04e16463d1
Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com> Fixes: https://hackerone.com/reports/2237099 PR-URL: https://github.com/nodejs-private/node-private/pull/556 CVE-ID: CVE-2024-27982 |
||
---|---|---|
.. | ||
include | ||
src | ||
BUILD.gn | ||
CMakeLists.txt | ||
common.gypi | ||
libllhttp.pc.in | ||
LICENSE-MIT | ||
llhttp.gyp | ||
README.md | ||
unofficial.gni |
llhttp
Port of http_parser to llparse.
Why?
Let's face it, http_parser is practically unmaintainable. Even introduction of a single new method results in a significant code churn.
This project aims to:
- Make it maintainable
- Verifiable
- Improving benchmarks where possible
More details in Fedor Indutny's talk at JSConf EU 2019
How?
Over time, different approaches for improving http_parser's code base were tried. However, all of them failed due to resulting significant performance degradation.
This project is a port of http_parser to TypeScript. llparse is used to generate the output C source file, which could be compiled and linked with the embedder's program (like Node.js).
Performance
So far llhttp outperforms http_parser:
input size | bandwidth | reqs/sec | time | |
---|---|---|---|---|
llhttp | 8192.00 mb | 1777.24 mb/s | 3583799.39 req/sec | 4.61 s |
http_parser | 8192.00 mb | 694.66 mb/s | 1406180.33 req/sec | 11.79 s |
llhttp is faster by approximately 156%.
Maintenance
llhttp project has about 1400 lines of TypeScript code describing the parser itself and around 450 lines of C code and headers providing the helper methods. The whole http_parser is implemented in approximately 2500 lines of C, and 436 lines of headers.
All optimizations and multi-character matching in llhttp are generated automatically, and thus doesn't add any extra maintenance cost. On the contrary, most of http_parser's code is hand-optimized and unrolled. Instead describing "how" it should parse the HTTP requests/responses, a maintainer should implement the new features in http_parser cautiously, considering possible performance degradation and manually optimizing the new code.
Verification
The state machine graph is encoded explicitly in llhttp. The llparse automatically checks the graph for absence of loops and correct reporting of the input ranges (spans) like header names and values. In the future, additional checks could be performed to get even stricter verification of the llhttp.
Usage
#include "stdio.h"
#include "llhttp.h"
#include "string.h"
int handle_on_message_complete(llhttp_t* parser) {
fprintf(stdout, "Message completed!\n");
return 0;
}
int main() {
llhttp_t parser;
llhttp_settings_t settings;
/*Initialize user callbacks and settings */
llhttp_settings_init(&settings);
/*Set user callback */
settings.on_message_complete = handle_on_message_complete;
/*Initialize the parser in HTTP_BOTH mode, meaning that it will select between
*HTTP_REQUEST and HTTP_RESPONSE parsing automatically while reading the first
*input.
*/
llhttp_init(&parser, HTTP_BOTH, &settings);
/*Parse request! */
const char* request = "GET / HTTP/1.1\r\n\r\n";
int request_len = strlen(request);
enum llhttp_errno err = llhttp_execute(&parser, request, request_len);
if (err == HPE_OK) {
fprintf(stdout, "Successfully parsed!\n");
} else {
fprintf(stderr, "Parse error: %s %s\n", llhttp_errno_name(err), parser.reason);
}
}
For more information on API usage, please refer to src/native/api.h.
API
llhttp_settings_t
The settings object contains a list of callbacks that the parser will invoke.
The following callbacks can return 0
(proceed normally), -1
(error) or HPE_PAUSED
(pause the parser):
on_message_begin
: Invoked when a new request/response starts.on_message_complete
: Invoked when a request/response has been completedly parsed.on_url_complete
: Invoked after the URL has been parsed.on_method_complete
: Invoked after the HTTP method has been parsed.on_version_complete
: Invoked after the HTTP version has been parsed.on_status_complete
: Invoked after the status code has been parsed.on_header_field_complete
: Invoked after a header name has been parsed.on_header_value_complete
: Invoked after a header value has been parsed.on_chunk_header
: Invoked after a new chunk is started. The current chunk length is stored inparser->content_length
.on_chunk_extension_name_complete
: Invoked after a chunk extension name is started.on_chunk_extension_value_complete
: Invoked after a chunk extension value is started.on_chunk_complete
: Invoked after a new chunk is received.on_reset
: Invoked afteron_message_complete
and beforeon_message_begin
when a new message is received on the same parser. This is not invoked for the first message of the parser.
