...

Source file src/pkg/net/http/transfer.go

     1	// Copyright 2009 The Go Authors. All rights reserved.
     2	// Use of this source code is governed by a BSD-style
     3	// license that can be found in the LICENSE file.
     4	
     5	package http
     6	
     7	import (
     8		"bufio"
     9		"bytes"
    10		"errors"
    11		"fmt"
    12		"io"
    13		"io/ioutil"
    14		"net/http/httptrace"
    15		"net/http/internal"
    16		"net/textproto"
    17		"reflect"
    18		"sort"
    19		"strconv"
    20		"strings"
    21		"sync"
    22		"time"
    23	
    24		"golang.org/x/net/http/httpguts"
    25	)
    26	
    27	// ErrLineTooLong is returned when reading request or response bodies
    28	// with malformed chunked encoding.
    29	var ErrLineTooLong = internal.ErrLineTooLong
    30	
    31	type errorReader struct {
    32		err error
    33	}
    34	
    35	func (r errorReader) Read(p []byte) (n int, err error) {
    36		return 0, r.err
    37	}
    38	
    39	type byteReader struct {
    40		b    byte
    41		done bool
    42	}
    43	
    44	func (br *byteReader) Read(p []byte) (n int, err error) {
    45		if br.done {
    46			return 0, io.EOF
    47		}
    48		if len(p) == 0 {
    49			return 0, nil
    50		}
    51		br.done = true
    52		p[0] = br.b
    53		return 1, io.EOF
    54	}
    55	
    56	// transferWriter inspects the fields of a user-supplied Request or Response,
    57	// sanitizes them without changing the user object and provides methods for
    58	// writing the respective header, body and trailer in wire format.
    59	type transferWriter struct {
    60		Method           string
    61		Body             io.Reader
    62		BodyCloser       io.Closer
    63		ResponseToHEAD   bool
    64		ContentLength    int64 // -1 means unknown, 0 means exactly none
    65		Close            bool
    66		TransferEncoding []string
    67		Header           Header
    68		Trailer          Header
    69		IsResponse       bool
    70		bodyReadError    error // any non-EOF error from reading Body
    71	
    72		FlushHeaders bool            // flush headers to network before body
    73		ByteReadCh   chan readResult // non-nil if probeRequestBody called
    74	}
    75	
    76	func newTransferWriter(r interface{}) (t *transferWriter, err error) {
    77		t = &transferWriter{}
    78	
    79		// Extract relevant fields
    80		atLeastHTTP11 := false
    81		switch rr := r.(type) {
    82		case *Request:
    83			if rr.ContentLength != 0 && rr.Body == nil {
    84				return nil, fmt.Errorf("http: Request.ContentLength=%d with nil Body", rr.ContentLength)
    85			}
    86			t.Method = valueOrDefault(rr.Method, "GET")
    87			t.Close = rr.Close
    88			t.TransferEncoding = rr.TransferEncoding
    89			t.Header = rr.Header
    90			t.Trailer = rr.Trailer
    91			t.Body = rr.Body
    92			t.BodyCloser = rr.Body
    93			t.ContentLength = rr.outgoingLength()
    94			if t.ContentLength < 0 && len(t.TransferEncoding) == 0 && t.shouldSendChunkedRequestBody() {
    95				t.TransferEncoding = []string{"chunked"}
    96			}
    97			// If there's a body, conservatively flush the headers
    98			// to any bufio.Writer we're writing to, just in case
    99			// the server needs the headers early, before we copy
   100			// the body and possibly block. We make an exception
   101			// for the common standard library in-memory types,
   102			// though, to avoid unnecessary TCP packets on the
   103			// wire. (Issue 22088.)
   104			if t.ContentLength != 0 && !isKnownInMemoryReader(t.Body) {
   105				t.FlushHeaders = true
   106			}
   107	
   108			atLeastHTTP11 = true // Transport requests are always 1.1 or 2.0
   109		case *Response:
   110			t.IsResponse = true
   111			if rr.Request != nil {
   112				t.Method = rr.Request.Method
   113			}
   114			t.Body = rr.Body
   115			t.BodyCloser = rr.Body
   116			t.ContentLength = rr.ContentLength
   117			t.Close = rr.Close
   118			t.TransferEncoding = rr.TransferEncoding
   119			t.Header = rr.Header
   120			t.Trailer = rr.Trailer
   121			atLeastHTTP11 = rr.ProtoAtLeast(1, 1)
   122			t.ResponseToHEAD = noResponseBodyExpected(t.Method)
   123		}
   124	
   125		// Sanitize Body,ContentLength,TransferEncoding
   126		if t.ResponseToHEAD {
   127			t.Body = nil
   128			if chunked(t.TransferEncoding) {
   129				t.ContentLength = -1
   130			}
   131		} else {
   132			if !atLeastHTTP11 || t.Body == nil {
   133				t.TransferEncoding = nil
   134			}
   135			if chunked(t.TransferEncoding) {
   136				t.ContentLength = -1
   137			} else if t.Body == nil { // no chunking, no body
   138				t.ContentLength = 0
   139			}
   140		}
   141	
   142		// Sanitize Trailer
   143		if !chunked(t.TransferEncoding) {
   144			t.Trailer = nil
   145		}
   146	
   147		return t, nil
   148	}
   149	
   150	// shouldSendChunkedRequestBody reports whether we should try to send a
   151	// chunked request body to the server. In particular, the case we really
   152	// want to prevent is sending a GET or other typically-bodyless request to a
   153	// server with a chunked body when the body has zero bytes, since GETs with
   154	// bodies (while acceptable according to specs), even zero-byte chunked
   155	// bodies, are approximately never seen in the wild and confuse most
   156	// servers. See Issue 18257, as one example.
