1/***************************************************************************
2 * _ _ ____ _
3 * Project ___| | | | _ \| |
4 * / __| | | | |_) | |
5 * | (__| |_| | _ <| |___
6 * \___|\___/|_| \_\_____|
7 *
8 * Copyright (C) 2020 - 2022, Daniel Stenberg, <[email protected]>, et al.
9 *
10 * This software is licensed as described in the file COPYING, which
11 * you should have received as part of this distribution. The terms
12 * are also available at https://curl.se/docs/copyright.html.
13 *
14 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15 * copies of the Software, and permit persons to whom the Software is
16 * furnished to do so, under the terms of the COPYING file.
17 *
18 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19 * KIND, either express or implied.
20 *
21 * SPDX-License-Identifier: curl
22 *
23 ***************************************************************************/
24/*
25 * The Strict-Transport-Security header is defined in RFC 6797:
26 * https://datatracker.ietf.org/doc/html/rfc6797
27 */
28#include "curl_setup.h"
29
30#if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_HSTS)
31#include <curl/curl.h>
32#include "urldata.h"
33#include "llist.h"
34#include "hsts.h"
35#include "curl_get_line.h"
36#include "strcase.h"
37#include "sendf.h"
38#include "strtoofft.h"
39#include "parsedate.h"
40#include "fopen.h"
41#include "rename.h"
42#include "strtoofft.h"
43
44/* The last 3 #include files should be in this order */
45#include "curl_printf.h"
46#include "curl_memory.h"
47#include "memdebug.h"
48
49#define MAX_HSTS_LINE 4095
50#define MAX_HSTS_HOSTLEN 256
51#define MAX_HSTS_HOSTLENSTR "256"
52#define MAX_HSTS_DATELEN 64
53#define MAX_HSTS_DATELENSTR "64"
54#define UNLIMITED "unlimited"
55
56#ifdef DEBUGBUILD
57/* to play well with debug builds, we can *set* a fixed time this will
58 return */
59time_t deltatime; /* allow for "adjustments" for unit test purposes */
60static time_t debugtime(void *unused)
61{
62 char *timestr = getenv("CURL_TIME");
63 (void)unused;
64 if(timestr) {
65 curl_off_t val;
66 (void)curlx_strtoofft(timestr, NULL, 10, &val);
67
68 val += (curl_off_t)deltatime;
69 return (time_t)val;
70 }
71 return time(NULL);
72}
73#define time(x) debugtime(x)
74#endif
75
76struct hsts *Curl_hsts_init(void)
77{
78 struct hsts *h = calloc(sizeof(struct hsts), 1);
79 if(h) {
80 Curl_llist_init(&h->list, NULL);
81 }
82 return h;
83}
84
85static void hsts_free(struct stsentry *e)
86{
87 free((char *)e->host);
88 free(e);
89}
90
91void Curl_hsts_cleanup(struct hsts **hp)
92{
93 struct hsts *h = *hp;
94 if(h) {
95 struct Curl_llist_element *e;
96 struct Curl_llist_element *n;
97 for(e = h->list.head; e; e = n) {
98 struct stsentry *sts = e->ptr;
99 n = e->next;
100 hsts_free(sts);
101 }
102 free(h->filename);
103 free(h);
104 *hp = NULL;
105 }
106}
107
108static struct stsentry *hsts_entry(void)
109{
110 return calloc(sizeof(struct stsentry), 1);
111}
112
113static CURLcode hsts_create(struct hsts *h,
114 const char *hostname,
115 bool subdomains,
116 curl_off_t expires)
117{
118 struct stsentry *sts = hsts_entry();
119 char *duphost;
120 size_t hlen;
121 if(!sts)
122 return CURLE_OUT_OF_MEMORY;
123
124 duphost = strdup(hostname);
125 if(!duphost) {
126 free(sts);
127 return CURLE_OUT_OF_MEMORY;
128 }
129
130 hlen = strlen(duphost);
131 if(duphost[hlen - 1] == '.')
132 /* strip off trailing any dot */
133 duphost[--hlen] = 0;
134
135 sts->host = duphost;
136 sts->expires = expires;
137 sts->includeSubDomains = subdomains;
138 Curl_llist_insert_next(&h->list, h->list.tail, sts, &sts->node);
139 return CURLE_OK;
140}
141
142CURLcode Curl_hsts_parse(struct hsts *h, const char *hostname,
143 const char *header)
144{
145 const char *p = header;
146 curl_off_t expires = 0;
147 bool gotma = FALSE;
148 bool gotinc = FALSE;
149 bool subdomains = FALSE;
150 struct stsentry *sts;
151 time_t now = time(NULL);
152
153 if(Curl_host_is_ipnum(hostname))
154 /* "explicit IP address identification of all forms is excluded."
