]>
Commit | Line | Data |
---|---|---|
0f78b815 | 1 | /* |
0cd2f407 MP |
2 | * Functions for looking up the remote name or addr of a socket. |
3 | * | |
0f78b815 WD |
4 | * Copyright (C) 1992-2001 Andrew Tridgell <tridge@samba.org> |
5 | * Copyright (C) 2001, 2002 Martin Pool <mbp@samba.org> | |
c3b553a9 | 6 | * Copyright (C) 2002-2022 Wayne Davison |
0f78b815 WD |
7 | * |
8 | * This program is free software; you can redistribute it and/or modify | |
8e41b68e WD |
9 | * it under the terms of the GNU General Public License as published by |
10 | * the Free Software Foundation; either version 3 of the License, or | |
11 | * (at your option) any later version. | |
0f78b815 WD |
12 | * |
13 | * This program is distributed in the hope that it will be useful, | |
14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
16 | * GNU General Public License for more details. | |
17 | * | |
e7c67065 | 18 | * You should have received a copy of the GNU General Public License along |
4fd842f9 | 19 | * with this program; if not, visit the http://fsf.org website. |
0f78b815 WD |
20 | */ |
21 | ||
22 | /* | |
0cd2f407 MP |
23 | * This file is now converted to use the new-style getaddrinfo() |
24 | * interface, which supports IPv6 but is also supported on recent | |
25 | * IPv4-only machines. On systems that don't have that interface, we | |
26 | * emulate it using the KAME implementation. | |
0f78b815 | 27 | */ |
0cd2f407 MP |
28 | |
29 | #include "rsync.h" | |
cff0764b WD |
30 | #include "itypes.h" |
31 | ||
32 | extern int am_daemon; | |
0cd2f407 MP |
33 | |
34 | static const char default_name[] = "UNKNOWN"; | |
cff0764b | 35 | static const char proxyv2sig[] = "\r\n\r\n\0\r\nQUIT\n"; |
0cd2f407 | 36 | |
cff0764b | 37 | static char ipaddr_buf[100]; |
0cd2f407 | 38 | |
cff0764b WD |
39 | #define PROXY_V2_SIG_SIZE ((int)sizeof proxyv2sig - 1) |
40 | #define PROXY_V2_HEADER_SIZE (PROXY_V2_SIG_SIZE + 1 + 1 + 2) | |
41 | ||
42 | #define CMD_LOCAL 0 | |
43 | #define CMD_PROXY 1 | |
44 | ||
45 | #define PROXY_FAM_TCPv4 0x11 | |
46 | #define PROXY_FAM_TCPv6 0x21 | |
47 | ||
48 | #define GET_SOCKADDR_FAMILY(ss) ((struct sockaddr*)ss)->sa_family | |
49 | ||
50 | static void client_sockaddr(int fd, struct sockaddr_storage *ss, socklen_t *ss_len); | |
51 | static int check_name(const char *ipaddr, const struct sockaddr_storage *ss, char *name_buf, size_t name_buf_size); | |
d0f34b5a | 52 | static int valid_ipaddr(const char *s, int allow_scope); |
cff0764b WD |
53 | |
54 | /* Return the IP addr of the client as a string. */ | |
0cd2f407 MP |
55 | char *client_addr(int fd) |
56 | { | |
b2ef4f61 WD |
57 | struct sockaddr_storage ss; |
58 | socklen_t length = sizeof ss; | |
0cd2f407 | 59 | |
cff0764b WD |
60 | if (*ipaddr_buf) |
61 | return ipaddr_buf; | |
0cd2f407 | 62 | |
cff0764b | 63 | if (am_daemon < 0) { /* daemon over --rsh mode */ |
