X-Git-Url: https://git.lizzy.rs/?a=blobdiff_plain;f=src%2Fhttpfetch.cpp;h=65202ce3ebac5ff72c6d14777b2e94cdc0aee35b;hb=0f74c7a977c412a81890926548e2a5c8dae5f6eb;hp=40ad92da3dad98f3b3c7fb5f1ccd9f6b078cf0e9;hpb=ced6d20295a8263757d57c02a07ffcb66688a163;p=dragonfireclient.git

diff --git a/src/httpfetch.cpp b/src/httpfetch.cpp
index 40ad92da3..65202ce3e 100644
--- a/src/httpfetch.cpp
+++ b/src/httpfetch.cpp
@@ -17,15 +17,16 @@ with this program; if not, write to the Free Software Foundation, Inc.,
 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */
 
-#include "socket.h" // for select()
-#include "porting.h" // for sleep_ms(), get_sysinfo()
 #include "httpfetch.h"
+#include "porting.h" // for sleep_ms(), get_sysinfo(), secure_rand_fill_buf()
 #include <iostream>
 #include <sstream>
 #include <list>
 #include <map>
-#include <errno.h>
-#include "jthread/jevent.h"
+#include <cerrno>
+#include <mutex>
+#include "network/socket.h" // for select()
+#include "threading/event.h"
 #include "config.h"
 #include "exceptions.h"
 #include "debug.h"
@@ -33,22 +34,18 @@ with this program; if not, write to the Free Software Foundation, Inc.,
 #include "util/container.h"
 #include "util/thread.h"
 #include "version.h"
-#include "main.h"
 #include "settings.h"
+#include "noise.h"
 
-JMutex g_httpfetch_mutex;
+std::mutex g_httpfetch_mutex;
 std::map<unsigned long, std::queue<HTTPFetchResult> > g_httpfetch_results;
+PcgRandom g_callerid_randomness;
 
-HTTPFetchRequest::HTTPFetchRequest()
+HTTPFetchRequest::HTTPFetchRequest() :
+	timeout(g_settings->getS32("curl_timeout")),
+	connect_timeout(timeout),
+	useragent(std::string(PROJECT_NAME_C "/") + g_version_hash + " (" + porting::get_sysinfo() + ")")
 {
-	url = "";
-	caller = HTTPFETCH_DISCARD;
-	request_id = 0;
-	timeout = g_settings->getS32("curl_timeout");
-	connect_timeout = timeout;
-	multipart = false;
-
-	useragent = std::string("Minetest/") + minetest_version_hash + " (" + porting::get_sysinfo() + ")";
 }
 
 
@@ -56,7 +53,7 @@ static void httpfetch_deliver_result(const HTTPFetchResult &fetch_result)
 {
 	unsigned long caller = fetch_result.caller;
 	if (caller != HTTPFETCH_DISCARD) {
-		JMutexAutoLock lock(g_httpfetch_mutex);
+		MutexAutoLock lock(g_httpfetch_mutex);
 		g_httpfetch_results[caller].push(fetch_result);
 	}
 }
@@ -65,7 +62,7 @@ static void httpfetch_request_clear(unsigned long caller);
 
 unsigned long httpfetch_caller_alloc()
 {
-	JMutexAutoLock lock(g_httpfetch_mutex);
+	MutexAutoLock lock(g_httpfetch_mutex);
 
 	// Check each caller ID except HTTPFETCH_DISCARD
 	const unsigned long discard = HTTPFETCH_DISCARD;
@@ -85,6 +82,34 @@ unsigned long httpfetch_caller_alloc()
 	return discard;
 }
 
