1 | /*************************************************************************** |
2 | * _ _ ____ _ |
3 | * Project ___| | | | _ \| | |
4 | * / __| | | | |_) | | |
5 | * | (__| |_| | _ <| |___ |
6 | * \___|\___/|_| \_\_____| |
7 | * |
8 | * Copyright (C) 2020 - 2022, Daniel Stenberg, <[email protected]>, et al. |
9 | * |
10 | * This software is licensed as described in the file COPYING, which |
11 | * you should have received as part of this distribution. The terms |
12 | * are also available at https://curl.se/docs/copyright.html. |
13 | * |
14 | * You may opt to use, copy, modify, merge, publish, distribute and/or sell |
15 | * copies of the Software, and permit persons to whom the Software is |
16 | * furnished to do so, under the terms of the COPYING file. |
17 | * |
18 | * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY |
19 | * KIND, either express or implied. |
20 | * |
21 | * SPDX-License-Identifier: curl |
22 | * |
23 | ***************************************************************************/ |
24 | /* |
25 | * The Strict-Transport-Security header is defined in RFC 6797: |
26 | * https://datatracker.ietf.org/doc/html/rfc6797 |
27 | */ |
28 | #include "curl_setup.h" |
29 | |
30 | #if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_HSTS) |
31 | #include <curl/curl.h> |
32 | #include "urldata.h" |
33 | #include "llist.h" |
34 | #include "hsts.h" |
35 | #include "curl_get_line.h" |
36 | #include "strcase.h" |
37 | #include "sendf.h" |
38 | #include "strtoofft.h" |
39 | #include "parsedate.h" |
40 | #include "fopen.h" |
41 | #include "rename.h" |
42 | #include "strtoofft.h" |
43 | |
44 | /* The last 3 #include files should be in this order */ |
45 | #include "curl_printf.h" |
46 | #include "curl_memory.h" |
47 | #include "memdebug.h" |
48 | |
49 | #define MAX_HSTS_LINE 4095 |
50 | #define MAX_HSTS_HOSTLEN 256 |
51 | #define MAX_HSTS_HOSTLENSTR "256" |
52 | #define MAX_HSTS_DATELEN 64 |
53 | #define MAX_HSTS_DATELENSTR "64" |
54 | #define UNLIMITED "unlimited" |
55 | |
56 | #ifdef DEBUGBUILD |
57 | /* to play well with debug builds, we can *set* a fixed time this will |
58 | return */ |
59 | time_t deltatime; /* allow for "adjustments" for unit test purposes */ |
60 | static time_t debugtime(void *unused) |
61 | { |
62 | char *timestr = getenv("CURL_TIME" ); |
63 | (void)unused; |
64 | if(timestr) { |
65 | curl_off_t val; |
66 | (void)curlx_strtoofft(timestr, NULL, 10, &val); |
67 | |
68 | val += (curl_off_t)deltatime; |
69 | return (time_t)val; |
70 | } |
71 | return time(NULL); |
72 | } |
73 | #define time(x) debugtime(x) |
74 | #endif |
75 | |
76 | struct hsts *Curl_hsts_init(void) |
77 | { |
78 | struct hsts *h = calloc(sizeof(struct hsts), 1); |
79 | if(h) { |
80 | Curl_llist_init(&h->list, NULL); |
81 | } |
82 | return h; |
83 | } |
84 | |
85 | static void hsts_free(struct stsentry *e) |
86 | { |
87 | free((char *)e->host); |
88 | free(e); |
89 | } |
90 | |
91 | void Curl_hsts_cleanup(struct hsts **hp) |
92 | { |
93 | struct hsts *h = *hp; |
94 | if(h) { |
95 | struct Curl_llist_element *e; |
96 | struct Curl_llist_element *n; |
97 | for(e = h->list.head; e; e = n) { |
98 | struct stsentry *sts = e->ptr; |
99 | n = e->next; |
100 | hsts_free(sts); |
101 | } |
102 | free(h->filename); |
103 | free(h); |