   157	//
   158	// The only reason we'd send such a request is if the user set the Body to a
   159	// non-nil value (say, ioutil.NopCloser(bytes.NewReader(nil))) and didn't
   160	// set ContentLength, or NewRequest set it to -1 (unknown), so then we assume
   161	// there's bytes to send.
   162	//
   163	// This code tries to read a byte from the Request.Body in such cases to see
   164	// whether the body actually has content (super rare) or is actually just
   165	// a non-nil content-less ReadCloser (the more common case). In that more
   166	// common case, we act as if their Body were nil instead, and don't send
   167	// a body.
   168	func (t *transferWriter) shouldSendChunkedRequestBody() bool {
   169		// Note that t.ContentLength is the corrected content length
   170		// from rr.outgoingLength, so 0 actually means zero, not unknown.
   171		if t.ContentLength >= 0 || t.Body == nil { // redundant checks; caller did them
   172			return false
   173		}
   174		if t.Method == "CONNECT" {
   175			return false
   176		}
   177		if requestMethodUsuallyLacksBody(t.Method) {
   178			// Only probe the Request.Body for GET/HEAD/DELETE/etc
   179			// requests, because it's only those types of requests
   180			// that confuse servers.
   181			t.probeRequestBody() // adjusts t.Body, t.ContentLength
   182			return t.Body != nil
   183		}
   184		// For all other request types (PUT, POST, PATCH, or anything
   185		// made-up we've never heard of), assume it's normal and the server
   186		// can deal with a chunked request body. Maybe we'll adjust this
   187		// later.
   188		return true
   189	}
   190	
   191	// probeRequestBody reads a byte from t.Body to see whether it's empty
   192	// (returns io.EOF right away).
   193	//
   194	// But because we've had problems with this blocking users in the past
   195	// (issue 17480) when the body is a pipe (perhaps waiting on the response
   196	// headers before the pipe is fed data), we need to be careful and bound how
   197	// long we wait for it. This delay will only affect users if all the following
   198	// are true:
   199	//   * the request body blocks
   200	//   * the content length is not set (or set to -1)
   201	//   * the method doesn't usually have a body (GET, HEAD, DELETE, ...)
   202	//   * there is no transfer-encoding=chunked already set.
   203	// In other words, this delay will not normally affect anybody, and there
   204	// are workarounds if it does.
   205	func (t *transferWriter) probeRequestBody() {
   206		t.ByteReadCh = make(chan readResult, 1)
   207		go func(body io.Reader) {
   208			var buf [1]byte
   209			var rres readResult
   210			rres.n, rres.err = body.Read(buf[:])
   211			if rres.n == 1 {
   212				rres.b = buf[0]
   213			}
   214			t.ByteReadCh <- rres
   215		}(t.Body)
   216		timer := time.NewTimer(200 * time.Millisecond)
   217		select {
   218		case rres := <-t.ByteReadCh:
   219			timer.Stop()
   220			if rres.n == 0 && rres.err == io.EOF {
   221				// It was empty.
   222				t.Body = nil
   223				t.ContentLength = 0
   224			} else if rres.n == 1 {
   225				if rres.err != nil {
   226					t.Body = io.MultiReader(&byteReader{b: rres.b}, errorReader{rres.err})
   227				} else {
   228					t.Body = io.MultiReader(&byteReader{b: rres.b}, t.Body)
   229				}
   230			} else if rres.err != nil {
   231				t.Body = errorReader{rres.err}
   232			}
   233		case <-timer.C:
   234			// Too slow. Don't wait. Read it later, and keep
   235			// assuming that this is ContentLength == -1
   236			// (unknown), which means we'll send a
   237			// "Transfer-Encoding: chunked" header.
   238			t.Body = io.MultiReader(finishAsyncByteRead{t}, t.Body)
   239			// Request that Request.Write flush the headers to the
   240			// network before writing the body, since our body may not
   241			// become readable until it's seen the response headers.