The following callbacks can return 0
(proceed normally), -1
(error) or HPE_USER
(error from the callback):
on_url
: Invoked when another character of the URL is received.on_status
: Invoked when another character of the status is received.on_method
: Invoked when another character of the method is received. When parser is created withHTTP_BOTH
and the input is a response, this also invoked for the sequenceHTTP/
of the first message.on_version
: Invoked when another character of the version is received.on_header_field
: Invoked when another character of a header name is received.on_header_value
: Invoked when another character of a header value is received.on_chunk_extension_name
: Invoked when another character of a chunk extension name is received.on_chunk_extension_value
: Invoked when another character of a extension value is received.
The callback on_headers_complete
, invoked when headers are completed, can return:
0
: Proceed normally.1
: Assume that request/response has no body, and proceed to parsing the next message.2
: Assume absence of body (as above) and makellhttp_execute()
returnHPE_PAUSED_UPGRADE
.-1
: ErrorHPE_PAUSED
: Pause the parser.
void llhttp_init(llhttp_t* parser, llhttp_type_t type, const llhttp_settings_t* settings)
Initialize the parser with specific type and user settings.
uint8_t llhttp_get_type(llhttp_t* parser)
Returns the type of the parser.
uint8_t llhttp_get_http_major(llhttp_t* parser)
Returns the major version of the HTTP protocol of the current request/response.
uint8_t llhttp_get_http_minor(llhttp_t* parser)
Returns the minor version of the HTTP protocol of the current request/response.
uint8_t llhttp_get_method(llhttp_t* parser)
Returns the method of the current request.
int llhttp_get_status_code(llhttp_t* parser)
Returns the method of the current response.
uint8_t llhttp_get_upgrade(llhttp_t* parser)
Returns 1
if request includes the Connection: upgrade
header.
void llhttp_reset(llhttp_t* parser)
Reset an already initialized parser back to the start state, preserving the existing parser type, callback settings, user data, and lenient flags.
void llhttp_settings_init(llhttp_settings_t* settings)
Initialize the settings object.
llhttp_errno_t llhttp_execute(llhttp_t* parser, const char* data, size_t len)
Parse full or partial request/response, invoking user callbacks along the way.
If any of llhttp_data_cb
returns errno not equal to HPE_OK
- the parsing interrupts,
and such errno is returned from llhttp_execute()
. If HPE_PAUSED
was used as a errno,
the execution can be resumed with llhttp_resume()
call.
In a special case of CONNECT/Upgrade request/response HPE_PAUSED_UPGRADE
is returned
after fully parsing the request/response. If the user wishes to continue parsing,
they need to invoke llhttp_resume_after_upgrade()
.
if this function ever returns a non-pause type error, it will continue to return
the same error upon each successive call up until llhttp_init()
is called.
llhttp_errno_t llhttp_finish(llhttp_t* parser)
This method should be called when the other side has no further bytes to send (e.g. shutdown of readable side of the TCP connection.)
Requests without Content-Length
and other messages might require treating
all incoming bytes as the part of the body, up to the last byte of the
connection.
This method will invoke on_message_complete()
callback if the
request was terminated safely. Otherwise a error code would be returned.
int llhttp_message_needs_eof(const llhttp_t* parser)
Returns 1
if the incoming message is parsed until the last byte, and has to be completed by calling llhttp_finish()
on EOF.
int llhttp_should_keep_alive(const llhttp_t* parser)
Returns 1
if there might be any other messages following the last that was
successfully parsed.
void llhttp_pause(llhttp_t* parser)
Make further calls of llhttp_execute()
return HPE_PAUSED
and set
appropriate error reason.
Do not call this from user callbacks! User callbacks must return
HPE_PAUSED
if pausing is required.
void llhttp_resume(llhttp_t* parser)
Might be called to resume the execution after the pause in user's callback.
See llhttp_execute()
above for details.
Call this only if llhttp_execute()
returns HPE_PAUSED
.
void llhttp_resume_after_upgrade(llhttp_t* parser)
Might be called to resume the execution after the pause in user's callback.
