FIX: improved TLS and HTTP protocol to correctly handle chunked data and case when TLS packed was not fully processed

Oldes · Oldes · commit cdd10e7f1cab · 2019-06-10T21:47:59.000+02:00
diff --git a/src/mezz/prot-http.r b/src/mezz/prot-http.r
@@ -242,8 +242,8 @@ do-request: func [
 	info: port/state/info
 	spec/headers: body-of make make object! [
 		Accept: "*/*"
-		Accept-Charset: "utf-8"
-		Accept-encoding: "gzip,deflate"
+		Accept-charset: "utf-8"
+		Accept-Encoding: "gzip,deflate"
 		Host: either not find [80 443] spec/port-id [
 			rejoin [form spec/host #":" spec/port-id]
 		] [
@@ -513,19 +513,21 @@ check-data: func [port /local headers res data out chunk-size mk1 mk2 trailer st
 	res: false
 
 	sys/log/more 'HTTP ["check-data; bytes:^[[m" length? conn/data]
-	;? conn
 
 	case [
 		headers/transfer-encoding = "chunked" [
 			data: conn/data
+			sys/log/more 'HTTP ["chunked data: " length? data mold copy/part data 30]
 			;clear the port data only at the beginning of the request --Richard
-			unless port/data [port/data: make binary! length? data]
+			unless port/data [ port/data: make binary! 32000 ]
 			out: port/data
 			until [
 				either parse/all data [
-					copy chunk-size some hex-digits thru crlfbin mk1: to end
+					copy chunk-size some hex-digits
+					crlfbin mk1: to end
 				] [
 					chunk-size: to integer! to issue! to string! chunk-size
+					sys/log/more 'HTTP ["chunk-size:^[[m" chunk-size]
 					either chunk-size = 0 [
 						if parse/all mk1 [
 							crlfbin (trailer: "") to end | copy trailer to crlf2bin to end
@@ -607,7 +609,6 @@ sys/make-scheme [
 				if port/state/state <> 'ready [http-error "Port not ready"]
 				port/state/awake: :port/awake
 				do-request port
-				port
 			] [
 				sync-op port []
 			]
@@ -627,7 +628,6 @@ sys/make-scheme [
 				port/state/awake: :port/awake
 				parse-write-dialect port value
 				do-request port
-				port
 			] [
 				sync-op port [parse-write-dialect port value]
 			]
@@ -636,7 +636,6 @@ sys/make-scheme [
 			port [port!]
 			/local conn
 		] [
-		? port/spec
 			sys/log/debug 'HTTP ["open, state:" port/state]
 			if port/state [return port]
 			if none? port/spec/host [http-error "Missing host address"]
diff --git a/src/mezz/prot-tls.r b/src/mezz/prot-tls.r
@@ -1007,7 +1007,7 @@ make-TLS-ctx: does [ context [
 	bin: binary 64    ;temporary binary
 
 	port-data:   make binary! 32000 ;this holds received decrypted application data
-
+	rest:        make binary! 8 ;packet may not e fully processed, this value is used to keep temporary leftover
 	reading?:       false  ;if client is reading or writing data
 	;server?:       false  ;always FALSE now as we have just a client
 	protocol:       none   ;current protocol state. One of: [HANDSHAKE APPLICATION ALERT]
@@ -1091,15 +1091,15 @@ TLS-read-data: function [
 ] [
 	;log-more ["read-data:^[[1m" length? port-data "^[[22mbytes"]
 
-	;probe copy/part ctx/in/buffer 10
+	inp: ctx/in
 
-	binary/write ctx/in port-data ;- fills input buffer with received data
+	binary/write inp ctx/rest  ;- possible leftover from previous packet
+	binary/write inp port-data ;- fills input buffer with received data
 	clear port-data
+	clear ctx/rest
 
 	ctx/reading?: true
 
-	inp: ctx/in
-
 	while [ctx/reading? and ((available: length? inp/buffer) >= 5)][
 		;?? available
 		log-debug ["Data starts: " mold copy/part inp/buffer 10]
@@ -1110,7 +1110,16 @@ TLS-read-data: function [
 			version: UI16
 			len:     UI16
 		]
-		log-debug ["fragment type: ^[[1m" type "^[[22mver:^[[1m" version "^[[22mbytes:^[[1m" len "^[[22mbytes"]
+		log-debug ["fragment type: ^[[1m" type "^[[22mver:^[[1m" version *Protocol-version/name version "^[[22mbytes:^[[1m" len "^[[22mbytes"]
+
+		if all [
+			ctx/server-version
+			version <> ctx/server-version
+		][
+			log-error ["Version mismatch:^[[22m" version "<>" ctx/server-version]
+			ctx/critical-error: *Alert/Internal_error
+			return false
+		]
 
 		if available < len [
 			;probe inp/buffer
@@ -1217,6 +1226,10 @@ TLS-read-data: function [
 
 	;?? ctx/state
 	log-debug "continue reading..."
+	unless empty? ctx/in/buffer [
+		; keeping rest of unprocessed data for later use
+		ctx/rest: copy ctx/in/buffer
+	]
 	return true
 ]
 
@@ -1538,25 +1551,23 @@ TLS-awake: function [event [event!]] [
 				TLS-error error-id
 			]
 			log-debug ["Read complete?" complete?]
-			if complete? [
-				;? TLS-Port/state
-				;? TLS-port/state/connection 
-				TLS-port/data: TLS-port/state/port-data
-				binary/init TLS-port/state/in none ; resets input buffer
+			unless complete? [
+				read port
+				return false
 			]
+			TLS-port/data: TLS-port/state/port-data
+			binary/init TLS-port/state/in none ; resets input buffer
 			either 'APPLICATION = TLS-port/state/protocol [
 				send-event 'read TLS-port
-			] [
-				read port
-			]
-			return complete?
+			][	read port ]
+			return true
 		]
 		close [
 			log-info "CLOSE"
 			send-event 'close TLS-port
 			return true
 		]
-	] [
+	][
 		;try [close port/state/connection]
 		close port
 		do make error! rejoin ["Unexpected TLS event: " event/type]
