1#include"cache.h" 2#include"urlmatch.h" 3 4#define URL_ALPHA"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" 5#define URL_DIGIT"0123456789" 6#define URL_ALPHADIGIT URL_ALPHA URL_DIGIT 7#define URL_SCHEME_CHARS URL_ALPHADIGIT"+.-" 8#define URL_HOST_CHARS URL_ALPHADIGIT".-[:]"/* IPv6 literals need [:] */ 9#define URL_UNSAFE_CHARS" <>\"%{}|\\^`"/* plus 0x00-0x1F,0x7F-0xFF */ 10#define URL_GEN_RESERVED":/?#[]@" 11#define URL_SUB_RESERVED"!$&'()*+,;=" 12#define URL_RESERVED URL_GEN_RESERVED URL_SUB_RESERVED/* only allowed delims */ 13 14static intappend_normalized_escapes(struct strbuf *buf, 15const char*from, 16size_t from_len, 17const char*esc_extra, 18const char*esc_ok) 19{ 20/* 21 * Append to strbuf 'buf' characters from string 'from' with length 22 * 'from_len' while unescaping characters that do not need to be escaped 23 * and escaping characters that do. The set of characters to escape 24 * (the complement of which is unescaped) starts out as the RFC 3986 25 * unsafe characters (0x00-0x1F,0x7F-0xFF," <>\"#%{}|\\^`"). If 26 * 'esc_extra' is not NULL, those additional characters will also always 27 * be escaped. If 'esc_ok' is not NULL, those characters will be left 28 * escaped if found that way, but will not be unescaped otherwise (used 29 * for delimiters). If a %-escape sequence is encountered that is not 30 * followed by 2 hexadecimal digits, the sequence is invalid and 31 * false (0) will be returned. Otherwise true (1) will be returned for 32 * success. 33 * 34 * Note that all %-escape sequences will be normalized to UPPERCASE 35 * as indicated in RFC 3986. Unless included in esc_extra or esc_ok 36 * alphanumerics and "-._~" will always be unescaped as per RFC 3986. 37 */ 38 39while(from_len) { 40int ch = *from++; 41int was_esc =0; 42 43 from_len--; 44if(ch =='%') { 45if(from_len <2|| 46!isxdigit(from[0]) || 47!isxdigit(from[1])) 48return0; 49 ch =hexval(*from++) <<4; 50 ch |=hexval(*from++); 51 from_len -=2; 52 was_esc =1; 53} 54if((unsigned char)ch <=0x1F|| (unsigned char)ch >=0x7F|| 55strchr(URL_UNSAFE_CHARS, ch) || 56(esc_extra &&strchr(esc_extra, ch)) || 57(was_esc &&strchr(esc_ok, ch))) 58strbuf_addf(buf,"%%%02X", (unsigned char)ch); 59else 60strbuf_addch(buf, ch); 61} 62 63return1; 64} 65 66static char*url_normalize_1(const char*url,struct url_info *out_info,char allow_globs) 67{ 68/* 69 * Normalize NUL-terminated url using the following rules: 70 * 71 * 1. Case-insensitive parts of url will be converted to lower case 72 * 2. %-encoded characters that do not need to be will be unencoded 73 * 3. Characters that are not %-encoded and must be will be encoded 74 * 4. All %-encodings will be converted to upper case hexadecimal 75 * 5. Leading 0s are removed from port numbers 76 * 6. If the default port for the scheme is given it will be removed 77 * 7. A path part (including empty) not starting with '/' has one added 78 * 8. Any dot segments (. or ..) in the path are resolved and removed 79 * 9. IPv6 host literals are allowed (but not normalized or validated) 80 * 81 * The rules are based on information in RFC 3986. 82 * 83 * Please note this function requires a full URL including a scheme 84 * and host part (except for file: URLs which may have an empty host). 85 * 86 * The return value is a newly allocated string that must be freed 87 * or NULL if the url is not valid. 