1 const char urlmatch_rcs[] = "$Id: urlmatch.c,v 1.21 2007/12/24 16:34:23 fabiankeil Exp $";
2 /*********************************************************************
4 * File : $Source: /cvsroot/ijbswa/current/urlmatch.c,v $
6 * Purpose : Declares functions to match URLs against URL
9 * Copyright : Written by and Copyright (C) 2001-2003, 2006-2007 the SourceForge
10 * Privoxy team. http://www.privoxy.org/
12 * Based on the Internet Junkbuster originally written
13 * by and Copyright (C) 1997 Anonymous Coders and
14 * Junkbusters Corporation. http://www.junkbusters.com
16 * This program is free software; you can redistribute it
17 * and/or modify it under the terms of the GNU General
18 * Public License as published by the Free Software
19 * Foundation; either version 2 of the License, or (at
20 * your option) any later version.
22 * This program is distributed in the hope that it will
23 * be useful, but WITHOUT ANY WARRANTY; without even the
24 * implied warranty of MERCHANTABILITY or FITNESS FOR A
25 * PARTICULAR PURPOSE. See the GNU General Public
26 * License for more details.
28 * The GNU General Public License should be included with
29 * this file. If not, you can view it at
30 * http://www.gnu.org/copyleft/gpl.html
31 * or write to the Free Software Foundation, Inc., 59
32 * Temple Place - Suite 330, Boston, MA 02111-1307, USA.
35 * $Log: urlmatch.c,v $
36 * Revision 1.21 2007/12/24 16:34:23 fabiankeil
37 * Band-aid (and micro-optimization) that makes it less likely to run out of
38 * stack space with overly-complex path patterns. Probably masks the problem
39 * reported by Lee in #1856679. Hohoho.
41 * Revision 1.20 2007/09/02 15:31:20 fabiankeil
42 * Move match_portlist() from filter.c to urlmatch.c.
43 * It's used for url matching, not for filtering.
45 * Revision 1.19 2007/09/02 13:42:11 fabiankeil
46 * - Allow port lists in url patterns.
47 * - Ditch unused url_spec member pathlen.
49 * Revision 1.18 2007/07/30 16:42:21 fabiankeil
50 * Move the method check into unknown_method()
51 * and loop through the known methods instead
52 * of using a screen-long OR chain.
54 * Revision 1.17 2007/04/15 16:39:21 fabiankeil
55 * Introduce tags as alternative way to specify which
56 * actions apply to a request. At the moment tags can be
57 * created based on client and server headers.
59 * Revision 1.16 2007/02/13 13:59:24 fabiankeil
60 * Remove redundant log message.
62 * Revision 1.15 2007/01/28 16:11:23 fabiankeil
63 * Accept WebDAV methods for subversion
64 * in parse_http_request(). Closes FR 1581425.
66 * Revision 1.14 2007/01/06 14:23:56 fabiankeil
67 * Fix gcc43 warnings. Mark *csp as immutable
68 * for parse_http_url() and url_match().
69 * Replace a sprintf call with snprintf.
71 * Revision 1.13 2006/12/06 19:50:54 fabiankeil
72 * parse_http_url() now handles intercepted
73 * HTTP request lines as well. Moved parts
74 * of parse_http_url()'s code into
75 * init_domain_components() so that it can
76 * be reused in chat().
78 * Revision 1.12 2006/07/18 14:48:47 david__schmidt
79 * Reorganizing the repository: swapping out what was HEAD (the old 3.1 branch)
80 * with what was really the latest development (the v_3_0_branch branch)
82 * Revision 1.10.2.7 2003/05/17 15:57:24 oes
83 * - parse_http_url now checks memory allocation failure for
84 * duplication of "*" URL and rejects "*something" URLs
86 * - Added a comment to what might look like a bug in
87 * create_url_spec (see !bug #736931)
90 * Revision 1.10.2.6 2003/05/07 12:39:48 oes
91 * Fix typo: Default port for https URLs is 443, not 143.
92 * Thanks to Scott Tregear for spotting this one.
