Black Lives Matter. Support the Equal Justice Initiative.

Source file src/net/http/transfer.go

Documentation: net/http

     1  // Copyright 2009 The Go Authors. All rights reserved.
     2  // Use of this source code is governed by a BSD-style
     3  // license that can be found in the LICENSE file.
     4  
     5  package http
     6  
     7  import (
     8  	"bufio"
     9  	"bytes"
    10  	"errors"
    11  	"fmt"
    12  	"io"
    13  	"net/http/httptrace"
    14  	"net/http/internal"
    15  	"net/textproto"
    16  	"reflect"
    17  	"sort"
    18  	"strconv"
    19  	"strings"
    20  	"sync"
    21  	"time"
    22  
    23  	"golang.org/x/net/http/httpguts"
    24  )
    25  
    26  // ErrLineTooLong is returned when reading request or response bodies
    27  // with malformed chunked encoding.
    28  var ErrLineTooLong = internal.ErrLineTooLong
    29  
    30  type errorReader struct {
    31  	err error
    32  }
    33  
    34  func (r errorReader) Read(p []byte) (n int, err error) {
    35  	return 0, r.err
    36  }
    37  
    38  type byteReader struct {
    39  	b    byte
    40  	done bool
    41  }
    42  
    43  func (br *byteReader) Read(p []byte) (n int, err error) {
    44  	if br.done {
    45  		return 0, io.EOF
    46  	}
    47  	if len(p) == 0 {
    48  		return 0, nil
    49  	}
    50  	br.done = true
    51  	p[0] = br.b
    52  	return 1, io.EOF
    53  }
    54  
    55  // transferWriter inspects the fields of a user-supplied Request or Response,
    56  // sanitizes them without changing the user object and provides methods for
    57  // writing the respective header, body and trailer in wire format.
    58  type transferWriter struct {
    59  	Method           string
    60  	Body             io.Reader
    61  	BodyCloser       io.Closer
    62  	ResponseToHEAD   bool
    63  	ContentLength    int64 // -1 means unknown, 0 means exactly none
    64  	Close            bool
    65  	TransferEncoding []string
    66  	Header           Header
    67  	Trailer          Header
    68  	IsResponse       bool
    69  	bodyReadError    error // any non-EOF error from reading Body
    70  
    71  	FlushHeaders bool            // flush headers to network before body
    72  	ByteReadCh   chan readResult // non-nil if probeRequestBody called
    73  }
    74  
    75  func newTransferWriter(r interface{}) (t *transferWriter, err error) {
    76  	t = &transferWriter{}
    77  
    78  	// Extract relevant fields
    79  	atLeastHTTP11 := false
    80  	switch rr := r.(type) {
    81  	case *Request:
    82  		if rr.ContentLength != 0 && rr.Body == nil {
    83  			return nil, fmt.Errorf("http: Request.ContentLength=%d with nil Body", rr.ContentLength)
    84  		}
    85  		t.Method = valueOrDefault(rr.Method, "GET")
    86  		t.Close = rr.Close
    87  		t.TransferEncoding = rr.TransferEncoding
    88  		t.Header = rr.Header
    89  		t.Trailer = rr.Trailer
    90  		t.Body = rr.Body
    91  		t.BodyCloser = rr.Body
    92  		t.ContentLength = rr.outgoingLength()
    93  		if t.ContentLength < 0 && len(t.TransferEncoding) == 0 && t.shouldSendChunkedRequestBody() {
    94  			t.TransferEncoding = []string{"chunked"}
    95  		}
    96  		// If there's a body, conservatively flush the headers
    97  		// to any bufio.Writer we're writing to, just in case
    98  		// the server needs the headers early, before we copy
    99  		// the body and possibly block. We make an exception
   100  		// for the common standard library in-memory types,
   101  		// though, to avoid unnecessary TCP packets on the
   102  		// wire. (Issue 22088.)
   103  		if t.ContentLength != 0 && !isKnownInMemoryReader(t.Body) {
   104  			t.FlushHeaders = true
   105  		}
   106  
   107  		atLeastHTTP11 = true // Transport requests are always 1.1 or 2.0
   108  	case *Response:
   109  		t.IsResponse = true
   110  		if rr.Request != nil {
   111  			t.Method = rr.Request.Method
   112  		}
   113  		t.Body = rr.Body
   114  		t.BodyCloser = rr.Body
   115  		t.ContentLength = rr.ContentLength
   116  		t.Close = rr.Close
   117  		t.TransferEncoding = rr.TransferEncoding
   118  		t.Header = rr.Header
   119  		t.Trailer = rr.Trailer
   120  		atLeastHTTP11 = rr.ProtoAtLeast(1, 1)
   121  		t.ResponseToHEAD = noResponseBodyExpected(t.Method)
   122  	}
   123  
   124  	// Sanitize Body,ContentLength,TransferEncoding
   125  	if t.ResponseToHEAD {
   126  		t.Body = nil
   127  		if chunked(t.TransferEncoding) {
   128  			t.ContentLength = -1
   129  		}
   130  	} else {
   131  		if !atLeastHTTP11 || t.Body == nil {
   132  			t.TransferEncoding = nil
   133  		}
   134  		if chunked(t.TransferEncoding) {
   135  			t.ContentLength = -1
   136  		} else if t.Body == nil { // no chunking, no body
   137  			t.ContentLength = 0
   138  		}
   139  	}
   140  
   141  	// Sanitize Trailer
   142  	if !chunked(t.TransferEncoding) {
   143  		t.Trailer = nil
   144  	}
   145  
   146  	return t, nil
   147  }
   148  
   149  // shouldSendChunkedRequestBody reports whether we should try to send a
   150  // chunked request body to the server. In particular, the case we really
   151  // want to prevent is sending a GET or other typically-bodyless request to a
   152  // server with a chunked body when the body has zero bytes, since GETs with
   153  // bodies (while acceptable according to specs), even zero-byte chunked
   154  // bodies, are approximately never seen in the wild and confuse most
   155  // servers. See Issue 18257, as one example.