+unsigned long httpfetch_caller_alloc_secure()
+{
+	MutexAutoLock lock(g_httpfetch_mutex);
+
+	// Generate random caller IDs and make sure they're not
+	// already used or equal to HTTPFETCH_DISCARD
+	// Give up after 100 tries to prevent infinite loop
+	u8 tries = 100;
+	unsigned long caller;
+
+	do {
+		caller = (((u64) g_callerid_randomness.next()) << 32) |
+				g_callerid_randomness.next();
+
+		if (--tries < 1) {
+			FATAL_ERROR("httpfetch_caller_alloc_secure: ran out of caller IDs");
+			return HTTPFETCH_DISCARD;
+		}
+	} while (g_httpfetch_results.find(caller) != g_httpfetch_results.end());
+
+	verbosestream << "httpfetch_caller_alloc_secure: allocating "
+		<< caller << std::endl;
+
+	// Access element to create it
+	g_httpfetch_results[caller];
+	return caller;
+}
+
 void httpfetch_caller_free(unsigned long caller)
 {
 	verbosestream<<"httpfetch_caller_free: freeing "
@@ -92,14 +117,14 @@ void httpfetch_caller_free(unsigned long caller)
 
 	httpfetch_request_clear(caller);
 	if (caller != HTTPFETCH_DISCARD) {
-		JMutexAutoLock lock(g_httpfetch_mutex);
+		MutexAutoLock lock(g_httpfetch_mutex);
 		g_httpfetch_results.erase(caller);
 	}
 }
 
 bool httpfetch_async_get(unsigned long caller, HTTPFetchResult &fetch_result)
 {
-	JMutexAutoLock lock(g_httpfetch_mutex);
+	MutexAutoLock lock(g_httpfetch_mutex);
 
 	// Check that caller exists
 	std::map<unsigned long, std::queue<HTTPFetchResult> >::iterator
@@ -145,7 +170,8 @@ class CurlHandlePool
 	std::list<CURL*> handles;
 
 public:
-	CurlHandlePool() {}
+	CurlHandlePool() = default;
+
 	~CurlHandlePool()
 	{
 		for (std::list<CURL*>::iterator it = handles.begin();
@@ -178,7 +204,7 @@ class CurlHandlePool
 class HTTPFetchOngoing
 {
 public:
-	HTTPFetchOngoing(HTTPFetchRequest request, CurlHandlePool *pool);
+	HTTPFetchOngoing(const HTTPFetchRequest &request, CurlHandlePool *pool);
 	~HTTPFetchOngoing();
 
 	CURLcode start(CURLM *multi);
@@ -199,7 +225,8 @@ class HTTPFetchOngoing
 };
 
 
-HTTPFetchOngoing::HTTPFetchOngoing(HTTPFetchRequest request_, CurlHandlePool *pool_):
+HTTPFetchOngoing::HTTPFetchOngoing(const HTTPFetchRequest &request_,
+		CurlHandlePool *pool_):
 	pool(pool_),
 	curl(NULL),
 	multi(NULL),
@@ -218,13 +245,18 @@ HTTPFetchOngoing::HTTPFetchOngoing(HTTPFetchRequest request_, CurlHandlePool *po
 	curl_easy_setopt(curl, CURLOPT_NOSIGNAL, 1);
 	curl_easy_setopt(curl, CURLOPT_FAILONERROR, 1);
 	curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1);
-	curl_easy_setopt(curl, CURLOPT_MAXREDIRS, 1);
+	curl_easy_setopt(curl, CURLOPT_MAXREDIRS, 3);
+	curl_easy_setopt(curl, CURLOPT_ENCODING, "gzip");
 
 	std::string bind_address = g_settings->get("bind_address");
 	if (!bind_address.empty()) {
 		curl_easy_setopt(curl, CURLOPT_INTERFACE, bind_address.c_str());
 	}
 
+	if (!g_settings->getBool("enable_ipv6")) {
+		curl_easy_setopt(curl, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4);
+	}
+
 #if LIBCURL_VERSION_NUM >= 0x071304
 	// Restrict protocols so that curl vulnerabilities in
 	// other protocols don't affect us.
@@ -246,7 +278,7 @@ HTTPFetchOngoing::HTTPFetchOngoing(HTTPFetchRequest request_, CurlHandlePool *po
 	curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT_MS,
 			request.connect_timeout);
 