70d4a945 | 64 | char *env_str; |
cff0764b | 65 | strlcpy(ipaddr_buf, "0.0.0.0", sizeof ipaddr_buf); |
99c9520e WD |
66 | if ((env_str = getenv("REMOTE_HOST")) != NULL |
67 | || (env_str = getenv("SSH_CONNECTION")) != NULL | |
70d4a945 | 68 | || (env_str = getenv("SSH_CLIENT")) != NULL |
99c9520e | 69 | || (env_str = getenv("SSH2_CLIENT")) != NULL) { |
70d4a945 | 70 | char *p; |
cff0764b | 71 | strlcpy(ipaddr_buf, env_str, sizeof ipaddr_buf); |
b2ef4f61 | 72 | /* Truncate the value to just the IP address. */ |
cff0764b | 73 | if ((p = strchr(ipaddr_buf, ' ')) != NULL) |
b2ef4f61 | 74 | *p = '\0'; |
542ad675 | 75 | } |
d0f34b5a | 76 | if (valid_ipaddr(ipaddr_buf, True)) |
cff0764b | 77 | return ipaddr_buf; |
3b5f6214 | 78 | } |
09021eab | 79 | |
cff0764b WD |
80 | client_sockaddr(fd, &ss, &length); |
81 | getnameinfo((struct sockaddr *)&ss, length, ipaddr_buf, sizeof ipaddr_buf, NULL, 0, NI_NUMERICHOST); | |
0cd2f407 | 82 | |
cff0764b | 83 | return ipaddr_buf; |
0cd2f407 MP |
84 | } |
85 | ||
86 | ||
87 | /** | |
88 | * Return the DNS name of the client. | |
89 | * | |
90 | * The name is statically cached so that repeated lookups are quick, | |
91 | * so there is a limit of one lookup per customer. | |
92 | * | |
93 | * If anything goes wrong, including the name->addr->name check, then | |
94 | * we just use "UNKNOWN", so you can use that value in hosts allow | |
95 | * lines. | |
6c92af20 MP |
96 | * |
97 | * After translation from sockaddr to name we do a forward lookup to | |
98 | * make sure nobody is spoofing PTR records. | |
0cd2f407 | 99 | **/ |
cff0764b | 100 | char *client_name(const char *ipaddr) |
0cd2f407 | 101 | { |
0cd2f407 | 102 | static char name_buf[100]; |
cff0764b | 103 | char port_buf[100]; |
706c7530 | 104 | struct sockaddr_storage ss; |
1e736b8f | 105 | socklen_t ss_len; |
cff0764b WD |
106 | struct addrinfo hint, *answer; |
107 | int err; | |
0cd2f407 | 108 | |
cff0764b | 109 | if (*name_buf) |
4cfa6156 | 110 | return name_buf; |
0cd2f407 | 111 | |
55410368 | 112 | strlcpy(name_buf, default_name, sizeof name_buf); |
1e736b8f | 113 | |
cff0764b WD |
114 | if (strcmp(ipaddr, "0.0.0.0") == 0) |
115 | return name_buf; | |
ea0f0379 | 116 | |
cff0764b WD |
117 | memset(&ss, 0, sizeof ss); |
118 | memset(&hint, 0, sizeof hint); | |
706c7530 | 119 | |
6a6d2113 | 120 | #ifdef AI_NUMERICHOST |
cff0764b | 121 | hint.ai_flags = AI_NUMERICHOST; |
6a6d2113 | 122 | #endif |
cff0764b | 123 | hint.ai_socktype = SOCK_STREAM; |
706c7530 | 124 | |
cff0764b WD |
125 | if ((err = getaddrinfo(ipaddr, NULL, &hint, &answer)) != 0) { |
126 | rprintf(FLOG, "malformed address %s: %s\n", ipaddr, gai_strerror(err)); | |
127 | return name_buf; | |
128 | } | |
706c7530 | 129 | |
cff0764b WD |
130 | switch (answer->ai_family) { |
131 | case AF_INET: | |
132 | ss_len = sizeof (struct sockaddr_in); | |
133 | memcpy(&ss, answer->ai_addr, ss_len); | |