   242			t.FlushHeaders = true
   243		}
   244	}
   245	
   246	func noResponseBodyExpected(requestMethod string) bool {
   247		return requestMethod == "HEAD"
   248	}
   249	
   250	func (t *transferWriter) shouldSendContentLength() bool {
   251		if chunked(t.TransferEncoding) {
   252			return false
   253		}
   254		if t.ContentLength > 0 {
   255			return true
   256		}
   257		if t.ContentLength < 0 {
   258			return false
   259		}
   260		// Many servers expect a Content-Length for these methods
   261		if t.Method == "POST" || t.Method == "PUT" {
   262			return true
   263		}
   264		if t.ContentLength == 0 && isIdentity(t.TransferEncoding) {
   265			if t.Method == "GET" || t.Method == "HEAD" {
   266				return false
   267			}
   268			return true
   269		}
   270	
   271		return false
   272	}
   273	
   274	func (t *transferWriter) writeHeader(w io.Writer, trace *httptrace.ClientTrace) error {
   275		if t.Close && !hasToken(t.Header.get("Connection"), "close") {
   276			if _, err := io.WriteString(w, "Connection: close\r\n"); err != nil {
   277				return err
   278			}
   279			if trace != nil && trace.WroteHeaderField != nil {
   280				trace.WroteHeaderField("Connection", []string{"close"})
   281			}
   282		}
   283	
   284		// Write Content-Length and/or Transfer-Encoding whose values are a
   285		// function of the sanitized field triple (Body, ContentLength,
   286		// TransferEncoding)
   287		if t.shouldSendContentLength() {
   288			if _, err := io.WriteString(w, "Content-Length: "); err != nil {
   289				return err
   290			}
   291			if _, err := io.WriteString(w, strconv.FormatInt(t.ContentLength, 10)+"\r\n"); err != nil {
   292				return err
   293			}
   294			if trace != nil && trace.WroteHeaderField != nil {
   295				trace.WroteHeaderField("Content-Length", []string{strconv.FormatInt(t.ContentLength, 10)})
   296			}
   297		} else if chunked(t.TransferEncoding) {
   298			if _, err := io.WriteString(w, "Transfer-Encoding: chunked\r\n"); err != nil {
   299				return err
   300			}
   301			if trace != nil && trace.WroteHeaderField != nil {
   302				trace.WroteHeaderField("Transfer-Encoding", []string{"chunked"})
   303			}
   304		}
   305	
   306		// Write Trailer header
   307		if t.Trailer != nil {
   308			keys := make([]string, 0, len(t.Trailer))
   309			for k := range t.Trailer {
   310				k = CanonicalHeaderKey(k)
   311				switch k {
   312				case "Transfer-Encoding", "Trailer", "Content-Length":
   313					return &badStringError{"invalid Trailer key", k}
   314				}
   315				keys = append(keys, k)
   316			}
   317			if len(keys) > 0 {
   318				sort.Strings(keys)
   319				// TODO: could do better allocation-wise here, but trailers are rare,
   320				// so being lazy for now.
   321				if _, err := io.WriteString(w, "Trailer: "+strings.Join(keys, ",")+"\r\n"); err != nil {
   322					return err
   323				}
   324				if trace != nil && trace.WroteHeaderField != nil {
   325					trace.WroteHeaderField("Trailer", keys)
   326				}
   327			}
   328		}
   329	
   330		return nil
   331	}
   332	
   333	func (t *transferWriter) writeBody(w io.Writer) error {
   334		var err error
   335		var ncopy int64
   336	
   337		// Write body. We "unwrap" the body first if it was wrapped in a
   338		// nopCloser. This is to ensure that we can take advantage of
   339		// OS-level optimizations in the event that the body is an
   340		// *os.File.
   341		if t.Body != nil {
   342			var body = t.unwrapBody()
   343			if chunked(t.TransferEncoding) {
   344				if bw, ok := w.(*bufio.Writer); ok && !t.IsResponse {
   345					w = &internal.FlushAfterChunkWriter{Writer: bw}
   346				}
   347				cw := internal.NewChunkedWriter(w)
   348				_, err = t.doBodyCopy(cw, body)
   349				if err == nil {
   350					err = cw.Close()
   351				}
   352			} else if t.ContentLength == -1 {
   353				dst := w
   354				if t.Method == "CONNECT" {
   355					dst = bufioFlushWriter{dst}
   356				}
   357				ncopy, err = t.doBodyCopy(dst, body)
   358			} else {
   359				ncopy, err = t.doBodyCopy(w, io.LimitReader(body, t.ContentLength))
   360				if err != nil {
   361					return err
   362				}
   363				var nextra int64
   364				nextra, err = t.doBodyCopy(ioutil.Discard, body)
   365				ncopy += nextra
   366			}
   367			if err != nil {
   368				return err
   369			}
   370		}
   371		if t.BodyCloser != nil {
   372			if err := t.BodyCloser.Close(); err != nil {
   373				return err
   374			}
   375		}
   376	
   377		if !t.ResponseToHEAD && t.ContentLength != -1 && t.ContentLength != ncopy {
   378			return fmt.Errorf("http: ContentLength=%d with Body length %d",
   379				t.ContentLength, ncopy)
   380		}
   381	
   382		if chunked(t.TransferEncoding) {
   383			// Write Trailer header
   384			if t.Trailer != nil {
   385				if err := t.Trailer.Write(w); err != nil {
   386					return err
   387				}
   388			}
   389			// Last chunk, empty trailer
   390			_, err = io.WriteString(w, "\r\n")
   391		}
   392		return err
   393	}
   394	
   395	// doBodyCopy wraps a copy operation, with any resulting error also
   396	// being saved in bodyReadError.
   397	//
   398	// This function is only intended for use in writeBody.
   399	func (t *transferWriter) doBodyCopy(dst io.Writer, src io.Reader) (n int64, err error) {
   400		n, err = io.Copy(dst, src)
   401		if err != nil && err != io.EOF {
   402			t.bodyReadError = err
   403		}
   404		return
   405	}
   406	
   407	// unwrapBodyReader unwraps the body's inner reader if it's a
   408	// nopCloser. This is to ensure that body writes sourced from local
   409	// files (*os.File types) are properly optimized.
