1 /***************************************************************************
2  *                                  _   _ ____  _
3  *  Project                     ___| | | |  _ \| |
4  *                             / __| | | | |_) | |
5  *                            | (__| |_| |  _ <| |___
6  *                             \___|\___/|_| \_\_____|
7  *
8  * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
9  *
10  * This software is licensed as described in the file COPYING, which
11  * you should have received as part of this distribution. The terms
12  * are also available at https://curl.haxx.se/docs/copyright.html.
13  *
14  * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15  * copies of the Software, and permit persons to whom the Software is
16  * furnished to do so, under the terms of the COPYING file.
17  *
18  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19  * KIND, either express or implied.
20  *
21  ***************************************************************************/
22 #include "tool_setup.h"
23 
24 #include "strcase.h"
25 
26 #define ENABLE_CURLX_PRINTF
27 /* use our own printf() functions */
28 #include "curlx.h"
29 
30 #include "tool_cfgable.h"
31 #include "tool_doswin.h"
32 #include "tool_msgs.h"
33 #include "tool_cb_hdr.h"
34 #include "tool_cb_wrt.h"
35 #include "tool_operate.h"
36 
37 #include "memdebug.h" /* keep this as LAST include */
38 
39 static char *parse_filename(const char *ptr, size_t len);
40 
41 #ifdef WIN32
42 #define BOLD
43 #define BOLDOFF
44 #else
45 #define BOLD "\x1b[1m"
46 /* Switch off bold by setting "all attributes off" since the explicit
47    bold-off code (21) isn't supported everywhere - like in the mac
48    Terminal. */
49 #define BOLDOFF "\x1b[0m"
50 #endif
51 
52 /*
53 ** callback for CURLOPT_HEADERFUNCTION
54 */
55 
tool_header_cb(char * ptr,size_t size,size_t nmemb,void * userdata)56 size_t tool_header_cb(char *ptr, size_t size, size_t nmemb, void *userdata)
57 {
58   struct per_transfer *per = userdata;
59   struct HdrCbData *hdrcbdata = &per->hdrcbdata;
60   struct OutStruct *outs = &per->outs;
61   struct OutStruct *heads = &per->heads;
62   struct OutStruct *etag_save = &per->etag_save;
63   const char *str = ptr;
64   const size_t cb = size * nmemb;
65   const char *end = (char *)ptr + cb;
66   long protocol = 0;
67 
68   /*
69    * Once that libcurl has called back tool_header_cb() the returned value
70    * is checked against the amount that was intended to be written, if
71    * it does not match then it fails with CURLE_WRITE_ERROR. So at this
72    * point returning a value different from sz*nmemb indicates failure.
73    */
74   size_t failure = (size && nmemb) ? 0 : 1;
75 
76   if(!per->config)
77     return failure;
78 
79 #ifdef DEBUGBUILD
80   if(size * nmemb > (size_t)CURL_MAX_HTTP_HEADER) {
81     warnf(per->config->global, "Header data exceeds single call write "
82           "limit!\n");
83     return failure;
84   }
85 #endif
86 
87   /*
88    * Write header data when curl option --dump-header (-D) is given.
89    */
90 
91   if(per->config->headerfile && heads->stream) {
92     size_t rc = fwrite(ptr, size, nmemb, heads->stream);
93     if(rc != cb)
94       return rc;
95     /* flush the stream to send off what we got earlier */
96     (void)fflush(heads->stream);
97   }
98 
99   /*
100    * Write etag to file when --etag-save option is given.
101    */
102   if(per->config->etag_save_file && etag_save->stream) {
103     /* match only header that start with etag (case insensitive) */
104     if(curl_strnequal(str, "etag:", 5)) {
105       const char *etag_h = &str[5];
106       const char *eot = end - 1;
107       if(*eot == '\n') {
108         while(ISSPACE(*etag_h) && (etag_h < eot))
109           etag_h++;
110         while(ISSPACE(*eot))
111           eot--;
112 
113         if(eot >= etag_h) {
114           size_t etag_length = eot - etag_h + 1;
115           fwrite(etag_h, size, etag_length, etag_save->stream);
116           /* terminate with newline */
117           fputc('\n', etag_save->stream);
118           (void)fflush(etag_save->stream);
119         }
120       }
121     }
122   }
123 
124   /*
125    * This callback sets the filename where output shall be written when
126    * curl options --remote-name (-O) and --remote-header-name (-J) have
127    * been simultaneously given and additionally server returns an HTTP
128    * Content-Disposition header specifying a filename property.
