github.com/useflyent/fhttp@v0.0.0-20211004035111-333f430cfbbf/transfer.go (about) 1 // Copyright 2009 The Go Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style 3 // license that can be found in the LICENSE file. 4 5 package http 6 7 import ( 8 "bufio" 9 "bytes" 10 "errors" 11 "fmt" 12 "io" 13 "net/textproto" 14 "reflect" 15 "sort" 16 "strconv" 17 "strings" 18 "sync" 19 "time" 20 21 "github.com/useflyent/fhttp/httptrace" 22 "github.com/useflyent/fhttp/internal" 23 24 "golang.org/x/net/http/httpguts" 25 ) 26 27 // ErrLineTooLong is returned when reading request or response bodies 28 // with malformed chunked encoding. 29 var ErrLineTooLong = internal.ErrLineTooLong 30 31 type errorReader struct { 32 err error 33 } 34 35 func (r errorReader) Read(p []byte) (n int, err error) { 36 return 0, r.err 37 } 38 39 type byteReader struct { 40 b byte 41 done bool 42 } 43 44 func (br *byteReader) Read(p []byte) (n int, err error) { 45 if br.done { 46 return 0, io.EOF 47 } 48 if len(p) == 0 { 49 return 0, nil 50 } 51 br.done = true 52 p[0] = br.b 53 return 1, io.EOF 54 } 55 56 // transferWriter inspects the fields of a user-supplied Request or Response, 57 // sanitizes them without changing the user object and provides methods for 58 // writing the respective header, body and trailer in wire format. 59 type transferWriter struct { 60 Method string 61 Body io.Reader 62 BodyCloser io.Closer 63 ResponseToHEAD bool 64 ContentLength int64 // -1 means unknown, 0 means exactly none 65 Close bool 66 TransferEncoding []string 67 Header Header 68 Trailer Header 69 IsResponse bool 70 bodyReadError error // any non-EOF error from reading Body 71 72 FlushHeaders bool // flush headers to network before body 73 ByteReadCh chan readResult // non-nil if probeRequestBody called 74 } 75 76 func newTransferWriter(r interface{}) (t *transferWriter, err error) { 77 t = &transferWriter{} 78 79 // Extract relevant fields 80 atLeastHTTP11 := false 81 switch rr := r.(type) { 82 case *Request: 83 if rr.ContentLength != 0 && rr.Body == nil { 84 return nil, fmt.Errorf("http: Request.ContentLength=%d with nil Body", rr.ContentLength) 85 } 86 t.Method = valueOrDefault(rr.Method, "GET") 87 t.Close = rr.Close 88 t.TransferEncoding = rr.TransferEncoding 89 t.Header = rr.Header 90 t.Trailer = rr.Trailer 91 t.Body = rr.Body 92 t.BodyCloser = rr.Body 93 t.ContentLength = rr.outgoingLength() 94 if t.ContentLength < 0 && len(t.TransferEncoding) == 0 && t.shouldSendChunkedRequestBody() { 95 t.TransferEncoding = []string{"chunked"} 96 } 97 // If there's a body, conservatively flush the headers 98 // to any bufio.Writer we're writing to, just in case 99 // the server needs the headers early, before we copy 100 // the body and possibly block. We make an exception 101 // for the common standard library in-memory types, 102 // though, to avoid unnecessary TCP packets on the 103 // wire. (Issue 22088.) 104 if t.ContentLength != 0 && !isKnownInMemoryReader(t.Body) { 105 t.FlushHeaders = true 106 } 107 108 atLeastHTTP11 = true // Transport requests are always 1.1 or 2.0 109 case *Response: 110 t.IsResponse = true 111 if rr.Request != nil { 112 t.Method = rr.Request.Method 113 } 114 t.Body = rr.Body 115 t.BodyCloser = rr.Body 116 t.ContentLength = rr.ContentLength 117 t.Close = rr.Close 118 t.TransferEncoding = rr.TransferEncoding 119 t.Header = rr.Header 120 t.Trailer = rr.Trailer 121 atLeastHTTP11 = rr.ProtoAtLeast(1, 1) 122 t.ResponseToHEAD = noResponseBodyExpected(t.Method) 123 } 124 125 // Sanitize Body,ContentLength,TransferEncoding 126 if t.ResponseToHEAD { 127 t.Body = nil 128 if chunked(t.TransferEncoding) { 129 t.ContentLength = -1 130 } 131 } else { 132 if !atLeastHTTP11 || t.Body == nil { 133 t.TransferEncoding = nil 134 } 135 if chunked(t.TransferEncoding) { 136 t.ContentLength = -1 137 } else if t.Body == nil { // no chunking, no body 138 t.ContentLength = 0 139 } 140 } 141 142 // Sanitize Trailer 143 if !chunked(t.TransferEncoding) { 144 t.Trailer = nil 145 } 146 147 return t, nil 148 } 149 150 // shouldSendChunkedRequestBody reports whether we should try to send a 151 // chunked request body to the server. In particular, the case we really 152 // want to prevent is sending a GET or other typically-bodyless request to a 153 // server with a chunked body when the body has zero bytes, since GETs with 154 // bodies (while acceptable according to specs), even zero-byte chunked 155 // bodies, are approximately never seen in the wild and confuse most 156 // servers. See Issue 18257, as one example. 