104 | *hp = NULL; |
105 | } |
106 | } |
107 | |
108 | static struct stsentry *hsts_entry(void) |
109 | { |
110 | return calloc(sizeof(struct stsentry), 1); |
111 | } |
112 | |
113 | static CURLcode hsts_create(struct hsts *h, |
114 | const char *hostname, |
115 | bool subdomains, |
116 | curl_off_t expires) |
117 | { |
118 | struct stsentry *sts = hsts_entry(); |
119 | char *duphost; |
120 | size_t hlen; |
121 | if(!sts) |
122 | return CURLE_OUT_OF_MEMORY; |
123 | |
124 | duphost = strdup(hostname); |
125 | if(!duphost) { |
126 | free(sts); |
127 | return CURLE_OUT_OF_MEMORY; |
128 | } |
129 | |
130 | hlen = strlen(duphost); |
131 | if(duphost[hlen - 1] == '.') |
132 | /* strip off trailing any dot */ |
133 | duphost[--hlen] = 0; |
134 | |
135 | sts->host = duphost; |
136 | sts->expires = expires; |
137 | sts->includeSubDomains = subdomains; |
138 | Curl_llist_insert_next(&h->list, h->list.tail, sts, &sts->node); |
139 | return CURLE_OK; |
140 | } |
141 | |
142 | CURLcode Curl_hsts_parse(struct hsts *h, const char *hostname, |
143 | const char *) |
144 | { |
145 | const char *p = header; |
146 | curl_off_t expires = 0; |
147 | bool gotma = FALSE; |
148 | bool gotinc = FALSE; |
149 | bool subdomains = FALSE; |
150 | struct stsentry *sts; |
151 | time_t now = time(NULL); |
152 | |
153 | if(Curl_host_is_ipnum(hostname)) |
154 | /* "explicit IP address identification of all forms is excluded." |
155 | / RFC 6797 */ |
156 | return CURLE_OK; |
157 | |
158 | do { |
159 | while(*p && ISSPACE(*p)) |
160 | p++; |
161 | if(Curl_strncasecompare("max-age=" , p, 8)) { |
162 | bool quoted = FALSE; |
163 | CURLofft offt; |
164 | char *endp; |
165 | |
166 | if(gotma) |
167 | return CURLE_BAD_FUNCTION_ARGUMENT; |
168 | |
169 | p += 8; |
170 | while(*p && ISSPACE(*p)) |
171 | p++; |
172 | if(*p == '\"') { |
173 | p++; |
174 | quoted = TRUE; |
175 | } |
176 | offt = curlx_strtoofft(p, &endp, 10, &expires); |
177 | if(offt == CURL_OFFT_FLOW) |
178 | expires = CURL_OFF_T_MAX; |
179 | else if(offt) |
180 | /* invalid max-age */ |
181 | return CURLE_BAD_FUNCTION_ARGUMENT; |
182 | p = endp; |
183 | if(quoted) { |
184 | if(*p != '\"') |
185 | return CURLE_BAD_FUNCTION_ARGUMENT; |
186 | p++; |
187 | } |
188 | gotma = TRUE; |
189 | } |
190 | else if(Curl_strncasecompare("includesubdomains" , p, 17)) { |
191 | if(gotinc) |
192 | return CURLE_BAD_FUNCTION_ARGUMENT; |
193 | subdomains = TRUE; |
194 | p += 17; |
195 | gotinc = TRUE; |
196 | } |
197 | else { |
198 | /* unknown directive, do a lame attempt to skip */ |
199 | while(*p && (*p != ';')) |
200 | p++; |
201 | } |
202 | |
203 | while(*p && ISSPACE(*p)) |
204 | p++; |
205 | if(*p == ';') |
206 | p++; |
207 | } while (*p); |
208 | |
209 | if(!gotma) |
210 | /* max-age is mandatory */ |
211 | return CURLE_BAD_FUNCTION_ARGUMENT; |
212 | |
213 | if(!expires) { |
214 | /* remove the entry if present verbatim (without subdomain match) */ |
215 | sts = Curl_hsts(h, hostname, FALSE); |
216 | if(sts) { |
217 | Curl_llist_remove(&h->list, &sts->node, NULL); |
218 | hsts_free(sts); |
219 | } |
220 | return CURLE_OK; |
221 | } |
222 | |
223 | if(CURL_OFF_T_MAX - now < expires) |
224 | /* would overflow, use maximum value */ |
225 | expires = CURL_OFF_T_MAX; |
226 | else |
227 | expires += now; |
228 | |