134 | break; | |
4f5b0756 | 135 | #ifdef INET6 |
cff0764b WD |
136 | case AF_INET6: |
137 | ss_len = sizeof (struct sockaddr_in6); | |
138 | memcpy(&ss, answer->ai_addr, ss_len); | |
139 | break; | |
a6d8c3f3 | 140 | #endif |
cff0764b | 141 | default: |
ab110fc8 | 142 | NOISY_DEATH("Unknown ai_family value"); |
09021eab | 143 | } |
cff0764b | 144 | freeaddrinfo(answer); |
0cd2f407 | 145 | |
cff0764b WD |
146 | /* reverse lookup */ |
147 | err = getnameinfo((struct sockaddr*)&ss, ss_len, name_buf, sizeof name_buf, | |
148 | port_buf, sizeof port_buf, NI_NAMEREQD | NI_NUMERICSERV); | |
149 | if (err) { | |
150 | strlcpy(name_buf, default_name, sizeof name_buf); | |
151 | rprintf(FLOG, "name lookup failed for %s: %s\n", ipaddr, gai_strerror(err)); | |
152 | } else | |
153 | check_name(ipaddr, &ss, name_buf, sizeof name_buf); | |
1e736b8f | 154 | |
0cd2f407 MP |
155 | return name_buf; |
156 | } | |
157 | ||
158 | ||
1b53b2ff | 159 | /* Try to read a proxy protocol header (V1 or V2). Returns 1 on success or 0 on failure. */ |
249e28c7 | 160 | int read_proxy_protocol_header(int fd) |
cff0764b WD |
161 | { |
162 | union { | |
163 | struct { | |
164 | char line[108]; | |
165 | } v1; | |
166 | struct { | |
167 | char sig[PROXY_V2_SIG_SIZE]; | |
168 | char ver_cmd; | |
169 | char fam; | |
170 | char len[2]; | |
171 | union { | |
172 | struct { | |
173 | char src_addr[4]; | |
174 | char dst_addr[4]; | |
175 | char src_port[2]; | |
176 | char dst_port[2]; | |
177 | } ip4; | |
178 | struct { | |
179 | char src_addr[16]; | |
180 | char dst_addr[16]; | |
181 | char src_port[2]; | |
182 | char dst_port[2]; | |
183 | } ip6; | |
184 | struct { | |
185 | char src_addr[108]; | |
186 | char dst_addr[108]; | |
187 | } unx; | |
188 | } addr; | |
189 | } v2; | |
190 | } hdr; | |
191 | ||
192 | read_buf(fd, (char*)&hdr, PROXY_V2_SIG_SIZE); | |
193 | ||
194 | if (memcmp(hdr.v2.sig, proxyv2sig, PROXY_V2_SIG_SIZE) == 0) { /* Proxy V2 */ | |
195 | int ver, cmd, size; | |
196 | ||
197 | read_buf(fd, (char*)&hdr + PROXY_V2_SIG_SIZE, PROXY_V2_HEADER_SIZE - PROXY_V2_SIG_SIZE); | |
198 | ||
199 | ver = (hdr.v2.ver_cmd & 0xf0) >> 4; | |
200 | cmd = (hdr.v2.ver_cmd & 0x0f); | |
201 | size = (hdr.v2.len[0] << 8) + hdr.v2.len[1]; | |
202 | ||
203 | if (ver != 2 || size + PROXY_V2_HEADER_SIZE > (int)sizeof hdr) | |
204 | return 0; | |
205 | ||
206 | /* Grab all the remaining data in the binary request. */ | |
207 | read_buf(fd, (char*)&hdr + PROXY_V2_HEADER_SIZE, size); | |
208 | ||
209 | switch (cmd) { | |
210 | case CMD_PROXY: | |
211 | switch (hdr.v2.fam) { | |
212 | case PROXY_FAM_TCPv4: | |
213 | if (size != sizeof hdr.v2.addr.ip4) | |
214 | return 0; | |
215 | inet_ntop(AF_INET, hdr.v2.addr.ip4.src_addr, ipaddr_buf, sizeof ipaddr_buf); | |
d0f34b5a | 216 | return valid_ipaddr(ipaddr_buf, False); |
5818cf85 | 217 | #ifdef INET6 |
cff0764b WD |