   156  //
   157  // The only reason we'd send such a request is if the user set the Body to a
   158  // non-nil value (say, io.NopCloser(bytes.NewReader(nil))) and didn't
   159  // set ContentLength, or NewRequest set it to -1 (unknown), so then we assume
   160  // there's bytes to send.
   161  //
   162  // This code tries to read a byte from the Request.Body in such cases to see
   163  // whether the body actually has content (super rare) or is actually just
   164  // a non-nil content-less ReadCloser (the more common case). In that more
   165  // common case, we act as if their Body were nil instead, and don't send
   166  // a body.
   167  func (t *transferWriter) shouldSendChunkedRequestBody() bool {
   168  	// Note that t.ContentLength is the corrected content length
   169  	// from rr.outgoingLength, so 0 actually means zero, not unknown.
   170  	if t.ContentLength >= 0 || t.Body == nil { // redundant checks; caller did them
   171  		return false
   172  	}
   173  	if t.Method == "CONNECT" {
   174  		return false
   175  	}
   176  	if requestMethodUsuallyLacksBody(t.Method) {
   177  		// Only probe the Request.Body for GET/HEAD/DELETE/etc
   178  		// requests, because it's only those types of requests
   179  		// that confuse servers.
   180  		t.probeRequestBody() // adjusts t.Body, t.ContentLength
   181  		return t.Body != nil
   182  	}
   183  	// For all other request types (PUT, POST, PATCH, or anything
   184  	// made-up we've never heard of), assume it's normal and the server
   185  	// can deal with a chunked request body. Maybe we'll adjust this
   186  	// later.
   187  	return true
   188  }
   189  
   190  // probeRequestBody reads a byte from t.Body to see whether it's empty
   191  // (returns io.EOF right away).
   192  //
   193  // But because we've had problems with this blocking users in the past
   194  // (issue 17480) when the body is a pipe (perhaps waiting on the response
   195  // headers before the pipe is fed data), we need to be careful and bound how
   196  // long we wait for it. This delay will only affect users if all the following
   197  // are true:
   198  //   * the request body blocks
   199  //   * the content length is not set (or set to -1)
   200  //   * the method doesn't usually have a body (GET, HEAD, DELETE, ...)
   201  //   * there is no transfer-encoding=chunked already set.
   202  // In other words, this delay will not normally affect anybody, and there
   203  // are workarounds if it does.
   204  func (t *transferWriter) probeRequestBody() {
   205  	t.ByteReadCh = make(chan readResult, 1)
   206  	go func(body io.Reader) {
   207  		var buf [1]byte
   208  		var rres readResult
   209  		rres.n, rres.err = body.Read(buf[:])
   210  		if rres.n == 1 {
   211  			rres.b = buf[0]
   212  		}
   213  		t.ByteReadCh <- rres
   214  	}(t.Body)
   215  	timer := time.NewTimer(200 * time.Millisecond)
   216  	select {
   217  	case rres := <-t.ByteReadCh:
   218  		timer.Stop()
   219  		if rres.n == 0 && rres.err == io.EOF {
   220  			// It was empty.
   221  			t.Body = nil
   222  			t.ContentLength = 0
   223  		} else if rres.n == 1 {
   224  			if rres.err != nil {
   225  				t.Body = io.MultiReader(&byteReader{b: rres.b}, errorReader{rres.err})
   226  			} else {
   227  				t.Body = io.MultiReader(&byteReader{b: rres.b}, t.Body)
   228  			}
   229  		} else if rres.err != nil {
   230  			t.Body = errorReader{rres.err}
   231  		}
   232  	case <-timer.C:
   233  		// Too slow. Don't wait. Read it later, and keep
   234  		// assuming that this is ContentLength == -1
   235  		// (unknown), which means we'll send a
   236  		// "Transfer-Encoding: chunked" header.
   237  		t.Body = io.MultiReader(finishAsyncByteRead{t}, t.Body)
   238  		// Request that Request.Write flush the headers to the
   239  		// network before writing the body, since our body may not
   240  		// become readable until it's seen the response headers.