   410	//
   411	// This function is only intended for use in writeBody.
   412	func (t *transferWriter) unwrapBody() io.Reader {
   413		if reflect.TypeOf(t.Body) == nopCloserType {
   414			return reflect.ValueOf(t.Body).Field(0).Interface().(io.Reader)
   415		}
   416	
   417		return t.Body
   418	}
   419	
   420	type transferReader struct {
   421		// Input
   422		Header        Header
   423		StatusCode    int
   424		RequestMethod string
   425		ProtoMajor    int
   426		ProtoMinor    int
   427		// Output
   428		Body             io.ReadCloser
   429		ContentLength    int64
   430		TransferEncoding []string
   431		Close            bool
   432		Trailer          Header
   433	}
   434	
   435	func (t *transferReader) protoAtLeast(m, n int) bool {
   436		return t.ProtoMajor > m || (t.ProtoMajor == m && t.ProtoMinor >= n)
   437	}
   438	
   439	// bodyAllowedForStatus reports whether a given response status code
   440	// permits a body. See RFC 7230, section 3.3.
   441	func bodyAllowedForStatus(status int) bool {
   442		switch {
   443		case status >= 100 && status <= 199:
   444			return false
   445		case status == 204:
   446			return false
   447		case status == 304:
   448			return false
   449		}
   450		return true
   451	}
   452	
   453	var (
   454		suppressedHeaders304    = []string{"Content-Type", "Content-Length", "Transfer-Encoding"}
   455		suppressedHeadersNoBody = []string{"Content-Length", "Transfer-Encoding"}
   456	)
   457	
   458	func suppressedHeaders(status int) []string {
   459		switch {
   460		case status == 304:
   461			// RFC 7232 section 4.1
   462			return suppressedHeaders304
   463		case !bodyAllowedForStatus(status):
   464			return suppressedHeadersNoBody
   465		}
   466		return nil
   467	}
   468	
   469	// msg is *Request or *Response.
   470	func readTransfer(msg interface{}, r *bufio.Reader) (err error) {
   471		t := &transferReader{RequestMethod: "GET"}
   472	
   473		// Unify input
   474		isResponse := false
   475		switch rr := msg.(type) {
   476		case *Response:
   477			t.Header = rr.Header
   478			t.StatusCode = rr.StatusCode
   479			t.ProtoMajor = rr.ProtoMajor
   480			t.ProtoMinor = rr.ProtoMinor
   481			t.Close = shouldClose(t.ProtoMajor, t.ProtoMinor, t.Header, true)
   482			isResponse = true
   483			if rr.Request != nil {
   484				t.RequestMethod = rr.Request.Method
   485			}
   486		case *Request:
   487			t.Header = rr.Header
   488			t.RequestMethod = rr.Method
   489			t.ProtoMajor = rr.ProtoMajor
   490			t.ProtoMinor = rr.ProtoMinor
   491			// Transfer semantics for Requests are exactly like those for
   492			// Responses with status code 200, responding to a GET method
   493			t.StatusCode = 200
   494			t.Close = rr.Close
   495		default:
   496			panic("unexpected type")
   497		}
   498	
   499		// Default to HTTP/1.1
   500		if t.ProtoMajor == 0 && t.ProtoMinor == 0 {
   501			t.ProtoMajor, t.ProtoMinor = 1, 1
   502		}
   503	
   504		// Transfer encoding, content length
   505		err = t.fixTransferEncoding()
   506		if err != nil {
   507			return err
   508		}
   509	
   510		realLength, err := fixLength(isResponse, t.StatusCode, t.RequestMethod, t.Header, t.TransferEncoding)
   511		if err != nil {
   512			return err
   513		}
   514		if isResponse && t.RequestMethod == "HEAD" {
   515			if n, err := parseContentLength(t.Header.get("Content-Length")); err != nil {
   516				return err
   517			} else {
   518				t.ContentLength = n
   519			}
   520		} else {
   521			t.ContentLength = realLength
   522		}
   523	
   524		// Trailer
   525		t.Trailer, err = fixTrailer(t.Header, t.TransferEncoding)
   526		if err != nil {
   527			return err
   528		}
   529	
   530		// If there is no Content-Length or chunked Transfer-Encoding on a *Response
   531		// and the status is not 1xx, 204 or 304, then the body is unbounded.
   532		// See RFC 7230, section 3.3.
   533		switch msg.(type) {
   534		case *Response:
   535			if realLength == -1 &&
   536				!chunked(t.TransferEncoding) &&
   537				bodyAllowedForStatus(t.StatusCode) {
   538				// Unbounded body.