229 | /* check if it already exists */ |
230 | sts = Curl_hsts(h, hostname, FALSE); |
231 | if(sts) { |
232 | /* just update these fields */ |
233 | sts->expires = expires; |
234 | sts->includeSubDomains = subdomains; |
235 | } |
236 | else |
237 | return hsts_create(h, hostname, subdomains, expires); |
238 | |
239 | return CURLE_OK; |
240 | } |
241 | |
242 | /* |
243 | * Return TRUE if the given host name is currently an HSTS one. |
244 | * |
245 | * The 'subdomain' argument tells the function if subdomain matching should be |
246 | * attempted. |
247 | */ |
248 | struct stsentry *Curl_hsts(struct hsts *h, const char *hostname, |
249 | bool subdomain) |
250 | { |
251 | if(h) { |
252 | char buffer[MAX_HSTS_HOSTLEN + 1]; |
253 | time_t now = time(NULL); |
254 | size_t hlen = strlen(hostname); |
255 | struct Curl_llist_element *e; |
256 | struct Curl_llist_element *n; |
257 | |
258 | if((hlen > MAX_HSTS_HOSTLEN) || !hlen) |
259 | return NULL; |
260 | memcpy(buffer, hostname, hlen); |
261 | if(hostname[hlen-1] == '.') |
262 | /* remove the trailing dot */ |
263 | --hlen; |
264 | buffer[hlen] = 0; |
265 | hostname = buffer; |
266 | |
267 | for(e = h->list.head; e; e = n) { |
268 | struct stsentry *sts = e->ptr; |
269 | n = e->next; |
270 | if(sts->expires <= now) { |
271 | /* remove expired entries */ |
272 | Curl_llist_remove(&h->list, &sts->node, NULL); |
273 | hsts_free(sts); |
274 | continue; |
275 | } |
276 | if(subdomain && sts->includeSubDomains) { |
277 | size_t ntail = strlen(sts->host); |
278 | if(ntail < hlen) { |
279 | size_t offs = hlen - ntail; |
280 | if((hostname[offs-1] == '.') && |
281 | Curl_strncasecompare(&hostname[offs], sts->host, ntail)) |
282 | return sts; |
283 | } |
284 | } |
285 | if(Curl_strcasecompare(hostname, sts->host)) |
286 | return sts; |
287 | } |
288 | } |
289 | return NULL; /* no match */ |
290 | } |
291 | |
292 | /* |
293 | * Send this HSTS entry to the write callback. |
294 | */ |
295 | static CURLcode hsts_push(struct Curl_easy *data, |
296 | struct curl_index *i, |
297 | struct stsentry *sts, |
298 | bool *stop) |
299 | { |
300 | struct curl_hstsentry e; |
301 | CURLSTScode sc; |
302 | struct tm stamp; |
303 | CURLcode result; |
304 | |
305 | e.name = (char *)sts->host; |
306 | e.namelen = strlen(sts->host); |
307 | e.includeSubDomains = sts->includeSubDomains; |
308 | |
309 | if(sts->expires != TIME_T_MAX) { |
310 | result = Curl_gmtime((time_t)sts->expires, &stamp); |
311 | if(result) |
312 | return result; |
313 | |
314 | msnprintf(e.expire, sizeof(e.expire), "%d%02d%02d %02d:%02d:%02d" , |
315 | stamp.tm_year + 1900, stamp.tm_mon + 1, stamp.tm_mday, |
316 | stamp.tm_hour, stamp.tm_min, stamp.tm_sec); |
317 | } |
318 | else |
319 | strcpy(e.expire, UNLIMITED); |
320 | |
321 | sc = data->set.hsts_write(data, &e, i, |
322 | data->set.hsts_write_userp); |
323 | *stop = (sc != CURLSTS_OK); |
324 | return sc == CURLSTS_FAIL ? CURLE_BAD_FUNCTION_ARGUMENT : CURLE_OK; |
325 | } |
326 | |
327 | /* |
328 | * Write this single hsts entry to a single output line |
329 | */ |
330 | static CURLcode hsts_out(struct stsentry *sts, FILE *fp) |
331 | { |
332 | struct tm stamp; |
333 | if(sts->expires != TIME_T_MAX) { |
334 | CURLcode result = Curl_gmtime((time_t)sts->expires, &stamp); |
335 | if(result) |
336 | return result; |