   241  		t.FlushHeaders = true
   242  	}
   243  }
   244  
   245  func noResponseBodyExpected(requestMethod string) bool {
   246  	return requestMethod == "HEAD"
   247  }
   248  
   249  func (t *transferWriter) shouldSendContentLength() bool {
   250  	if chunked(t.TransferEncoding) {
   251  		return false
   252  	}
   253  	if t.ContentLength > 0 {
   254  		return true
   255  	}
   256  	if t.ContentLength < 0 {
   257  		return false
   258  	}
   259  	// Many servers expect a Content-Length for these methods
   260  	if t.Method == "POST" || t.Method == "PUT" || t.Method == "PATCH" {
   261  		return true
   262  	}
   263  	if t.ContentLength == 0 && isIdentity(t.TransferEncoding) {
   264  		if t.Method == "GET" || t.Method == "HEAD" {
   265  			return false
   266  		}
   267  		return true
   268  	}
   269  
   270  	return false
   271  }
   272  
   273  func (t *transferWriter) writeHeader(w io.Writer, trace *httptrace.ClientTrace) error {
   274  	if t.Close && !hasToken(t.Header.get("Connection"), "close") {
   275  		if _, err := io.WriteString(w, "Connection: close\r\n"); err != nil {
   276  			return err
   277  		}
   278  		if trace != nil && trace.WroteHeaderField != nil {
   279  			trace.WroteHeaderField("Connection", []string{"close"})
   280  		}
   281  	}
   282  
   283  	// Write Content-Length and/or Transfer-Encoding whose values are a
   284  	// function of the sanitized field triple (Body, ContentLength,
   285  	// TransferEncoding)
   286  	if t.shouldSendContentLength() {
   287  		if _, err := io.WriteString(w, "Content-Length: "); err != nil {
   288  			return err
   289  		}
   290  		if _, err := io.WriteString(w, strconv.FormatInt(t.ContentLength, 10)+"\r\n"); err != nil {
   291  			return err
   292  		}
   293  		if trace != nil && trace.WroteHeaderField != nil {
   294  			trace.WroteHeaderField("Content-Length", []string{strconv.FormatInt(t.ContentLength, 10)})
   295  		}
   296  	} else if chunked(t.TransferEncoding) {
   297  		if _, err := io.WriteString(w, "Transfer-Encoding: chunked\r\n"); err != nil {
   298  			return err
   299  		}
   300  		if trace != nil && trace.WroteHeaderField != nil {
   301  			trace.WroteHeaderField("Transfer-Encoding", []string{"chunked"})
   302  		}
   303  	}
   304  
   305  	// Write Trailer header
   306  	if t.Trailer != nil {
   307  		keys := make([]string, 0, len(t.Trailer))
   308  		for k := range t.Trailer {
   309  			k = CanonicalHeaderKey(k)
   310  			switch k {
   311  			case "Transfer-Encoding", "Trailer", "Content-Length":
   312  				return badStringError("invalid Trailer key", k)
   313  			}
   314  			keys = append(keys, k)
   315  		}
   316  		if len(keys) > 0 {
   317  			sort.Strings(keys)
   318  			// TODO: could do better allocation-wise here, but trailers are rare,
   319  			// so being lazy for now.
   320  			if _, err := io.WriteString(w, "Trailer: "+strings.Join(keys, ",")+"\r\n"); err != nil {
   321  				return err
   322  			}
   323  			if trace != nil && trace.WroteHeaderField != nil {
   324  				trace.WroteHeaderField("Trailer", keys)
   325  			}
   326  		}
   327  	}
   328  
   329  	return nil
   330  }
   331  
   332  // always closes t.BodyCloser
   333  func (t *transferWriter) writeBody(w io.Writer) (err error) {
   334  	var ncopy int64
   335  	closed := false
   336  	defer func() {
   337  		if closed || t.BodyCloser == nil {
   338  			return
   339  		}
   340  		if closeErr := t.BodyCloser.Close(); closeErr != nil && err == nil {
   341  			err = closeErr
   342  		}
   343  	}()
   344  
   345  	// Write body. We "unwrap" the body first if it was wrapped in a
   346  	// nopCloser or readTrackingBody. This is to ensure that we can take advantage of
   347  	// OS-level optimizations in the event that the body is an
   348  	// *os.File.
   349  	if t.Body != nil {
   350  		var body = t.unwrapBody()
   351  		if chunked(t.TransferEncoding) {
   352  			if bw, ok := w.(*bufio.Writer); ok && !t.IsResponse {
   353  				w = &internal.FlushAfterChunkWriter{Writer: bw}
   354  			}
   355  			cw := internal.NewChunkedWriter(w)
   356  			_, err = t.doBodyCopy(cw, body)
   357  			if err == nil {
   358  				err = cw.Close()
   359  			}
   360  		} else if t.ContentLength == -1 {
   361  			dst := w
   362  			if t.Method == "CONNECT" {
   363  				dst = bufioFlushWriter{dst}
   364  			}
   365  			ncopy, err = t.doBodyCopy(dst, body)
   366  		} else {
   367  			ncopy, err = t.doBodyCopy(w, io.LimitReader(body, t.ContentLength))
   368  			if err != nil {
   369  				return err
   370  			}
   371  			var nextra int64
   372  			nextra, err = t.doBodyCopy(io.Discard, body)
   373  			ncopy += nextra
   374  		}
   375  		if err != nil {
   376  			return err
   377  		}
   378  	}
   379  	if t.BodyCloser != nil {
   380  		closed = true
   381  		if err := t.BodyCloser.Close(); err != nil {
   382  			return err
   383  		}
   384  	}
   385  
   386  	if !t.ResponseToHEAD && t.ContentLength != -1 && t.ContentLength != ncopy {
   387  		return fmt.Errorf("http: ContentLength=%d with Body length %d",
   388  			t.ContentLength, ncopy)
   389  	}
   390  
   391  	if chunked(t.TransferEncoding) {
   392  		// Write Trailer header
   393  		if t.Trailer != nil {
   394  			if err := t.Trailer.Write(w); err != nil {
   395  				return err
   396  			}
   397  		}
   398  		// Last chunk, empty trailer
   399  		_, err = io.WriteString(w, "\r\n")
   400  	}
   401  	return err
   402  }
   403  
   404  // doBodyCopy wraps a copy operation, with any resulting error also
   405  // being saved in bodyReadError.