157 // 158 // The only reason we'd send such a request is if the user set the Body to a 159 // non-nil value (say, io.NopCloser(bytes.NewReader(nil))) and didn't 160 // set ContentLength, or NewRequest set it to -1 (unknown), so then we assume 161 // there's bytes to send. 162 // 163 // This code tries to read a byte from the Request.Body in such cases to see 164 // whether the body actually has content (super rare) or is actually just 165 // a non-nil content-less ReadCloser (the more common case). In that more 166 // common case, we act as if their Body were nil instead, and don't send 167 // a body. 168 func (t *transferWriter) shouldSendChunkedRequestBody() bool { 169 // Note that t.ContentLength is the corrected content length 170 // from rr.outgoingLength, so 0 actually means zero, not unknown. 171 if t.ContentLength >= 0 || t.Body == nil { // redundant checks; caller did them 172 return false 173 } 174 if t.Method == "CONNECT" { 175 return false 176 } 177 if requestMethodUsuallyLacksBody(t.Method) { 178 // Only probe the Request.Body for GET/HEAD/DELETE/etc 179 // requests, because it's only those types of requests 180 // that confuse servers. 181 t.probeRequestBody() // adjusts t.Body, t.ContentLength 182 return t.Body != nil 183 } 184 // For all other request types (PUT, POST, PATCH, or anything 185 // made-up we've never heard of), assume it's normal and the server 186 // can deal with a chunked request body. Maybe we'll adjust this 187 // later. 188 return true 189 } 190 191 // probeRequestBody reads a byte from t.Body to see whether it's empty 192 // (returns io.EOF right away). 193 // 194 // But because we've had problems with this blocking users in the past 195 // (issue 17480) when the body is a pipe (perhaps waiting on the response 196 // headers before the pipe is fed data), we need to be careful and bound how 197 // long we wait for it. This delay will only affect users if all the following 198 // are true: 199 // * the request body blocks 200 // * the content length is not set (or set to -1) 201 // * the method doesn't usually have a body (GET, HEAD, DELETE, ...) 202 // * there is no transfer-encoding=chunked already set. 203 // In other words, this delay will not normally affect anybody, and there 204 // are workarounds if it does. 205 func (t *transferWriter) probeRequestBody() { 206 t.ByteReadCh = make(chan readResult, 1) 207 go func(body io.Reader) { 208 var buf [1]byte 209 var rres readResult 210 rres.n, rres.err = body.Read(buf[:]) 211 if rres.n == 1 { 212 rres.b = buf[0] 213 } 214 t.ByteReadCh <- rres 215 }(t.Body) 216 timer := time.NewTimer(200 * time.Millisecond) 217 select { 218 case rres := <-t.ByteReadCh: 219 timer.Stop() 220 if rres.n == 0 && rres.err == io.EOF { 221 // It was empty. 222 t.Body = nil 223 t.ContentLength = 0 224 } else if rres.n == 1 { 225 if rres.err != nil { 226 t.Body = io.MultiReader(&byteReader{b: rres.b}, errorReader{rres.err}) 227 } else { 228 t.Body = io.MultiReader(&byteReader{b: rres.b}, t.Body) 229 } 230 } else if rres.err != nil { 231 t.Body = errorReader{rres.err} 232 } 233 case <-timer.C: 234 // Too slow. Don't wait. Read it later, and keep 235 // assuming that this is ContentLength == -1 236 // (unknown), which means we'll send a 237 // "Transfer-Encoding: chunked" header. 238 t.Body = io.MultiReader(finishAsyncByteRead{t}, t.Body) 239 // Request that Request.Write flush the headers to the 240 // network before writing the body, since our body may not 241 // become readable until it's seen the response headers. 242 t.FlushHeaders = true 243 } 244 } 245 246 func noResponseBodyExpected(requestMethod string) bool { 247 return requestMethod == "HEAD" 248 } 249 250 func (t *transferWriter) shouldSendContentLength() bool { 251 if chunked(t.TransferEncoding) { 252 return false 253 } 254 if t.ContentLength > 0 { 255 return true 256 } 257 if t.ContentLength < 0 { 258 return false 259 } 260 // Many servers expect a Content-Length for these methods 261 if t.Method == "POST" || t.Method == "PUT" || t.Method == "PATCH" { 262 return true 263 } 264 if t.ContentLength == 0 && isIdentity(t.TransferEncoding) { 265 if t.Method == "GET" || t.Method == "HEAD" { 266 return false 267 } 268 return true 269 } 270 271 return false 272 } 273 274 const ( 275 ContentLengthEmpty = "EMPTY_CONTENT_LENGTH" 276 ContentLengthDelete = "DELETE_CONTENT_LENGTH" 277 ) 278 279 // addHeaders adds transfer headers to an existing header object 280 func (t *transferWriter) addHeaders(hdrs *Header, trace *httptrace.ClientTrace) error { 281 if t.Close && !hasToken(t.Header.get("Connection"), "close") { 282 hdrs.Add("Connection", "close") 283 if trace != nil && trace.WroteHeaderField != nil { 284 trace.WroteHeaderField("Connection", []string{"close"}) 285 } 286 } 287 288 // Write Content-Length and/or Transfer-Encoding whose Values are a 289 // function of the sanitized field triple (Body, ContentLength, 290 // TransferEncoding) 291 if t.shouldSendContentLength() { 292 // Only set content-length header is it is not already present, allowing 293 // users to set their own content-length header 294 cl := hdrs.Get("Content-Length") 295 switch cl { 296 case "": 297 hdrs.Add("Content-Length", strconv.FormatInt(t.ContentLength, 10)) 298 case ContentLengthEmpty: 299 hdrs.Del("Content-Length") 300 hdrs.Add("Content-Length", "") 301 case ContentLengthDelete: 302 hdrs.Del("Content-Length") 303 } 304 if trace != nil && trace.WroteHeaderField != nil { 305 trace.WroteHeaderField("Content-Length", []string{strconv.FormatInt(t.ContentLength, 10)}) 306 } 307 } else if chunked(t.TransferEncoding) { 308 if hdrs.Get("Transfer-Encoding") == "" { 309 hdrs.Add("Transfer-Encoding", "chunked") 310 } 311 if trace != nil && trace.WroteHeaderField != nil { 312 trace.WroteHeaderField("Transfer-Encoding", []string{"chunked"}) 313 } 314 } 315 316 // Write Trailer header 317 if t.Trailer != nil { 318 keys := make([]string, 0, len(t.Trailer)) 319 for k := range t.Trailer { 320 k = CanonicalHeaderKey(k) 321 switch k { 322 case "Transfer-Encoding", "Trailer", "Content-Length": 323 return badStringError("invalid Trailer Key", k) 324 } 325 keys = append(keys, k) 326 } 327 if len(keys) > 0 { 328 sort.Strings(keys) 329 // TODO: could do better allocation-wise here, but trailers are rare, 330 // so being lazy for now. 331 hdrs.Add("Trailer", strings.Join(keys, ",")) 332 if trace != nil && trace.WroteHeaderField != nil { 333 trace.WroteHeaderField("Trailer", keys) 334 } 335 } 336 } 337 338 return nil 339 } 340 341 func (t *transferWriter) writeHeader(w io.Writer, trace *httptrace.ClientTrace) error { 342 if t.Close && !hasToken(t.Header.get("Connection"), "close") { 343 if _, err := io.WriteString(w, "Connection: close\r\n"); err != nil { 344 return err 345 } 346 if trace != nil && trace.WroteHeaderField != nil { 347 trace.WroteHeaderField("Connection", []string{"close"}) 348 } 349 } 350 351 // Write Content-Length and/or Transfer-Encoding whose Values are a 352 // function of the sanitized field triple (Body, ContentLength, 353 // TransferEncoding) 354 if t.shouldSendContentLength() { 355 if _, err := io.WriteString(w, "Content-Length: "); err != nil { 356 return err 357 } 358 if _, err := io.WriteString(w, strconv.FormatInt(t.ContentLength, 10)+"\r\n"); err != nil { 359 return err 360 } 361 if trace != nil && trace.WroteHeaderField != nil { 362 trace.WroteHeaderField("Content-Length", []string{strconv.FormatInt(t.ContentLength, 10)}) 363 } 364 } else if chunked(t.TransferEncoding) { 365 if _, err := io.WriteString(w, "Transfer-Encoding: chunked\r\n"); err != nil { 366 return err 367 } 368 if trace != nil && trace.WroteHeaderField != nil { 369 trace.WroteHeaderField("Transfer-Encoding", []string{"chunked"}) 370 } 371 } 372 373 // Write Trailer header 374 if t.Trailer != nil { 375 keys := make([]string, 0, len(t.Trailer)) 376 for k := range t.Trailer { 377 k = CanonicalHeaderKey(k) 378 switch k { 379 case "Transfer-Encoding", "Trailer", "Content-Length": 380 return badStringError("invalid Trailer Key", k) 381 } 382 keys = append(keys, k) 383 } 384 if len(keys) > 0 { 385 sort.Strings(keys) 386 // TODO: could do better allocation-wise here, but trailers are rare, 387 // so being lazy for now. 388 if _, err := io.WriteString(w, "Trailer: "+strings.Join(keys, ",")+"\r\n"); err != nil { 389 return err 390 } 391 if trace != nil && trace.WroteHeaderField != nil { 392 trace.WroteHeaderField("Trailer", keys) 393 } 394 } 395 } 396 397 return nil 398 } 399 400 // always closes t.BodyCloser 401 func (t *transferWriter) writeBody(w io.Writer) (err error) { 402 var ncopy int64 403 closed := false 404 defer func() { 405 if closed || t.BodyCloser == nil { 406 return 407 } 408 if closeErr := t.BodyCloser.Close(); closeErr != nil && err == nil { 409 err = closeErr 410 } 411 }() 412 413 // Write body. We "unwrap" the body first if it was wrapped in a 414 // nopCloser or readTrackingBody. This is to ensure that we can take advantage of 415 // OS-level optimizations in the event that the body is an 416 // *os.File. 417 if t.Body != nil { 418 var body = t.unwrapBody() 419 if chunked(t.TransferEncoding) { 420 if bw, ok := w.