1 const char urlmatch_rcs[] = "$Id: urlmatch.c,v 1.15 2007/01/28 16:11:23 fabiankeil Exp $";
2 /*********************************************************************
4 * File : $Source: /cvsroot/ijbswa/current/urlmatch.c,v $
6 * Purpose : Declares functions to match URLs against URL
9 * Copyright : Written by and Copyright (C) 2001-2003, 2006-2007 the SourceForge
10 * Privoxy team. http://www.privoxy.org/
12 * Based on the Internet Junkbuster originally written
13 * by and Copyright (C) 1997 Anonymous Coders and
14 * Junkbusters Corporation. http://www.junkbusters.com
16 * This program is free software; you can redistribute it
17 * and/or modify it under the terms of the GNU General
18 * Public License as published by the Free Software
19 * Foundation; either version 2 of the License, or (at
20 * your option) any later version.
22 * This program is distributed in the hope that it will
23 * be useful, but WITHOUT ANY WARRANTY; without even the
24 * implied warranty of MERCHANTABILITY or FITNESS FOR A
25 * PARTICULAR PURPOSE. See the GNU General Public
26 * License for more details.
28 * The GNU General Public License should be included with
29 * this file. If not, you can view it at
30 * http://www.gnu.org/copyleft/gpl.html
31 * or write to the Free Software Foundation, Inc., 59
32 * Temple Place - Suite 330, Boston, MA 02111-1307, USA.
35 * $Log: urlmatch.c,v $
36 * Revision 1.15 2007/01/28 16:11:23 fabiankeil
37 * Accept WebDAV methods for subversion
38 * in parse_http_request(). Closes FR 1581425.
40 * Revision 1.14 2007/01/06 14:23:56 fabiankeil
41 * Fix gcc43 warnings. Mark *csp as immutable
42 * for parse_http_url() and url_match().
43 * Replace a sprintf call with snprintf.
45 * Revision 1.13 2006/12/06 19:50:54 fabiankeil
46 * parse_http_url() now handles intercepted
47 * HTTP request lines as well. Moved parts
48 * of parse_http_url()'s code into
49 * init_domain_components() so that it can
50 * be reused in chat().
52 * Revision 1.12 2006/07/18 14:48:47 david__schmidt
53 * Reorganizing the repository: swapping out what was HEAD (the old 3.1 branch)
54 * with what was really the latest development (the v_3_0_branch branch)
56 * Revision 1.10.2.7 2003/05/17 15:57:24 oes
57 * - parse_http_url now checks memory allocation failure for
58 * duplication of "*" URL and rejects "*something" URLs
60 * - Added a comment to what might look like a bug in
61 * create_url_spec (see !bug #736931)
64 * Revision 1.10.2.6 2003/05/07 12:39:48 oes
65 * Fix typo: Default port for https URLs is 443, not 143.
66 * Thanks to Scott Tregear for spotting this one.
68 * Revision 1.10.2.5 2003/02/28 13:09:29 oes
69 * Fixed a rare double free condition as per Bug #694713
71 * Revision 1.10.2.4 2003/02/28 12:57:44 oes
72 * Moved freeing of http request structure to its owner
73 * as per Dan Price's observations in Bug #694713
75 * Revision 1.10.2.3 2002/11/12 16:50:40 oes
76 * Fixed memory leak in parse_http_request() reported by Oliver Stoeneberg. Fixes bug #637073
78 * Revision 1.10.2.2 2002/09/25 14:53:15 oes
79 * Added basic support for OPTIONS and TRACE HTTP methods:
80 * parse_http_url now recognizes the "*" URI as well as
81 * the OPTIONS and TRACE method keywords.
83 * Revision 1.10.2.1 2002/06/06 19:06:44 jongfoster
84 * Adding support for proprietary Microsoft WebDAV extensions
86 * Revision 1.10 2002/05/12 21:40:37 jongfoster
87 * - Removing some unused code
89 * Revision 1.9 2002/04/04 00:36:36 gliptak
90 * always use pcre for matching
92 * Revision 1.8 2002/04/03 23:32:47 jongfoster
93 * Fixing memory leak on error
95 * Revision 1.7 2002/03/26 22:29:55 swa
96 * we have a new homepage!