   406  //
   407  // This function is only intended for use in writeBody.
   408  func (t *transferWriter) doBodyCopy(dst io.Writer, src io.Reader) (n int64, err error) {
   409  	n, err = io.Copy(dst, src)
   410  	if err != nil && err != io.EOF {
   411  		t.bodyReadError = err
   412  	}
   413  	return
   414  }
   415  
   416  // unwrapBodyReader unwraps the body's inner reader if it's a
   417  // nopCloser. This is to ensure that body writes sourced from local
   418  // files (*os.File types) are properly optimized.
   419  //
   420  // This function is only intended for use in writeBody.
   421  func (t *transferWriter) unwrapBody() io.Reader {
   422  	if reflect.TypeOf(t.Body) == nopCloserType {
   423  		return reflect.ValueOf(t.Body).Field(0).Interface().(io.Reader)
   424  	}
   425  	if r, ok := t.Body.(*readTrackingBody); ok {
   426  		r.didRead = true
   427  		return r.ReadCloser
   428  	}
   429  	return t.Body
   430  }
   431  
   432  type transferReader struct {
   433  	// Input
   434  	Header        Header
   435  	StatusCode    int
   436  	RequestMethod string
   437  	ProtoMajor    int
   438  	ProtoMinor    int
   439  	// Output
   440  	Body          io.ReadCloser
   441  	ContentLength int64
   442  	Chunked       bool
   443  	Close         bool
   444  	Trailer       Header
   445  }
   446  
   447  func (t *transferReader) protoAtLeast(m, n int) bool {
   448  	return t.ProtoMajor > m || (t.ProtoMajor == m && t.ProtoMinor >= n)
   449  }
   450  
   451  // bodyAllowedForStatus reports whether a given response status code
   452  // permits a body. See RFC 7230, section 3.3.
   453  func bodyAllowedForStatus(status int) bool {
   454  	switch {
   455  	case status >= 100 && status <= 199:
   456  		return false
   457  	case status == 204:
   458  		return false
   459  	case status == 304:
   460  		return false
   461  	}
   462  	return true
   463  }
   464  
   465  var (
   466  	suppressedHeaders304    = []string{"Content-Type", "Content-Length", "Transfer-Encoding"}
   467  	suppressedHeadersNoBody = []string{"Content-Length", "Transfer-Encoding"}
   468  )
   469  
   470  func suppressedHeaders(status int) []string {
   471  	switch {
   472  	case status == 304:
   473  		// RFC 7232 section 4.1
   474  		return suppressedHeaders304
   475  	case !bodyAllowedForStatus(status):
   476  		return suppressedHeadersNoBody
   477  	}
   478  	return nil
   479  }
   480  
   481  // msg is *Request or *Response.
   482  func readTransfer(msg interface{}, r *bufio.Reader) (err error) {
   483  	t := &transferReader{RequestMethod: "GET"}
   484  
   485  	// Unify input
   486  	isResponse := false
   487  	switch rr := msg.(type) {
   488  	case *Response:
   489  		t.Header = rr.Header
   490  		t.StatusCode = rr.StatusCode
   491  		t.ProtoMajor = rr.ProtoMajor
   492  		t.ProtoMinor = rr.ProtoMinor
   493  		t.Close = shouldClose(t.ProtoMajor, t.ProtoMinor, t.Header, true)
   494  		isResponse = true
   495  		if rr.Request != nil {
   496  			t.RequestMethod = rr.Request.Method
   497  		}
   498  	case *Request:
   499  		t.Header = rr.Header
   500  		t.RequestMethod = rr.Method
   501  		t.ProtoMajor = rr.ProtoMajor
   502  		t.ProtoMinor = rr.ProtoMinor
   503  		// Transfer semantics for Requests are exactly like those for
   504  		// Responses with status code 200, responding to a GET method
   505  		t.StatusCode = 200
   506  		t.Close = rr.Close
   507  	default:
   508  		panic("unexpected type")
   509  	}
   510  
   511  	// Default to HTTP/1.1
   512  	if t.ProtoMajor == 0 && t.ProtoMinor == 0 {
   513  		t.ProtoMajor, t.ProtoMinor = 1, 1
   514  	}
   515  
   516  	// Transfer-Encoding: chunked, and overriding Content-Length.
   517  	if err := t.parseTransferEncoding(); err != nil {
   518  		return err
   519  	}
   520  
   521  	realLength, err := fixLength(isResponse, t.StatusCode, t.RequestMethod, t.Header, t.Chunked)
   522  	if err != nil {
   523  		return err
   524  	}
   525  	if isResponse && t.RequestMethod == "HEAD" {
   526  		if n, err := parseContentLength(t.Header.get("Content-Length")); err != nil {
   527  			return err
   528  		} else {
   529  			t.ContentLength = n
   530  		}
   531  	} else {
   532  		t.ContentLength = realLength
   533  	}
   534  
   535  	// Trailer
   536  	t.Trailer, err = fixTrailer(t.Header, t.Chunked)
   537  	if err != nil {
   538  		return err
   539  	}
   540  
   541  	// If there is no Content-Length or chunked Transfer-Encoding on a *Response
   542  	// and the status is not 1xx, 204 or 304, then the body is unbounded.
   543  	// See RFC 7230, section 3.3.
   544  	switch msg.(type) {
   545  	case *Response:
   546  		if realLength == -1 && !t.Chunked && bodyAllowedForStatus(t.StatusCode) {
   547  			// Unbounded body.