See llhttp_execute()
above for details.
Call this only if llhttp_execute()
returns HPE_PAUSED_UPGRADE
llhttp_errno_t llhttp_get_errno(const llhttp_t* parser)
Returns the latest error.
const char* llhttp_get_error_reason(const llhttp_t* parser)
Returns the verbal explanation of the latest returned error.
User callback should set error reason when returning the error. See
llhttp_set_error_reason()
for details.
void llhttp_set_error_reason(llhttp_t* parser, const char* reason)
Assign verbal description to the returned error. Must be called in user callbacks right before returning the errno.
HPE_USER
error code might be useful in user callbacks.
const char* llhttp_get_error_pos(const llhttp_t* parser)
Returns the pointer to the last parsed byte before the returned error. The
pointer is relative to the data
argument of llhttp_execute()
.
This method might be useful for counting the number of parsed bytes.
const char* llhttp_errno_name(llhttp_errno_t err)
Returns textual name of error code.
const char* llhttp_method_name(llhttp_method_t method)
Returns textual name of HTTP method.
const char* llhttp_status_name(llhttp_status_t status)
Returns textual name of HTTP status.
void llhttp_set_lenient_headers(llhttp_t* parser, int enabled)
Enables/disables lenient header value parsing (disabled by default). Lenient parsing disables header value token checks, extending llhttp's protocol support to highly non-compliant clients/server.
No HPE_INVALID_HEADER_TOKEN
will be raised for incorrect header values when
lenient parsing is "on".
Enabling this flag can pose a security issue since you will be exposed to request smuggling attacks. USE WITH CAUTION!
void llhttp_set_lenient_chunked_length(llhttp_t* parser, int enabled)
Enables/disables lenient handling of conflicting Transfer-Encoding
and
Content-Length
headers (disabled by default).
Normally llhttp
would error when Transfer-Encoding
is present in
conjunction with Content-Length
.
This error is important to prevent HTTP request smuggling, but may be less desirable for small number of cases involving legacy servers.
Enabling this flag can pose a security issue since you will be exposed to request smuggling attacks. USE WITH CAUTION!
void llhttp_set_lenient_keep_alive(llhttp_t* parser, int enabled)
Enables/disables lenient handling of Connection: close
and HTTP/1.0
requests responses.
Normally llhttp
would error the HTTP request/response
after the request/response with Connection: close
and Content-Length
.
This is important to prevent cache poisoning attacks, but might interact badly with outdated and insecure clients.
With this flag the extra request/response will be parsed normally.
Enabling this flag can pose a security issue since you will be exposed to poisoning attacks. USE WITH CAUTION!
void llhttp_set_lenient_transfer_encoding(llhttp_t* parser, int enabled)
Enables/disables lenient handling of Transfer-Encoding
header.
Normally llhttp
would error when a Transfer-Encoding
has chunked
value
and another value after it (either in a single header or in multiple
headers whose value are internally joined using ,
).
This is mandated by the spec to reliably determine request body size and thus avoid request smuggling.
With this flag the extra value will be parsed normally.
Enabling this flag can pose a security issue since you will be exposed to request smuggling attacks. USE WITH CAUTION!
void llhttp_set_lenient_version(llhttp_t* parser, int enabled)
Enables/disables lenient handling of HTTP version.
Normally llhttp
would error when the HTTP version in the request or status line
is not 0.9
, 1.0
, 1.1
or 2.0
.
With this flag the extra value will be parsed normally.
Enabling this flag can pose a security issue since you will allow unsupported HTTP versions. USE WITH CAUTION!
void llhttp_set_lenient_data_after_close(llhttp_t* parser, int enabled)
Enables/disables lenient handling of additional data received after a message ends and keep-alive is disabled.
Normally llhttp
would error when additional unexpected data is received if the message
contains the Connection
header with close
value.
With this flag the extra data will discarded without throwing an error.
Enabling this flag can pose a security issue since you will be exposed to poisoning attacks. USE WITH CAUTION!
void llhttp_set_lenient_optional_lf_after_cr(llhttp_t* parser, int enabled)
Enables/disables lenient handling of incomplete CRLF sequences.