98 * Revision 1.6 2002/03/24 13:25:43 swa
99 * name change related issues
101 * Revision 1.5 2002/03/13 00:27:05 jongfoster
104 * Revision 1.4 2002/03/07 03:46:17 oes
105 * Fixed compiler warnings
107 * Revision 1.3 2002/03/03 14:51:11 oes
108 * Fixed CLF logging: Added ocmd member for client's request to struct http_request
110 * Revision 1.2 2002/01/21 00:14:09 jongfoster
111 * Correcting comment style
112 * Fixing an uninitialized memory bug in create_url_spec()
114 * Revision 1.1 2002/01/17 20:53:46 jongfoster
115 * Moving all our URL and URL pattern parsing code to the same file - it
116 * was scattered around in filters.c, loaders.c and parsers.c.
118 * Providing a single, simple url_match(pattern,url) function - rather than
119 * the 3-line match routine which was repeated all over the place.
121 * Renaming free_url to free_url_spec, since it frees a struct url_spec.
123 * Providing parse_http_url() so that URLs can be parsed without faking a
124 * HTTP request line for parse_http_request() or repeating the parsing
125 * code (both of which were techniques that were actually in use).
127 * Standardizing that struct http_request is used to represent a URL, and
128 * struct url_spec is used to represent a URL pattern. (Before, URLs were
129 * represented as seperate variables and a partially-filled-in url_spec).
132 *********************************************************************/
139 #include <sys/types.h>
147 #if !defined(_WIN32) && !defined(__OS2__)
152 #include "urlmatch.h"
154 #include "miscutil.h"
157 const char urlmatch_h_rcs[] = URLMATCH_H_VERSION;
160 /*********************************************************************
162 * Function : free_http_request
164 * Description : Freez a http_request structure
167 * 1 : http = points to a http_request structure to free
171 *********************************************************************/
172 void free_http_request(struct http_request *http)
181 freez(http->hostport);
184 freez(http->host_ip_addr_str);
185 freez(http->dbuffer);
190 /*********************************************************************
192 * Function : init_domain_components
194 * Description : Splits the domain name so we can compare it
195 * against wildcards. It used to be part of
196 * parse_http_url, but was separated because the
197 * same code is required in chat in case of
198 * intercepted requests.
201 * 1 : http = pointer to the http structure to hold elements.
203 * Returns : JB_ERR_OK on success
204 * JB_ERR_MEMORY on out of memory
205 * JB_ERR_PARSE on malformed command/URL
206 * or >100 domains deep.
208 *********************************************************************/
209 jb_err init_domain_components(struct http_request *http)
211 char *vec[BUFFER_SIZE];
215 http->dbuffer = strdup(http->host);
216 if (NULL == http->dbuffer)
218 return JB_ERR_MEMORY;
221 /* map to lower case */
222 for (p = http->dbuffer; *p ; p++)
224 *p = (char)tolower((int)(unsigned char)*p);
227 /* split the domain name into components */
228 http->dcount = ssplit(http->dbuffer, ".", vec, SZ(vec), 1, 1);
230 if (http->dcount <= 0)
233 * Error: More than SZ(vec) components in domain
234 * or: no components in domain
236 log_error(LOG_LEVEL_ERROR, "More than SZ(vec) components in domain or none at all.");
240 /* save a copy of the pointers in dvec */
241 size = (size_t)http->dcount * sizeof(*http->dvec);
243 http->dvec = (char **)malloc(size);
244 if (NULL == http->dvec)
246 return JB_ERR_MEMORY;
249 memcpy(http->dvec, vec, size);
254 /*********************************************************************
256 * Function : parse_http_url
258 * Description : Parse out the host and port from the URL. Find the
259 * hostname & path, port (if ':'), and/or password (if '@')
262 * 1 : url = URL (or is it URI?) to break down
263 * 2 : http = pointer to the http structure to hold elements.
264 * Will be zeroed before use. Note that this
265 * function sets the http->gpc and http->ver
267 * 3 : csp = Current client state (buffers, headers, etc...)
269 * Returns : JB_ERR_OK on success
270 * JB_ERR_MEMORY on out of memory
271 * JB_ERR_PARSE on malformed command/URL
272 * or >100 domains deep.