   548  			t.Close = true
   549  		}
   550  	}
   551  
   552  	// Prepare body reader. ContentLength < 0 means chunked encoding
   553  	// or close connection when finished, since multipart is not supported yet
   554  	switch {
   555  	case t.Chunked:
   556  		if noResponseBodyExpected(t.RequestMethod) || !bodyAllowedForStatus(t.StatusCode) {
   557  			t.Body = NoBody
   558  		} else {
   559  			t.Body = &body{src: internal.NewChunkedReader(r), hdr: msg, r: r, closing: t.Close}
   560  		}
   561  	case realLength == 0:
   562  		t.Body = NoBody
   563  	case realLength > 0:
   564  		t.Body = &body{src: io.LimitReader(r, realLength), closing: t.Close}
   565  	default:
   566  		// realLength < 0, i.e. "Content-Length" not mentioned in header
   567  		if t.Close {
   568  			// Close semantics (i.e. HTTP/1.0)
   569  			t.Body = &body{src: r, closing: t.Close}
   570  		} else {
   571  			// Persistent connection (i.e. HTTP/1.1)
   572  			t.Body = NoBody
   573  		}
   574  	}
   575  
   576  	// Unify output
   577  	switch rr := msg.(type) {
   578  	case *Request:
   579  		rr.Body = t.Body
   580  		rr.ContentLength = t.ContentLength
   581  		if t.Chunked {
   582  			rr.TransferEncoding = []string{"chunked"}
   583  		}
   584  		rr.Close = t.Close
   585  		rr.Trailer = t.Trailer
   586  	case *Response:
   587  		rr.Body = t.Body
   588  		rr.ContentLength = t.ContentLength
   589  		if t.Chunked {
   590  			rr.TransferEncoding = []string{"chunked"}
   591  		}
   592  		rr.Close = t.Close
   593  		rr.Trailer = t.Trailer
   594  	}
   595  
   596  	return nil
   597  }
   598  
   599  // Checks whether chunked is part of the encodings stack
   600  func chunked(te []string) bool { return len(te) > 0 && te[0] == "chunked" }
   601  
   602  // Checks whether the encoding is explicitly "identity".
   603  func isIdentity(te []string) bool { return len(te) == 1 && te[0] == "identity" }
   604  
   605  // unsupportedTEError reports unsupported transfer-encodings.
   606  type unsupportedTEError struct {
   607  	err string
   608  }
   609  
   610  func (uste *unsupportedTEError) Error() string {
   611  	return uste.err
   612  }
   613  
   614  // isUnsupportedTEError checks if the error is of type
   615  // unsupportedTEError. It is usually invoked with a non-nil err.
   616  func isUnsupportedTEError(err error) bool {
   617  	_, ok := err.(*unsupportedTEError)
   618  	return ok
   619  }
   620  
   621  // parseTransferEncoding sets t.Chunked based on the Transfer-Encoding header.
   622  func (t *transferReader) parseTransferEncoding() error {
   623  	raw, present := t.Header["Transfer-Encoding"]
   624  	if !present {
   625  		return nil
   626  	}
   627  	delete(t.Header, "Transfer-Encoding")
   628  
   629  	// Issue 12785; ignore Transfer-Encoding on HTTP/1.0 requests.
   630  	if !t.protoAtLeast(1, 1) {
   631  		return nil
   632  	}
   633  
   634  	// Like nginx, we only support a single Transfer-Encoding header field, and
   635  	// only if set to "chunked". This is one of the most security sensitive
   636  	// surfaces in HTTP/1.1 due to the risk of request smuggling, so we keep it
   637  	// strict and simple.
   638  	if len(raw) != 1 {
   639  		return &unsupportedTEError{fmt.Sprintf("too many transfer encodings: %q", raw)}
   640  	}
   641  	if strings.ToLower(textproto.TrimString(raw[0])) != "chunked" {
   642  		return &unsupportedTEError{fmt.Sprintf("unsupported transfer encoding: %q", raw[0])}
   643  	}
   644  
   645  	// RFC 7230 3.3.2 says "A sender MUST NOT send a Content-Length header field
   646  	// in any message that contains a Transfer-Encoding header field."
   647  	//
   648  	// but also: "If a message is received with both a Transfer-Encoding and a
   649  	// Content-Length header field, the Transfer-Encoding overrides the
   650  	// Content-Length. Such a message might indicate an attempt to perform
   651  	// request smuggling (Section 9.5) or response splitting (Section 9.4) and
   652  	// ought to be handled as an error. A sender MUST remove the received
   653  	// Content-Length field prior to forwarding such a message downstream."
   654  	//
   655  	// Reportedly, these appear in the wild.
   656  	delete(t.Header, "Content-Length")
   657  
   658  	t.Chunked = true
   659  	return nil
   660  }
   661  
   662  // Determine the expected body length, using RFC 7230 Section 3.3. This
   663  // function is not a method, because ultimately it should be shared by
   664  // ReadResponse and ReadRequest.
   665  func fixLength(isResponse bool, status int, requestMethod string, header Header, chunked bool) (int64, error) {
   666  	isRequest := !isResponse
   667  	contentLens := header["Content-Length"]
   668  
   669  	// Hardening against HTTP request smuggling
   670  	if len(contentLens) > 1 {
   671  		// Per RFC 7230 Section 3.3.2, prevent multiple
   672  		// Content-Length headers if they differ in value.
   673  		// If there are dups of the value, remove the dups.
   674  		// See Issue 16490.
