HTTP retry support.

net/http/http_stream_parser.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/http/http_stream_parser.h"
 
 #include "base/bind.h"
 #include "base/compiler_specific.h"
 #include "base/logging.h"
+#include "base/metrics/histogram.h"
+#include "base/pickle.h"
 #include "base/strings/string_util.h"
 #include "base/values.h"
+#include "crypto/secure_hash.h"
+#include "crypto/sha2.h"
 #include "net/base/io_buffer.h"
 #include "net/base/ip_endpoint.h"
 #include "net/base/upload_data_stream.h"
 #include "net/http/http_chunked_decoder.h"
 #include "net/http/http_request_headers.h"
 #include "net/http/http_request_info.h"
 #include "net/http/http_response_headers.h"
 #include "net/http/http_util.h"
 #include "net/socket/client_socket_handle.h"
 #include "net/socket/ssl_client_socket.h"
@@ skipping 49 matching lines @@
 
 // Returns true if |error_code| is an error for which we give the server a
 // chance to send a body containing error information, if the error was received
 // while trying to upload a request body.
 bool ShouldTryReadingOnUploadError(int error_code) {
   return (error_code == ERR_CONNECTION_RESET);
 }
 
 }  // namespace
 
+// To verify that retry attempts will not cause errors we hash all received
+// content. When retrying we hash the content again and verify that the
+// previous hash matches once we have received the same amount of data.
+class HttpStreamParser::HttpStreamHash {
+public:
+  HttpStreamHash()
+    :hash_(crypto::SecureHash::Create(crypto::SecureHash::SHA256)) {
+  }
+
+  // Add to hash.
+  void Update(const void* input, size_t len) {
+    hash_->Update(input, len);
+  }
+
+  // Finish hash once all content has been received.
+  void Finish(void* output, size_t len) {
+    hash_->Finish(output, len);
+  }
+
+  // Verify hash after serializing the state. Then deserialize so that we can
+  // keep hashing if we decide to continue fetching the content.
+  int VerifyHash() {
+    int result = OK;
+    uint8 hash[8];
+    Pickle pickle;
+    hash_->Serialize(&pickle);
+    hash_->Finish(hash, sizeof(hash));
+    DCHECK(sizeof(hash) == sizeof(previous_hash_));
+    if (memcmp(hash, previous_hash_, sizeof(previous_hash_)) != 0) {
+      result = ERR_RETRY_HASH_MISMATCH;
+      UMA_HISTOGRAM_COUNTS("Net.HttpRetry.VerifyHashFailure", 1);
+    } else {
+      PickleIterator data_iterator(pickle);
+      hash_->Deserialize(&data_iterator);
+      UMA_HISTOGRAM_COUNTS("Net.HttpRetry.VerifyHashSuccess", 1);
+    }
+
+    return result;
+  }
+
+  void SetPreviousHash(const void* hash, size_t len) {
+    DCHECK(len == sizeof(previous_hash_));
+    memcpy(previous_hash_, hash, len);
+  }
+
+private:
+  // Hash of current attempt to retrieve the resource.
+  scoped_ptr<crypto::SecureHash> hash_;
+
+  // Hash of previous attempt to retrieve the resource.
+  uint8 previous_hash_[8];
+};
+
 // Similar to DrainableIOBuffer(), but this version comes with its own
 // storage. The motivation is to avoid repeated allocations of
 // DrainableIOBuffer.
 //
 // Example:
 //
 // scoped_refptr<SeekableIOBuffer> buf = new SeekableIOBuffer(1024);
 // // capacity() == 1024. size() == BytesRemaining() == BytesConsumed() == 0.
 // // data() points to the beginning of the buffer.
 //
@@ skipping 90 matching lines @@
                                    const BoundNetLog& net_log)
     : io_state_(STATE_NONE),
       request_(request),
       request_headers_(NULL),
       request_headers_length_(0),
       read_buf_(read_buffer),
       read_buf_unused_offset_(0),
       response_header_start_offset_(-1),
       received_bytes_(0),
       response_body_length_(-1),
+      read_offset_(0),
+      stream_hash_(new HttpStreamHash()),
       response_body_read_(0),
       user_read_buf_(NULL),
       user_read_buf_len_(0),
       connection_(connection),
       net_log_(net_log),
       sent_last_chunk_(false),
       upload_error_(OK),
       weak_ptr_factory_(this) {
   io_callback_ = base::Bind(&HttpStreamParser::OnIOComplete,
                             weak_ptr_factory_.GetWeakPtr());
@@ skipping 404 matching lines @@
   response_->headers = NULL;
   return upload_error_;
 }
 
 int HttpStreamParser::DoReadBody() {
   io_state_ = STATE_READ_BODY_COMPLETE;
 