94 * Revision 1.10.2.5 2003/02/28 13:09:29 oes
95 * Fixed a rare double free condition as per Bug #694713
97 * Revision 1.10.2.4 2003/02/28 12:57:44 oes
98 * Moved freeing of http request structure to its owner
99 * as per Dan Price's observations in Bug #694713
101 * Revision 1.10.2.3 2002/11/12 16:50:40 oes
102 * Fixed memory leak in parse_http_request() reported by Oliver Stoeneberg. Fixes bug #637073
104 * Revision 1.10.2.2 2002/09/25 14:53:15 oes
105 * Added basic support for OPTIONS and TRACE HTTP methods:
106 * parse_http_url now recognizes the "*" URI as well as
107 * the OPTIONS and TRACE method keywords.
109 * Revision 1.10.2.1 2002/06/06 19:06:44 jongfoster
110 * Adding support for proprietary Microsoft WebDAV extensions
112 * Revision 1.10 2002/05/12 21:40:37 jongfoster
113 * - Removing some unused code
115 * Revision 1.9 2002/04/04 00:36:36 gliptak
116 * always use pcre for matching
118 * Revision 1.8 2002/04/03 23:32:47 jongfoster
119 * Fixing memory leak on error
121 * Revision 1.7 2002/03/26 22:29:55 swa
122 * we have a new homepage!
124 * Revision 1.6 2002/03/24 13:25:43 swa
125 * name change related issues
127 * Revision 1.5 2002/03/13 00:27:05 jongfoster
130 * Revision 1.4 2002/03/07 03:46:17 oes
131 * Fixed compiler warnings
133 * Revision 1.3 2002/03/03 14:51:11 oes
134 * Fixed CLF logging: Added ocmd member for client's request to struct http_request
136 * Revision 1.2 2002/01/21 00:14:09 jongfoster
137 * Correcting comment style
138 * Fixing an uninitialized memory bug in create_url_spec()
140 * Revision 1.1 2002/01/17 20:53:46 jongfoster
141 * Moving all our URL and URL pattern parsing code to the same file - it
142 * was scattered around in filters.c, loaders.c and parsers.c.
144 * Providing a single, simple url_match(pattern,url) function - rather than
145 * the 3-line match routine which was repeated all over the place.
147 * Renaming free_url to free_url_spec, since it frees a struct url_spec.
149 * Providing parse_http_url() so that URLs can be parsed without faking a
150 * HTTP request line for parse_http_request() or repeating the parsing
151 * code (both of which were techniques that were actually in use).
153 * Standardizing that struct http_request is used to represent a URL, and
154 * struct url_spec is used to represent a URL pattern. (Before, URLs were
155 * represented as seperate variables and a partially-filled-in url_spec).
158 *********************************************************************/
165 #include <sys/types.h>
173 #if !defined(_WIN32) && !defined(__OS2__)
178 #include "urlmatch.h"
180 #include "miscutil.h"
183 const char urlmatch_h_rcs[] = URLMATCH_H_VERSION;
186 /*********************************************************************
188 * Function : free_http_request
190 * Description : Freez a http_request structure
193 * 1 : http = points to a http_request structure to free
197 *********************************************************************/
198 void free_http_request(struct http_request *http)
207 freez(http->hostport);
210 freez(http->host_ip_addr_str);
211 freez(http->dbuffer);
216 /*********************************************************************
218 * Function : init_domain_components
220 * Description : Splits the domain name so we can compare it
221 * against wildcards. It used to be part of
222 * parse_http_url, but was separated because the
223 * same code is required in chat in case of
224 * intercepted requests.
227 * 1 : http = pointer to the http structure to hold elements.
229 * Returns : JB_ERR_OK on success
230 * JB_ERR_MEMORY on out of memory
231 * JB_ERR_PARSE on malformed command/URL
232 * or >100 domains deep.