   539				t.Close = true
   540			}
   541		}
   542	
   543		// Prepare body reader. ContentLength < 0 means chunked encoding
   544		// or close connection when finished, since multipart is not supported yet
   545		switch {
   546		case chunked(t.TransferEncoding):
   547			if noResponseBodyExpected(t.RequestMethod) || !bodyAllowedForStatus(t.StatusCode) {
   548				t.Body = NoBody
   549			} else {
   550				t.Body = &body{src: internal.NewChunkedReader(r), hdr: msg, r: r, closing: t.Close}
   551			}
   552		case realLength == 0:
   553			t.Body = NoBody
   554		case realLength > 0:
   555			t.Body = &body{src: io.LimitReader(r, realLength), closing: t.Close}
   556		default:
   557			// realLength < 0, i.e. "Content-Length" not mentioned in header
   558			if t.Close {
   559				// Close semantics (i.e. HTTP/1.0)
   560				t.Body = &body{src: r, closing: t.Close}
   561			} else {
   562				// Persistent connection (i.e. HTTP/1.1)
   563				t.Body = NoBody
   564			}
   565		}
   566	
   567		// Unify output
   568		switch rr := msg.(type) {
   569		case *Request:
   570			rr.Body = t.Body
   571			rr.ContentLength = t.ContentLength
   572			rr.TransferEncoding = t.TransferEncoding
   573			rr.Close = t.Close
   574			rr.Trailer = t.Trailer
   575		case *Response:
   576			rr.Body = t.Body
   577			rr.ContentLength = t.ContentLength
   578			rr.TransferEncoding = t.TransferEncoding
   579			rr.Close = t.Close
   580			rr.Trailer = t.Trailer
   581		}
   582	
   583		return nil
   584	}
   585	
   586	// Checks whether chunked is part of the encodings stack
   587	func chunked(te []string) bool { return len(te) > 0 && te[0] == "chunked" }
   588	
   589	// Checks whether the encoding is explicitly "identity".
   590	func isIdentity(te []string) bool { return len(te) == 1 && te[0] == "identity" }
   591	
   592	// unsupportedTEError reports unsupported transfer-encodings.
   593	type unsupportedTEError struct {
   594		err string
   595	}
   596	
   597	func (uste *unsupportedTEError) Error() string {
   598		return uste.err
   599	}
   600	
   601	// isUnsupportedTEError checks if the error is of type
   602	// unsupportedTEError. It is usually invoked with a non-nil err.
   603	func isUnsupportedTEError(err error) bool {
   604		_, ok := err.(*unsupportedTEError)
   605		return ok
   606	}
   607	
   608	// fixTransferEncoding sanitizes t.TransferEncoding, if needed.
   609	func (t *transferReader) fixTransferEncoding() error {
   610		raw, present := t.Header["Transfer-Encoding"]
   611		if !present {
   612			return nil
   613		}
   614		delete(t.Header, "Transfer-Encoding")
   615	
   616		// Issue 12785; ignore Transfer-Encoding on HTTP/1.0 requests.
   617		if !t.protoAtLeast(1, 1) {
   618			return nil
   619		}
   620	
   621		encodings := strings.Split(raw[0], ",")
   622		te := make([]string, 0, len(encodings))
   623		// TODO: Even though we only support "identity" and "chunked"
   624		// encodings, the loop below is designed with foresight. One
   625		// invariant that must be maintained is that, if present,
   626		// chunked encoding must always come first.
   627		for _, encoding := range encodings {
   628			encoding = strings.ToLower(strings.TrimSpace(encoding))
   629			// "identity" encoding is not recorded
   630			if encoding == "identity" {
   631				break
   632			}
   633			if encoding != "chunked" {
   634				return &unsupportedTEError{fmt.Sprintf("unsupported transfer encoding: %q", encoding)}
   635			}
   636			te = te[0 : len(te)+1]
   637			te[len(te)-1] = encoding
   638		}
   639		if len(te) > 1 {
   640			return &badStringError{"too many transfer encodings", strings.Join(te, ",")}
   641		}
   642		if len(te) > 0 {
   643			// RFC 7230 3.3.2 says "A sender MUST NOT send a
   644			// Content-Length header field in any message that
   645			// contains a Transfer-Encoding header field."
   646			//
   647			// but also:
   648			// "If a message is received with both a
   649			// Transfer-Encoding and a Content-Length header
   650			// field, the Transfer-Encoding overrides the
   651			// Content-Length. Such a message might indicate an
   652			// attempt to perform request smuggling (Section 9.5)
   653			// or response splitting (Section 9.4) and ought to be
   654			// handled as an error. A sender MUST remove the
   655			// received Content-Length field prior to forwarding
   656			// such a message downstream."
   657			//
   658			// Reportedly, these appear in the wild.
   659			delete(t.Header, "Content-Length")
   660			t.TransferEncoding = te
   661			return nil
   662		}
   663	
   664		return nil
   665	}
   666	
   667	// Determine the expected body length, using RFC 7230 Section 3.3. This
   668	// function is not a method, because ultimately it should be shared by
   669	// ReadResponse and ReadRequest.
   670	func fixLength(isResponse bool, status int, requestMethod string, header Header, te []string) (int64, error) {
   671		isRequest := !isResponse
   672		contentLens := header["Content-Length"]
   673	
   674		// Hardening against HTTP request smuggling
   675		if len(contentLens) > 1 {
   676			// Per RFC 7230 Section 3.3.2, prevent multiple
   677			// Content-Length headers if they differ in value.
   678			// If there are dups of the value, remove the dups.
   679			// See Issue 16490.