337 | fprintf(fp, "%s%s \"%d%02d%02d %02d:%02d:%02d\"\n" , |
338 | sts->includeSubDomains ? "." : "" , sts->host, |
339 | stamp.tm_year + 1900, stamp.tm_mon + 1, stamp.tm_mday, |
340 | stamp.tm_hour, stamp.tm_min, stamp.tm_sec); |
341 | } |
342 | else |
343 | fprintf(fp, "%s%s \"%s\"\n" , |
344 | sts->includeSubDomains ? "." : "" , sts->host, UNLIMITED); |
345 | return CURLE_OK; |
346 | } |
347 | |
348 | |
349 | /* |
350 | * Curl_https_save() writes the HSTS cache to file and callback. |
351 | */ |
352 | CURLcode Curl_hsts_save(struct Curl_easy *data, struct hsts *h, |
353 | const char *file) |
354 | { |
355 | struct Curl_llist_element *e; |
356 | struct Curl_llist_element *n; |
357 | CURLcode result = CURLE_OK; |
358 | FILE *out; |
359 | char *tempstore = NULL; |
360 | |
361 | if(!h) |
362 | /* no cache activated */ |
363 | return CURLE_OK; |
364 | |
365 | /* if no new name is given, use the one we stored from the load */ |
366 | if(!file && h->filename) |
367 | file = h->filename; |
368 | |
369 | if((h->flags & CURLHSTS_READONLYFILE) || !file || !file[0]) |
370 | /* marked as read-only, no file or zero length file name */ |
371 | goto skipsave; |
372 | |
373 | result = Curl_fopen(data, file, &out, &tempstore); |
374 | if(!result) { |
375 | fputs("# Your HSTS cache. https://curl.se/docs/hsts.html\n" |
376 | "# This file was generated by libcurl! Edit at your own risk.\n" , |
377 | out); |
378 | for(e = h->list.head; e; e = n) { |
379 | struct stsentry *sts = e->ptr; |
380 | n = e->next; |
381 | result = hsts_out(sts, out); |
382 | if(result) |
383 | break; |
384 | } |
385 | fclose(out); |
386 | if(!result && tempstore && Curl_rename(tempstore, file)) |
387 | result = CURLE_WRITE_ERROR; |
388 | |
389 | if(result && tempstore) |
390 | unlink(tempstore); |
391 | } |
392 | free(tempstore); |
393 | skipsave: |
394 | if(data->set.hsts_write) { |
395 | /* if there's a write callback */ |
396 | struct curl_index i; /* count */ |
397 | i.total = h->list.size; |
398 | i.index = 0; |
399 | for(e = h->list.head; e; e = n) { |
400 | struct stsentry *sts = e->ptr; |
401 | bool stop; |
402 | n = e->next; |
403 | result = hsts_push(data, &i, sts, &stop); |
404 | if(result || stop) |
405 | break; |
406 | i.index++; |
407 | } |
408 | } |
409 | return result; |
410 | } |
411 | |
412 | /* only returns SERIOUS errors */ |
413 | static CURLcode hsts_add(struct hsts *h, char *line) |
414 | { |
415 | /* Example lines: |
416 | example.com "20191231 10:00:00" |
417 | .example.net "20191231 10:00:00" |
418 | */ |
419 | char host[MAX_HSTS_HOSTLEN + 1]; |
420 | char date[MAX_HSTS_DATELEN + 1]; |
421 | int rc; |
422 | |
423 | rc = sscanf(line, |
424 | "%" MAX_HSTS_HOSTLENSTR "s \"%" MAX_HSTS_DATELENSTR "[^\"]\"" , |
425 | host, date); |
426 | if(2 == rc) { |
427 | time_t expires = strcmp(date, UNLIMITED) ? Curl_getdate_capped(date) : |
428 | TIME_T_MAX; |
429 | CURLcode result; |
430 | char *p = host; |
431 | bool subdomain = FALSE; |
432 | if(p[0] == '.') { |
433 | p++; |
434 | subdomain = TRUE; |
435 | } |
436 | result = hsts_create(h, p, subdomain, expires); |
437 | if(result) |
438 | return result; |
439 | } |
440 | |
441 | return CURLE_OK; |
442 | } |
443 | |
444 | /* |
445 | * Load HSTS data from callback. |
446 | * |
447 | */ |