(*bufio.Writer); ok && !t.IsResponse { 421 w = &internal.FlushAfterChunkWriter{Writer: bw} 422 } 423 cw := internal.NewChunkedWriter(w) 424 _, err = t.doBodyCopy(cw, body) 425 if err == nil { 426 err = cw.Close() 427 } 428 } else if t.ContentLength == -1 { 429 dst := w 430 if t.Method == "CONNECT" { 431 dst = bufioFlushWriter{dst} 432 } 433 ncopy, err = t.doBodyCopy(dst, body) 434 } else { 435 ncopy, err = t.doBodyCopy(w, io.LimitReader(body, t.ContentLength)) 436 if err != nil { 437 return err 438 } 439 var nextra int64 440 nextra, err = t.doBodyCopy(io.Discard, body) 441 ncopy += nextra 442 } 443 if err != nil { 444 return err 445 } 446 } 447 if t.BodyCloser != nil { 448 closed = true 449 if err := t.BodyCloser.Close(); err != nil { 450 return err 451 } 452 } 453 454 if !t.ResponseToHEAD && t.ContentLength != -1 && t.ContentLength != ncopy { 455 return fmt.Errorf("http: ContentLength=%d with Body length %d", 456 t.ContentLength, ncopy) 457 } 458 459 if chunked(t.TransferEncoding) { 460 // Write Trailer header 461 if t.Trailer != nil { 462 if err := t.Trailer.Write(w); err != nil { 463 return err 464 } 465 } 466 // Last chunk, empty trailer 467 _, err = io.WriteString(w, "\r\n") 468 } 469 return err 470 } 471 472 // doBodyCopy wraps a copy operation, with any resulting error also 473 // being saved in bodyReadError. 474 // 475 // This function is only intended for use in writeBody. 476 func (t *transferWriter) doBodyCopy(dst io.Writer, src io.Reader) (n int64, err error) { 477 n, err = io.Copy(dst, src) 478 if err != nil && err != io.EOF { 479 t.bodyReadError = err 480 } 481 return 482 } 483 484 // unwrapBodyReader unwraps the body's inner reader if it's a 485 // nopCloser. This is to ensure that body writes sourced from local 486 // files (*os.File types) are properly optimized. 487 // 488 // This function is only intended for use in writeBody. 489 func (t *transferWriter) unwrapBody() io.Reader { 490 if reflect.TypeOf(t.Body) == nopCloserType { 491 return reflect.ValueOf(t.Body).Field(0).Interface().(io.Reader) 492 } 493 if r, ok := t.Body.(*readTrackingBody); ok { 494 r.didRead = true 495 return r.ReadCloser 496 } 497 return t.Body 498 } 499 500 type transferReader struct { 501 // Input 502 Header Header 503 StatusCode int 504 RequestMethod string 505 ProtoMajor int 506 ProtoMinor int 507 // Output 508 Body io.ReadCloser 509 ContentLength int64 510 Chunked bool 511 Close bool 512 Trailer Header 513 } 514 515 func (t *transferReader) protoAtLeast(m, n int) bool { 516 return t.ProtoMajor > m || (t.ProtoMajor == m && t.ProtoMinor >= n) 517 } 518 519 // bodyAllowedForStatus reports whether a given response status code 520 // permits a body. See RFC 7230, section 3.3. 521 func bodyAllowedForStatus(status int) bool { 522 switch { 523 case status >= 100 && status <= 199: 524 return false 525 case status == 204: 526 return false 527 case status == 304: 528 return false 529 } 530 return true 531 } 532 533 var ( 534 suppressedHeaders304 = []string{"Content-Type", "Content-Length", "Transfer-Encoding"} 535 suppressedHeadersNoBody = []string{"Content-Length", "Transfer-Encoding"} 536 ) 537 538 func suppressedHeaders(status int) []string { 539 switch { 540 case status == 304: 541 // RFC 7232 section 4.1 542 return suppressedHeaders304 543 case !bodyAllowedForStatus(status): 544 return suppressedHeadersNoBody 545 } 546 return nil 547 } 548 549 // msg is *Request or *Response. 550 func readTransfer(msg interface{}, r *bufio.Reader) (err error) { 551 t := &transferReader{RequestMethod: "GET"} 552 553 // Unify input 554 isResponse := false 555 switch rr := msg.(type) { 556 case *Response: 557 t.Header = rr.Header 558 t.StatusCode = rr.StatusCode 559 t.ProtoMajor = rr.ProtoMajor 560 t.ProtoMinor = rr.ProtoMinor 561 t.Close = shouldClose(t.ProtoMajor, t.ProtoMinor, t.Header, true) 562 isResponse = true 563 if rr.Request != nil { 564 t.RequestMethod = rr.Request.Method 565 } 566 case *Request: 567 t.Header = rr.Header 568 t.RequestMethod = rr.Method 569 t.ProtoMajor = rr.ProtoMajor 570 t.ProtoMinor = rr.ProtoMinor 571 // Transfer semantics for Requests are exactly like those for 572 // Responses with status code 200, responding to a GET method 573 t.StatusCode = 200 574 t.Close = rr.Close 575 default: 576 panic("unexpected type") 577 } 578 579 // Default to HTTP/1.1 580 if t.ProtoMajor == 0 && t.ProtoMinor == 0 { 581 t.ProtoMajor, t.ProtoMinor = 1, 1 582 } 583 584 // Transfer-Encoding: chunked, and overriding Content-Length. 