155 / RFC 6797 */
156 return CURLE_OK;
157
158 do {
159 while(*p && ISSPACE(*p))
160 p++;
161 if(Curl_strncasecompare("max-age=", p, 8)) {
162 bool quoted = FALSE;
163 CURLofft offt;
164 char *endp;
165
166 if(gotma)
167 return CURLE_BAD_FUNCTION_ARGUMENT;
168
169 p += 8;
170 while(*p && ISSPACE(*p))
171 p++;
172 if(*p == '\"') {
173 p++;
174 quoted = TRUE;
175 }
176 offt = curlx_strtoofft(p, &endp, 10, &expires);
177 if(offt == CURL_OFFT_FLOW)
178 expires = CURL_OFF_T_MAX;
179 else if(offt)
180 /* invalid max-age */
181 return CURLE_BAD_FUNCTION_ARGUMENT;
182 p = endp;
183 if(quoted) {
184 if(*p != '\"')
185 return CURLE_BAD_FUNCTION_ARGUMENT;
186 p++;
187 }
188 gotma = TRUE;
189 }
190 else if(Curl_strncasecompare("includesubdomains", p, 17)) {
191 if(gotinc)
192 return CURLE_BAD_FUNCTION_ARGUMENT;
193 subdomains = TRUE;
194 p += 17;
195 gotinc = TRUE;
196 }
197 else {
198 /* unknown directive, do a lame attempt to skip */
199 while(*p && (*p != ';'))
200 p++;
201 }
202
203 while(*p && ISSPACE(*p))
204 p++;
205 if(*p == ';')
206 p++;
207 } while (*p);
208
209 if(!gotma)
210 /* max-age is mandatory */
211 return CURLE_BAD_FUNCTION_ARGUMENT;
212
213 if(!expires) {
214 /* remove the entry if present verbatim (without subdomain match) */
215 sts = Curl_hsts(h, hostname, FALSE);
216 if(sts) {
217 Curl_llist_remove(&h->list, &sts->node, NULL);
218 hsts_free(sts);
219 }
220 return CURLE_OK;
221 }
222
223 if(CURL_OFF_T_MAX - now < expires)
224 /* would overflow, use maximum value */
225 expires = CURL_OFF_T_MAX;
226 else
227 expires += now;
228
229 /* check if it already exists */
230 sts = Curl_hsts(h, hostname, FALSE);
231 if(sts) {
232 /* just update these fields */
233 sts->expires = expires;
234 sts->includeSubDomains = subdomains;
235 }
236 else
237 return hsts_create(h, hostname, subdomains, expires);
238
239 return CURLE_OK;
240}
241
242/*
243 * Return TRUE if the given host name is currently an HSTS one.
244 *
245 * The 'subdomain' argument tells the function if subdomain matching should be
246 * attempted.
247 */
248struct stsentry *Curl_hsts(struct hsts *h, const char *hostname,
249 bool subdomain)
250{
251 if(h) {
252 char buffer[MAX_HSTS_HOSTLEN + 1];
253 time_t now = time(NULL);
254 size_t hlen = strlen(hostname);
255 struct Curl_llist_element *e;
256 struct Curl_llist_element *n;
257
258 if((hlen > MAX_HSTS_HOSTLEN) || !hlen)
259 return NULL;
260 memcpy(buffer, hostname, hlen);
261 if(hostname[hlen-1] == '.')
262 /* remove the trailing dot */
263 --hlen;
264 buffer[hlen] = 0;
265 hostname = buffer;
266
267 for(e = h->list.head; e; e = n) {
268 struct stsentry *sts = e->ptr;
269 n = e->next;
270 if(sts->expires <= now) {
271 /* remove expired entries */
272 Curl_llist_remove(&h->list, &sts->node, NULL);
273 hsts_free(sts);
274 continue;
275 }
276 if(subdomain && sts->includeSubDomains) {
277 size_t ntail = strlen(sts->host);
278 if(ntail < hlen) {
279 size_t offs = hlen - ntail;
280 if((hostname[offs-1] == '.') &&
281 Curl_strncasecompare(&hostname[offs], sts->host, ntail))
282 return sts;
283 }
284 }
285 if(Curl_strcasecompare(hostname, sts->host))
286 return sts;
287 }
288 }
289 return NULL; /* no match */
290}
291
292/*
293 * Send this HSTS entry to the write callback.