   680			first := strings.TrimSpace(contentLens[0])
   681			for _, ct := range contentLens[1:] {
   682				if first != strings.TrimSpace(ct) {
   683					return 0, fmt.Errorf("http: message cannot contain multiple Content-Length headers; got %q", contentLens)
   684				}
   685			}
   686	
   687			// deduplicate Content-Length
   688			header.Del("Content-Length")
   689			header.Add("Content-Length", first)
   690	
   691			contentLens = header["Content-Length"]
   692		}
   693	
   694		// Logic based on response type or status
   695		if noResponseBodyExpected(requestMethod) {
   696			// For HTTP requests, as part of hardening against request
   697			// smuggling (RFC 7230), don't allow a Content-Length header for
   698			// methods which don't permit bodies. As an exception, allow
   699			// exactly one Content-Length header if its value is "0".
   700			if isRequest && len(contentLens) > 0 && !(len(contentLens) == 1 && contentLens[0] == "0") {
   701				return 0, fmt.Errorf("http: method cannot contain a Content-Length; got %q", contentLens)
   702			}
   703			return 0, nil
   704		}
   705		if status/100 == 1 {
   706			return 0, nil
   707		}
   708		switch status {
   709		case 204, 304:
   710			return 0, nil
   711		}
   712	
   713		// Logic based on Transfer-Encoding
   714		if chunked(te) {
   715			return -1, nil
   716		}
   717	
   718		// Logic based on Content-Length
   719		var cl string
   720		if len(contentLens) == 1 {
   721			cl = strings.TrimSpace(contentLens[0])
   722		}
   723		if cl != "" {
   724			n, err := parseContentLength(cl)
   725			if err != nil {
   726				return -1, err
   727			}
   728			return n, nil
   729		}
   730		header.Del("Content-Length")
   731	
   732		if isRequest {
   733			// RFC 7230 neither explicitly permits nor forbids an
   734			// entity-body on a GET request so we permit one if
   735			// declared, but we default to 0 here (not -1 below)
   736			// if there's no mention of a body.
   737			// Likewise, all other request methods are assumed to have
   738			// no body if neither Transfer-Encoding chunked nor a
   739			// Content-Length are set.
   740			return 0, nil
   741		}
   742	
   743		// Body-EOF logic based on other methods (like closing, or chunked coding)
   744		return -1, nil
   745	}
   746	
   747	// Determine whether to hang up after sending a request and body, or
   748	// receiving a response and body
   749	// 'header' is the request headers
   750	func shouldClose(major, minor int, header Header, removeCloseHeader bool) bool {
   751		if major < 1 {
   752			return true
   753		}
   754	
   755		conv := header["Connection"]
   756		hasClose := httpguts.HeaderValuesContainsToken(conv, "close")
   757		if major == 1 && minor == 0 {
   758			return hasClose || !httpguts.HeaderValuesContainsToken(conv, "keep-alive")
   759		}
   760	
   761		if hasClose && removeCloseHeader {
   762			header.Del("Connection")
   763		}
   764	
   765		return hasClose
   766	}
   767	
   768	// Parse the trailer header
   769	func fixTrailer(header Header, te []string) (Header, error) {
   770		vv, ok := header["Trailer"]
   771		if !ok {
   772			return nil, nil
   773		}
   774		if !chunked(te) {
   775			// Trailer and no chunking:
   776			// this is an invalid use case for trailer header.
   777			// Nevertheless, no error will be returned and we
   778			// let users decide if this is a valid HTTP message.
   779			// The Trailer header will be kept in Response.Header
   780			// but not populate Response.Trailer.
   781			// See issue #27197.
   782			return nil, nil
   783		}
   784		header.Del("Trailer")
   785	
   786		trailer := make(Header)
   787		var err error
   788		for _, v := range vv {
   789			foreachHeaderElement(v, func(key string) {
   790				key = CanonicalHeaderKey(key)
   791				switch key {
   792				case "Transfer-Encoding", "Trailer", "Content-Length":
   793					if err == nil {
   794						err = &badStringError{"bad trailer key", key}
   795						return
   796					}
   797				}
   798				trailer[key] = nil
   799			})
   800		}
   801		if err != nil {
   802			return nil, err
   803		}
   804		if len(trailer) == 0 {
   805			return nil, nil
   806		}
   807		return trailer, nil
   808	}
   809	
   810	// body turns a Reader into a ReadCloser.
   811	// Close ensures that the body has been fully read
   812	// and then reads the trailer if necessary.
   813	type body struct {
   814		src          io.Reader
   815		hdr          interface{}   // non-nil (Response or Request) value means read trailer
   816		r            *bufio.Reader // underlying wire-format reader for the trailer
   817		closing      bool          // is the connection to be closed after reading body?
   818		doEarlyClose bool          // whether Close should stop early
   819	
   820		mu         sync.Mutex // guards following, and calls to Read and Close
   821		sawEOF     bool
   822		closed     bool
   823		earlyClose bool   // Close called and we didn't read to the end of src
   824		onHitEOF   func() // if non-nil, func to call when EOF is Read
   825	}
   826	
   827	// ErrBodyReadAfterClose is returned when reading a Request or Response
   828	// Body after the body has been closed. This typically happens when the body is
   829	// read after an HTTP Handler calls WriteHeader or Write on its
   830	// ResponseWriter.