585 if err := t.parseTransferEncoding(); err != nil { 586 return err 587 } 588 589 realLength, err := fixLength(isResponse, t.StatusCode, t.RequestMethod, t.Header, t.Chunked) 590 if err != nil { 591 return err 592 } 593 if isResponse && t.RequestMethod == "HEAD" { 594 if n, err := parseContentLength(t.Header.get("Content-Length")); err != nil { 595 return err 596 } else { 597 t.ContentLength = n 598 } 599 } else { 600 t.ContentLength = realLength 601 } 602 603 // Trailer 604 t.Trailer, err = fixTrailer(t.Header, t.Chunked) 605 if err != nil { 606 return err 607 } 608 609 // If there is no Content-Length or chunked Transfer-Encoding on a *Response 610 // and the status is not 1xx, 204 or 304, then the body is unbounded. 611 // See RFC 7230, section 3.3. 612 switch msg.(type) { 613 case *Response: 614 if realLength == -1 && !t.Chunked && bodyAllowedForStatus(t.StatusCode) { 615 // Unbounded body. 616 t.Close = true 617 } 618 } 619 620 // Prepare body reader. ContentLength < 0 means chunked encoding 621 // or close connection when finished, since multipart is not supported yet 622 switch { 623 case t.Chunked: 624 if noResponseBodyExpected(t.RequestMethod) || !bodyAllowedForStatus(t.StatusCode) { 625 t.Body = NoBody 626 } else { 627 t.Body = &body{src: internal.NewChunkedReader(r), hdr: msg, r: r, closing: t.Close} 628 } 629 case realLength == 0: 630 t.Body = NoBody 631 case realLength > 0: 632 t.Body = &body{src: io.LimitReader(r, realLength), closing: t.Close} 633 default: 634 // realLength < 0, i.e. "Content-Length" not mentioned in header 635 if t.Close { 636 // Close semantics (i.e. HTTP/1.0) 637 t.Body = &body{src: r, closing: t.Close} 638 } else { 639 // Persistent connection (i.e. HTTP/1.1) 640 t.Body = NoBody 641 } 642 } 643 644 // Unify output 645 switch rr := msg.(type) { 646 case *Request: 647 rr.Body = t.Body 648 rr.ContentLength = t.ContentLength 649 if t.Chunked { 650 rr.TransferEncoding = []string{"chunked"} 651 } 652 rr.Close = t.Close 653 rr.Trailer = t.Trailer 654 case *Response: 655 rr.Body = t.Body 656 rr.ContentLength = t.ContentLength 657 if t.Chunked { 658 rr.TransferEncoding = []string{"chunked"} 659 } 660 rr.Close = t.Close 661 rr.Trailer = t.Trailer 662 } 663 664 return nil 665 } 666 667 // Checks whether chunked is part of the encodings stack 668 func chunked(te []string) bool { return len(te) > 0 && te[0] == "chunked" } 669 670 // Checks whether the encoding is explicitly "identity". 671 func isIdentity(te []string) bool { return len(te) == 1 && te[0] == "identity" } 672 673 // unsupportedTEError reports unsupported transfer-encodings. 674 type unsupportedTEError struct { 675 err string 676 } 677 678 func (uste *unsupportedTEError) Error() string { 679 return uste.err 680 } 681 682 // isUnsupportedTEError checks if the error is of type 683 // unsupportedTEError. It is usually invoked with a non-nil err. 684 func isUnsupportedTEError(err error) bool { 685 _, ok := err.(*unsupportedTEError) 686 return ok 687 } 688 689 // parseTransferEncoding sets t.Chunked based on the Transfer-Encoding header. 690 func (t *transferReader) parseTransferEncoding() error { 691 raw, present := t.Header["Transfer-Encoding"] 692 if !present { 693 return nil 694 } 695 delete(t.Header, "Transfer-Encoding") 696 697 // Issue 12785; ignore Transfer-Encoding on HTTP/1.0 requests. 698 if !t.protoAtLeast(1, 1) { 699 return nil 700 } 701 702 // Like nginx, we only support a single Transfer-Encoding header field, and 703 // only if set to "chunked". This is one of the most security sensitive 704 // surfaces in HTTP/1.1 due to the risk of request smuggling, so we keep it 705 // strict and simple. 706 if len(raw) != 1 { 707 return &unsupportedTEError{fmt.Sprintf("too many transfer encodings: %q", raw)} 708 } 709 if strings.ToLower(textproto.TrimString(raw[0])) != "chunked" { 710 return &unsupportedTEError{fmt.Sprintf("unsupported transfer encoding: %q", raw[0])} 711 } 712 713 // RFC 7230 3.3.2 says "A sender MUST NOT send a Content-Length header field 714 // in any message that contains a Transfer-Encoding header field." 715 // 716 // but also: "If a message is received with both a Transfer-Encoding and a 717 // Content-Length header field, the Transfer-Encoding overrides the 718 // Content-Length. Such a message might indicate an attempt to perform 719 // request smuggling (Section 9.5) or response splitting (Section 9.4) and 720 // ought to be handled as an error. A sender MUST remove the received 721 // Content-Length field prior to forwarding such a message downstream." 