88 * 89 * If out_info is non-NULL, the url and err fields therein will always 90 * be set. If a non-NULL value is returned, it will be stored in 91 * out_info->url as well, out_info->err will be set to NULL and the 92 * other fields of *out_info will also be filled in. If a NULL value 93 * is returned, NULL will be stored in out_info->url and out_info->err 94 * will be set to a brief, translated, error message, but no other 95 * fields will be filled in. 96 * 97 * This is NOT a URL validation function. Full URL validation is NOT 98 * performed. Some invalid host names are passed through this function 99 * undetected. However, most all other problems that make a URL invalid 100 * will be detected (including a missing host for non file: URLs). 101 */ 102 103size_t url_len =strlen(url); 104struct strbuf norm; 105size_t spanned; 106size_t scheme_len, user_off=0, user_len=0, passwd_off=0, passwd_len=0; 107size_t host_off=0, host_len=0, port_len=0, path_off, path_len, result_len; 108const char*slash_ptr, *at_ptr, *colon_ptr, *path_start; 109char*result; 110 111/* 112 * Copy lowercased scheme and :// suffix, %-escapes are not allowed 113 * First character of scheme must be URL_ALPHA 114 */ 115 spanned =strspn(url, URL_SCHEME_CHARS); 116if(!spanned || !isalpha(url[0]) || spanned +3> url_len || 117 url[spanned] !=':'|| url[spanned+1] !='/'|| url[spanned+2] !='/') { 118if(out_info) { 119 out_info->url = NULL; 120 out_info->err =_("invalid URL scheme name or missing '://' suffix"); 121} 122return NULL;/* Bad scheme and/or missing "://" part */ 123} 124strbuf_init(&norm, url_len); 125 scheme_len = spanned; 126 spanned +=3; 127 url_len -= spanned; 128while(spanned--) 129strbuf_addch(&norm,tolower(*url++)); 130 131 132/* 133 * Copy any username:password if present normalizing %-escapes 134 */ 135 at_ptr =strchr(url,'@'); 136 slash_ptr = url +strcspn(url,"/?#"); 137if(at_ptr && at_ptr < slash_ptr) { 138 user_off = norm.len; 139if(at_ptr > url) { 140if(!append_normalized_escapes(&norm, url, at_ptr - url, 141"", URL_RESERVED)) { 142if(out_info) { 143 out_info->url = NULL; 144 out_info->err =_("invalid%XX escape sequence"); 145} 146strbuf_release(&norm); 147return NULL; 148} 149 colon_ptr =strchr(norm.buf + scheme_len +3,':'); 150if(colon_ptr) { 151 passwd_off = (colon_ptr +1) - norm.buf; 152 passwd_len = norm.len - passwd_off; 153 user_len = (passwd_off -1) - (scheme_len +3); 154}else{ 155 user_len = norm.len - (scheme_len +3); 156} 157} 158strbuf_addch(&norm,'@'); 159 url_len -= (++at_ptr - url); 160 url = at_ptr; 161} 162 163 164/* 165 * Copy the host part excluding any port part, no %-escapes allowed 166 */ 167if(!url_len ||strchr(":/?#", *url)) { 168/* Missing host invalid for all URL schemes except file */ 169if(strncmp(norm.buf,"file:",5)) { 170if(out_info) { 171 out_info->url = NULL; 172 out_info->err =_("missing host and scheme is not 'file:'"); 173} 174strbuf_release(&norm); 175return NULL; 176} 177}else{ 178 host_off = norm.len; 179} 180 colon_ptr = slash_ptr -1; 181while(colon_ptr > url && *colon_ptr !=':'&& *colon_ptr !=']') 182 colon_ptr--; 183if(*colon_ptr !=':') { 184 colon_ptr = slash_ptr; 185}else if(!host_off && colon_ptr < slash_ptr && colon_ptr +1!