   675  		first := textproto.TrimString(contentLens[0])
   676  		for _, ct := range contentLens[1:] {
   677  			if first != textproto.TrimString(ct) {
   678  				return 0, fmt.Errorf("http: message cannot contain multiple Content-Length headers; got %q", contentLens)
   679  			}
   680  		}
   681  
   682  		// deduplicate Content-Length
   683  		header.Del("Content-Length")
   684  		header.Add("Content-Length", first)
   685  
   686  		contentLens = header["Content-Length"]
   687  	}
   688  
   689  	// Logic based on response type or status
   690  	if noResponseBodyExpected(requestMethod) {
   691  		// For HTTP requests, as part of hardening against request
   692  		// smuggling (RFC 7230), don't allow a Content-Length header for
   693  		// methods which don't permit bodies. As an exception, allow
   694  		// exactly one Content-Length header if its value is "0".
   695  		if isRequest && len(contentLens) > 0 && !(len(contentLens) == 1 && contentLens[0] == "0") {
   696  			return 0, fmt.Errorf("http: method cannot contain a Content-Length; got %q", contentLens)
   697  		}
   698  		return 0, nil
   699  	}
   700  	if status/100 == 1 {
   701  		return 0, nil
   702  	}
   703  	switch status {
   704  	case 204, 304:
   705  		return 0, nil
   706  	}
   707  
   708  	// Logic based on Transfer-Encoding
   709  	if chunked {
   710  		return -1, nil
   711  	}
   712  
   713  	// Logic based on Content-Length
   714  	var cl string
   715  	if len(contentLens) == 1 {
   716  		cl = textproto.TrimString(contentLens[0])
   717  	}
   718  	if cl != "" {
   719  		n, err := parseContentLength(cl)
   720  		if err != nil {
   721  			return -1, err
   722  		}
   723  		return n, nil
   724  	}
   725  	header.Del("Content-Length")
   726  
   727  	if isRequest {
   728  		// RFC 7230 neither explicitly permits nor forbids an
   729  		// entity-body on a GET request so we permit one if
   730  		// declared, but we default to 0 here (not -1 below)
   731  		// if there's no mention of a body.
   732  		// Likewise, all other request methods are assumed to have
   733  		// no body if neither Transfer-Encoding chunked nor a
   734  		// Content-Length are set.
   735  		return 0, nil
   736  	}
   737  
   738  	// Body-EOF logic based on other methods (like closing, or chunked coding)
   739  	return -1, nil
   740  }
   741  
   742  // Determine whether to hang up after sending a request and body, or
   743  // receiving a response and body
   744  // 'header' is the request headers
   745  func shouldClose(major, minor int, header Header, removeCloseHeader bool) bool {
   746  	if major < 1 {
   747  		return true
   748  	}
   749  
   750  	conv := header["Connection"]
   751  	hasClose := httpguts.HeaderValuesContainsToken(conv, "close")
   752  	if major == 1 && minor == 0 {
   753  		return hasClose || !httpguts.HeaderValuesContainsToken(conv, "keep-alive")
   754  	}
   755  
   756  	if hasClose && removeCloseHeader {
   757  		header.Del("Connection")
   758  	}
   759  
   760  	return hasClose
   761  }
   762  
   763  // Parse the trailer header
   764  func fixTrailer(header Header, chunked bool) (Header, error) {
   765  	vv, ok := header["Trailer"]
   766  	if !ok {
   767  		return nil, nil
   768  	}
   769  	if !chunked {
   770  		// Trailer and no chunking:
   771  		// this is an invalid use case for trailer header.
   772  		// Nevertheless, no error will be returned and we
   773  		// let users decide if this is a valid HTTP message.
   774  		// The Trailer header will be kept in Response.Header
   775  		// but not populate Response.Trailer.
   776  		// See issue #27197.
   777  		return nil, nil
   778  	}
   779  	header.Del("Trailer")
   780  
   781  	trailer := make(Header)
   782  	var err error
   783  	for _, v := range vv {
   784  		foreachHeaderElement(v, func(key string) {
   785  			key = CanonicalHeaderKey(key)
   786  			switch key {
   787  			case "Transfer-Encoding", "Trailer", "Content-Length":
   788  				if err == nil {
   789  					err = badStringError("bad trailer key", key)
   790  					return
   791  				}
   792  			}
   793  			trailer[key] = nil
   794  		})
   795  	}
   796  	if err != nil {
   797  		return nil, err
   798  	}
   799  	if len(trailer) == 0 {
   800  		return nil, nil
   801  	}
   802  	return trailer, nil
   803  }
   804  
   805  // body turns a Reader into a ReadCloser.
   806  // Close ensures that the body has been fully read
   807  // and then reads the trailer if necessary.
   808  type body struct {
   809  	src          io.Reader
   810  	hdr          interface{}   // non-nil (Response or Request) value means read trailer
   811  	r            *bufio.Reader // underlying wire-format reader for the trailer
   812  	closing      bool          // is the connection to be closed after reading body?
   813  	doEarlyClose bool          // whether Close should stop early
   814  
   815  	mu         sync.Mutex // guards following, and calls to Read and Close
   816  	sawEOF     bool
   817  	closed     bool
   818  	earlyClose bool   // Close called and we didn't read to the end of src
   819  	onHitEOF   func() // if non-nil, func to call when EOF is Read
   820  }
   821  
   822  // ErrBodyReadAfterClose is returned when reading a Request or Response
   823  // Body after the body has been closed. This typically happens when the body is
   824  // read after an HTTP Handler calls WriteHeader or Write on its
   825  // ResponseWriter.