218 | case PROXY_FAM_TCPv6: |
219 | if (size != sizeof hdr.v2.addr.ip6) | |
220 | return 0; | |
221 | inet_ntop(AF_INET6, hdr.v2.addr.ip6.src_addr, ipaddr_buf, sizeof ipaddr_buf); | |
d0f34b5a | 222 | return valid_ipaddr(ipaddr_buf, False); |
5818cf85 | 223 | #endif |
cff0764b WD |
224 | default: |
225 | break; | |
226 | } | |
227 | /* For an unsupported protocol we'll ignore the proxy data (leaving ipaddr_buf unset) | |
228 | * and accept the connection, which will get handled as a normal socket addr. */ | |
229 | return 1; | |
230 | case CMD_LOCAL: | |
231 | return 1; | |
232 | default: | |
233 | break; | |
234 | } | |
235 | ||
236 | return 0; | |
237 | } | |
238 | ||
239 | if (memcmp(hdr.v1.line, "PROXY", 5) == 0) { /* Proxy V1 */ | |
240 | char *endc, *sp, *p = hdr.v1.line + PROXY_V2_SIG_SIZE; | |
241 | int port_chk; | |
242 | ||
243 | *p = '\0'; | |
244 | if (!strchr(hdr.v1.line, '\n')) { | |
245 | while (1) { | |
246 | read_buf(fd, p, 1); | |
247 | if (*p++ == '\n') | |
248 | break; | |
249 | if (p - hdr.v1.line >= (int)sizeof hdr.v1.line - 1) | |
250 | return 0; | |
251 | } | |
252 | *p = '\0'; | |
253 | } | |
254 | ||
255 | endc = strchr(hdr.v1.line, '\r'); | |
256 | if (!endc || endc[1] != '\n' || endc[2]) | |
257 | return 0; | |
258 | *endc = '\0'; | |
259 | ||
260 | p = hdr.v1.line + 5; | |
261 | ||
262 | if (!isSpace(p++)) | |
263 | return 0; | |
264 | if (strncmp(p, "TCP4", 4) == 0) | |
265 | p += 4; | |
266 | else if (strncmp(p, "TCP6", 4) == 0) | |
267 | p += 4; | |
268 | else if (strncmp(p, "UNKNOWN", 7) == 0) | |
269 | return 1; | |
270 | else | |
271 | return 0; | |
272 | ||
273 | if (!isSpace(p++)) | |
274 | return 0; | |
275 | ||
276 | if ((sp = strchr(p, ' ')) == NULL) | |
277 | return 0; | |
278 | *sp = '\0'; | |
d0f34b5a | 279 | if (!valid_ipaddr(p, False)) |
cff0764b WD |
280 | return 0; |
281 | strlcpy(ipaddr_buf, p, sizeof ipaddr_buf); /* It will always fit when valid. */ | |
282 | ||
283 | p = sp + 1; | |
284 | if ((sp = strchr(p, ' ')) == NULL) | |
285 | return 0; | |
286 | *sp = '\0'; | |
d0f34b5a | 287 | if (!valid_ipaddr(p, False)) |
cff0764b WD |
288 | return 0; |
289 | /* Ignore destination address. */ | |
290 | ||
291 | p = sp + 1; | |
292 | if ((sp = strchr(p, ' ')) == NULL) | |
293 | return 0; | |
294 | *sp = '\0'; | |
295 | port_chk = strtol(p, &endc, 10); | |
296 | if (*endc || port_chk == 0) | |
297 | return 0; | |
298 | /* Ignore source port. */ | |
299 | ||
300 | p = sp + 1; | |
301 | port_chk = strtol(p, &endc, 10); | |
302 | if (*endc || port_chk == 0) | |
303 | return 0; | |
304 | /* Ignore destination port. */ | |
305 | ||
306 | return 1; | |
307 | } | |
308 | ||
309 | return 0; | |
310 | } | |
311 | ||
0cd2f407 MP |
312 | |
313 | /** | |
af32f69e MP |
314 | * Get the sockaddr for the client. |
315 | * | |
316 | * If it comes in as an ipv4 address mapped into IPv6 format then we | |