= slash_ptr) { 186/* file: URLs may not have a port number */ 187if(out_info) { 188 out_info->url = NULL; 189 out_info->err =_("a 'file:' URL may not have a port number"); 190} 191strbuf_release(&norm); 192return NULL; 193} 194 195if(allow_globs) 196 spanned =strspn(url, URL_HOST_CHARS "*"); 197else 198 spanned =strspn(url, URL_HOST_CHARS); 199 200if(spanned < colon_ptr - url) { 201/* Host name has invalid characters */ 202if(out_info) { 203 out_info->url = NULL; 204 out_info->err =_("invalid characters in host name"); 205} 206strbuf_release(&norm); 207return NULL; 208} 209while(url < colon_ptr) { 210strbuf_addch(&norm,tolower(*url++)); 211 url_len--; 212} 213 214 215/* 216 * Check the port part and copy if not the default (after removing any 217 * leading 0s); no %-escapes allowed 218 */ 219if(colon_ptr < slash_ptr) { 220/* skip the ':' and leading 0s but not the last one if all 0s */ 221 url++; 222 url +=strspn(url,"0"); 223if(url == slash_ptr && url[-1] =='0') 224 url--; 225if(url == slash_ptr) { 226/* Skip ":" port with no number, it's same as default */ 227}else if(slash_ptr - url ==2&& 228!strncmp(norm.buf,"http:",5) && 229!strncmp(url,"80",2)) { 230/* Skip http :80 as it's the default */ 231}else if(slash_ptr - url ==3&& 232!strncmp(norm.buf,"https:",6) && 233!strncmp(url,"443",3)) { 234/* Skip https :443 as it's the default */ 235}else{ 236/* 237 * Port number must be all digits with leading 0s removed 238 * and since all the protocols we deal with have a 16-bit 239 * port number it must also be in the range 1..65535 240 * 0 is not allowed because that means "next available" 241 * on just about every system and therefore cannot be used 242 */ 243unsigned long pnum =0; 244 spanned =strspn(url, URL_DIGIT); 245if(spanned < slash_ptr - url) { 246/* port number has invalid characters */ 247if(out_info) { 248 out_info->url = NULL; 249 out_info->err =_("invalid port number"); 250} 251strbuf_release(&norm); 252return NULL; 253} 254if(slash_ptr - url <=5) 255 pnum =strtoul(url, NULL,10); 256if(pnum ==0|| pnum >65535) { 257/* port number not in range 1..65535 */ 258if(out_info) { 259 out_info->url = NULL; 260 out_info->err =_("invalid port number"); 261} 262strbuf_release(&norm); 263return NULL; 264} 265strbuf_addch(&norm,':'); 266strbuf_add(&norm, url, slash_ptr - url); 267 port_len = slash_ptr - url; 268} 269 url_len -= slash_ptr - colon_ptr; 270 url = slash_ptr; 271} 272if(host_off) 273 host_len = norm.len - host_off; 274 275 276/* 277 * Now copy the path resolving any . and .. segments being careful not 278 * to corrupt the URL by unescaping any delimiters, but do add an 279 * initial '/' if it's missing and do normalize any %-escape sequences. 280 */ 281 path_off = norm.len; 282 path_start = norm.buf + path_off; 283strbuf_addch(&norm,'/'); 284if(*url =='/') { 285 url++; 286 url_len--; 287} 288for(;;) { 289const char*seg_start; 290size_t seg_start_off = norm.len; 291const char*next_slash = url +strcspn(url,"/?#"); 292int skip_add_slash =0; 293 294/* 295 * RFC 3689 indicates that any . or .. segments should be 296 * unescaped before being checked for. 297 */ 298if(!append_normalized_escapes(&norm, url, next_slash - url,"", 299 URL_RESERVED)) { 300if(out_info) { 301 out_info->url = NULL; 302 out_info->err =_("invalid%XX escape sequence"); 303} 304strbuf_release(&norm); 305return NULL; 306} 307 308 seg_start = norm.buf + seg_start_off; 309if(!strcmp(seg_start,".")) { 310/* ignore a . segment; be careful not to remove initial '/' */ 311if(seg_start == path_start +1) { 312strbuf_setlen(&norm, norm.len -1); 313 skip_add_slash =1; 314}else{ 315strbuf_setlen(&norm, norm.len -2); 316} 317}else if(!strcmp(seg_start,"..")) { 318/* 319 * ignore a .. segment and remove the previous segment; 320 * be careful not to remove initial '/' from path 321 */ 322const char*prev_slash = norm.buf + norm.len -3; 323if(prev_slash == path_start) { 324/* invalid .. because no previous segment to remove */ 325if(out_info) { 326 out_info->url = NULL; 327 out_info->err =_("invalid '..' path segment"); 328} 329strbuf_release(&norm); 330return NULL; 331} 332while(*--prev_slash !