-	if (request.useragent != "")
+	if (!request.useragent.empty())
 		curl_easy_setopt(curl, CURLOPT_USERAGENT, request.useragent.c_str());
 
 	// Set up a write callback that writes to the
@@ -262,14 +294,11 @@ HTTPFetchOngoing::HTTPFetchOngoing(HTTPFetchRequest request_, CurlHandlePool *po
 		curl_easy_setopt(curl, CURLOPT_WRITEDATA, &oss);
 	}
 
-	// Set POST (or GET) data
-	if (request.post_fields.empty()) {
-		curl_easy_setopt(curl, CURLOPT_HTTPGET, 1);
-	} else if (request.multipart) {
+	// Set data from fields or raw_data
+	if (request.multipart) {
 		curl_httppost *last = NULL;
-		for (std::map<std::string, std::string>::iterator it =
-					request.post_fields.begin();
-				it != request.post_fields.end(); ++it) {
+		for (StringMap::iterator it = request.fields.begin();
+				it != request.fields.end(); ++it) {
 			curl_formadd(&post, &last,
 					CURLFORM_NAMELENGTH, it->first.size(),
 					CURLFORM_PTRNAME, it->first.c_str(),
@@ -280,36 +309,46 @@ HTTPFetchOngoing::HTTPFetchOngoing(HTTPFetchRequest request_, CurlHandlePool *po
 		curl_easy_setopt(curl, CURLOPT_HTTPPOST, post);
 		// request.post_fields must now *never* be
 		// modified until CURLOPT_HTTPPOST is cleared
-	} else if (request.post_data.empty()) {
-		curl_easy_setopt(curl, CURLOPT_POST, 1);
-		std::string str;
-		for (std::map<std::string, std::string>::iterator it =
-					request.post_fields.begin();
-				it != request.post_fields.end();
-				++it) {
-			if (str != "")
-				str += "&";
-			str += urlencode(it->first);
-			str += "=";
-			str += urlencode(it->second);
-		}
-		curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE,
-				str.size());
-		curl_easy_setopt(curl, CURLOPT_COPYPOSTFIELDS,
-				str.c_str());
 	} else {
-		curl_easy_setopt(curl, CURLOPT_POST, 1);
-		curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE,
-				request.post_data.size());
-		curl_easy_setopt(curl, CURLOPT_POSTFIELDS,
-				request.post_data.c_str());
-		// request.post_data must now *never* be
-		// modified until CURLOPT_POSTFIELDS is cleared
+		switch (request.method) {
+		case HTTP_GET:
+			curl_easy_setopt(curl, CURLOPT_HTTPGET, 1);
+			break;
+		case HTTP_POST:
+			curl_easy_setopt(curl, CURLOPT_POST, 1);
+			break;
+		case HTTP_PUT:
+			curl_easy_setopt(curl, CURLOPT_CUSTOMREQUEST, "PUT");
+			break;
+		case HTTP_DELETE:
+			curl_easy_setopt(curl, CURLOPT_CUSTOMREQUEST, "DELETE");
+			break;
+		}
+		if (request.method != HTTP_GET) {
+			if (!request.raw_data.empty()) {
+				curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE,
+						request.raw_data.size());
+				curl_easy_setopt(curl, CURLOPT_POSTFIELDS,
+						request.raw_data.c_str());
+			} else if (!request.fields.empty()) {
+				std::string str;
+				for (auto &field : request.fields) {
+					if (!str.empty())
+						str += "&";
+					str += urlencode(field.first);
+					str += "=";
+					str += urlencode(field.second);
+				}
+				curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE,
+						str.size());
+				curl_easy_setopt(curl, CURLOPT_COPYPOSTFIELDS,
+						str.c_str());
+			}
+		}
 	}
 	// Set additional HTTP headers
-	for (std::vector<std::string>::iterator it = request.extra_headers.begin();
-			it != request.extra_headers.end(); ++it) {
-		http_header = curl_slist_append(http_header, it->c_str());
+	for (const std::string &extra_header : request.extra_headers) {
+		http_header = curl_slist_append(http_header, extra_header.c_str());
 	}
 	curl_easy_setopt(curl, CURLOPT_HTTPHEADER, http_header);
 
