]>
git.ipfire.org Git - thirdparty/squid.git/blob - src/url.cc
2 * Copyright (C) 1996-2016 The Squid Software Foundation and contributors
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
9 /* DEBUG: section 23 URL Parsing */
13 #include "HttpRequest.h"
15 #include "SquidConfig.h"
16 #include "SquidString.h"
19 static HttpRequest
*urlParseFinish(const HttpRequestMethod
& method
,
20 const AnyP::ProtocolType protocol
,
21 const char *const urlpath
,
22 const char *const host
,
25 HttpRequest
*request
);
26 static HttpRequest
*urnParse(const HttpRequestMethod
& method
, char *urn
, HttpRequest
*request
);
27 static const char valid_hostname_chars_u
[] =
28 "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
29 "abcdefghijklmnopqrstuvwxyz"
33 static const char valid_hostname_chars
[] =
34 "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
35 "abcdefghijklmnopqrstuvwxyz"
43 static SBuf
star("*");
50 static SBuf
slash("/");
55 URL::host(const char *src
)
59 if (hostAddr_
.isAnyAddr()) {
60 xstrncpy(host_
, src
, sizeof(host_
));
61 hostIsNumeric_
= false;
63 hostAddr_
.toHostStr(host_
, sizeof(host_
));
64 debugs(23, 3, "given IP: " << hostAddr_
);
73 // RFC 3986 section 3.3 says path can be empty (path-abempty).
74 // RFC 7230 sections 2.7.3, 5.3.1, 5.7.2 - says path cannot be empty, default to "/"
75 // at least when sending and using. We must still accept path-abempty as input.
76 if (path_
.isEmpty() && (scheme_
== AnyP::PROTO_HTTP
|| scheme_
== AnyP::PROTO_HTTPS
))
85 debugs(23, 5, "urlInitialize: Initializing...");
86 /* this ensures that the number of protocol strings is the same as
87 * the enum slots allocated because the last enum is always 'MAX'.
89 assert(strcmp(AnyP::ProtocolType_str
[AnyP::PROTO_MAX
], "MAX") == 0);
91 * These test that our matchDomainName() function works the
92 * way we expect it to.
94 assert(0 == matchDomainName("foo.com", "foo.com"));
95 assert(0 == matchDomainName(".foo.com", "foo.com"));
96 assert(0 == matchDomainName("foo.com", ".foo.com"));
97 assert(0 == matchDomainName(".foo.com", ".foo.com"));
98 assert(0 == matchDomainName("x.foo.com", ".foo.com"));
99 assert(0 != matchDomainName("x.foo.com", "foo.com"));
100 assert(0 != matchDomainName("foo.com", "x.foo.com"));
101 assert(0 != matchDomainName("bar.com", "foo.com"));
102 assert(0 != matchDomainName(".bar.com", "foo.com"));
103 assert(0 != matchDomainName(".bar.com", ".foo.com"));
104 assert(0 != matchDomainName("bar.com", ".foo.com"));
105 assert(0 < matchDomainName("zzz.com", "foo.com"));
106 assert(0 > matchDomainName("aaa.com", "foo.com"));
107 assert(0 == matchDomainName("FOO.com", "foo.COM"));
108 assert(0 < matchDomainName("bfoo.com", "afoo.com"));
109 assert(0 > matchDomainName("afoo.com", "bfoo.com"));
110 assert(0 < matchDomainName("x-foo.com", ".foo.com"));
115 * Parse the scheme name from string b, into protocol type.
116 * The string must be 0-terminated.