234 *********************************************************************/
235 jb_err init_domain_components(struct http_request *http)
237 char *vec[BUFFER_SIZE];
241 http->dbuffer = strdup(http->host);
242 if (NULL == http->dbuffer)
244 return JB_ERR_MEMORY;
247 /* map to lower case */
248 for (p = http->dbuffer; *p ; p++)
250 *p = (char)tolower((int)(unsigned char)*p);
253 /* split the domain name into components */
254 http->dcount = ssplit(http->dbuffer, ".", vec, SZ(vec), 1, 1);
256 if (http->dcount <= 0)
259 * Error: More than SZ(vec) components in domain
260 * or: no components in domain
262 log_error(LOG_LEVEL_ERROR, "More than SZ(vec) components in domain or none at all.");
266 /* save a copy of the pointers in dvec */
267 size = (size_t)http->dcount * sizeof(*http->dvec);
269 http->dvec = (char **)malloc(size);
270 if (NULL == http->dvec)
272 return JB_ERR_MEMORY;
275 memcpy(http->dvec, vec, size);
280 /*********************************************************************
282 * Function : parse_http_url
284 * Description : Parse out the host and port from the URL. Find the
285 * hostname & path, port (if ':'), and/or password (if '@')
288 * 1 : url = URL (or is it URI?) to break down
289 * 2 : http = pointer to the http structure to hold elements.
290 * Will be zeroed before use. Note that this
291 * function sets the http->gpc and http->ver
293 * 3 : csp = Current client state (buffers, headers, etc...)
295 * Returns : JB_ERR_OK on success
296 * JB_ERR_MEMORY on out of memory
297 * JB_ERR_PARSE on malformed command/URL
298 * or >100 domains deep.
300 *********************************************************************/
301 jb_err parse_http_url(const char * url,
302 struct http_request *http,
303 const struct client_state *csp)
305 int host_available = 1; /* A proxy can dream. */
308 * Zero out the results structure
310 memset(http, '\0', sizeof(*http));
314 * Save our initial URL
316 http->url = strdup(url);
317 if (http->url == NULL)
319 return JB_ERR_MEMORY;
324 * Check for * URI. If found, we're done.
326 if (*http->url == '*')
328 if ( NULL == (http->path = strdup("*"))
329 || NULL == (http->hostport = strdup("")) )
331 return JB_ERR_MEMORY;
333 if (http->url[1] != '\0')
342 * Split URL into protocol,hostport,path.
352 return JB_ERR_MEMORY;
355 /* Find the start of the URL in our scratch space */
357 if (strncmpic(url_noproto, "http://", 7) == 0)
362 else if (strncmpic(url_noproto, "https://", 8) == 0)
367 else if (*url_noproto == '/')
370 * Short request line without protocol and host.
371 * Most likely because the client's request
372 * was intercepted and redirected into Privoxy.
383 url_path = strchr(url_noproto, '/');
384 if (url_path != NULL)
389 * NOTE: The following line ignores the path for HTTPS URLS.
390 * This means that you get consistent behaviour if you type a
391 * https URL in and it's parsed by the function. (When the
392 * URL is actually retrieved, SSL hides the path part).
394 http->path = strdup(http->ssl ? "/" : url_path);
396 http->hostport = strdup(url_noproto);
401 * Repair broken HTTP requests that don't contain a path,
402 * or CONNECT requests
404 http->path = strdup("/");
405 http->hostport = strdup(url_noproto);
410 if ( (http->path == NULL)
411 || (http->hostport == NULL))
413 return JB_ERR_MEMORY;
419 /* Without host, there is nothing left to do here */
424 * Split hostport into user/password (ignored), host, port.
431 buf = strdup(http->hostport);
434 return JB_ERR_MEMORY;
437 /* check if url contains username and/or password */
438 host = strchr(buf, '@');
441 /* Contains username/password, skip it and the @ sign. */
446 /* No username or password. */
450 /* check if url contains port */
451 port = strchr(host, ':');
455 /* Terminate hostname and point to start of port string */
457 http->port = atoi(port);
461 /* No port specified. */
462 http->port = (http->ssl ? 443 : 80);
465 http->host = strdup(host);
469 if (http->host == NULL)
471 return JB_ERR_MEMORY;
476 * Split domain name so we can compare it against wildcards
478 return init_domain_components(http);
483 /*********************************************************************
485 * Function : unknown_method
487 * Description : Checks whether a method is unknown.
490 * 1 : method = points to a http method
492 * Returns : TRUE if it's unknown, FALSE otherwise.