   826  var ErrBodyReadAfterClose = errors.New("http: invalid Read on closed Body")
   827  
   828  func (b *body) Read(p []byte) (n int, err error) {
   829  	b.mu.Lock()
   830  	defer b.mu.Unlock()
   831  	if b.closed {
   832  		return 0, ErrBodyReadAfterClose
   833  	}
   834  	return b.readLocked(p)
   835  }
   836  
   837  // Must hold b.mu.
   838  func (b *body) readLocked(p []byte) (n int, err error) {
   839  	if b.sawEOF {
   840  		return 0, io.EOF
   841  	}
   842  	n, err = b.src.Read(p)
   843  
   844  	if err == io.EOF {
   845  		b.sawEOF = true
   846  		// Chunked case. Read the trailer.
   847  		if b.hdr != nil {
   848  			if e := b.readTrailer(); e != nil {
   849  				err = e
   850  				// Something went wrong in the trailer, we must not allow any
   851  				// further reads of any kind to succeed from body, nor any
   852  				// subsequent requests on the server connection. See
   853  				// golang.org/issue/12027
   854  				b.sawEOF = false
   855  				b.closed = true
   856  			}
   857  			b.hdr = nil
   858  		} else {
   859  			// If the server declared the Content-Length, our body is a LimitedReader
   860  			// and we need to check whether this EOF arrived early.
   861  			if lr, ok := b.src.(*io.LimitedReader); ok && lr.N > 0 {
   862  				err = io.ErrUnexpectedEOF
   863  			}
   864  		}
   865  	}
   866  
   867  	// If we can return an EOF here along with the read data, do
   868  	// so. This is optional per the io.Reader contract, but doing
   869  	// so helps the HTTP transport code recycle its connection
   870  	// earlier (since it will see this EOF itself), even if the
   871  	// client doesn't do future reads or Close.
   872  	if err == nil && n > 0 {
   873  		if lr, ok := b.src.(*io.LimitedReader); ok && lr.N == 0 {
   874  			err = io.EOF
   875  			b.sawEOF = true
   876  		}
   877  	}
   878  
   879  	if b.sawEOF && b.onHitEOF != nil {
   880  		b.onHitEOF()
   881  	}
   882  
   883  	return n, err
   884  }
   885  
   886  var (
   887  	singleCRLF = []byte("\r\n")
   888  	doubleCRLF = []byte("\r\n\r\n")
   889  )
   890  
   891  func seeUpcomingDoubleCRLF(r *bufio.Reader) bool {
   892  	for peekSize := 4; ; peekSize++ {
   893  		// This loop stops when Peek returns an error,
   894  		// which it does when r's buffer has been filled.
   895  		buf, err := r.Peek(peekSize)
   896  		if bytes.HasSuffix(buf, doubleCRLF) {
   897  			return true
   898  		}
   899  		if err != nil {
   900  			break
   901  		}
   902  	}
   903  	return false
   904  }
   905  
   906  var errTrailerEOF = errors.New("http: unexpected EOF reading trailer")
   907  
   908  func (b *body) readTrailer() error {
   909  	// The common case, since nobody uses trailers.
   910  	buf, err := b.r.Peek(2)
   911  	if bytes.Equal(buf, singleCRLF) {
   912  		b.r.Discard(2)
   913  		return nil
   914  	}
   915  	if len(buf) < 2 {
   916  		return errTrailerEOF
   917  	}
   918  	if err != nil {
   919  		return err
   920  	}
   921  
   922  	// Make sure there's a header terminator coming up, to prevent
   923  	// a DoS with an unbounded size Trailer. It's not easy to
   924  	// slip in a LimitReader here, as textproto.NewReader requires
   925  	// a concrete *bufio.Reader. Also, we can't get all the way
   926  	// back up to our conn's LimitedReader that *might* be backing
   927  	// this bufio.Reader. Instead, a hack: we iteratively Peek up
   928  	// to the bufio.Reader's max size, looking for a double CRLF.
   929  	// This limits the trailer to the underlying buffer size, typically 4kB.
   930  	if !seeUpcomingDoubleCRLF(b.r) {
   931  		return errors.New("http: suspiciously long trailer after chunked body")
   932  	}
   933  
   934  	hdr, err := textproto.NewReader(b.r).ReadMIMEHeader()
   935  	if err != nil {
   936  		if err == io.EOF {
   937  			return errTrailerEOF
   938  		}
   939  		return err
   940  	}
   941  	switch rr := b.hdr.(type) {
   942  	case *Request:
   943  		mergeSetHeader(&rr.Trailer, Header(hdr))
   944  	case *Response:
   945  		mergeSetHeader(&rr.Trailer, Header(hdr))
   946  	}
   947  	return nil
   948  }
   949  
   950  func mergeSetHeader(dst *Header, src Header) {
   951  	if *dst == nil {
   952  		*dst = src
   953  		return
   954  	}
   955  	for k, vv := range src {
   956  		(*dst)[k] = vv
   957  	}
   958  }
   959  
   960  // unreadDataSizeLocked returns the number of bytes of unread input.
   961  // It returns -1 if unknown.
   962  // b.mu must be held.
   963  func (b *body) unreadDataSizeLocked() int64 {
   964  	if lr, ok := b.src.(*io.LimitedReader); ok {
   965  		return lr.N
   966  	}
   967  	return -1
   968  }
   969  
   970  func (b *body) Close() error {
   971  	b.mu.Lock()
   972  	defer b.mu.Unlock()
   973  	if b.closed {
   974  		return nil
   975  	}
   976  	var err error
   977  	switch {
   978  	case b.sawEOF:
   979  		// Already saw EOF, so no need going to look for it.