   831	var ErrBodyReadAfterClose = errors.New("http: invalid Read on closed Body")
   832	
   833	func (b *body) Read(p []byte) (n int, err error) {
   834		b.mu.Lock()
   835		defer b.mu.Unlock()
   836		if b.closed {
   837			return 0, ErrBodyReadAfterClose
   838		}
   839		return b.readLocked(p)
   840	}
   841	
   842	// Must hold b.mu.
   843	func (b *body) readLocked(p []byte) (n int, err error) {
   844		if b.sawEOF {
   845			return 0, io.EOF
   846		}
   847		n, err = b.src.Read(p)
   848	
   849		if err == io.EOF {
   850			b.sawEOF = true
   851			// Chunked case. Read the trailer.
   852			if b.hdr != nil {
   853				if e := b.readTrailer(); e != nil {
   854					err = e
   855					// Something went wrong in the trailer, we must not allow any
   856					// further reads of any kind to succeed from body, nor any
   857					// subsequent requests on the server connection. See
   858					// golang.org/issue/12027
   859					b.sawEOF = false
   860					b.closed = true
   861				}
   862				b.hdr = nil
   863			} else {
   864				// If the server declared the Content-Length, our body is a LimitedReader
   865				// and we need to check whether this EOF arrived early.
   866				if lr, ok := b.src.(*io.LimitedReader); ok && lr.N > 0 {
   867					err = io.ErrUnexpectedEOF
   868				}
   869			}
   870		}
   871	
   872		// If we can return an EOF here along with the read data, do
   873		// so. This is optional per the io.Reader contract, but doing
   874		// so helps the HTTP transport code recycle its connection
   875		// earlier (since it will see this EOF itself), even if the
   876		// client doesn't do future reads or Close.
   877		if err == nil && n > 0 {
   878			if lr, ok := b.src.(*io.LimitedReader); ok && lr.N == 0 {
   879				err = io.EOF
   880				b.sawEOF = true
   881			}
   882		}
   883	
   884		if b.sawEOF && b.onHitEOF != nil {
   885			b.onHitEOF()
   886		}
   887	
   888		return n, err
   889	}
   890	
   891	var (
   892		singleCRLF = []byte("\r\n")
   893		doubleCRLF = []byte("\r\n\r\n")
   894	)
   895	
   896	func seeUpcomingDoubleCRLF(r *bufio.Reader) bool {
   897		for peekSize := 4; ; peekSize++ {
   898			// This loop stops when Peek returns an error,
   899			// which it does when r's buffer has been filled.
   900			buf, err := r.Peek(peekSize)
   901			if bytes.HasSuffix(buf, doubleCRLF) {
   902				return true
   903			}
   904			if err != nil {
   905				break
   906			}
   907		}
   908		return false
   909	}
   910	
   911	var errTrailerEOF = errors.New("http: unexpected EOF reading trailer")
   912	
   913	func (b *body) readTrailer() error {
   914		// The common case, since nobody uses trailers.
   915		buf, err := b.r.Peek(2)
   916		if bytes.Equal(buf, singleCRLF) {
   917			b.r.Discard(2)
   918			return nil
   919		}
   920		if len(buf) < 2 {
   921			return errTrailerEOF
   922		}
   923		if err != nil {
   924			return err
   925		}
   926	
   927		// Make sure there's a header terminator coming up, to prevent
   928		// a DoS with an unbounded size Trailer. It's not easy to
   929		// slip in a LimitReader here, as textproto.NewReader requires
   930		// a concrete *bufio.Reader. Also, we can't get all the way
   931		// back up to our conn's LimitedReader that *might* be backing
   932		// this bufio.Reader. Instead, a hack: we iteratively Peek up
   933		// to the bufio.Reader's max size, looking for a double CRLF.
   934		// This limits the trailer to the underlying buffer size, typically 4kB.
   935		if !seeUpcomingDoubleCRLF(b.r) {
   936			return errors.New("http: suspiciously long trailer after chunked body")
   937		}
   938	
   939		hdr, err := textproto.NewReader(b.r).ReadMIMEHeader()
   940		if err != nil {
   941			if err == io.EOF {
   942				return errTrailerEOF
   943			}
   944			return err
   945		}
   946		switch rr := b.hdr.(type) {
   947		case *Request:
   948			mergeSetHeader(&rr.Trailer, Header(hdr))
   949		case *Response:
   950			mergeSetHeader(&rr.Trailer, Header(hdr))
   951		}
   952		return nil
   953	}
   954	
   955	func mergeSetHeader(dst *Header, src Header) {
   956		if *dst == nil {
   957			*dst = src
   958			return
   959		}
   960		for k, vv := range src {
   961			(*dst)[k] = vv
   962		}
   963	}
   964	
   965	// unreadDataSizeLocked returns the number of bytes of unread input.
   966	// It returns -1 if unknown.
   967	// b.mu must be held.
   968	func (b *body) unreadDataSizeLocked() int64 {
   969		if lr, ok := b.src.(*io.LimitedReader); ok {
   970			return lr.N
   971		}
   972		return -1
   973	}
   974	
   975	func (b *body) Close() error {
   976		b.mu.Lock()
   977		defer b.mu.Unlock()
   978		if b.closed {
   979			return nil
   980		}
   981		var err error
   982		switch {
   983		case b.sawEOF:
   984			// Already saw EOF, so no need going to look for it.