   // There may be some data left over from reading the response headers.
   if (read_buf_->offset()) {
     int available = read_buf_->offset() - read_buf_unused_offset_;
+    if (available > 0 && read_offset_) {
+      int64 bytes_from_buffer =
+          available < read_offset_ ? available : read_offset_;
+      stream_hash_->Update((uint8*)read_buf_->StartOfBuffer() +
+                           read_buf_unused_offset_, bytes_from_buffer);
+      read_buf_unused_offset_ += bytes_from_buffer;
+      read_offset_ -= bytes_from_buffer;
+      response_body_read_ += bytes_from_buffer;
+      available -= bytes_from_buffer;
+
+      if (read_offset_ == 0 && stream_hash_->VerifyHash() != OK) {
+        io_state_ = STATE_DONE;
+        return ERR_RETRY_HASH_MISMATCH;
+      }
+    }
+
     if (available) {
       CHECK_GT(available, 0);
       int bytes_from_buffer = std::min(available, user_read_buf_len_);
       memcpy(user_read_buf_->data(),
              read_buf_->StartOfBuffer() + read_buf_unused_offset_,
              bytes_from_buffer);
       read_buf_unused_offset_ += bytes_from_buffer;
       if (bytes_from_buffer == available) {
         read_buf_->SetCapacity(0);
         read_buf_unused_offset_ = 0;
@@ skipping 60 matching lines @@
       // Don't signal completion of the Read call yet or else it'll look like
       // we received end-of-file.  Wait for more data.
       io_state_ = STATE_READ_BODY;
       return OK;
     }
   }
 
   if (result > 0)
     response_body_read_ += result;
 
+  if (result > 0 && read_offset_) {
+    if (result < read_offset_) {
+      read_offset_ -= result;
+      stream_hash_->Update((uint8*)user_read_buf_->data(), result);
+      result = 0;
+    } else {
+      stream_hash_->Update((uint8*)user_read_buf_->data(), read_offset_);
+      memmove(user_read_buf_->data(),
+              user_read_buf_->data() + read_offset_,
+              result - read_offset_);
+      result -= read_offset_;
+      read_offset_ = 0;
+
+      if (stream_hash_->VerifyHash() != OK){
+        io_state_ = STATE_DONE;
+        return ERR_RETRY_HASH_MISMATCH;
+      }
+    }
+
+    if (result == 0) {
+      io_state_ = STATE_READ_BODY;
+      return OK;
+    }
+  } else if (result > 0)
+    stream_hash_->Update((uint8*)user_read_buf_->data(), result);
+
   if (result <= 0 || IsResponseBodyComplete()) {
     io_state_ = STATE_DONE;
 
     // Save the overflow data, which can be in two places.  There may be
     // some left over in |user_read_buf_|, plus there may be more
     // in |read_buf_|.  But the part left over in |user_read_buf_| must have
     // come from the |read_buf_|, so there's room to put it back at the
     // start first.
     int additional_save_amount = read_buf_->offset() - read_buf_unused_offset_;
     int save_amount = 0;
@@ skipping 196 matching lines @@
   // it's also a potential response smuggling attack.
   if (HeadersContainMultipleCopiesOfField(*headers.get(),
                                           "Content-Disposition"))
     return ERR_RESPONSE_HEADERS_MULTIPLE_CONTENT_DISPOSITION;
   if (HeadersContainMultipleCopiesOfField(*headers.get(), "Location"))
     return ERR_RESPONSE_HEADERS_MULTIPLE_LOCATION;
 
   response_->headers = headers;
   response_->connection_info = HttpResponseInfo::CONNECTION_INFO_HTTP1;
   response_->vary_data.Init(*request_, *response_->headers.get());
+  if (response_->headers->response_code() != 200)
+    read_offset_ = 0;
   DVLOG(1) << __FUNCTION__ << "()"
            << " content_length = \"" << response_->headers->GetContentLength()
            << "\n\""
            << " headers = \""
            << GetResponseHeaderLines(*response_->headers.get()) << "\"";
   return OK;
 }
 
 void HttpStreamParser::CalculateResponseBodySize() {
   // Figure how to determine EOF:
@@ skipping 67 matching lines @@
 }
 
 void HttpStreamParser::SetConnectionReused() {
   connection_->set_reuse_type(ClientSocketHandle::REUSED_IDLE);
 }
 
 bool HttpStreamParser::IsConnectionReusable() const {
   return connection_->socket() && connection_->socket()->IsConnectedAndIdle();
 }
 
+void HttpStreamParser::SetRestartInfo(
+    int64 read_offset, const void* hash, size_t hash_length) {
+  read_offset_ = read_offset;
+  stream_hash_->SetPreviousHash(hash, hash_length);
+}
+
+void HttpStreamParser::GetHash(void* output, size_t hash_length) {
+  stream_hash_->Finish(output, hash_length);
+}
+
 void HttpStreamParser::GetSSLInfo(SSLInfo* ssl_info) {
   if (request_->url.SchemeIsSecure() && connection_->socket()) {
     SSLClientSocket* ssl_socket =
         static_cast<SSLClientSocket*>(connection_->socket());
     ssl_socket->GetSSLInfo(ssl_info);
   }
 }
 
 void HttpStreamParser::GetSSLCertRequestInfo(
     SSLCertRequestInfo* cert_request_info) {
@@ skipping 37 matching lines @@
       request_body->IsInMemory() &&
       request_body->size() > 0) {
     size_t merged_size = request_headers.size() + request_body->size();
     if (merged_size <= kMaxMergedHeaderAndBodySize)
       return true;
   }
   return false;
 }
 
 }  // namespace net