722 // 723 // Reportedly, these appear in the wild. 724 delete(t.Header, "Content-Length") 725 726 t.Chunked = true 727 return nil 728 } 729 730 // Determine the expected body length, using RFC 7230 Section 3.3. This 731 // function is not a method, because ultimately it should be shared by 732 // ReadResponse and ReadRequest. 733 func fixLength(isResponse bool, status int, requestMethod string, header Header, chunked bool) (int64, error) { 734 isRequest := !isResponse 735 contentLens := header["Content-Length"] 736 737 // Hardening against HTTP request smuggling 738 if len(contentLens) > 1 { 739 // Per RFC 7230 Section 3.3.2, prevent multiple 740 // Content-Length headers if they differ in value. 741 // If there are dups of the value, remove the dups. 742 // See Issue 16490. 743 first := textproto.TrimString(contentLens[0]) 744 for _, ct := range contentLens[1:] { 745 if first != textproto.TrimString(ct) { 746 return 0, fmt.Errorf("http: message cannot contain multiple Content-Length headers; got %q", contentLens) 747 } 748 } 749 750 // deduplicate Content-Length 751 header.Del("Content-Length") 752 header.Add("Content-Length", first) 753 754 contentLens = header["Content-Length"] 755 } 756 757 // Logic based on response type or status 758 if noResponseBodyExpected(requestMethod) { 759 // For HTTP requests, as part of hardening against request 760 // smuggling (RFC 7230), don't allow a Content-Length header for 761 // methods which don't permit bodies. As an exception, allow 762 // exactly one Content-Length header if its value is "0". 763 if isRequest && len(contentLens) > 0 && !(len(contentLens) == 1 && contentLens[0] == "0") { 764 return 0, fmt.Errorf("http: method cannot contain a Content-Length; got %q", contentLens) 765 } 766 return 0, nil 767 } 768 if status/100 == 1 { 769 return 0, nil 770 } 771 switch status { 772 case 204, 304: 773 return 0, nil 774 } 775 776 // Logic based on Transfer-Encoding 777 if chunked { 778 return -1, nil 779 } 780 781 // Logic based on Content-Length 782 var cl string 783 if len(contentLens) == 1 { 784 cl = textproto.TrimString(contentLens[0]) 785 } 786 if cl != "" { 787 n, err := parseContentLength(cl) 788 if err != nil { 789 return -1, err 790 } 791 return n, nil 792 } 793 header.Del("Content-Length") 794 795 if isRequest { 796 // RFC 7230 neither explicitly permits nor forbids an 797 // entity-body on a GET request so we permit one if 798 // declared, but we default to 0 here (not -1 below) 799 // if there's no mention of a body. 800 // Likewise, all other request methods are assumed to have 801 // no body if neither Transfer-Encoding chunked nor a 802 // Content-Length are set. 803 return 0, nil 804 } 805 806 // Body-EOF logic based on other methods (like closing, or chunked coding) 807 return -1, nil 808 } 809 810 // Determine whether to hang up after sending a request and body, or 811 // receiving a response and body 812 // 'header' is the request headers 813 func shouldClose(major, minor int, header Header, removeCloseHeader bool) bool { 814 if major < 1 { 815 return true 816 } 817 818 conv := header["Connection"] 819 hasClose := httpguts.HeaderValuesContainsToken(conv, "close") 820 if major == 1 && minor == 0 { 821 return hasClose || !httpguts.HeaderValuesContainsToken(conv, "keep-alive") 822 } 823 824 if hasClose && removeCloseHeader { 825 header.Del("Connection") 826 } 827 828 return hasClose 829 } 830 831 // Parse the trailer header 832 func fixTrailer(header Header, chunked bool) (Header, error) { 833 vv, ok := header["Trailer"] 834 if !ok { 835 return nil, nil 836 } 837 if !chunked { 838 // Trailer and no chunking: 839 // this is an invalid use case for trailer header. 840 // Nevertheless, no error will be returned and we 841 // let users decide if this is a valid HTTP message. 842 // The Trailer header will be kept in Response.Header 843 // but not populate Response.Trailer. 844 // See issue #27197. 845 return nil, nil 846 } 847 header.Del("Trailer") 848 849 trailer := make(Header) 850 var err error 851 for _, v := range vv { 852 foreachHeaderElement(v, func(key string) { 853 key = CanonicalHeaderKey(key) 854 switch key { 855 case "Transfer-Encoding", "Trailer", "Content-Length": 856 if err == nil { 857 err = badStringError("bad trailer Key", key) 858 return 859 } 860 } 861 trailer[key] = nil 862 }) 863 } 864 if err != nil { 865 return nil, err 866 } 867 if len(trailer) == 0 { 868 return nil, nil 869 } 870 return trailer, nil 871 } 872 873 // body turns a Reader into a ReadCloser. 