@@ -394,7 +433,7 @@ HTTPFetchOngoing::~HTTPFetchOngoing()
 }
 
 
-class CurlFetchThread : public JThread
+class CurlFetchThread : public Thread
 {
 protected:
 	enum RequestType {
@@ -418,7 +457,8 @@ class CurlFetchThread : public JThread
 	std::list<HTTPFetchRequest> m_queued_fetches;
 
 public:
-	CurlFetchThread(int parallel_limit)
+	CurlFetchThread(int parallel_limit) :
+		Thread("CurlFetch")
 	{
 		if (parallel_limit >= 1)
 			m_parallel_limit = parallel_limit;
@@ -617,14 +657,8 @@ class CurlFetchThread : public JThread
 		}
 	}
 
-	void * Thread()
+	void *run()
 	{
-		ThreadStarted();
-		log_register_thread("CurlFetchThread");
-		DSTACK(__FUNCTION_NAME);
-
-		porting::setThreadName("CurlFetchThread");
-
 		CurlHandlePool pool;
 
 		m_multi = curl_multi_init();
@@ -635,7 +669,7 @@ class CurlFetchThread : public JThread
 
 		FATAL_ERROR_IF(!m_all_ongoing.empty(), "Expected empty");
 
-		while (!StopRequested()) {
+		while (!stopRequested()) {
 			BEGIN_DEBUG_EXCEPTION_HANDLER
 
 			/*
@@ -684,12 +718,12 @@ class CurlFetchThread : public JThread
 			else
 				waitForIO(100);
 
-			END_DEBUG_EXCEPTION_HANDLER(errorstream)
+			END_DEBUG_EXCEPTION_HANDLER
 		}
 
 		// Call curl_multi_remove_handle and cleanup easy handles
-		for (size_t i = 0; i < m_all_ongoing.size(); ++i) {
-			delete m_all_ongoing[i];
+		for (HTTPFetchOngoing *i : m_all_ongoing) {
+			delete i;
 		}
 		m_all_ongoing.clear();
 
@@ -717,15 +751,20 @@ void httpfetch_init(int parallel_limit)
 	FATAL_ERROR_IF(res != CURLE_OK, "CURL init failed");
 
 	g_httpfetch_thread = new CurlFetchThread(parallel_limit);
+
+	// Initialize g_callerid_randomness for httpfetch_caller_alloc_secure
+	u64 randbuf[2];
+	porting::secure_rand_fill_buf(randbuf, sizeof(u64) * 2);
+	g_callerid_randomness = PcgRandom(randbuf[0], randbuf[1]);
 }
 
 void httpfetch_cleanup()
 {
 	verbosestream<<"httpfetch_cleanup: cleaning up"<<std::endl;
 
-	g_httpfetch_thread->Stop();
+	g_httpfetch_thread->stop();
 	g_httpfetch_thread->requestWakeUp();
-	g_httpfetch_thread->Wait();
+	g_httpfetch_thread->wait();
 	delete g_httpfetch_thread;
 
 	curl_global_cleanup();
@@ -734,18 +773,17 @@ void httpfetch_cleanup()
 void httpfetch_async(const HTTPFetchRequest &fetch_request)
 {
 	g_httpfetch_thread->requestFetch(fetch_request);
-	if (!g_httpfetch_thread->IsRunning())
-		g_httpfetch_thread->Start();
+	if (!g_httpfetch_thread->isRunning())
+		g_httpfetch_thread->start();
 }
 
 static void httpfetch_request_clear(unsigned long caller)
 {
-	if (g_httpfetch_thread->IsRunning()) {
+	if (g_httpfetch_thread->isRunning()) {
 		Event event;
 		g_httpfetch_thread->requestClear(caller, &event);
 		event.wait();
-	}
-	else {
+	} else {
 		g_httpfetch_thread->requestClear(caller, NULL);
 	}
 }