317 | * convert it back to a regular IPv4. | |
0cd2f407 | 318 | **/ |
cff0764b | 319 | static void client_sockaddr(int fd, struct sockaddr_storage *ss, socklen_t *ss_len) |
0cd2f407 | 320 | { |
c1e7217f | 321 | memset(ss, 0, sizeof *ss); |
bc2b4963 | 322 | |
0cd2f407 MP |
323 | if (getpeername(fd, (struct sockaddr *) ss, ss_len)) { |
324 | /* FIXME: Can we really not continue? */ | |
fde045cd | 325 | rsyserr(FLOG, errno, "getpeername on fd%d failed", fd); |
0cd2f407 MP |
326 | exit_cleanup(RERR_SOCKETIO); |
327 | } | |
328 | ||
4f5b0756 | 329 | #ifdef INET6 |
e63ff70e WD |
330 | if (GET_SOCKADDR_FAMILY(ss) == AF_INET6 |
331 | && IN6_IS_ADDR_V4MAPPED(&((struct sockaddr_in6 *)ss)->sin6_addr)) { | |
0cd2f407 MP |
332 | /* OK, so ss is in the IPv6 family, but it is really |
333 | * an IPv4 address: something like | |
334 | * "::ffff:10.130.1.2". If we use it as-is, then the | |
335 | * reverse lookup might fail or perhaps something else | |
336 | * bad might happen. So instead we convert it to an | |
337 | * equivalent address in the IPv4 address family. */ | |
338 | struct sockaddr_in6 sin6; | |
339 | struct sockaddr_in *sin; | |
340 | ||
c1e7217f | 341 | memcpy(&sin6, ss, sizeof sin6); |
0cd2f407 | 342 | sin = (struct sockaddr_in *)ss; |
c1e7217f | 343 | memset(sin, 0, sizeof *sin); |
0cd2f407 | 344 | sin->sin_family = AF_INET; |
c1e7217f | 345 | *ss_len = sizeof (struct sockaddr_in); |
4f5b0756 | 346 | #ifdef HAVE_SOCKADDR_IN_LEN |
0cd2f407 MP |
347 | sin->sin_len = *ss_len; |
348 | #endif | |
349 | sin->sin_port = sin6.sin6_port; | |
350 | ||
351 | /* There is a macro to extract the mapped part | |
352 | * (IN6_V4MAPPED_TO_SINADDR ?), but it does not seem | |
353 | * to be present in the Linux headers. */ | |
e63ff70e | 354 | memcpy(&sin->sin_addr, &sin6.sin6_addr.s6_addr[12], sizeof sin->sin_addr); |
2b284ee3 | 355 | } |
0cd2f407 MP |
356 | #endif |
357 | } | |
358 | ||
359 | ||
974f27e7 MP |
360 | /** |
361 | * Compare an addrinfo from the resolver to a sockinfo. | |
362 | * | |
363 | * Like strcmp, returns 0 for identical. | |
364 | **/ | |
cff0764b | 365 | static int compare_addrinfo_sockaddr(const struct addrinfo *ai, const struct sockaddr_storage *ss) |
974f27e7 | 366 | { |
cff0764b | 367 | int ss_family = GET_SOCKADDR_FAMILY(ss); |
974f27e7 | 368 | const char fn[] = "compare_addrinfo_sockaddr"; |
c1e7217f | 369 | |
974f27e7 | 370 | if (ai->ai_family != ss_family) { |
fde045cd | 371 | rprintf(FLOG, "%s: response family %d != %d\n", |
974f27e7 MP |
372 | fn, ai->ai_family, ss_family); |
373 | return 1; | |
374 | } | |
375 | ||
39e01d2d MP |
376 | /* The comparison method depends on the particular AF. */ |
377 | if (ss_family == AF_INET) { | |
378 | const struct sockaddr_in *sin1, *sin2; | |
379 | ||
380 | sin1 = (const struct sockaddr_in *) ss; | |
381 | sin2 = (const struct sockaddr_in *) ai->ai_addr; | |