874 // Close ensures that the body has been fully read 875 // and then reads the trailer if necessary. 876 type body struct { 877 src io.Reader 878 hdr interface{} // non-nil (Response or Request) value means read trailer 879 r *bufio.Reader // underlying wire-format reader for the trailer 880 closing bool // is the connection to be closed after reading body? 881 doEarlyClose bool // whether Close should stop early 882 883 mu sync.Mutex // guards following, and calls to Read and Close 884 sawEOF bool 885 closed bool 886 earlyClose bool // Close called and we didn't read to the end of src 887 onHitEOF func() // if non-nil, func to call when EOF is Read 888 } 889 890 // ErrBodyReadAfterClose is returned when reading a Request or Response 891 // Body after the body has been closed. This typically happens when the body is 892 // read after an HTTP Handler calls WriteHeader or Write on its 893 // ResponseWriter. 894 var ErrBodyReadAfterClose = errors.New("http: invalid Read on closed Body") 895 896 func (b *body) Read(p []byte) (n int, err error) { 897 b.mu.Lock() 898 defer b.mu.Unlock() 899 if b.closed { 900 return 0, ErrBodyReadAfterClose 901 } 902 return b.readLocked(p) 903 } 904 905 // Must hold b.mu. 906 func (b *body) readLocked(p []byte) (n int, err error) { 907 if b.sawEOF { 908 return 0, io.EOF 909 } 910 n, err = b.src.Read(p) 911 912 if err == io.EOF { 913 b.sawEOF = true 914 // Chunked case. Read the trailer. 915 if b.hdr != nil { 916 if e := b.readTrailer(); e != nil { 917 err = e 918 // Something went wrong in the trailer, we must not allow any 919 // further reads of any kind to succeed from body, nor any 920 // subsequent requests on the server connection. See 921 // golang.org/issue/12027 922 b.sawEOF = false 923 b.closed = true 924 } 925 b.hdr = nil 926 } else { 927 // If the server declared the Content-Length, our body is a LimitedReader 928 // and we need to check whether this EOF arrived early. 929 if lr, ok := b.src.(*io.LimitedReader); ok && lr.N > 0 { 930 err = io.ErrUnexpectedEOF 931 } 932 } 933 } 934 935 // If we can return an EOF here along with the read data, do 936 // so. This is optional per the io.Reader contract, but doing 937 // so helps the HTTP transport code recycle its connection 938 // earlier (since it will see this EOF itself), even if the 939 // client doesn't do future reads or Close. 940 if err == nil && n > 0 { 941 if lr, ok := b.src.(*io.LimitedReader); ok && lr.N == 0 { 942 err = io.EOF 943 b.sawEOF = true 944 } 945 } 946 947 if b.sawEOF && b.onHitEOF != nil { 948 b.onHitEOF() 949 } 950 951 return n, err 952 } 953 954 var ( 955 singleCRLF = []byte("\r\n") 956 doubleCRLF = []byte("\r\n\r\n") 957 ) 958 959 func seeUpcomingDoubleCRLF(r *bufio.Reader) bool { 960 for peekSize := 4; ; peekSize++ { 961 // This loop stops when Peek returns an error, 962 // which it does when r's buffer has been filled. 963 buf, err := r.Peek(peekSize) 964 if bytes.HasSuffix(buf, doubleCRLF) { 965 return true 966 } 967 if err != nil { 968 break 969 } 970 } 971 return false 972 } 973 974 var errTrailerEOF = errors.New("http: unexpected EOF reading trailer") 975 976 func (b *body) readTrailer() error { 977 // The common case, since nobody uses trailers. 978 buf, err := b.r.Peek(2) 979 if bytes.Equal(buf, singleCRLF) { 980 b.r.Discard(2) 981 return nil 982 } 983 if len(buf) < 2 { 984 return errTrailerEOF 985 } 986 if err != nil { 987 return err 988 } 989 990 // Make sure there's a header terminator coming up, to prevent 991 // a DoS with an unbounded size Trailer. It's not easy to 992 // slip in a LimitReader here, as textproto.NewReader requires 993 // a concrete *bufio.Reader. Also, we can't get all the way 994 // back up to our conn's LimitedReader that *might* be backing 995 // this bufio.Reader. Instead, a hack: we iteratively Peek up 996 // to the bufio.Reader's max size, looking for a double CRLF. 997 // This limits the trailer to the underlying buffer size, typically 4kB. 998 if !seeUpcomingDoubleCRLF(b.r) { 999 return errors.New("http: suspiciously long trailer after chunked body") 1000 } 1001 1002 hdr, err := textproto.NewReader(b.r).ReadMIMEHeader() 1003 if err != nil { 1004 if err == io.EOF { 1005 return errTrailerEOF 1006 } 1007 return err 1008 } 1009 switch rr := b.hdr.