494 *********************************************************************/
495 static int unknown_method(const char *method)
497 static const char *known_http_methods[] = {
498 /* Basic HTTP request type */
499 "GET", "HEAD", "POST", "PUT", "DELETE", "OPTIONS", "TRACE", "CONNECT",
500 /* webDAV extensions (RFC2518) */
501 "PROPFIND", "PROPPATCH", "MOVE", "COPY", "MKCOL", "LOCK", "UNLOCK",
503 * Microsoft webDAV extension for Exchange 2000. See:
504 * http://lists.w3.org/Archives/Public/w3c-dist-auth/2002JanMar/0001.html
505 * http://msdn.microsoft.com/library/en-us/wss/wss/_webdav_methods.asp
507 "BCOPY", "BMOVE", "BDELETE", "BPROPFIND", "BPROPPATCH",
509 * Another Microsoft webDAV extension for Exchange 2000. See:
510 * http://systems.cs.colorado.edu/grunwald/MobileComputing/Papers/draft-cohen-gena-p-base-00.txt
511 * http://lists.w3.org/Archives/Public/w3c-dist-auth/2002JanMar/0001.html
512 * http://msdn.microsoft.com/library/en-us/wss/wss/_webdav_methods.asp
514 "SUBSCRIBE", "UNSUBSCRIBE", "NOTIFY", "POLL",
516 * Yet another WebDAV extension, this time for
517 * Web Distributed Authoring and Versioning (RFC3253)
519 "VERSION-CONTROL", "REPORT", "CHECKOUT", "CHECKIN", "UNCHECKOUT",
520 "MKWORKSPACE", "UPDATE", "LABEL", "MERGE", "BASELINE-CONTROL", "MKACTIVITY",
524 for (i = 0; i < SZ(known_http_methods); i++)
526 if (0 == strcmpic(method, known_http_methods[i]))
537 /*********************************************************************
539 * Function : parse_http_request
541 * Description : Parse out the host and port from the URL. Find the
542 * hostname & path, port (if ':'), and/or password (if '@')
545 * 1 : req = HTTP request line to break down
546 * 2 : http = pointer to the http structure to hold elements
547 * 3 : csp = Current client state (buffers, headers, etc...)
549 * Returns : JB_ERR_OK on success
550 * JB_ERR_MEMORY on out of memory
551 * JB_ERR_CGI_PARAMS on malformed command/URL
552 * or >100 domains deep.
554 *********************************************************************/
555 jb_err parse_http_request(const char *req,
556 struct http_request *http,
557 const struct client_state *csp)
560 char *v[10]; /* XXX: Why 10? We should only need three. */
565 memset(http, '\0', sizeof(*http));
570 return JB_ERR_MEMORY;
573 n = ssplit(buf, " \r\n", v, SZ(v), 1, 1);
581 * Fail in case of unknown methods
582 * which we might not handle correctly.
584 * XXX: There should be a config option
585 * to forward requests with unknown methods
586 * anyway. Most of them don't need special
589 if (unknown_method(v[0]))
591 log_error(LOG_LEVEL_ERROR, "Unknown HTTP method detected: %s", v[0]);
596 if (strcmpic(v[0], "CONNECT") == 0)
601 err = parse_http_url(v[1], http, csp);
609 * Copy the details into the structure
611 http->ssl = is_connect;
612 http->cmd = strdup(req);
613 http->gpc = strdup(v[0]);
614 http->ver = strdup(v[2]);
616 if ( (http->cmd == NULL)
617 || (http->gpc == NULL)
618 || (http->ver == NULL) )
621 return JB_ERR_MEMORY;
630 /*********************************************************************
632 * Function : simple_domaincmp
634 * Description : Domain-wise Compare fqdn's. The comparison is
635 * both left- and right-anchored. The individual
636 * domain names are compared with simplematch().
637 * This is only used by domain_match.
640 * 1 : pv = array of patterns to compare
641 * 2 : fv = array of domain components to compare
642 * 3 : len = length of the arrays (both arrays are the
643 * same length - if they weren't, it couldn't
644 * possibly be a match).
646 * Returns : 0 => domains are equivalent, else no match.