119 urlParseProtocol(const char *b
)
121 // make e point to the ':' character
122 const char *e
= b
+ strcspn(b
, ":");
125 /* test common stuff first */
127 if (strncasecmp(b
, "http", len
) == 0)
128 return AnyP::PROTO_HTTP
;
130 if (strncasecmp(b
, "ftp", len
) == 0)
131 return AnyP::PROTO_FTP
;
133 if (strncasecmp(b
, "https", len
) == 0)
134 return AnyP::PROTO_HTTPS
;
136 if (strncasecmp(b
, "file", len
) == 0)
137 return AnyP::PROTO_FTP
;
139 if (strncasecmp(b
, "coap", len
) == 0)
140 return AnyP::PROTO_COAP
;
142 if (strncasecmp(b
, "coaps", len
) == 0)
143 return AnyP::PROTO_COAPS
;
145 if (strncasecmp(b
, "gopher", len
) == 0)
146 return AnyP::PROTO_GOPHER
;
148 if (strncasecmp(b
, "wais", len
) == 0)
149 return AnyP::PROTO_WAIS
;
151 if (strncasecmp(b
, "cache_object", len
) == 0)
152 return AnyP::PROTO_CACHE_OBJECT
;
154 if (strncasecmp(b
, "urn", len
) == 0)
155 return AnyP::PROTO_URN
;
157 if (strncasecmp(b
, "whois", len
) == 0)
158 return AnyP::PROTO_WHOIS
;
160 return AnyP::PROTO_NONE
;
166 * If the 'request' arg is non-NULL, put parsed values there instead
167 * of allocating a new HttpRequest.
169 * This abuses HttpRequest as a way of representing the parsed url
170 * and its components.
171 * method is used to switch parsers and to init the HttpRequest.
172 * If method is Http::METHOD_CONNECT, then rather than a URL a hostname:port is
174 * The url is non const so that if its too long we can NULL-terminate it in place.
178 * This routine parses a URL. Its assumed that the URL is complete -
179 * ie, the end of the string is the end of the URL. Don't pass a partial
180 * URL here as this routine doesn't have any way of knowing whether
181 * its partial or not (ie, it handles the case of no trailing slash as
182 * being "end of host with implied path of /".
185 urlParse(const HttpRequestMethod
& method
, char *url
, HttpRequest
*request
)
187 LOCAL_ARRAY(char, proto
, MAX_URL
);
188 LOCAL_ARRAY(char, login
, MAX_URL
);
189 LOCAL_ARRAY(char, host
, MAX_URL
);
190 LOCAL_ARRAY(char, urlpath
, MAX_URL
);
194 AnyP::ProtocolType protocol
= AnyP::PROTO_NONE
;
199 proto
[0] = host
[0] = urlpath
[0] = login
[0] = '\0';
201 if ((l
= strlen(url
)) + Config
.appendDomainLen
> (MAX_URL
- 1)) {
202 /* terminate so it doesn't overflow other buffers */
203 *(url
+ (MAX_URL
>> 1)) = '\0';
204 debugs(23, DBG_IMPORTANT
, "urlParse: URL too large (" << l
<< " bytes)");
207 if (method
== Http::METHOD_CONNECT
) {
210 if (sscanf(url
, "[%[^]]]:%d", host
, &port
) < 1)
211 if (sscanf(url
, "%[^:]:%d", host
, &port
) < 1)
214 } else if ((method
== Http::METHOD_OPTIONS
|| method
== Http::METHOD_TRACE
) &&
215 URL::Asterisk().cmp(url
) == 0) {
216 protocol
= AnyP::PROTO_HTTP
;
217 port
= AnyP::UriScheme(protocol
).defaultPort();
218 return urlParseFinish(method
, protocol
, url
, host
, SBuf(), port
, request
);
219 } else if (!strncmp(url
, "urn:", 4)) {
220 return urnParse(method
, url
, request
);
225 /* Find first : - everything before is protocol */
226 for (i
= 0, dst
= proto
; i
< l
&& *src
!= ':'; ++i
, ++src
, ++dst
) {
234 if ((i
+3) > l
|| *src
!= ':' || *(src
+ 1) != '/' || *(src
+ 2) != '/')
239 /* Then everything until first /; thats host (and port; which we'll look for here later) */
240 // bug 1881: If we don't get a "/" then we imply it was there
241 // bug 3074: We could just be given a "?" or "#". These also imply "/"
242 // bug 3233: whitespace is also a hostname delimiter.
243 for (dst
= host
; i
< l
&& *src
!= '/' && *src
!= '?' && *src
!= '#' && *src
!= '\0' && !xisspace(*src
); ++i
, ++src
, ++dst
) {
248 * We can't check for "i >= l" here because we could be at the end of the line
249 * and have a perfectly valid URL w/ no trailing '/'. In this case we assume we've
250 * been -given- a valid URL and the path is just '/'.