   985		case b.hdr == nil && b.closing:
   986			// no trailer and closing the connection next.
   987			// no point in reading to EOF.
   988		case b.doEarlyClose:
   989			// Read up to maxPostHandlerReadBytes bytes of the body, looking
   990			// for EOF (and trailers), so we can re-use this connection.
   991			if lr, ok := b.src.(*io.LimitedReader); ok && lr.N > maxPostHandlerReadBytes {
   992				// There was a declared Content-Length, and we have more bytes remaining
   993				// than our maxPostHandlerReadBytes tolerance. So, give up.
   994				b.earlyClose = true
   995			} else {
   996				var n int64
   997				// Consume the body, or, which will also lead to us reading
   998				// the trailer headers after the body, if present.
   999				n, err = io.CopyN(ioutil.Discard, bodyLocked{b}, maxPostHandlerReadBytes)
  1000				if err == io.EOF {
  1001					err = nil
  1002				}
  1003				if n == maxPostHandlerReadBytes {
  1004					b.earlyClose = true
  1005				}
  1006			}
  1007		default:
  1008			// Fully consume the body, which will also lead to us reading
  1009			// the trailer headers after the body, if present.
  1010			_, err = io.Copy(ioutil.Discard, bodyLocked{b})
  1011		}
  1012		b.closed = true
  1013		return err
  1014	}
  1015	
  1016	func (b *body) didEarlyClose() bool {
  1017		b.mu.Lock()
  1018		defer b.mu.Unlock()
  1019		return b.earlyClose
  1020	}
  1021	
  1022	// bodyRemains reports whether future Read calls might
  1023	// yield data.
  1024	func (b *body) bodyRemains() bool {
  1025		b.mu.Lock()
  1026		defer b.mu.Unlock()
  1027		return !b.sawEOF
  1028	}
  1029	
  1030	func (b *body) registerOnHitEOF(fn func()) {
  1031		b.mu.Lock()
  1032		defer b.mu.Unlock()
  1033		b.onHitEOF = fn
  1034	}
  1035	
  1036	// bodyLocked is a io.Reader reading from a *body when its mutex is
  1037	// already held.
  1038	type bodyLocked struct {
  1039		b *body
  1040	}
  1041	
  1042	func (bl bodyLocked) Read(p []byte) (n int, err error) {
  1043		if bl.b.closed {
  1044			return 0, ErrBodyReadAfterClose
  1045		}
  1046		return bl.b.readLocked(p)
  1047	}
  1048	
  1049	// parseContentLength trims whitespace from s and returns -1 if no value
  1050	// is set, or the value if it's >= 0.
  1051	func parseContentLength(cl string) (int64, error) {
  1052		cl = strings.TrimSpace(cl)
  1053		if cl == "" {
  1054			return -1, nil
  1055		}
  1056		n, err := strconv.ParseInt(cl, 10, 64)
  1057		if err != nil || n < 0 {
  1058			return 0, &badStringError{"bad Content-Length", cl}
  1059		}
  1060		return n, nil
  1061	
  1062	}
  1063	
  1064	// finishAsyncByteRead finishes reading the 1-byte sniff
  1065	// from the ContentLength==0, Body!=nil case.
  1066	type finishAsyncByteRead struct {
  1067		tw *transferWriter
  1068	}
  1069	
  1070	func (fr finishAsyncByteRead) Read(p []byte) (n int, err error) {
  1071		if len(p) == 0 {
  1072			return
  1073		}
  1074		rres := <-fr.tw.ByteReadCh
  1075		n, err = rres.n, rres.err
  1076		if n == 1 {
  1077			p[0] = rres.b
  1078		}
  1079		return
  1080	}
  1081	
  1082	var nopCloserType = reflect.TypeOf(ioutil.NopCloser(nil))
  1083	
  1084	// isKnownInMemoryReader reports whether r is a type known to not
  1085	// block on Read. Its caller uses this as an optional optimization to
  1086	// send fewer TCP packets.
  1087	func isKnownInMemoryReader(r io.Reader) bool {
  1088		switch r.(type) {
  1089		case *bytes.Reader, *bytes.Buffer, *strings.Reader:
  1090			return true
  1091		}
  1092		if reflect.TypeOf(r) == nopCloserType {
  1093			return isKnownInMemoryReader(reflect.ValueOf(r).Field(0).Interface().(io.Reader))
  1094		}
  1095		return false
  1096	}
  1097	
  1098	// bufioFlushWriter is an io.Writer wrapper that flushes all writes
  1099	// on its wrapped writer if it's a *bufio.Writer.
  1100	type bufioFlushWriter struct{ w io.Writer }
  1101	
  1102	func (fw bufioFlushWriter) Write(p []byte) (n int, err error) {
  1103		n, err = fw.w.Write(p)
  1104		if bw, ok := fw.w.(*bufio.Writer); n > 0 && ok {
  1105			ferr := bw.Flush()
  1106			if ferr != nil && err == nil {
  1107				err = ferr
  1108			}
  1109		}
  1110		return
  1111	}
  1112

View as plain text