648 *********************************************************************/
649 static int simple_domaincmp(char **pv, char **fv, int len)
653 for (n = 0; n < len; n++)
655 if (simplematch(pv[n], fv[n]))
666 /*********************************************************************
668 * Function : domain_match
670 * Description : Domain-wise Compare fqdn's. Governed by the bimap in
671 * pattern->unachored, the comparison is un-, left-,
672 * right-anchored, or both.
673 * The individual domain names are compared with
677 * 1 : pattern = a domain that may contain a '*' as a wildcard.
678 * 2 : fqdn = domain name against which the patterns are compared.
680 * Returns : 0 => domains are equivalent, else no match.
682 *********************************************************************/
683 static int domain_match(const struct url_spec *pattern, const struct http_request *fqdn)
685 char **pv, **fv; /* vectors */
687 int unanchored = pattern->unanchored & (ANCHOR_RIGHT | ANCHOR_LEFT);
689 plen = pattern->dcount;
694 /* fqdn is too short to match this pattern */
701 if (unanchored == ANCHOR_LEFT)
706 * Convert this into a fully anchored pattern with
707 * the fqdn and pattern the same length
709 fv += (flen - plen); /* flen - plen >= 0 due to check above */
710 return simple_domaincmp(pv, fv, plen);
712 else if (unanchored == 0)
714 /* Fully anchored, check length */
719 return simple_domaincmp(pv, fv, plen);
721 else if (unanchored == ANCHOR_RIGHT)
723 /* Left anchored, ignore all extra in fqdn */
724 return simple_domaincmp(pv, fv, plen);
730 int maxn = flen - plen;
731 for (n = 0; n <= maxn; n++)
733 if (!simple_domaincmp(pv, fv, plen))
738 * Doesn't match from start of fqdn
739 * Try skipping first part of fqdn
749 /*********************************************************************
751 * Function : create_url_spec
753 * Description : Creates a "url_spec" structure from a string.
754 * When finished, free with free_url_spec().
757 * 1 : url = Target url_spec to be filled in. Will be
759 * 2 : buf = Source pattern, null terminated. NOTE: The
760 * contents of this buffer are destroyed by this
761 * function. If this function succeeds, the
762 * buffer is copied to url->spec. If this
763 * function fails, the contents of the buffer
766 * Returns : JB_ERR_OK - Success
767 * JB_ERR_MEMORY - Out of memory
768 * JB_ERR_PARSE - Cannot parse regex (Detailed message
769 * written to system log)
771 *********************************************************************/
772 jb_err create_url_spec(struct url_spec * url, const char * buf)
777 char rebuf[BUFFER_SIZE];
785 memset(url, '\0', sizeof(*url));
788 * Save a copy of the orignal specification
790 if ((url->spec = strdup(buf)) == NULL)
792 return JB_ERR_MEMORY;
795 /* Is it tag pattern? */
796 if (0 == strncmpic("TAG:", url->spec, 4))
798 if (NULL == (url->tag_regex = zalloc(sizeof(*url->tag_regex))))
801 return JB_ERR_MEMORY;
804 /* buf + 4 to skip "TAG:" */
805 errcode = regcomp(url->tag_regex, buf + 4, (REG_EXTENDED|REG_NOSUB|REG_ICASE));
808 errlen = regerror(errcode, url->preg, rebuf, sizeof(rebuf));
809 if (errlen > (sizeof(rebuf) - 1))
811 errlen = sizeof(rebuf) - 1;
813 rebuf[errlen] = '\0';
815 log_error(LOG_LEVEL_ERROR, "error compiling %s: %s", url->spec, rebuf);
818 regfree(url->tag_regex);
819 freez(url->tag_regex);
826 /* Only reached for URL patterns */
827 p = strchr(buf, '/');
830 url->path = strdup(p);
831 if (NULL == url->path)
834 return JB_ERR_MEMORY;
844 if (NULL == (url->preg = zalloc(sizeof(*url->preg))))
848 return JB_ERR_MEMORY;
851 snprintf(rebuf, sizeof(rebuf), "^(%s)", url->path);
853 errcode = regcomp(url->preg, rebuf,
854 (REG_EXTENDED|REG_NOSUB|REG_ICASE));
857 errlen = regerror(errcode, url->preg, rebuf, sizeof(rebuf));
859 if (errlen > (sizeof(rebuf) - (size_t)1))
861 errlen = sizeof(rebuf) - (size_t)1;
863 rebuf[errlen] = '\0';
865 log_error(LOG_LEVEL_ERROR, "error compiling %s: %s",
877 p = strchr(buf, ':');
881 url->port_list = strdup(p);
882 if (NULL == url->port_list)
884 return JB_ERR_MEMORY;
889 url->port_list = NULL;
900 if (buf[strlen(buf) - 1] == '.')