129    */
130 
131   curl_easy_getinfo(per->curl, CURLINFO_PROTOCOL, &protocol);
132   if(hdrcbdata->honor_cd_filename &&
133      (cb > 20) && checkprefix("Content-disposition:", str) &&
134      (protocol & (CURLPROTO_HTTPS|CURLPROTO_HTTP))) {
135     const char *p = str + 20;
136 
137     /* look for the 'filename=' parameter
138        (encoded filenames (*=) are not supported) */
139     for(;;) {
140       char *filename;
141       size_t len;
142 
143       while(*p && (p < end) && !ISALPHA(*p))
144         p++;
145       if(p > end - 9)
146         break;
147 
148       if(memcmp(p, "filename=", 9)) {
149         /* no match, find next parameter */
150         while((p < end) && (*p != ';'))
151           p++;
152         continue;
153       }
154       p += 9;
155 
156       /* this expression below typecasts 'cb' only to avoid
157          warning: signed and unsigned type in conditional expression
158       */
159       len = (ssize_t)cb - (p - str);
160       filename = parse_filename(p, len);
161       if(filename) {
162         if(outs->stream) {
163           /* indication of problem, get out! */
164           free(filename);
165           return failure;
166         }
167 
168         outs->is_cd_filename = TRUE;
169         outs->s_isreg = TRUE;
170         outs->fopened = FALSE;
171         outs->filename = filename;
172         outs->alloc_filename = TRUE;
173         hdrcbdata->honor_cd_filename = FALSE; /* done now! */
174         if(!tool_create_output_file(outs, per->config))
175           return failure;
176       }
177       break;
178     }
179     if(!outs->stream && !tool_create_output_file(outs, per->config))
180       return failure;
181   }
182   if(hdrcbdata->config->writeout) {
183     char *value = memchr(ptr, ':', cb);
184     if(value) {
185       if(per->was_last_header_empty)
186         per->num_headers = 0;
187       per->was_last_header_empty = FALSE;
188       per->num_headers++;
189     }
190     else if(ptr[0] == '\r' || ptr[0] == '\n')
191       per->was_last_header_empty = TRUE;
192   }
193   if(hdrcbdata->config->show_headers &&
194     (protocol &
195      (CURLPROTO_HTTP|CURLPROTO_HTTPS|CURLPROTO_RTSP|CURLPROTO_FILE))) {
196     /* bold headers only for selected protocols */
197     char *value = NULL;
198 
199     if(!outs->stream && !tool_create_output_file(outs, per->config))
200       return failure;
201 
202     if(hdrcbdata->global->isatty && hdrcbdata->global->styled_output)
203       value = memchr(ptr, ':', cb);
204     if(value) {
205       size_t namelen = value - ptr;
206       fprintf(outs->stream, BOLD "%.*s" BOLDOFF ":", namelen, ptr);
207       fwrite(&value[1], cb - namelen - 1, 1, outs->stream);
208     }
209     else
210       /* not "handled", just show it */
211       fwrite(ptr, cb, 1, outs->stream);
212   }
213   return cb;
214 }
215 
216 /*
217  * Copies a file name part and returns an ALLOCATED data buffer.
218  */
parse_filename(const char * ptr,size_t len)219 static char *parse_filename(const char *ptr, size_t len)
220 {
221   char *copy;
222   char *p;
223   char *q;
224   char  stop = '\0';
225 
226   /* simple implementation of strndup() */
227   copy = malloc(len + 1);
228   if(!copy)
229     return NULL;
230   memcpy(copy, ptr, len);
231   copy[len] = '\0';
232 
233   p = copy;
234   if(*p == '\'' || *p == '"') {
235     /* store the starting quote */
236     stop = *p;
237     p++;
238   }
239   else
240     stop = ';';
241 
242   /* scan for the end letter and stop there */
243   q = strchr(p, stop);
244   if(q)
245     *q = '\0';
246 
247   /* if the filename contains a path, only use filename portion */
248   q = strrchr(p, '/');
249   if(q) {
250     p = q + 1;
251     if(!*p) {
252       Curl_safefree(copy);
253       return NULL;
254     }
255   }
256 
257   /* If the filename contains a backslash, only use filename portion. The idea
258      is that even systems that don't handle backslashes as path separators
259      probably want the path removed for convenience. */
260   q = strrchr(p, '\\');
261   if(q) {
262     p = q + 1;
263     if(!*p) {
264       Curl_safefree(copy);
265       return NULL;
266     }
267   }
268 
269   /* make sure the file name doesn't end in \r or \n */
270   q = strchr(p, '\r');
271   if(q)
272     *q = '\0';
273 
274   q = strchr(p, '\n');
275   if(q)
276     *q = '\0';
277 
278   if(copy != p)
279     memmove(copy, p, strlen(p) + 1);
280 
281 #if defined(MSDOS) || defined(WIN32)
282   {
283     char *sanitized;
284     SANITIZEcode sc = sanitize_file_name(&sanitized, copy, 0);
285     Curl_safefree(copy);
286     if(sc)
287       return NULL;
288     copy = sanitized;
289   }
290 #endif /* MSDOS || WIN32 */
291 
292   /* in case we built debug enabled, we allow an environment variable
293    * named CURL_TESTDIR to prefix the given file name to put it into a
294    * specific directory
295    */
296 #ifdef DEBUGBUILD
297   {
298     char *tdir = curlx_getenv("CURL_TESTDIR");
299     if(tdir) {
300       char buffer[512]; /* suitably large */
301       msnprintf(buffer, sizeof(buffer), "%s/%s", tdir, copy);
302       Curl_safefree(copy);
303       copy = strdup(buffer); /* clone the buffer, we don't use the libcurl
304                                 aprintf() or similar since we want to use the
305                                 same memory code as the "real" parse_filename
306                                 function */
307       curl_free(tdir);
308     }
309   }
310 #endif
311 
312   return copy;
313 }
314