256 // bug 3074: received 'path' starting with '?', '#', or '\0' implies '/'
257 if (*src
== '?' || *src
== '#' || *src
== '\0') {
263 /* Then everything from / (inclusive) until \r\n or \0 - thats urlpath */
264 for (; i
< l
&& *src
!= '\r' && *src
!= '\n' && *src
!= '\0'; ++i
, ++src
, ++dst
) {
268 /* We -could- be at the end of the buffer here */
271 /* If the URL path is empty we set it to be "/" */
272 if (dst
== urlpath
) {
278 protocol
= urlParseProtocol(proto
);
279 port
= AnyP::UriScheme(protocol
).defaultPort();
281 /* Is there any login information? (we should eventually parse it above) */
282 t
= strrchr(host
, '@');
284 strncpy((char *) login
, (char *) host
, sizeof(login
)-1);
285 login
[sizeof(login
)-1] = '\0';
286 t
= strrchr(login
, '@');
288 strncpy((char *) host
, t
+ 1, sizeof(host
)-1);
289 host
[sizeof(host
)-1] = '\0';
290 // Bug 4498: URL-unescape the login info after extraction
291 rfc1738_unescape(login
);
294 /* Is there any host information? (we should eventually parse it above) */
296 /* strip any IPA brackets. valid under IPv6. */
298 /* only for IPv6 sadly, pre-IPv6/URL code can't handle the clean result properly anyway. */
303 for (; i
< l
&& *src
!= ']' && *src
!= '\0'; ++i
, ++src
, ++dst
) {
307 /* we moved in-place, so truncate the actual hostname found */
311 /* skip ahead to either start of port, or original EOS */
312 while (*dst
!= '\0' && *dst
!= ':')
316 t
= strrchr(host
, ':');
318 if (t
!= strchr(host
,':') ) {
319 /* RFC 2732 states IPv6 "SHOULD" be bracketed. allowing for times when its not. */
320 /* RFC 3986 'update' simply modifies this to an "is" with no emphasis at all! */
321 /* therefore we MUST accept the case where they are not bracketed at all. */
326 // Bug 3183 sanity check: If scheme is present, host must be too.
327 if (protocol
!= AnyP::PROTO_NONE
&& host
[0] == '\0') {
328 debugs(23, DBG_IMPORTANT
, "SECURITY ALERT: Missing hostname in URL '" << url
<< "'. see access.log for details.");
332 if (t
&& *t
== ':') {
339 for (t
= host
; *t
; ++t
)
342 if (stringHasWhitespace(host
)) {
343 if (URI_WHITESPACE_STRIP
== Config
.uri_whitespace
) {
356 debugs(23, 3, "urlParse: Split URL '" << url
<< "' into proto='" << proto
<< "', host='" << host
<< "', port='" << port
<< "', path='" << urlpath
<< "'");
358 if (Config
.onoff
.check_hostnames
&& strspn(host
, Config
.onoff
.allow_underscore
? valid_hostname_chars_u
: valid_hostname_chars
) != strlen(host
)) {
359 debugs(23, DBG_IMPORTANT
, "urlParse: Illegal character in hostname '" << host
<< "'");
363 /* For IPV6 addresses also check for a colon */
364 if (Config
.appendDomain
&& !strchr(host
, '.') && !strchr(host
, ':'))
365 strncat(host
, Config
.appendDomain
, SQUIDHOSTNAMELEN
- strlen(host
) - 1);
367 /* remove trailing dots from hostnames */
368 while ((l
= strlen(host
)) > 0 && host
[--l
] == '.')