294 */
295static CURLcode hsts_push(struct Curl_easy *data,
296 struct curl_index *i,
297 struct stsentry *sts,
298 bool *stop)
299{
300 struct curl_hstsentry e;
301 CURLSTScode sc;
302 struct tm stamp;
303 CURLcode result;
304
305 e.name = (char *)sts->host;
306 e.namelen = strlen(sts->host);
307 e.includeSubDomains = sts->includeSubDomains;
308
309 if(sts->expires != TIME_T_MAX) {
310 result = Curl_gmtime((time_t)sts->expires, &stamp);
311 if(result)
312 return result;
313
314 msnprintf(e.expire, sizeof(e.expire), "%d%02d%02d %02d:%02d:%02d",
315 stamp.tm_year + 1900, stamp.tm_mon + 1, stamp.tm_mday,
316 stamp.tm_hour, stamp.tm_min, stamp.tm_sec);
317 }
318 else
319 strcpy(e.expire, UNLIMITED);
320
321 sc = data->set.hsts_write(data, &e, i,
322 data->set.hsts_write_userp);
323 *stop = (sc != CURLSTS_OK);
324 return sc == CURLSTS_FAIL ? CURLE_BAD_FUNCTION_ARGUMENT : CURLE_OK;
325}
326
327/*
328 * Write this single hsts entry to a single output line
329 */
330static CURLcode hsts_out(struct stsentry *sts, FILE *fp)
331{
332 struct tm stamp;
333 if(sts->expires != TIME_T_MAX) {
334 CURLcode result = Curl_gmtime((time_t)sts->expires, &stamp);
335 if(result)
336 return result;
337 fprintf(fp, "%s%s \"%d%02d%02d %02d:%02d:%02d\"\n",
338 sts->includeSubDomains ? ".": "", sts->host,
339 stamp.tm_year + 1900, stamp.tm_mon + 1, stamp.tm_mday,
340 stamp.tm_hour, stamp.tm_min, stamp.tm_sec);
341 }
342 else
343 fprintf(fp, "%s%s \"%s\"\n",
344 sts->includeSubDomains ? ".": "", sts->host, UNLIMITED);
345 return CURLE_OK;
346}
347
348
349/*
350 * Curl_https_save() writes the HSTS cache to file and callback.
351 */
352CURLcode Curl_hsts_save(struct Curl_easy *data, struct hsts *h,
353 const char *file)
354{
355 struct Curl_llist_element *e;
356 struct Curl_llist_element *n;
357 CURLcode result = CURLE_OK;
358 FILE *out;
359 char *tempstore = NULL;
360
361 if(!h)
362 /* no cache activated */
363 return CURLE_OK;
364
365 /* if no new name is given, use the one we stored from the load */
366 if(!file && h->filename)
367 file = h->filename;
368
369 if((h->flags & CURLHSTS_READONLYFILE) || !file || !file[0])
370 /* marked as read-only, no file or zero length file name */
371 goto skipsave;
372
373 result = Curl_fopen(data, file, &out, &tempstore);
374 if(!result) {
375 fputs("# Your HSTS cache. https://curl.se/docs/hsts.html\n"
376 "# This file was generated by libcurl! Edit at your own risk.\n",
377 out);
378 for(e = h->list.head; e; e = n) {
379 struct stsentry *sts = e->ptr;
380 n = e->next;
381 result = hsts_out(sts, out);
382 if(result)
383 break;
384 }
385 fclose(out);
386 if(!result && tempstore && Curl_rename(tempstore, file))
387 result = CURLE_WRITE_ERROR;
388
389 if(result && tempstore)
390 unlink(tempstore);
391 }
392 free(tempstore);
393 skipsave:
394 if(data->set.hsts_write) {
395 /* if there's a write callback */
396 struct curl_index i; /* count */
397 i.total = h->list.size;
398 i.index = 0;
399 for(e = h->list.head; e; e = n) {
400 struct stsentry *sts = e->ptr;
401 bool stop;
402 n = e->next;
403 result = hsts_push(data, &i, sts, &stop);
404 if(result || stop)
405 break;
406 i.index++;
407 }
408 }
409 return result;
410}
411
412/* only returns SERIOUS errors */
413static CURLcode hsts_add(struct hsts *h, char *line)
414{
415 /* Example lines:
416 example.com "20191231 10:00:00"
417 .example.net "20191231 10:00:00"
418 */
419 char host[MAX_HSTS_HOSTLEN + 1];
420 char date[MAX_HSTS_DATELEN + 1];
421 int rc;
422
423 rc = sscanf(line,
424 "%" MAX_HSTS_HOSTLENSTR "s \"%" MAX_HSTS_DATELENSTR "[^\"]\"",
425 host, date);
426 if(2 == rc) {
427 time_t expires = strcmp(date, UNLIMITED) ? Curl_getdate_capped(date) :
428 TIME_T_MAX;
429 CURLcode result;
430 char *p = host;
431 bool subdomain = FALSE;
432 if(p[0] == '.') {
433 p++;
434 subdomain = TRUE;
435 }
436 result = hsts_create(h, p, subdomain, expires);
437 if(result)
438 return result;
439 }
440
441 return CURLE_OK;
442}
443
444/*
445 * Load HSTS data from callback.
