adds a hyperlink to the displayed text. This makes
376 * the absolute URL of the redirect clickable in supported terminals,
377 * which could not happen otherwise for relative URLs. The Location:
378 * header is supposed to always be absolute so this theoretically
379 * should not be needed but the real world returns plenty of relative
380 * URLs here.
381 */
382 static
write_linked_location(CURL * curl,const char * location,size_t loclen,FILE * stream)383 void write_linked_location(CURL *curl, const char *location, size_t loclen,
384 FILE *stream) {
385 /* This would so simple if CURLINFO_REDIRECT_URL were available here */
386 CURLU *u = NULL;
387 char *copyloc = NULL, *locurl = NULL, *scheme = NULL, *finalurl = NULL;
388 const char *loc = location;
389 size_t llen = loclen;
390 int space_skipped = 0;
391 char *vver = getenv("VTE_VERSION");
392
393 if(vver) {
394 long vvn = strtol(vver, NULL, 10);
395 /* Skip formatting for old versions of VTE <= 0.48.1 (Mar 2017) since some
396 of those versions have formatting bugs. (#10428) */
397 if(0 < vvn && vvn <= 4801)
398 goto locout;
399 }
400
401 /* Strip leading whitespace of the redirect URL */
402 while(llen && (*loc == ' ' || *loc == '\t')) {
403 ++loc;
404 --llen;
405 ++space_skipped;
406 }
407
408 /* Strip the trailing end-of-line characters, normally "\r\n" */
409 while(llen && (loc[llen-1] == '\n' || loc[llen-1] == '\r'))
410 --llen;
411
412 /* CURLU makes it easy to handle the relative URL case */
413 u = curl_url();
414 if(!u)
415 goto locout;
416
417 /* Create a NUL-terminated and whitespace-stripped copy of Location: */
418 copyloc = malloc(llen + 1);
419 if(!copyloc)
420 goto locout;
421 memcpy(copyloc, loc, llen);
422 copyloc[llen] = 0;
423
424 /* The original URL to use as a base for a relative redirect URL */
425 if(curl_easy_getinfo(curl, CURLINFO_EFFECTIVE_URL, &locurl))
426 goto locout;
427 if(curl_url_set(u, CURLUPART_URL, locurl, 0))
428 goto locout;
429
430 /* Redirected location. This can be either absolute or relative. */
431 if(curl_url_set(u, CURLUPART_URL, copyloc, 0))
432 goto locout;
433
434 if(curl_url_get(u, CURLUPART_URL, &finalurl, CURLU_NO_DEFAULT_PORT))
435 goto locout;
436
437 if(curl_url_get(u, CURLUPART_SCHEME, &scheme, 0))
438 goto locout;
439
440 if(!strcmp("http", scheme) ||
441 !strcmp("https", scheme) ||
442 !strcmp("ftp", scheme) ||
443 !strcmp("ftps", scheme)) {
444 fprintf(stream, "%.*s" LINK "%s" LINKST "%.*s" LINKOFF,
445 space_skipped, location,
446 finalurl,
447 (int)loclen - space_skipped, loc);
448 goto locdone;
449 }
450
451 /* Not a "safe" URL: do not linkify it */
452
453 locout:
454 /* Write the normal output in case of error or unsafe */
455 fwrite(location, loclen, 1, stream);
456
457 locdone:
458 if(u) {
459 curl_free(finalurl);
460 curl_free(scheme);
461 curl_url_cleanup(u);
462 free(copyloc);
463 }
464 }
465 #endif
466