371 /* reject duplicate or leading dots */
372 if (strstr(host
, "..") || *host
== '.') {
373 debugs(23, DBG_IMPORTANT
, "urlParse: Illegal hostname '" << host
<< "'");
377 if (port
< 1 || port
> 65535) {
378 debugs(23, 3, "urlParse: Invalid port '" << port
<< "'");
382 #if HARDCODE_DENY_PORTS
383 /* These ports are filtered in the default squid.conf, but
384 * maybe someone wants them hardcoded... */
385 if (port
== 7 || port
== 9 || port
== 19) {
386 debugs(23, DBG_CRITICAL
, "urlParse: Deny access to port " << port
);
391 if (stringHasWhitespace(urlpath
)) {
392 debugs(23, 2, "urlParse: URI has whitespace: {" << url
<< "}");
394 switch (Config
.uri_whitespace
) {
396 case URI_WHITESPACE_DENY
:
399 case URI_WHITESPACE_ALLOW
:
402 case URI_WHITESPACE_ENCODE
:
403 t
= rfc1738_escape_unescaped(urlpath
);
404 xstrncpy(urlpath
, t
, MAX_URL
);
407 case URI_WHITESPACE_CHOP
:
408 *(urlpath
+ strcspn(urlpath
, w_space
)) = '\0';
411 case URI_WHITESPACE_STRIP
:
425 return urlParseFinish(method
, protocol
, urlpath
, host
, SBuf(login
), port
, request
);
429 * Update request with parsed URI data. If the request arg is
430 * non-NULL, put parsed values there instead of allocating a new
434 urlParseFinish(const HttpRequestMethod
& method
,
435 const AnyP::ProtocolType protocol
,
436 const char *const urlpath
,
437 const char *const host
,
440 HttpRequest
*request
)
443 request
= new HttpRequest(method
, protocol
, urlpath
);
445 request
->initHTTP(method
, protocol
, urlpath
);
448 request
->url
.host(host
);
449 request
->url
.userInfo(login
);
450 request
->url
.port(port
);
455 urnParse(const HttpRequestMethod
& method
, char *urn
, HttpRequest
*request
)
457 debugs(50, 5, "urnParse: " << urn
);
459 request
->initHTTP(method
, AnyP::PROTO_URN
, urn
+ 4);
463 return new HttpRequest(method
, AnyP::PROTO_URN
, urn
+ 4);
470 authorityHttp_
.clear();
471 authorityWithPort_
.clear();
475 URL::authority(bool requirePort
) const
477 if (authorityHttp_
.isEmpty()) {
479 // both formats contain Host/IP
480 authorityWithPort_
.append(host());
481 authorityHttp_
= authorityWithPort_
;
483 // authorityForm_ only has :port if it is non-default
484 authorityWithPort_
.appendf(":%u",port());
485 if (port() != getScheme().defaultPort())
486 authorityHttp_
= authorityWithPort_
;
489 return requirePort
? authorityWithPort_
: authorityHttp_
;
493 URL::absolute() const
495 if (absolute_
.isEmpty()) {
496 // TODO: most URL will be much shorter, avoid allocating this much
497 absolute_
.reserveCapacity(MAX_URL
);
499 absolute_
.appendf("%s:", getScheme().c_str());
500 if (getScheme() != AnyP::PROTO_URN
) {
501 absolute_
.append("//", 2);
502 const bool omitUserInfo
= getScheme() == AnyP::PROTO_HTTP
||
503 getScheme() != AnyP::PROTO_HTTPS
||
504 userInfo().isEmpty();
506 absolute_
.append(userInfo());
507 absolute_
.append("@", 1);
509 absolute_
.append(authority());
511 absolute_
.append(path());
517 /** \todo AYJ: Performance: This is an *almost* duplicate of HttpRequest::effectiveRequestUri(). But elides the query-string.
518 * After copying it on in the first place! Would be less code to merge the two with a flag parameter.
519 * and never copy the query-string part in the first place
522 urlCanonicalClean(const HttpRequest
* request
)
524 LOCAL_ARRAY(char, buf
, MAX_URL
);
526 snprintf(buf
, sizeof(buf
), SQUIDSBUFPH
, SQUIDSBUFPRINT(request
->effectiveRequestUri()));
527 buf
[sizeof(buf
)-1] = '\0';
529 // URN, CONNECT method, and non-stripped URIs can go straight out
530 if (Config
.onoff
.strip_query_terms
&& !(request
->method
== Http::METHOD_CONNECT
|| request
->url
.getScheme() == AnyP::PROTO_URN
)) {
531 // strip anything AFTER a question-mark
532 // leaving the '?' in place
533 if (auto t
= strchr(buf
, '?')) {
538 if (stringHasCntl(buf
))
539 xstrncpy(buf
, rfc1738_escape_unescaped(buf
), MAX_URL
);
545 * Yet another alternative to urlCanonical.
