net: lib: downloader: Allow redirect to HTTPS from HTTP

SeppoTakalo · rlubos · commit a26853348cef · 2025-01-30T16:45:24.000+01:00
Separate URI parsing and protocol detection to its own
function and when receiving the "Location: &lt;URI&gt;" header,
parse the URI again, so the next connection will use the
correct protocol and port.

Do not convert all HTTP headers to lowercase as URI
is case-sensitive. Convert just the header names, not values
after the first colon.

Signed-off-by: Seppo Takalo &lt;seppo.takalo@nordicsemi.no&gt;
diff --git a/subsys/net/lib/downloader/src/transports/http.c b/subsys/net/lib/downloader/src/transports/http.c
@@ -128,6 +128,8 @@ static char *strnstr(const char *haystack, const char *needle, size_t haystack_l
 extern char *strnstr(const char *haystack, const char *needle, size_t haystack_sz);
 #endif
 
+static int parse_protocol(struct downloader *dl, const char *url);
+
 static int http_get_request_send(struct downloader *dl)
 {
 	int err;
@@ -224,7 +226,19 @@ static int http_header_parse(struct downloader *dl, size_t buf_len)
 		parse_len = buf_len;
 	}
 
+	/* Convert HTTP headers to lowercase, but not the values (for example URI) */
+	bool value = false;
 	for (size_t i = 0; i < parse_len; i++) {
+		if (dl->cfg.buf[i] == '\r' || dl->cfg.buf[i] == '\n') {
+			value = false;
+		}
+		if (value) {
+			continue;
+		}
+		if (dl->cfg.buf[i] == ':') {
+			value = true;
+			continue;
+		}
 		dl->cfg.buf[i] = tolower(dl->cfg.buf[i]);
 	}
 
@@ -251,11 +265,17 @@ static int http_header_parse(struct downloader *dl, size_t buf_len)
 			if (q) {
 
 				/* Received entire line */
-				p += strlen("\r\nlocation:");
+				p += strlen("\r\nlocation: ");
 				*q = '\0';
 
 				LOG_INF("Resource moved to %s", p);
 
+				err = parse_protocol(dl, p);
+				if (err) {
+					LOG_ERR("Failed to parse protocol, err %d, url %s", err, p);
+					return -EBADMSG;
+				}
+
 				err = dl_parse_url_host(p, dl->hostname, sizeof(dl->hostname));
 				if (err) {
 					LOG_ERR("Failed to parse hostname, err %d, url %s", err, p);
@@ -441,30 +461,24 @@ static bool dl_http_proto_supported(struct downloader *dl, const char *url)
 	return false;
 }
 
-static int dl_http_init(struct downloader *dl, struct downloader_host_cfg *dl_host_cfg,
-			const char *url)
+static int parse_protocol(struct downloader *dl, const char *url)
 {
 	int err;
 	struct transport_params_http *http;
 
 	http = (struct transport_params_http *)dl->transport_internal;
 
-	/* Reset http internal struct except config. */
-	struct downloader_transport_http_cfg tmp_cfg = http->cfg;
-
-	memset(http, 0, sizeof(struct transport_params_http));
-	http->cfg = tmp_cfg;
 
 	http->sock.proto = IPPROTO_TCP;
 	http->sock.type = SOCK_STREAM;
 
 	if (strncmp(url, HTTPS, (sizeof(HTTPS) - 1)) == 0 ||
 	    (strncmp(url, HTTP, (sizeof(HTTP) - 1)) != 0 &&
-	     (dl_host_cfg->sec_tag_count != 0 && dl_host_cfg->sec_tag_list != NULL))) {
+	     (dl->host_cfg.sec_tag_count != 0 && dl->host_cfg.sec_tag_list != NULL))) {
 		http->sock.proto = IPPROTO_TLS_1_2;
 		http->sock.type = SOCK_STREAM;
 
-		if (dl_host_cfg->sec_tag_list == NULL || dl_host_cfg->sec_tag_count == 0) {
+		if (dl->host_cfg.sec_tag_list == NULL || dl->host_cfg.sec_tag_count == 0) {
 			LOG_WRN("No security tag provided for TLS/DTLS");
 			return -EINVAL;
 		}
@@ -483,14 +497,30 @@ static int dl_http_init(struct downloader *dl, struct downloader_host_cfg *dl_ho
 		LOG_DBG("Port not specified, using default: %d", http->sock.port);
 	}
 