4cfa6156 | 382 | |
e63ff70e | 383 | return memcmp(&sin1->sin_addr, &sin2->sin_addr, sizeof sin1->sin_addr); |
39e01d2d | 384 | } |
2b284ee3 | 385 | |
4f5b0756 | 386 | #ifdef INET6 |
2b284ee3 | 387 | if (ss_family == AF_INET6) { |
6780f720 MP |
388 | const struct sockaddr_in6 *sin1, *sin2; |
389 | ||
390 | sin1 = (const struct sockaddr_in6 *) ss; | |
391 | sin2 = (const struct sockaddr_in6 *) ai->ai_addr; | |
bc2b4963 | 392 | |
2c681b87 | 393 | if (ai->ai_addrlen < (int)sizeof (struct sockaddr_in6)) { |
fde045cd | 394 | rprintf(FLOG, "%s: too short sockaddr_in6; length=%d\n", |
f587061a | 395 | fn, (int)ai->ai_addrlen); |
bc2b4963 DD |
396 | return 1; |
397 | } | |
398 | ||
e63ff70e | 399 | if (memcmp(&sin1->sin6_addr, &sin2->sin6_addr, sizeof sin1->sin6_addr)) |
bc2b4963 DD |
400 | return 1; |
401 | ||
4f5b0756 | 402 | #ifdef HAVE_SOCKADDR_IN6_SCOPE_ID |
bc2b4963 DD |
403 | if (sin1->sin6_scope_id != sin2->sin6_scope_id) |
404 | return 1; | |
405 | #endif | |
406 | return 0; | |
39e01d2d MP |
407 | } |
408 | #endif /* INET6 */ | |
2b284ee3 WD |
409 | |
410 | /* don't know */ | |
411 | return 1; | |
974f27e7 MP |
412 | } |
413 | ||
414 | ||
af32f69e MP |
415 | /** |
416 | * Do a forward lookup on @p name_buf and make sure it corresponds to | |
417 | * @p ss -- otherwise we may be being spoofed. If we suspect we are, | |
418 | * then we don't abort the connection but just emit a warning, and | |
419 | * change @p name_buf to be "UNKNOWN". | |
6c92af20 MP |
420 | * |
421 | * We don't do anything with the service when checking the name, | |
422 | * because it doesn't seem that it could be spoofed in any way, and | |
423 | * getaddrinfo on random service names seems to cause problems on AIX. | |
af32f69e | 424 | **/ |
cff0764b | 425 | static int check_name(const char *ipaddr, const struct sockaddr_storage *ss, char *name_buf, size_t name_buf_size) |
0cd2f407 MP |
426 | { |
427 | struct addrinfo hints, *res, *res0; | |
428 | int error; | |
cff0764b | 429 | int ss_family = GET_SOCKADDR_FAMILY(ss); |
0cd2f407 | 430 | |
c1e7217f | 431 | memset(&hints, 0, sizeof hints); |
39e01d2d MP |
432 | hints.ai_family = ss_family; |
433 | hints.ai_flags = AI_CANONNAME; | |
0cd2f407 | 434 | hints.ai_socktype = SOCK_STREAM; |
6c92af20 | 435 | error = getaddrinfo(name_buf, NULL, &hints, &res0); |
0cd2f407 | 436 | if (error) { |
fde045cd | 437 | rprintf(FLOG, "forward name lookup for %s failed: %s\n", |
af32f69e | 438 | name_buf, gai_strerror(error)); |
55410368 | 439 | strlcpy(name_buf, default_name, name_buf_size); |
0cd2f407 MP |
440 | return error; |
441 | } | |
442 | ||
974f27e7 MP |
443 | /* Given all these results, we expect that one of them will be |
444 | * the same as ss. The comparison is a bit complicated. */ | |
0cd2f407 | 445 | for (res = res0; res; res = res->ai_next) { |
974f27e7 MP |
446 | if (!compare_addrinfo_sockaddr(res, ss)) |