546 * This one adds the https:// parts to Http::METHOD_CONNECT URL
547 * for use in error page outputs.
548 * Luckily we can leverage the others instead of duplicating.
551 urlCanonicalFakeHttps(const HttpRequest
* request
)
553 LOCAL_ARRAY(char, buf
, MAX_URL
);
555 // method CONNECT and port HTTPS
556 if (request
->method
== Http::METHOD_CONNECT
&& request
->url
.port() == 443) {
557 snprintf(buf
, MAX_URL
, "https://%s/*", request
->url
.host());
561 // else do the normal complete canonical thing.
562 return urlCanonicalClean(request
);
566 * Test if a URL is relative.
568 * RFC 2396, Section 5 (Page 17) implies that in a relative URL, a '/' will
569 * appear before a ':'.
572 urlIsRelative(const char *url
)
583 for (p
= url
; *p
!= '\0' && *p
!= ':' && *p
!= '/'; ++p
);
592 * Convert a relative URL to an absolute URL using the context of a given
595 * It is assumed that you have already ensured that the URL is relative.
597 * If NULL is returned it is an indication that the method in use in the
598 * request does not distinguish between relative and absolute and you should
599 * use the url unchanged.
601 * If non-NULL is returned, it is up to the caller to free the resulting
602 * memory using safe_free().
605 urlMakeAbsolute(const HttpRequest
* req
, const char *relUrl
)
608 if (req
->method
.id() == Http::METHOD_CONNECT
) {
612 char *urlbuf
= (char *)xmalloc(MAX_URL
* sizeof(char));
614 if (req
->url
.getScheme() == AnyP::PROTO_URN
) {
615 // XXX: this is what the original code did, but it seems to break the
616 // intended behaviour of this function. It returns the stored URN path,
617 // not converting the given one into a URN...
618 snprintf(urlbuf
, MAX_URL
, SQUIDSBUFPH
, SQUIDSBUFPRINT(req
->url
.absolute()));
622 SBuf authorityForm
= req
->url
.authority(); // host[:port]
623 size_t urllen
= snprintf(urlbuf
, MAX_URL
, "%s://" SQUIDSBUFPH
"%s" SQUIDSBUFPH
,
624 req
->url
.getScheme().c_str(),
625 SQUIDSBUFPRINT(req
->url
.userInfo()),
626 !req
->url
.userInfo().isEmpty() ? "@" : "",
627 SQUIDSBUFPRINT(authorityForm
));
629 // if the first char is '/' assume its a relative path
630 // XXX: this breaks on scheme-relative URLs,
631 // but we should not see those outside ESI, and rarely there.
632 // XXX: also breaks on any URL containing a '/' in the query-string portion
633 if (relUrl
[0] == '/') {
634 xstrncpy(&urlbuf
[urllen
], relUrl
, MAX_URL
- urllen
- 1);
636 SBuf path
= req
->url
.path();
637 SBuf::size_type lastSlashPos
= path
.rfind('/');
639 if (lastSlashPos
== SBuf::npos
) {
640 // replace the whole path with the given bit(s)
641 urlbuf
[urllen
] = '/';
643 xstrncpy(&urlbuf
[urllen
], relUrl
, MAX_URL
- urllen
- 1);
645 // replace only the last (file?) segment with the given bit(s)
647 if (lastSlashPos
> MAX_URL
- urllen
- 1) {
648 // XXX: crops bits in the middle of the combined URL.
649 lastSlashPos
= MAX_URL
- urllen
- 1;
651 SBufToCstring(&urlbuf
[urllen
], path
.substr(0,lastSlashPos
));
652 urllen
+= lastSlashPos
;
653 if (urllen
+ 1 < MAX_URL
) {
654 xstrncpy(&urlbuf
[urllen
], relUrl
, MAX_URL
- urllen
- 1);
663 matchDomainName(const char *h
, const char *d
, bool honorWildcards
)
676 * Start at the ends of the two strings and work towards the
679 while (xtolower(h
[--hl
]) == xtolower(d
[--dl
])) {
680 if (hl
== 0 && dl
== 0) {
682 * We made it all the way to the beginning of both
683 * strings without finding any difference.
690 * The host string is shorter than the domain string.
691 * There is only one case when this can be a match.