   980  	case b.hdr == nil && b.closing:
   981  		// no trailer and closing the connection next.
   982  		// no point in reading to EOF.
   983  	case b.doEarlyClose:
   984  		// Read up to maxPostHandlerReadBytes bytes of the body, looking
   985  		// for EOF (and trailers), so we can re-use this connection.
   986  		if lr, ok := b.src.(*io.LimitedReader); ok && lr.N > maxPostHandlerReadBytes {
   987  			// There was a declared Content-Length, and we have more bytes remaining
   988  			// than our maxPostHandlerReadBytes tolerance. So, give up.
   989  			b.earlyClose = true
   990  		} else {
   991  			var n int64
   992  			// Consume the body, or, which will also lead to us reading
   993  			// the trailer headers after the body, if present.
   994  			n, err = io.CopyN(io.Discard, bodyLocked{b}, maxPostHandlerReadBytes)
   995  			if err == io.EOF {
   996  				err = nil
   997  			}
   998  			if n == maxPostHandlerReadBytes {
   999  				b.earlyClose = true
  1000  			}
  1001  		}
  1002  	default:
  1003  		// Fully consume the body, which will also lead to us reading
  1004  		// the trailer headers after the body, if present.
  1005  		_, err = io.Copy(io.Discard, bodyLocked{b})
  1006  	}
  1007  	b.closed = true
  1008  	return err
  1009  }
  1010  
  1011  func (b *body) didEarlyClose() bool {
  1012  	b.mu.Lock()
  1013  	defer b.mu.Unlock()
  1014  	return b.earlyClose
  1015  }
  1016  
  1017  // bodyRemains reports whether future Read calls might
  1018  // yield data.
  1019  func (b *body) bodyRemains() bool {
  1020  	b.mu.Lock()
  1021  	defer b.mu.Unlock()
  1022  	return !b.sawEOF
  1023  }
  1024  
  1025  func (b *body) registerOnHitEOF(fn func()) {
  1026  	b.mu.Lock()
  1027  	defer b.mu.Unlock()
  1028  	b.onHitEOF = fn
  1029  }
  1030  
  1031  // bodyLocked is a io.Reader reading from a *body when its mutex is
  1032  // already held.
  1033  type bodyLocked struct {
  1034  	b *body
  1035  }
  1036  
  1037  func (bl bodyLocked) Read(p []byte) (n int, err error) {
  1038  	if bl.b.closed {
  1039  		return 0, ErrBodyReadAfterClose
  1040  	}
  1041  	return bl.b.readLocked(p)
  1042  }
  1043  
  1044  // parseContentLength trims whitespace from s and returns -1 if no value
  1045  // is set, or the value if it's >= 0.
  1046  func parseContentLength(cl string) (int64, error) {
  1047  	cl = textproto.TrimString(cl)
  1048  	if cl == "" {
  1049  		return -1, nil
  1050  	}
  1051  	n, err := strconv.ParseUint(cl, 10, 63)
  1052  	if err != nil {
  1053  		return 0, badStringError("bad Content-Length", cl)
  1054  	}
  1055  	return int64(n), nil
  1056  
  1057  }
  1058  
  1059  // finishAsyncByteRead finishes reading the 1-byte sniff
  1060  // from the ContentLength==0, Body!=nil case.
  1061  type finishAsyncByteRead struct {
  1062  	tw *transferWriter
  1063  }
  1064  
  1065  func (fr finishAsyncByteRead) Read(p []byte) (n int, err error) {
  1066  	if len(p) == 0 {
  1067  		return
  1068  	}
  1069  	rres := <-fr.tw.ByteReadCh
  1070  	n, err = rres.n, rres.err
  1071  	if n == 1 {
  1072  		p[0] = rres.b
  1073  	}
  1074  	return
  1075  }
  1076  
  1077  var nopCloserType = reflect.TypeOf(io.NopCloser(nil))
  1078  
  1079  // isKnownInMemoryReader reports whether r is a type known to not
  1080  // block on Read. Its caller uses this as an optional optimization to
  1081  // send fewer TCP packets.
  1082  func isKnownInMemoryReader(r io.Reader) bool {
  1083  	switch r.(type) {
  1084  	case *bytes.Reader, *bytes.Buffer, *strings.Reader:
  1085  		return true
  1086  	}
  1087  	if reflect.TypeOf(r) == nopCloserType {
  1088  		return isKnownInMemoryReader(reflect.ValueOf(r).Field(0).Interface().(io.Reader))
  1089  	}
  1090  	if r, ok := r.(*readTrackingBody); ok {
  1091  		return isKnownInMemoryReader(r.ReadCloser)
  1092  	}
  1093  	return false
  1094  }
  1095  
  1096  // bufioFlushWriter is an io.Writer wrapper that flushes all writes
  1097  // on its wrapped writer if it's a *bufio.Writer.
  1098  type bufioFlushWriter struct{ w io.Writer }
  1099  
  1100  func (fw bufioFlushWriter) Write(p []byte) (n int, err error) {
  1101  	n, err = fw.w.Write(p)
  1102  	if bw, ok := fw.w.(*bufio.Writer); n > 0 && ok {
  1103  		ferr := bw.Flush()
  1104  		if ferr != nil && err == nil {
  1105  			err = ferr
  1106  		}
  1107  	}
  1108  	return
  1109  }
  1110  

View as plain text