handshake_fail test enabled TFS 747982

Author: Ognjen Sobajic

Release/Makefile

@@ -16,7 +16,7 @@ release: MODE = Release$(shell getconf LONG_BIT)
 release: OUTPUT_DIR = $(PWD)/../Binaries/$(MODE)
 release: mk_out_dir tests samples
 
-debug: OPTIMIZATION_LEVEL = -O0 -g -gdwarf-2
+debug: OPTIMIZATION_LEVEL = -O0 -g -ggdb
 debug: MODE = Debug$(shell getconf LONG_BIT)
 debug: OUTPUT_DIR = $(PWD)/../Binaries/$(MODE)
 debug: mk_out_dir tests samples

Release/include/cpprest/http_client_impl.h

@@ -62,41 +62,9 @@ using namespace web::http::details;
 
 namespace web { namespace http { namespace client { namespace details
 {
-    const bool valid_chars [] =
-    {
-        0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 0-15
-        0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, //16-31
-        0, 1, 0, 1, 1, 1, 1, 1, 0, 0, 1, 1, 0, 1, 1, 0, //32-47
-        1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0, //48-63
-        0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, //64-79
-        1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, //80-95
-        0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, //96-111
-        1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 0, 1, 0 //112-127
-    };
-
 #ifdef _MS_WINDOWS
             static const utility::char_t * get_with_body = _XPLATSTR("A GET or HEAD request should not have an entity body.");
 #endif
-
-#if (!defined(_MS_WINDOWS) || defined(__cplusplus_winrt))
-            // Checks if the method contains any invalid characters
-            static bool validate_method(const utility::string_t& method)
-            {
-                for (auto iter = method.begin(); iter != method.end(); iter++)
-                {
-                    char_t ch = *iter;
-                        
-                    if (size_t(ch) >= 128)
-                        return false;
-                        
-                    if (!valid_chars[ch])
-                        return false;
-                }
-
-                return true;
-            }
-#endif
-
             // Helper function to trim leading and trailing null characters from a string.
             static void trim_nulls(utility::string_t &str)
             {

Release/include/cpprest/http_helpers.h

@@ -120,6 +120,9 @@ namespace details
     void ltrim_whitespace(utility::string_t &str);
     void rtrim_whitespace(utility::string_t &str);
     void trim_whitespace(utility::string_t &str);
+    
+    bool validate_method(const utility::string_t& method);
+    
 
     namespace chunked_encoding
     {

Release/include/cpprest/http_linux_server.h

@@ -96,7 +96,7 @@ class connection
     void handle_chunked_body(const boost::system::error_code& ec, int toWrite);
     void dispatch_request_to_listener();
     void request_data_avail(size_t size);
-    void do_response();
+    void do_response(bool bad_reqiest=false);
     template <typename ReadHandler>
     void async_read_until_buffersize(size_t size, ReadHandler handler);
     void async_process_response(http_response response);

Release/src/Makefile

@@ -75,7 +75,7 @@ PKGCONFIG_LIBS = $(shell pkg-config libxml++-2.6 --libs) $(shell pkg-config libs
 #-fpch-deps -MMD not useful with a single monolithic PCH
 
 CXXFLAGS = -fPIC -std=c++11 $(STRICT_BASE_CXXFLAGS) -I../include -I./pch $(WARNINGS) $(PKGCONFIG_CFLAGS)
-LIBS = $(PKGCONFIG_LIBS) -lboost_system -lboost_thread -lboost_locale -pthread -lstdc++ -lm # these are explicit for clang
+LIBS = $(PKGCONFIG_LIBS) -lboost_system -lboost_thread -lboost_locale -lboost_regex -pthread -lstdc++ -lm # these are explicit for clang
 LDFLAGS = $(BASE_LDFLAGS)
 
 ifeq ($(OUTPUT_DIR),)

Release/src/http/client/http_linux.cpp

@@ -41,16 +41,17 @@ namespace web { namespace http
             class linux_client;
             struct client;
 