-	if (dl_host_cfg->set_native_tls) {
+	if (dl->host_cfg.set_native_tls) {
 		LOG_DBG("Enabled native TLS");
 		http->sock.type |= SOCK_NATIVE_TLS;
 	}
 
 	return 0;
 }
 
+static int dl_http_init(struct downloader *dl, struct downloader_host_cfg *dl_host_cfg,
+			const char *url)
+{
+	struct transport_params_http *http;
+
+	http = (struct transport_params_http *)dl->transport_internal;
+
+	/* Reset http internal struct except config. */
+	struct downloader_transport_http_cfg tmp_cfg = http->cfg;
+
+	memset(http, 0, sizeof(struct transport_params_http));
+	http->cfg = tmp_cfg;
+
+	return parse_protocol(dl, url);
+}
+
 static int dl_http_deinit(struct downloader *dl)
 {
 	struct transport_params_http *http;
diff --git a/tests/subsys/net/lib/downloader/src/main.c b/tests/subsys/net/lib/downloader/src/main.c
@@ -146,6 +146,14 @@
 "Vary: Accept-Encoding\r\n" \
 "X-Cache: HIT\r\n\r\n"
 
+#define HTTP_HDR_REDIRECT "HTTP/1.1 308 Permanent Redirect\r\n" \
+"Date: Wed, 29 Jan 2025 11:16:09 GMT\r\n" \
+"Content-Type: text/html\r\n" \
+"Content-Length: 164\r\n" \
+"Connection: keep-alive\r\n" \
+"Location: https://server.com/path/to/file.end\r\n" \
+"\r\n\r\n"
+
 #define PAYLOAD "This is the payload!"
 
 #define FD 0
@@ -939,6 +947,43 @@ static ssize_t z_impl_zsock_recvfrom_partial_then_econnreset(
 	return -ECONNRESET;
 }
 
+static ssize_t z_impl_zsock_recvfrom_http_redirect_and_close(
+	int sock, void *buf, size_t max_len, int flags, struct sockaddr *src_addr,
+	socklen_t *addrlen)
+{
+	switch (z_impl_zsock_recvfrom_fake.call_count) {
+	case 1:
+		memcpy(buf, HTTP_HDR_REDIRECT, strlen(HTTP_HDR_REDIRECT));
+		return strlen(HTTP_HDR_REDIRECT);
+	case 2:
+		/* connection closed */
+		return 0;
+	}
+
+	return 0;
+}
+
+int z_impl_zsock_socket_http_then_https(int family, int type, int proto)
+{
+	switch (z_impl_zsock_socket_fake.call_count) {
+	case 1:
+		TEST_ASSERT_EQUAL(SOCK_STREAM, type);
+		TEST_ASSERT_EQUAL(IPPROTO_TCP, proto);
+		break;
+	case 2:
+	default:
+		TEST_ASSERT_EQUAL(SOCK_STREAM, type);
+		TEST_ASSERT_EQUAL(IPPROTO_TLS_1_2, proto);
+		RESET_FAKE(z_impl_zsock_setsockopt);
+		RESET_FAKE(z_impl_zsock_recvfrom);
+		z_impl_zsock_setsockopt_fake.custom_fake = z_impl_zsock_setsockopt_https_ok;
+		z_impl_zsock_recvfrom_fake.custom_fake =
+			z_impl_zsock_recvfrom_http_header_then_data;
+	}
+
+	return FD;
+}
+
 static ssize_t z_impl_zsock_recvfrom_coap(
 	int sock, void *buf, size_t max_len, int flags, struct sockaddr *src_addr,
 	socklen_t *addrlen)
@@ -2323,6 +2368,33 @@ void test_downloader_downloaded_size_get(void)
 	dl_wait_for_event(DOWNLOADER_EVT_DEINITIALIZED, K_SECONDS(1));
 }
 
+void test_downloader_http_redirect_to_https(void)
+{
+	int err;
+	struct downloader_evt evt;
+
+	err = downloader_init(&dl, &dl_cfg);
+	TEST_ASSERT_EQUAL(0, err);
+
+	zsock_getaddrinfo_fake.custom_fake = zsock_getaddrinfo_server_ok;
+	zsock_freeaddrinfo_fake.custom_fake = zsock_freeaddrinfo_server_ipv6;
+	z_impl_zsock_socket_fake.custom_fake = z_impl_zsock_socket_http_then_https;
+	z_impl_zsock_connect_fake.custom_fake = z_impl_zsock_connect_ipv6_ok;
+	z_impl_zsock_setsockopt_fake.custom_fake = z_impl_zsock_setsockopt_http_ok;
+	z_impl_zsock_sendto_fake.custom_fake = z_impl_zsock_sendto_ok;
+	z_impl_zsock_recvfrom_fake.custom_fake = z_impl_zsock_recvfrom_http_redirect_and_close;
+
+
+	err = downloader_get(&dl, &dl_host_conf_w_sec_tags, HTTP_URL, 0);
+	TEST_ASSERT_EQUAL(0, err);
+
+	evt = dl_wait_for_event(DOWNLOADER_EVT_DONE, K_SECONDS(3));
+
+	downloader_deinit(&dl);
+	dl_wait_for_event(DOWNLOADER_EVT_DEINITIALIZED, K_SECONDS(1));
+
+}
+
 void setUp(void)
 {
 	RESET_FAKE(z_impl_zsock_setsockopt);