='/') {} 333if(prev_slash == path_start) { 334strbuf_setlen(&norm, prev_slash - norm.buf +1); 335 skip_add_slash =1; 336}else{ 337strbuf_setlen(&norm, prev_slash - norm.buf); 338} 339} 340 url_len -= next_slash - url; 341 url = next_slash; 342/* if the next char is not '/' done with the path */ 343if(*url !='/') 344break; 345 url++; 346 url_len--; 347if(!skip_add_slash) 348strbuf_addch(&norm,'/'); 349} 350 path_len = norm.len - path_off; 351 352 353/* 354 * Now simply copy the rest, if any, only normalizing %-escapes and 355 * being careful not to corrupt the URL by unescaping any delimiters. 356 */ 357if(*url) { 358if(!append_normalized_escapes(&norm, url, url_len,"", URL_RESERVED)) { 359if(out_info) { 360 out_info->url = NULL; 361 out_info->err =_("invalid%XX escape sequence"); 362} 363strbuf_release(&norm); 364return NULL; 365} 366} 367 368 369 result =strbuf_detach(&norm, &result_len); 370if(out_info) { 371 out_info->url = result; 372 out_info->err = NULL; 373 out_info->url_len = result_len; 374 out_info->scheme_len = scheme_len; 375 out_info->user_off = user_off; 376 out_info->user_len = user_len; 377 out_info->passwd_off = passwd_off; 378 out_info->passwd_len = passwd_len; 379 out_info->host_off = host_off; 380 out_info->host_len = host_len; 381 out_info->port_len = port_len; 382 out_info->path_off = path_off; 383 out_info->path_len = path_len; 384} 385return result; 386} 387 388char*url_normalize(const char*url,struct url_info *out_info) 389{ 390returnurl_normalize_1(url, out_info,0); 391} 392 393static size_turl_match_prefix(const char*url, 394const char*url_prefix, 395size_t url_prefix_len) 396{ 397/* 398 * url_prefix matches url if url_prefix is an exact match for url or it 399 * is a prefix of url and the match ends on a path component boundary. 400 * Both url and url_prefix are considered to have an implicit '/' on the 401 * end for matching purposes if they do not already. 402 * 403 * url must be NUL terminated. url_prefix_len is the length of 404 * url_prefix which need not be NUL terminated. 405 * 406 * The return value is the length of the match in characters (including 407 * the final '/' even if it's implicit) or 0 for no match. 408 * 409 * Passing NULL as url and/or url_prefix will always cause 0 to be 410 * returned without causing any faults. 411 */ 412if(!url || !url_prefix) 413return0; 414if(!url_prefix_len || (url_prefix_len ==1&& *url_prefix =='/')) 415return(!*url || *url =='/') ?1:0; 416if(url_prefix[url_prefix_len -1] =='/') 417 url_prefix_len--; 418if(strncmp(url, url_prefix, url_prefix_len)) 419return0; 420if((strlen(url) == url_prefix_len) || (url[url_prefix_len] =='/')) 421return url_prefix_len +1; 422return0; 423} 424 425static intmatch_urls(const struct url_info *url, 426const struct url_info *url_prefix, 427int*exactusermatch) 428{ 429/* 430 * url_prefix matches url if the scheme, host and port of url_prefix 431 * are the same as those of url and the path portion of url_prefix 432 * is the same as the path portion of url or it is a prefix that 433 * matches at a '/' boundary. If url_prefix contains a user name, 434 * that must also exactly match the user name in url. 435 * 436 * If the user, host, port and path match in this fashion, the returned 437 * value is the length of the path match including any implicit 438 * final '/'. For example, "http://me@example.com/path" is matched by 439 * "http://example.com" with a path length of 1. 