-			enum class httpclient_errorcode_context
-			{
-				none = 0,
-				connect,
-				writeheader,
-				writebody,
-				readheader,
-				readbody,
-				close
-			};
+            enum class httpclient_errorcode_context
+            {
+                none = 0,
+                connect,
+                handshake,
+                writeheader,
+                writebody,
+                readheader,
+                readbody,
+                close
+            };
             class linux_request_context : public request_context
             {
             public:
@@ -61,28 +62,28 @@ namespace web { namespace http
 
                 void report_error(const utility::string_t &message, boost::system::error_code ec, httpclient_errorcode_context context = httpclient_errorcode_context::none)
                 {
-					// By default, errorcodeValue don't need to converted
-					long errorcodeValue = ec.value();
-					
-					// map timer cancellation to time_out
+                    // By default, errorcodeValue don't need to converted
+                    long errorcodeValue = ec.value();
+
+                    // map timer cancellation to time_out
                     if (ec == boost::system::errc::operation_canceled && m_timedout)
                         errorcodeValue = make_error_code(std::errc::timed_out).value();
                     else
-					{
-						// We need to correct inaccurate ASIO error code base on context information
-						switch (context)
-						{
-						case httpclient_errorcode_context::connect:
-							if (ec == boost::system::errc::connection_refused)
-								errorcodeValue = make_error_code(std::errc::host_unreachable).value();
-							break;
-						case httpclient_errorcode_context::readheader:
-							if (ec.default_error_condition().value() == boost::system::errc::no_such_file_or_directory) // bug in boost error_code mapping
-								errorcodeValue = make_error_code(std::errc::connection_aborted).value();
-							break;
-						}
-					}
-					request_context::report_error(errorcodeValue, message);
+                    {
+                        // We need to correct inaccurate ASIO error code base on context information
+                        switch (context)
+                        {
+                        case httpclient_errorcode_context::connect:
+                            if (ec == boost::system::errc::connection_refused)
+                                errorcodeValue = make_error_code(std::errc::host_unreachable).value();
+                            break;
+                        case httpclient_errorcode_context::readheader:
+                            if (ec.default_error_condition().value() == boost::system::errc::no_such_file_or_directory) // bug in boost error_code mapping
+                                errorcodeValue = make_error_code(std::errc::connection_aborted).value();
+                            break;
+                        }
+                    }
+                    request_context::report_error(errorcodeValue, message);
                 }
 
                 std::unique_ptr<tcp::socket> m_socket;
@@ -363,7 +364,7 @@ namespace web { namespace http
                     if (!ec)
                         boost::asio::async_write(*ctx->m_ssl_stream, ctx->m_request_buf, boost::bind(&client::handle_write_request, this, boost::asio::placeholders::error, ctx));
                     else
-                        ctx->report_error("Error code in handle_handshake is ", ec);
+                        ctx->report_error("Error code in handle_handshake is ", ec, httpclient_errorcode_context::handshake);
                 }
 
                 void handle_write_chunked_body(const boost::system::error_code& ec, linux_request_context* ctx)

Release/src/http/common/http_helpers.cpp

@@ -542,6 +542,37 @@ size_t chunked_encoding::add_chunked_delimiters(_Out_writes_ (buffer_size) uint8
     return offset;
 }
 
+#if (!defined(_MS_WINDOWS) || defined(__cplusplus_winrt))
+    const bool valid_chars [] =
+    {
+        0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 0-15
+        0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, //16-31
+        0, 1, 0, 1, 1, 1, 1, 1, 0, 0, 1, 1, 0, 1, 1, 0, //32-47
+        1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0, //48-63
+        0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, //64-79
+        1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, //80-95
+        0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, //96-111
+        1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 0, 1, 0 //112-127
+    };
+
+    // Checks if the method contains any invalid characters
+    bool validate_method(const utility::string_t& method)
+    {
+        for (auto iter = method.begin(); iter != method.end(); iter++)
+        {
+            char_t ch = *iter;
+
+            if (size_t(ch) >= 128)
+                return false;
+                 
+            if (!valid_chars[ch])
+                return false;
+        }
+
+        return true;
+    }
+#endif
+
 
