Add callback handler to report internal HTTP parsing errors (431, 400, 505)

fuzzing/Http.cpp

@@ -135,6 +135,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
             /* Return ok */
             return user;
 
+        }, [](uWS::HttpRequest */*req*/, unsigned int /*errorCode*/) {
         });
 
         if (!returnedUser) {

src/App.h

@@ -147,6 +147,13 @@ struct TemplatedApp {
         return std::move(static_cast<TemplatedApp &&>(*this));
     }
 
+    /* Attaches a log handler for HTTP parsing errors */
+    TemplatedApp &&log(MoveOnlyFunction<void(HttpRequest *, int, std::string_view)> &&logHandler) {
+        httpContext->log(std::move(logHandler));
+
+        return std::move(static_cast<TemplatedApp &&>(*this));
+    }
+
     /* Same as publish, but takes a prepared message */
     bool publishPrepared(std::string_view topic, PreparedMessage &preparedMessage) {
         /* It is assumed by heuristics that a prepared message ought to be big,

src/HttpContext.h

@@ -25,6 +25,7 @@
 #include "HttpResponseData.h"
 #include "AsyncSocket.h"
 #include "WebSocketData.h"
+#include "HttpErrors.h"
 
 #include <string_view>
 #include <iostream>
@@ -251,6 +252,12 @@ struct HttpContext {
                     }
                 }
                 return user;
+            }, [httpContextData](/*void *s, */HttpRequest *httpRequest, unsigned int errorCode) -> void {
+                /* Call the high-level error handler if one is registered */
+                if (httpContextData->httpParsingErrorHandler) {
+                    /* Map internal error codes to HTTP status codes and response bodies */
+                    httpContextData->httpParsingErrorHandler(httpRequest, httpErrorStatusCodes[errorCode], httpErrorResponses[errorCode]);
+                }
             });
 
             /* Mark that we are no longer parsing Http */
@@ -421,6 +428,11 @@ struct HttpContext {
         getSocketContextData()->filterHandlers.emplace_back(std::move(filterHandler));
     }
 
+    /* Register an HTTP parsing error handler */
+    void log(MoveOnlyFunction<void(HttpRequest *, int, std::string_view)> &&logHandler) {
+        getSocketContextData()->httpParsingErrorHandler = std::move(logHandler);
+    }
+
     /* Register an HTTP route handler acording to URL pattern */
     void onHttp(std::string method, std::string pattern, MoveOnlyFunction<void(HttpResponse<SSL> *, HttpRequest *)> &&handler, bool upgrade = false) {
         HttpContextData<SSL> *httpContextData = getSocketContextData();

src/HttpContextData.h

@@ -36,6 +36,9 @@ struct alignas(16) HttpContextData {
     std::vector<MoveOnlyFunction<void(HttpResponse<SSL> *, int)>> filterHandlers;
 
     MoveOnlyFunction<void(const char *hostname)> missingServerNameHandler;
+
+    /* HTTP parsing error handler */
+    MoveOnlyFunction<void(HttpRequest *, int, std::string_view)> httpParsingErrorHandler;
 
     struct RouterData {
         HttpResponse<SSL> *httpResponse;

src/HttpErrors.h

@@ -30,6 +30,13 @@ enum HttpError {
 
 #ifndef UWS_HTTPRESPONSE_NO_WRITEMARK
 
+static const int httpErrorStatusCodes[] = {
+    400, /* Zeroth place (unused) */
+    505, /* HTTP_ERROR_505_HTTP_VERSION_NOT_SUPPORTED */
+    431, /* HTTP_ERROR_431_REQUEST_HEADER_FIELDS_TOO_LARGE */
+    400  /* HTTP_ERROR_400_BAD_REQUEST */
+};
+
 /* Returned parser errors match this LUT. */
 static const std::string_view httpErrorResponses[] = {
     "", /* Zeroth place is no error so don't use it */

src/HttpParser.h

@@ -489,6 +489,9 @@ struct HttpParser {
             data += consumed;
             length -= consumed;
             consumedTotal += consumed;
+            /* Parse query */
+            const char *querySeparatorPtr = (const char *) memchr(req->headers->value.data(), '?', req->headers->value.length());
+            req->querySeparator = (unsigned int) ((querySeparatorPtr ? querySeparatorPtr : req->headers->value.data() + req->headers->value.length()) - req->headers->value.data());
 