440 * 441 * If there is a match and exactusermatch is not NULL, then 442 * *exactusermatch will be set to true if both url and url_prefix 443 * contained a user name or false if url_prefix did not have a 444 * user name. If there is no match *exactusermatch is left untouched. 445 */ 446int usermatched =0; 447int pathmatchlen; 448 449if(!url || !url_prefix || !url->url || !url_prefix->url) 450return0; 451 452/* check the scheme */ 453if(url_prefix->scheme_len != url->scheme_len || 454strncmp(url->url, url_prefix->url, url->scheme_len)) 455return0;/* schemes do not match */ 456 457/* check the user name if url_prefix has one */ 458if(url_prefix->user_off) { 459if(!url->user_off || url->user_len != url_prefix->user_len || 460strncmp(url->url + url->user_off, 461 url_prefix->url + url_prefix->user_off, 462 url->user_len)) 463return0;/* url_prefix has a user but it's not a match */ 464 usermatched =1; 465} 466 467/* check the host and port */ 468if(url_prefix->host_len != url->host_len || 469strncmp(url->url + url->host_off, 470 url_prefix->url + url_prefix->host_off, url->host_len)) 471return0;/* host names and/or ports do not match */ 472 473/* check the path */ 474 pathmatchlen =url_match_prefix( 475 url->url + url->path_off, 476 url_prefix->url + url_prefix->path_off, 477 url_prefix->url_len - url_prefix->path_off); 478 479if(pathmatchlen && exactusermatch) 480*exactusermatch = usermatched; 481return pathmatchlen; 482} 483 484inturlmatch_config_entry(const char*var,const char*value,void*cb) 485{ 486struct string_list_item *item; 487struct urlmatch_config *collect = cb; 488struct urlmatch_item *matched; 489struct url_info *url = &collect->url; 490const char*key, *dot; 491struct strbuf synthkey = STRBUF_INIT; 492size_t matched_len =0; 493int user_matched =0; 494int retval; 495 496if(!skip_prefix(var, collect->section, &key) || *(key++) !='.') { 497if(collect->cascade_fn) 498return collect->cascade_fn(var, value, cb); 499return0;/* not interested */ 500} 501 dot =strrchr(key,'.'); 502if(dot) { 503char*config_url, *norm_url; 504struct url_info norm_info; 505 506 config_url =xmemdupz(key, dot - key); 507 norm_url =url_normalize(config_url, &norm_info); 508free(config_url); 509if(!norm_url) 510return0; 511 matched_len =match_urls(url, &norm_info, &user_matched); 512free(norm_url); 513if(!matched_len) 514return0; 515 key = dot +1; 516} 517 518if(collect->key &&strcmp(key, collect->key)) 519return0; 520 521 item =string_list_insert(&collect->vars, key); 522if(!item->util) { 523 matched =xcalloc(1,sizeof(*matched)); 524 item->util = matched; 525}else{ 526 matched = item->util; 527/* 528 * Is our match shorter? Is our match the same 529 * length, and without user while the current 530 * candidate is with user? Then we cannot use it. 531 */ 532if(matched_len < matched->matched_len || 533((matched_len == matched->matched_len) && 534(!user_matched && matched->user_matched))) 535return0; 536/* Otherwise, replace it with this one. */ 537} 538 539 matched->matched_len = matched_len; 540 matched->user_matched = user_matched; 541strbuf_addstr(&synthkey, collect->section); 542strbuf_addch(&synthkey,'.'); 543strbuf_addstr(&synthkey, key); 544 retval = collect->collect_fn(synthkey.buf, value, collect->cb); 545 546strbuf_release(&synthkey); 547return retval; 548}