 } // namespace details
 }} // namespace web::http

Release/src/http/listener/http_linux_server.cpp

@@ -18,6 +18,7 @@
 */
 #include "stdafx.h"
 #include <boost/algorithm/string/find.hpp>
+#include <boost/regex.hpp>
 #include "cpprest/http_helpers.h"
 #include "cpprest/http_server_api.h"
 #include "cpprest/http_server.h"
@@ -75,7 +76,10 @@ void connection::start_request_response()
 {
     m_read_size = 0; m_read = 0;
     m_request_buf.consume(m_request_buf.size()); // clear the buffer
-    async_read_until(*m_socket, m_request_buf, CRLF + CRLF, boost::bind(&connection::handle_http_line, this, placeholders::error));
+    
+    // Wait for either double newline or a char which is not in the range [32-127] which suggests SSL handshaking.
+    // For the SSL server support this line might need to be changed. Now, this prevents from hanging when SSL client tries to connect.
+    async_read_until(*m_socket, m_request_buf, boost::regex(CRLF+CRLF+"|[\\x00-\\x1F]|[\\x80-\\xFF]"), boost::bind(&connection::handle_http_line, this, placeholders::error));
 }
 
 void hostport_listener::on_accept(ip::tcp::socket* socket, const boost::system::error_code& ec)
@@ -114,6 +118,7 @@ void connection::handle_http_line(const boost::system::error_code& ec)
         }
         else
         {
+            std::cout << "BAD REQUEST1" << std::endl;
             m_request.reply(status_codes::BadRequest);
             do_response();
         }
@@ -125,7 +130,7 @@ void connection::handle_http_line(const boost::system::error_code& ec)
         std::istream request_stream(&m_request_buf);
         std::skipws(request_stream);
 
-        std::string http_verb;
+        std::string http_verb = "";
         request_stream >> http_verb;
 
         if (boost::iequals(http_verb, http::methods::GET))          http_verb = http::methods::GET;
@@ -136,6 +141,18 @@ void connection::handle_http_line(const boost::system::error_code& ec)
         else if (boost::iequals(http_verb, http::methods::TRCE))    http_verb = http::methods::TRCE;
         else if (boost::iequals(http_verb, http::methods::CONNECT)) http_verb = http::methods::CONNECT;
         else if (boost::iequals(http_verb, http::methods::OPTIONS)) http_verb = http::methods::OPTIONS;
+
+		// Check to see if there is not allowed character on the input
+
+        if (!web::http::details::validate_method(http_verb))
+        {
+            std::cout << "BAD REQUEST" << std::endl;
+            m_request.reply(status_codes::BadRequest);
+            do_response(true);
+            finish_request_response();
+            return;
+        }
+
         m_request.set_method(http_verb);
 
         std::string http_path_and_version;
@@ -184,6 +201,7 @@ void connection::handle_headers()
         }
         else
         {
+			std::cout << "BAD REQUEST" << std::endl;
             m_request.reply(status_codes::BadRequest);
             do_response();
             return;
@@ -397,7 +415,7 @@ void connection::request_data_avail(size_t size)
     m_request._get_impl()->_complete(size);
 }
 
-void connection::do_response()
+void connection::do_response(bool bad_request)
 {
     ++m_refs;
     pplx::task<http_response> response_task = m_request.get_response();
@@ -423,9 +441,16 @@ void connection::do_response()
                 response = http::http_response(status_codes::InternalError);
             }
             // before sending response, the full incoming message need to be processed.
-            m_request.content_ready().then([=](pplx::task<http::http_request>) {
-                async_process_response(response);
-            });
+            if (bad_request)
+			{
+				async_process_response(response);
+			}
+			else
+			{
+				m_request.content_ready().then([=](pplx::task<http::http_request>) {
+					async_process_response(response);
+				});
+			}
         });
 }
 

Release/tests/Functional/http/client/connections_and_errors.cpp

@@ -146,7 +146,7 @@ TEST_FIXTURE(uri_address, invalid_method)
 }
 
 // This test sends an SSL request to a non-SSL server and should fail on handshaking
-TEST_FIXTURE(uri_address, handshake_fail, "Ignore:Linux", "TFS#747982")
+TEST_FIXTURE(uri_address, handshake_fail)
 {
     web::http::uri ssl_uri(U("https://localhost:34568/"));