692 * If the domain is just one character longer, and if
693 * that character is a leading '.' then we call it a
697 if (1 == dl
&& '.' == d
[0])
705 * The domain string is shorter than the host string.
706 * This is a match only if the first domain character
718 * We found different characters in the same position (from the end).
721 // If the h has a form of "*.foo.com" and d has a form of "x.foo.com"
722 // then the h[hl] points to '*', h[hl+1] to '.' and d[dl] to 'x'
723 // The following checks are safe, the "h[hl + 1]" in the worst case is '\0'.
724 if (honorWildcards
&& h
[hl
] == '*' && h
[hl
+ 1] == '.')
728 * If one of those character is '.' then its special. In order
729 * for splay tree sorting to work properly, "x-foo.com" must
730 * be greater than ".foo.com" even though '-' is less than '.'.
738 return (xtolower(h
[hl
]) - xtolower(d
[dl
]));
742 * return true if we can serve requests for this method.
745 urlCheckRequest(const HttpRequest
* r
)
748 /* protocol "independent" methods
750 * actually these methods are specific to HTTP:
751 * they are methods we recieve on our HTTP port,
752 * and if we had a FTP listener would not be relevant
755 * So, we should delegate them to HTTP. The problem is that we
756 * do not have a default protocol from the client side of HTTP.
759 if (r
->method
== Http::METHOD_CONNECT
)
762 // we support OPTIONS and TRACE directed at us (with a 501 reply, for now)
763 // we also support forwarding OPTIONS and TRACE, except for the *-URI ones
764 if (r
->method
== Http::METHOD_OPTIONS
|| r
->method
== Http::METHOD_TRACE
)
765 return (r
->header
.getInt64(Http::HdrType::MAX_FORWARDS
) == 0 || r
->url
.path() != URL::Asterisk());
767 if (r
->method
== Http::METHOD_PURGE
)
770 /* does method match the protocol? */
771 switch (r
->url
.getScheme()) {
773 case AnyP::PROTO_URN
:
775 case AnyP::PROTO_HTTP
:
777 case AnyP::PROTO_CACHE_OBJECT
:
781 case AnyP::PROTO_FTP
:
783 if (r
->method
== Http::METHOD_PUT
)
786 case AnyP::PROTO_GOPHER
:
788 case AnyP::PROTO_WAIS
:
790 case AnyP::PROTO_WHOIS
:
791 if (r
->method
== Http::METHOD_GET
)
793 else if (r
->method
== Http::METHOD_HEAD
)
798 case AnyP::PROTO_HTTPS
:
807 * Squid can't originate an SSL connection, so it should
808 * never receive an "https:" URL. It should always be
823 * Quick-n-dirty host extraction from a URL. Steps:
825 * Skip any '/' after the colon
826 * Copy the next SQUID_MAXHOSTNAMELEN bytes to host[]
827 * Look for an ending '/' or ':' and terminate
828 * Look for login info preceeded by '@'
835 char * extract(char const *url
);
838 static char Host
[SQUIDHOSTNAMELEN
];
839 void init(char const *);
840 void findHostStart();
841 void trimTrailingChars();
843 char const *hostStart
;
848 urlHostname(const char *url
)
850 return URLHostName().extract(url
);
853 char URLHostName::Host
[SQUIDHOSTNAMELEN
];
856 URLHostName::init(char const *aUrl
)
863 URLHostName::findHostStart()
865 if (NULL
== (hostStart
= strchr(url
, ':')))
870 while (*hostStart
!= '\0' && *hostStart
== '/')
873 if (*hostStart
== ']')
878 URLHostName::trimTrailingChars()
882 if ((t
= strchr(Host
, '/')))
885 if ((t
= strrchr(Host
, ':')))
888 if ((t
= strchr(Host
, ']')))
893 URLHostName::trimAuth()
897 if ((t
= strrchr(Host
, '@'))) {
899 memmove(Host
, t
, strlen(t
) + 1);
904 URLHostName::extract(char const *aUrl
)
909 if (hostStart
== NULL
)
912 xstrncpy(Host
, hostStart
, SQUIDHOSTNAMELEN
);
921 URL::URL(AnyP::UriScheme
const &aScheme
) :
923 hostIsNumeric_(false),