902 url->unanchored |= ANCHOR_RIGHT;
906 url->unanchored |= ANCHOR_LEFT;
910 * Split domain into components
912 url->dbuffer = strdup(buf);
913 if (NULL == url->dbuffer)
919 return JB_ERR_MEMORY;
925 for (p = url->dbuffer; *p ; p++)
927 *p = (char)tolower((int)(unsigned char)*p);
931 * Split the domain name into components
933 url->dcount = ssplit(url->dbuffer, ".", v, SZ(v), 1, 1);
943 return JB_ERR_MEMORY;
945 else if (url->dcount != 0)
949 * Save a copy of the pointers in dvec
951 size = (size_t)url->dcount * sizeof(*url->dvec);
953 url->dvec = (char **)malloc(size);
954 if (NULL == url->dvec)
962 return JB_ERR_MEMORY;
965 memcpy(url->dvec, v, size);
968 * else dcount == 0 in which case we needn't do anything,
969 * since dvec will never be accessed and the pattern will
979 /*********************************************************************
981 * Function : free_url_spec
983 * Description : Called from the "unloaders". Freez the url
984 * structure elements.
987 * 1 : url = pointer to a url_spec structure.
991 *********************************************************************/
992 void free_url_spec(struct url_spec *url)
994 if (url == NULL) return;
1000 freez(url->port_list);
1008 regfree(url->tag_regex);
1009 freez(url->tag_regex);
1014 /*********************************************************************
1016 * Function : url_match
1018 * Description : Compare a URL against a URL pattern.
1021 * 1 : pattern = a URL pattern
1022 * 2 : url = URL to match
1024 * Returns : Nonzero if the URL matches the pattern, else 0.
1026 *********************************************************************/
1027 int url_match(const struct url_spec *pattern,
1028 const struct http_request *url)
1030 /* XXX: these should probably be functions. */
1031 #define PORT_MATCHES ((NULL == pattern->port_list) || match_portlist(pattern->port_list, url->port))
1032 #define DOMAIN_MATCHES ((NULL == pattern->dbuffer) || (0 == domain_match(pattern, url)))
1033 #define PATH_MATCHES ((NULL == pattern->path) || (0 == regexec(pattern->preg, url->path, 0, NULL, 0)))
1035 if (pattern->tag_regex != NULL)
1037 /* It's a tag pattern and shouldn't be matched against URLs */
1041 return (PORT_MATCHES && DOMAIN_MATCHES && PATH_MATCHES);
1046 /*********************************************************************
1048 * Function : match_portlist
1050 * Description : Check if a given number is covered by a comma
1051 * separated list of numbers and ranges (a,b-c,d,..)
1054 * 1 : portlist = String with list
1055 * 2 : port = port to check
1057 * Returns : 0 => no match
1060 *********************************************************************/
1061 int match_portlist(const char *portlist, int port)
1063 char *min, *max, *next, *portlist_copy;
1065 min = next = portlist_copy = strdup(portlist);
1068 * Zero-terminate first item and remember offset for next
1070 if (NULL != (next = strchr(portlist_copy, (int) ',')))
1076 * Loop through all items, checking for match
1080 if (NULL == (max = strchr(min, (int) '-')))
1083 * No dash, check for equality
1085 if (port == atoi(min))
1087 free(portlist_copy);
1094 * This is a range, so check if between min and max,
1095 * or, if max was omitted, between min and 65K
1098 if(port >= atoi(min) && port <= (atoi(max) ? atoi(max) : 65535))
1100 free(portlist_copy);
1112 * Zero-terminate next item and remember offset for n+1
1114 if ((NULL != next) && (NULL != (next = strchr(next, (int) ','))))
1120 free(portlist_copy);
projects / privoxy.git / blob