             /* Even if we could parse it, check for length here as well */
             if (consumed > MAX_FALLBACK_SIZE) {
@@ -529,10 +532,6 @@ struct HttpParser {
                 return {HTTP_ERROR_400_BAD_REQUEST, FULLPTR};
             }
 
-            /* Parse query */
-            const char *querySeparatorPtr = (const char *) memchr(req->headers->value.data(), '?', req->headers->value.length());
-            req->querySeparator = (unsigned int) ((querySeparatorPtr ? querySeparatorPtr : req->headers->value.data() + req->headers->value.length()) - req->headers->value.data());
-
             /* If returned socket is not what we put in we need
              * to break here as we either have upgraded to
              * WebSockets or otherwise closed the socket. */
@@ -615,7 +614,7 @@ struct HttpParser {
     }
 
 public:
-    std::pair<unsigned int, void *> consumePostPadded(char *data, unsigned int length, void *user, void *reserved, MoveOnlyFunction<void *(void *, HttpRequest *)> &&requestHandler, MoveOnlyFunction<void *(void *, std::string_view, bool)> &&dataHandler) {
+    std::pair<unsigned int, void *> consumePostPadded(char *data, unsigned int length, void *user, void *reserved, MoveOnlyFunction<void *(void *, HttpRequest *)> &&requestHandler, MoveOnlyFunction<void *(void *, std::string_view, bool)> &&dataHandler, MoveOnlyFunction<void(HttpRequest *, unsigned int)> &&errorHandler) {
 
         /* This resets BloomFilter by construction, but later we also reset it again.
          * Optimize this to skip resetting twice (req could be made global) */
@@ -630,6 +629,7 @@ struct HttpParser {
                     dataHandler(user, chunk, chunk.length() == 0);
                 }
                 if (isParsingInvalidChunkedEncoding(remainingStreamingBytes)) {
+                    errorHandler(&req, HTTP_ERROR_400_BAD_REQUEST);
                     return {HTTP_ERROR_400_BAD_REQUEST, FULLPTR};
                 }
                 data = (char *) dataToConsume.data();
@@ -667,6 +667,7 @@ struct HttpParser {
             // break here on break
             std::pair<unsigned int, void *> consumed = fenceAndConsumePostPadded<true>(fallback.data(), (unsigned int) fallback.length(), user, reserved, &req, requestHandler, dataHandler);
             if (consumed.second != user) {
+                errorHandler(&req, consumed.first);
                 return consumed;
             }
 
@@ -687,6 +688,7 @@ struct HttpParser {
                             dataHandler(user, chunk, chunk.length() == 0);
                         }
                         if (isParsingInvalidChunkedEncoding(remainingStreamingBytes)) {
+                            errorHandler(&req, HTTP_ERROR_400_BAD_REQUEST);
                             return {HTTP_ERROR_400_BAD_REQUEST, FULLPTR};
                         }
                         data = (char *) dataToConsume.data();
@@ -714,6 +716,7 @@ struct HttpParser {
 
             } else {
                 if (fallback.length() == MAX_FALLBACK_SIZE) {
+                    errorHandler(&req, HTTP_ERROR_431_REQUEST_HEADER_FIELDS_TOO_LARGE);
                     return {HTTP_ERROR_431_REQUEST_HEADER_FIELDS_TOO_LARGE, FULLPTR};
                 }
                 return {0, user};
@@ -722,6 +725,7 @@ struct HttpParser {
 
         std::pair<unsigned int, void *> consumed = fenceAndConsumePostPadded<false>(data, length, user, reserved, &req, requestHandler, dataHandler);
         if (consumed.second != user) {
+            errorHandler(&req, consumed.first);
             return consumed;
         }
 
@@ -732,6 +736,7 @@ struct HttpParser {
             if (length < MAX_FALLBACK_SIZE) {
                 fallback.append(data, length);
             } else {
+                errorHandler(&req, HTTP_ERROR_431_REQUEST_HEADER_FIELDS_TOO_LARGE);
                 return {HTTP_ERROR_431_REQUEST_HEADER_FIELDS_TOO_LARGE, FULLPTR};
             }
         }

tests/HttpParser.cpp

@@ -31,6 +31,7 @@ int main() {
         /* Return ok */
         return user;
 
+    }, [](uWS::HttpRequest */*req*/, unsigned int /*errorCode*/) {
     });
 
     std::cout << "HTTP DONE" << std::endl;