447 | break; /* OK, identical */ | |
0cd2f407 MP |
448 | } |
449 | ||
450 | if (!res0) { | |
451 | /* We hit the end of the list without finding an | |
452 | * address that was the same as ss. */ | |
fde045cd WD |
453 | rprintf(FLOG, "no known address for \"%s\": " |
454 | "spoofed address?\n", name_buf); | |
55410368 | 455 | strlcpy(name_buf, default_name, name_buf_size); |
974f27e7 | 456 | } else if (res == NULL) { |
0cd2f407 MP |
457 | /* We hit the end of the list without finding an |
458 | * address that was the same as ss. */ | |
fde045cd | 459 | rprintf(FLOG, "%s is not a known address for \"%s\": " |
cff0764b | 460 | "spoofed address?\n", ipaddr, name_buf); |
55410368 | 461 | strlcpy(name_buf, default_name, name_buf_size); |
0cd2f407 MP |
462 | } |
463 | ||
464 | freeaddrinfo(res0); | |
465 | return 0; | |
466 | } | |
cff0764b WD |
467 | |
468 | /* Returns 1 for a valid IPv4 or IPv6 addr, or 0 for a bad one. */ | |
d0f34b5a | 469 | static int valid_ipaddr(const char *s, int allow_scope) |
cff0764b WD |
470 | { |
471 | int i; | |
472 | ||
473 | if (strchr(s, ':') != NULL) { /* Only IPv6 has a colon. */ | |
474 | int count, saw_double_colon = 0; | |
475 | int ipv4_at_end = 0; | |
476 | ||
477 | if (*s == ':') { /* A colon at the start must be a :: */ | |
478 | if (*++s != ':') | |
479 | return 0; | |
480 | saw_double_colon = 1; | |
481 | s++; | |
482 | } | |
483 | ||
484 | for (count = 0; count < 8; count++) { | |
485 | if (!*s) | |
8f6d6bcb | 486 | return saw_double_colon; |
d0f34b5a WD |
487 | if (allow_scope && *s == '%') { |
488 | if (saw_double_colon) | |
489 | break; | |
490 | return 0; | |
491 | } | |
cff0764b WD |
492 | |
493 | if (strchr(s, ':') == NULL && strchr(s, '.') != NULL) { | |
494 | if ((!saw_double_colon && count != 6) || (saw_double_colon && count > 6)) | |
495 | return 0; | |
496 | ipv4_at_end = 1; | |
497 | break; | |
498 | } | |
499 | ||
500 | if (!isHexDigit(s++)) /* Need 1-4 hex digits */ | |
501 | return 0; | |
502 | if (isHexDigit(s) && isHexDigit(++s) && isHexDigit(++s) && isHexDigit(++s)) | |
503 | return 0; | |
504 | ||
505 | if (*s == ':') { | |
506 | if (!*++s) | |
507 | return 0; | |
508 | if (*s == ':') { | |
509 | if (saw_double_colon) | |
510 | return 0; | |
511 | saw_double_colon = 1; | |
512 | s++; | |
513 | } | |
514 | } | |
515 | } | |
516 | ||
d0f34b5a WD |
517 | if (!ipv4_at_end) { |
518 | if (allow_scope && *s == '%') | |
519 | for (s++; isAlNum(s); s++) { } | |
520 | return !*s && s[-1] != '%'; | |
521 | } | |
cff0764b WD |
522 | } |
523 | ||
524 | /* IPv4 */ | |
525 | for (i = 0; i < 4; i++) { | |
526 | long n; | |
527 | char *end; | |
528 | ||
529 | if (i && *s++ != '.') | |
530 | return 0; | |
531 | n = strtol(s, &end, 10); | |
532 | if (n > 255 || n < 0 || end <= s || end > s+3) | |
533 | return 0; | |
534 | s = end; | |
535 | } | |
536 | ||
537 | return !*s; | |
538 | } |