448 | static CURLcode hsts_pull(struct Curl_easy *data, struct hsts *h) |
449 | { |
450 | /* if the HSTS read callback is set, use it */ |
451 | if(data->set.hsts_read) { |
452 | CURLSTScode sc; |
453 | DEBUGASSERT(h); |
454 | do { |
455 | char buffer[MAX_HSTS_HOSTLEN + 1]; |
456 | struct curl_hstsentry e; |
457 | e.name = buffer; |
458 | e.namelen = sizeof(buffer)-1; |
459 | e.includeSubDomains = FALSE; /* default */ |
460 | e.expire[0] = 0; |
461 | e.name[0] = 0; /* just to make it clean */ |
462 | sc = data->set.hsts_read(data, &e, data->set.hsts_read_userp); |
463 | if(sc == CURLSTS_OK) { |
464 | time_t expires; |
465 | CURLcode result; |
466 | if(!e.name[0]) |
467 | /* bail out if no name was stored */ |
468 | return CURLE_BAD_FUNCTION_ARGUMENT; |
469 | if(e.expire[0]) |
470 | expires = Curl_getdate_capped(e.expire); |
471 | else |
472 | expires = TIME_T_MAX; /* the end of time */ |
473 | result = hsts_create(h, e.name, |
474 | /* bitfield to bool conversion: */ |
475 | e.includeSubDomains ? TRUE : FALSE, |
476 | expires); |
477 | if(result) |
478 | return result; |
479 | } |
480 | else if(sc == CURLSTS_FAIL) |
481 | return CURLE_ABORTED_BY_CALLBACK; |
482 | } while(sc == CURLSTS_OK); |
483 | } |
484 | return CURLE_OK; |
485 | } |
486 | |
487 | /* |
488 | * Load the HSTS cache from the given file. The text based line-oriented file |
489 | * format is documented here: https://curl.se/docs/hsts.html |
490 | * |
491 | * This function only returns error on major problems that prevent hsts |
492 | * handling to work completely. It will ignore individual syntactical errors |
493 | * etc. |
494 | */ |
495 | static CURLcode hsts_load(struct hsts *h, const char *file) |
496 | { |
497 | CURLcode result = CURLE_OK; |
498 | char *line = NULL; |
499 | FILE *fp; |
500 | |
501 | /* we need a private copy of the file name so that the hsts cache file |
502 | name survives an easy handle reset */ |
503 | free(h->filename); |
504 | h->filename = strdup(file); |
505 | if(!h->filename) |
506 | return CURLE_OUT_OF_MEMORY; |
507 | |
508 | fp = fopen(file, FOPEN_READTEXT); |
509 | if(fp) { |
510 | line = malloc(MAX_HSTS_LINE); |
511 | if(!line) |
512 | goto fail; |
513 | while(Curl_get_line(line, MAX_HSTS_LINE, fp)) { |
514 | char *lineptr = line; |
515 | while(*lineptr && ISBLANK(*lineptr)) |
516 | lineptr++; |
517 | if(*lineptr == '#') |
518 | /* skip commented lines */ |
519 | continue; |
520 | |
521 | hsts_add(h, lineptr); |
522 | } |
523 | free(line); /* free the line buffer */ |
524 | fclose(fp); |
525 | } |
526 | return result; |
527 | |
528 | fail: |
529 | Curl_safefree(h->filename); |
530 | fclose(fp); |
531 | return CURLE_OUT_OF_MEMORY; |
532 | } |
533 | |
534 | /* |
535 | * Curl_hsts_loadfile() loads HSTS from file |
536 | */ |
537 | CURLcode Curl_hsts_loadfile(struct Curl_easy *data, |
538 | struct hsts *h, const char *file) |
539 | { |
540 | DEBUGASSERT(h); |
541 | (void)data; |
542 | return hsts_load(h, file); |
543 | } |
544 | |
545 | /* |
546 | * Curl_hsts_loadcb() loads HSTS from callback |
547 | */ |
548 | CURLcode Curl_hsts_loadcb(struct Curl_easy *data, struct hsts *h) |
549 | { |
550 | if(h) |
551 | return hsts_pull(data, h); |
552 | return CURLE_OK; |
553 | } |
554 | |
555 | #endif /* CURL_DISABLE_HTTP || CURL_DISABLE_HSTS */ |
556 | |