446 *
447 */
448static CURLcode hsts_pull(struct Curl_easy *data, struct hsts *h)
449{
450 /* if the HSTS read callback is set, use it */
451 if(data->set.hsts_read) {
452 CURLSTScode sc;
453 DEBUGASSERT(h);
454 do {
455 char buffer[MAX_HSTS_HOSTLEN + 1];
456 struct curl_hstsentry e;
457 e.name = buffer;
458 e.namelen = sizeof(buffer)-1;
459 e.includeSubDomains = FALSE; /* default */
460 e.expire[0] = 0;
461 e.name[0] = 0; /* just to make it clean */
462 sc = data->set.hsts_read(data, &e, data->set.hsts_read_userp);
463 if(sc == CURLSTS_OK) {
464 time_t expires;
465 CURLcode result;
466 if(!e.name[0])
467 /* bail out if no name was stored */
468 return CURLE_BAD_FUNCTION_ARGUMENT;
469 if(e.expire[0])
470 expires = Curl_getdate_capped(e.expire);
471 else
472 expires = TIME_T_MAX; /* the end of time */
473 result = hsts_create(h, e.name,
474 /* bitfield to bool conversion: */
475 e.includeSubDomains ? TRUE : FALSE,
476 expires);
477 if(result)
478 return result;
479 }
480 else if(sc == CURLSTS_FAIL)
481 return CURLE_ABORTED_BY_CALLBACK;
482 } while(sc == CURLSTS_OK);
483 }
484 return CURLE_OK;
485}
486
487/*
488 * Load the HSTS cache from the given file. The text based line-oriented file
489 * format is documented here: https://curl.se/docs/hsts.html
490 *
491 * This function only returns error on major problems that prevent hsts
492 * handling to work completely. It will ignore individual syntactical errors
493 * etc.
494 */
495static CURLcode hsts_load(struct hsts *h, const char *file)
496{
497 CURLcode result = CURLE_OK;
498 char *line = NULL;
499 FILE *fp;
500
501 /* we need a private copy of the file name so that the hsts cache file
502 name survives an easy handle reset */
503 free(h->filename);
504 h->filename = strdup(file);
505 if(!h->filename)
506 return CURLE_OUT_OF_MEMORY;
507
508 fp = fopen(file, FOPEN_READTEXT);
509 if(fp) {
510 line = malloc(MAX_HSTS_LINE);
511 if(!line)
512 goto fail;
513 while(Curl_get_line(line, MAX_HSTS_LINE, fp)) {
514 char *lineptr = line;
515 while(*lineptr && ISBLANK(*lineptr))
516 lineptr++;
517 if(*lineptr == '#')
518 /* skip commented lines */
519 continue;
520
521 hsts_add(h, lineptr);
522 }
523 free(line); /* free the line buffer */
524 fclose(fp);
525 }
526 return result;
527
528 fail:
529 Curl_safefree(h->filename);
530 fclose(fp);
531 return CURLE_OUT_OF_MEMORY;
532}
533
534/*
535 * Curl_hsts_loadfile() loads HSTS from file
536 */
537CURLcode Curl_hsts_loadfile(struct Curl_easy *data,
538 struct hsts *h, const char *file)
539{
540 DEBUGASSERT(h);
541 (void)data;
542 return hsts_load(h, file);
543}
544
545/*
546 * Curl_hsts_loadcb() loads HSTS from callback
547 */
548CURLcode Curl_hsts_loadcb(struct Curl_easy *data, struct hsts *h)
549{
550 if(h)
551 return hsts_pull(data, h);
552 return CURLE_OK;
553}
554
555#endif /* CURL_DISABLE_HTTP || CURL_DISABLE_HSTS */
556