HTP  0.5
htp_private.h
Go to the documentation of this file.
1 /***************************************************************************
2  * Copyright (c) 2009-2010 Open Information Security Foundation
3  * Copyright (c) 2010-2013 Qualys, Inc.
4  * All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions are
8  * met:
9  *
10  * - Redistributions of source code must retain the above copyright
11  * notice, this list of conditions and the following disclaimer.
12 
13  * - Redistributions in binary form must reproduce the above copyright
14  * notice, this list of conditions and the following disclaimer in the
15  * documentation and/or other materials provided with the distribution.
16 
17  * - Neither the name of the Qualys, Inc. nor the names of its
18  * contributors may be used to endorse or promote products derived from
19  * this software without specific prior written permission.
20  *
21  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
22  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
23  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
24  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
25  * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
26  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
27  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
28  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
29  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
30  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
31  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32  ***************************************************************************/
33 
39 #ifndef _HTP_PRIVATE_H
40 #define _HTP_PRIVATE_H
41 
42 #ifdef __cplusplus
43 extern "C" {
44 #endif
45 
46 #if defined(__cplusplus) && !defined(__STDC_FORMAT_MACROS)
47 /* C99 requires that inttypes.h only exposes PRI* macros
48  * for C++ implementations if this is defined: */
49 #define __STDC_FORMAT_MACROS
50 #endif
51 
52 #include <ctype.h>
53 #include <errno.h>
54 #include <iconv.h>
55 #include <inttypes.h>
56 #include <stdarg.h>
57 #include <stdio.h>
58 #include <stdlib.h>
59 #include <unistd.h>
60 
61 #include "htp.h"
62 #include "htp_config_private.h"
64 #include "htp_connection_private.h"
65 #include "htp_list_private.h"
66 #include "htp_multipart_private.h"
67 #include "htp_table_private.h"
68 
69 #ifndef CR
70 #define CR '\r'
71 #endif
72 
73 #ifndef LF
74 #define LF '\n'
75 #endif
76 
77 #define HTP_FIELD_LIMIT_HARD 18000
78 #define HTP_FIELD_LIMIT_SOFT 9000
79 
80 #define HTP_VALID_STATUS_MIN 100
81 #define HTP_VALID_STATUS_MAX 999
82 
83 // Parser states, in the order in which they are
84 // used as a single transaction is processed.
85 
99 
110 
111 // Parsing functions
112 
114 int htp_parse_request_header_generic(htp_connp_t *connp, htp_header_t *h, unsigned char *data, size_t len);
115 int htp_process_request_header_generic(htp_connp_t *, unsigned char *data, size_t len);
116 
117 int htp_parse_request_header_apache_2_2(htp_connp_t *connp, htp_header_t *h, unsigned char *data, size_t len);
119 int htp_process_request_header_apache_2_2(htp_connp_t *, unsigned char *data, size_t len);
120 
122 int htp_parse_response_header_generic(htp_connp_t *connp, htp_header_t *h, unsigned char *data, size_t len);
123 int htp_process_response_header_generic(htp_connp_t *connp, unsigned char *data, size_t len);
124 
125 
126 // Private transaction functions
127 
129 
130 
131 // Utility functions
132 
134 int htp_is_lws(int c);
135 int htp_is_separator(int c);
136 int htp_is_text(int c);
137 int htp_is_token(int c);
138 int htp_chomp(unsigned char *data, size_t *len);
139 int htp_is_space(int c);
140 
141 int htp_parse_protocol(bstr *protocol);
142 
143 int htp_is_line_empty(unsigned char *data, size_t len);
144 int htp_is_line_whitespace(unsigned char *data, size_t len);
145 
146 int htp_connp_is_line_folded(unsigned char *data, size_t len);
147 int htp_is_folding_char(int c);
148 int htp_connp_is_line_terminator(htp_connp_t *connp, unsigned char *data, size_t len);
149 int htp_connp_is_line_ignorable(htp_connp_t *connp, unsigned char *data, size_t len);
150 
151 int htp_parse_uri(bstr *input, htp_uri_t **uri);
152 htp_status_t htp_parse_hostport(bstr *authority, bstr **hostname, int *port, int *invalid);
153 htp_status_t htp_parse_header_hostport(bstr *authority, bstr **hostname, int *port, uint64_t *flags);
154 int htp_validate_hostname(bstr *hostname);
155 int htp_parse_uri_hostport(htp_connp_t *connp, bstr *input, htp_uri_t *uri);
156 int htp_normalize_parsed_uri(htp_connp_t *connp, htp_uri_t *parsed_uri_incomplete, htp_uri_t *parsed_uri);
158 void htp_replace_hostname(htp_connp_t *connp, htp_uri_t *parsed_uri, bstr *hostname);
159 int htp_is_uri_unreserved(unsigned char c);
160 
161 int htp_decode_path_inplace(htp_cfg_t *cfg, htp_tx_t *tx, bstr *path);
162 
164 
165  int htp_prenormalize_uri_path_inplace(bstr *s, int *flags, int case_insensitive, int backslash, int decode_separators, int remove_consecutive);
167 
168 void htp_utf8_decode_path_inplace(htp_cfg_t *cfg, htp_tx_t *tx, bstr *path);
169 void htp_utf8_validate_path(htp_tx_t *tx, bstr *path);
170 
171 int64_t htp_parse_content_length(bstr *b);
172 int64_t htp_parse_chunked_length(unsigned char *data, size_t len);
173 int64_t htp_parse_positive_integer_whitespace(unsigned char *data, size_t len, int base);
174 int htp_parse_status(bstr *status);
176 int htp_parse_authorization_basic(htp_connp_t *connp, htp_header_t *auth_header);
177 
178 void htp_print_log(FILE *stream, htp_log_t *log);
179 
180 void fprint_bstr(FILE *stream, const char *name, bstr *b);
181 void fprint_raw_data(FILE *stream, const char *name, const void *data, size_t len);
182 void fprint_raw_data_ex(FILE *stream, const char *name, const void *data, size_t offset, size_t len);
183 
188 
190 
192 
195 
201 
203 
204 int htp_transcode_params(htp_connp_t *connp, htp_table_t **params, int destroy_old);
205 int htp_transcode_bstr(iconv_t cd, bstr *input, bstr **output);
206 
207 int htp_parse_single_cookie_v0(htp_connp_t *connp, unsigned char *data, size_t len);
210 
212 
213 bstr *htp_extract_quoted_string_as_bstr(unsigned char *data, size_t len, size_t *endoffset);
214 
215 htp_header_t *htp_connp_header_parse(htp_connp_t *, unsigned char *, size_t);
216 
218 
221 
223 
225 
227 
228 void htp_connp_tx_remove(htp_connp_t *connp, htp_tx_t *tx);
229 
231 
232 htp_status_t htp_tx_req_process_body_data_ex(htp_tx_t *tx, const void *data, size_t len);
233 htp_status_t htp_tx_res_process_body_data_ex(htp_tx_t *tx, const void *data, size_t len);
234 
235 #ifdef __cplusplus
236 }
237 #endif
238 
239 #endif /* _HTP_PRIVATE_H */
240