Normally llhttp
would error when a CR is not followed by LF when terminating the
request line, the status line, the headers or a chunk header.
With this flag only a CR is required to terminate such sections.
Enabling this flag can pose a security issue since you will be exposed to request smuggling attacks. USE WITH CAUTION!
void llhttp_set_lenient_optional_cr_before_lf(llhttp_t* parser, int enabled)
Enables/disables lenient handling of line separators.
Normally llhttp
would error when a LF is not preceded by CR when terminating the
request line, the status line, the headers, a chunk header or a chunk data.
With this flag only a LF is required to terminate such sections.
Enabling this flag can pose a security issue since you will be exposed to request smuggling attacks. USE WITH CAUTION!
void llhttp_set_lenient_optional_crlf_after_chunk(llhttp_t* parser, int enabled)
Enables/disables lenient handling of chunks not separated via CRLF.
Normally llhttp
would error when after a chunk data a CRLF is missing before
starting a new chunk.
With this flag the new chunk can start immediately after the previous one.
Enabling this flag can pose a security issue since you will be exposed to request smuggling attacks. USE WITH CAUTION!
void llhttp_set_lenient_spaces_after_chunk_size(llhttp_t* parser, int enabled)
Enables/disables lenient handling of spaces after chunk size.
Normally llhttp
would error when after a chunk size is followed by one or more spaces are present instead of a CRLF or ;
.
With this flag this check is disabled.
Enabling this flag can pose a security issue since you will be exposed to request smuggling attacks. USE WITH CAUTION!
Build Instructions
Make sure you have Node.js, npm and npx installed. Then under project directory run:
npm ci
make
Bindings to other languages
- Lua: MunifTanjim/llhttp.lua
- Python: pallas/pyllhttp
- Ruby: metabahn/llhttp
- Rust: JackLiar/rust-llhttp
Using with CMake
If you want to use this library in a CMake project as a shared library, you can use the snippet below.
FetchContent_Declare(llhttp
URL "https://github.com/nodejs/llhttp/archive/refs/tags/release/v8.1.0.tar.gz")
FetchContent_MakeAvailable(llhttp)
# Link with the llhttp_shared target
target_link_libraries(${EXAMPLE_PROJECT_NAME} ${PROJECT_LIBRARIES} llhttp_shared ${PROJECT_NAME})
If you want to use this library in a CMake project as a static library, you can set some cache variables first.
FetchContent_Declare(llhttp
URL "https://github.com/nodejs/llhttp/archive/refs/tags/release/v8.1.0.tar.gz")
set(BUILD_SHARED_LIBS OFF CACHE INTERNAL "")
set(BUILD_STATIC_LIBS ON CACHE INTERNAL "")
FetchContent_MakeAvailable(llhttp)
# Link with the llhttp_static target
target_link_libraries(${EXAMPLE_PROJECT_NAME} ${PROJECT_LIBRARIES} llhttp_static ${PROJECT_NAME})
Note that using the git repo directly (e.g., via a git repo url and tag) will not work with FetchContent_Declare because CMakeLists.txt requires string replacements (e.g., _RELEASE_
) before it will build.
Building on Windows
Installation
choco install git
choco install node
choco install llvm
(or install theC++ Clang tools for Windows
optional package from the Visual Studio 2019 installer)choco install make
(or if you have MinGW, it comes bundled)
- Ensure that
Clang
andmake
are in your system path. - Using Git Bash, clone the repo to your preferred location.
- Cd into the cloned directory and run
npm ci
- Run
make
- Your
repo/build
directory should now havelibllhttp.a
andlibllhttp.so
static and dynamic libraries. - When building your executable, you can link to these libraries. Make sure to set the build folder as an include path when building so you can reference the declarations in
repo/build/llhttp.h
.
A simple example on linking with the library:
Assuming you have an executable main.cpp
in your current working directory, you would run: clang++ -Os -g3 -Wall -Wextra -Wno-unused-parameter -I/path/to/llhttp/build main.cpp /path/to/llhttp/build/libllhttp.a -o main.exe
.
If you are getting unresolved external symbol
linker errors you are likely attempting to build llhttp.c
without linking it with object files from api.c
and http.c
.
LICENSE
This software is licensed under the MIT License.
Copyright Fedor Indutny, 2018.
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.