(type) { 1010 case *Request: 1011 mergeSetHeader(&rr.Trailer, Header(hdr)) 1012 case *Response: 1013 mergeSetHeader(&rr.Trailer, Header(hdr)) 1014 } 1015 return nil 1016 } 1017 1018 func mergeSetHeader(dst *Header, src Header) { 1019 if *dst == nil { 1020 *dst = src 1021 return 1022 } 1023 for k, vv := range src { 1024 (*dst)[k] = vv 1025 } 1026 } 1027 1028 // unreadDataSizeLocked returns the number of bytes of unread input. 1029 // It returns -1 if unknown. 1030 // b.mu must be held. 1031 func (b *body) unreadDataSizeLocked() int64 { 1032 if lr, ok := b.src.(*io.LimitedReader); ok { 1033 return lr.N 1034 } 1035 return -1 1036 } 1037 1038 func (b *body) Close() error { 1039 b.mu.Lock() 1040 defer b.mu.Unlock() 1041 if b.closed { 1042 return nil 1043 } 1044 var err error 1045 switch { 1046 case b.sawEOF: 1047 // Already saw EOF, so no need going to look for it. 1048 case b.hdr == nil && b.closing: 1049 // no trailer and closing the connection next. 1050 // no point in reading to EOF. 1051 case b.doEarlyClose: 1052 // Read up to maxPostHandlerReadBytes bytes of the body, looking 1053 // for EOF (and trailers), so we can re-use this connection. 1054 if lr, ok := b.src.(*io.LimitedReader); ok && lr.N > maxPostHandlerReadBytes { 1055 // There was a declared Content-Length, and we have more bytes remaining 1056 // than our maxPostHandlerReadBytes tolerance. So, give up. 1057 b.earlyClose = true 1058 } else { 1059 var n int64 1060 // Consume the body, or, which will also lead to us reading 1061 // the trailer headers after the body, if present. 1062 n, err = io.CopyN(io.Discard, bodyLocked{b}, maxPostHandlerReadBytes) 1063 if err == io.EOF { 1064 err = nil 1065 } 1066 if n == maxPostHandlerReadBytes { 1067 b.earlyClose = true 1068 } 1069 } 1070 default: 1071 // Fully consume the body, which will also lead to us reading 1072 // the trailer headers after the body, if present. 1073 _, err = io.Copy(io.Discard, bodyLocked{b}) 1074 } 1075 b.closed = true 1076 return err 1077 } 1078 1079 func (b *body) didEarlyClose() bool { 1080 b.mu.Lock() 1081 defer b.mu.Unlock() 1082 return b.earlyClose 1083 } 1084 1085 // bodyRemains reports whether future Read calls might 1086 // yield data. 1087 func (b *body) bodyRemains() bool { 1088 b.mu.Lock() 1089 defer b.mu.Unlock() 1090 return !b.sawEOF 1091 } 1092 1093 func (b *body) registerOnHitEOF(fn func()) { 1094 b.mu.Lock() 1095 defer b.mu.Unlock() 1096 b.onHitEOF = fn 1097 } 1098 1099 // bodyLocked is a io.Reader reading from a *body when its mutex is 1100 // already held. 1101 type bodyLocked struct { 1102 b *body 1103 } 1104 1105 func (bl bodyLocked) Read(p []byte) (n int, err error) { 1106 if bl.b.closed { 1107 return 0, ErrBodyReadAfterClose 1108 } 1109 return bl.b.readLocked(p) 1110 } 1111 1112 // parseContentLength trims whitespace from s and returns -1 if no value 1113 // is set, or the value if it's >= 0. 1114 func parseContentLength(cl string) (int64, error) { 1115 cl = textproto.TrimString(cl) 1116 if cl == "" { 1117 return -1, nil 1118 } 1119 n, err := strconv.ParseUint(cl, 10, 63) 1120 if err != nil { 1121 return 0, badStringError("bad Content-Length", cl) 1122 } 1123 return int64(n), nil 1124 1125 } 1126 1127 // finishAsyncByteRead finishes reading the 1-byte sniff 1128 // from the ContentLength==0, Body!=nil case. 1129 type finishAsyncByteRead struct { 1130 tw *transferWriter 1131 } 1132 1133 func (fr finishAsyncByteRead) Read(p []byte) (n int, err error) { 1134 if len(p) == 0 { 1135 return 1136 } 1137 rres := <-fr.tw.ByteReadCh 1138 n, err = rres.n, rres.err 1139 if n == 1 { 1140 p[0] = rres.b 1141 } 1142 return 1143 } 1144 1145 var nopCloserType = reflect.TypeOf(io.NopCloser(nil)) 1146 1147 // isKnownInMemoryReader reports whether r is a type known to not 1148 // block on Read. Its caller uses this as an optional optimization to 1149 // send fewer TCP packets. 1150 func isKnownInMemoryReader(r io.Reader) bool { 1151 switch r.(type) { 1152 case *bytes.Reader, *bytes.Buffer, *strings.Reader: 1153 return true 1154 } 1155 if reflect.TypeOf(r) == nopCloserType { 1156 return isKnownInMemoryReader(reflect.ValueOf(r).Field(0).Interface().(io.Reader)) 1157 } 1158 if r, ok := r.(*readTrackingBody); ok { 1159 return isKnownInMemoryReader(r.ReadCloser) 1160 } 1161 return false 1162 } 1163 1164 // bufioFlushWriter is an io.Writer wrapper that flushes all writes 1165 // on its wrapped writer if it's a *bufio.Writer. 1166 type bufioFlushWriter struct{ w io.Writer } 1167 1168 func (fw bufioFlushWriter) Write(p []byte) (n int, err error) { 1169 n, err = fw.w.Write(p) 1170 if bw, ok := fw.w.(*bufio.Writer); n > 0 && ok { 1171 ferr := bw.Flush() 1172 if ferr != nil && err == nil { 1173 err = ferr 1174 } 1175 } 1176 return 1177 }