274 *********************************************************************/
275 jb_err parse_http_url(const char * url,
276 struct http_request *http,
277 const struct client_state *csp)
279 int host_available = 1; /* A proxy can dream. */
282 * Zero out the results structure
284 memset(http, '\0', sizeof(*http));
288 * Save our initial URL
290 http->url = strdup(url);
291 if (http->url == NULL)
293 return JB_ERR_MEMORY;
298 * Check for * URI. If found, we're done.
300 if (*http->url == '*')
302 if ( NULL == (http->path = strdup("*"))
303 || NULL == (http->hostport = strdup("")) )
305 return JB_ERR_MEMORY;
307 if (http->url[1] != '\0')
316 * Split URL into protocol,hostport,path.
326 return JB_ERR_MEMORY;
329 /* Find the start of the URL in our scratch space */
331 if (strncmpic(url_noproto, "http://", 7) == 0)
336 else if (strncmpic(url_noproto, "https://", 8) == 0)
341 else if (*url_noproto == '/')
344 * Short request line without protocol and host.
345 * Most likely because the client's request
346 * was intercepted and redirected into Privoxy.
357 url_path = strchr(url_noproto, '/');
358 if (url_path != NULL)
363 * NOTE: The following line ignores the path for HTTPS URLS.
364 * This means that you get consistent behaviour if you type a
365 * https URL in and it's parsed by the function. (When the
366 * URL is actually retrieved, SSL hides the path part).
368 http->path = strdup(http->ssl ? "/" : url_path);
370 http->hostport = strdup(url_noproto);
375 * Repair broken HTTP requests that don't contain a path,
376 * or CONNECT requests
378 http->path = strdup("/");
379 http->hostport = strdup(url_noproto);
384 if ( (http->path == NULL)
385 || (http->hostport == NULL))
387 return JB_ERR_MEMORY;
393 /* Without host, there is nothing left to do here */
398 * Split hostport into user/password (ignored), host, port.
405 buf = strdup(http->hostport);
408 return JB_ERR_MEMORY;
411 /* check if url contains username and/or password */
412 host = strchr(buf, '@');
415 /* Contains username/password, skip it and the @ sign. */
420 /* No username or password. */
424 /* check if url contains port */
425 port = strchr(host, ':');
429 /* Terminate hostname and point to start of port string */
431 http->port = atoi(port);
435 /* No port specified. */
436 http->port = (http->ssl ? 443 : 80);
439 http->host = strdup(host);
443 if (http->host == NULL)
445 return JB_ERR_MEMORY;
450 * Split domain name so we can compare it against wildcards
452 return init_domain_components(http);
457 /*********************************************************************
459 * Function : parse_http_request
461 * Description : Parse out the host and port from the URL. Find the
462 * hostname & path, port (if ':'), and/or password (if '@')
465 * 1 : req = HTTP request line to break down
466 * 2 : http = pointer to the http structure to hold elements
467 * 3 : csp = Current client state (buffers, headers, etc...)
469 * Returns : JB_ERR_OK on success
470 * JB_ERR_MEMORY on out of memory
471 * JB_ERR_CGI_PARAMS on malformed command/URL
472 * or >100 domains deep.
474 *********************************************************************/
475 jb_err parse_http_request(const char *req,
476 struct http_request *http,
477 const struct client_state *csp)
485 memset(http, '\0', sizeof(*http));
490 return JB_ERR_MEMORY;
493 n = ssplit(buf, " \r\n", v, SZ(v), 1, 1);
500 /* this could be a CONNECT request */
501 if (strcmpic(v[0], "connect") == 0)
506 /* or it could be any other basic HTTP request type */
507 else if ((0 == strcmpic(v[0], "get"))
508 || (0 == strcmpic(v[0], "head"))
509 || (0 == strcmpic(v[0], "post"))
510 || (0 == strcmpic(v[0], "put"))
511 || (0 == strcmpic(v[0], "delete"))
512 || (0 == strcmpic(v[0], "options"))
513 || (0 == strcmpic(v[0], "trace"))
515 /* or a webDAV extension (RFC2518) */
516 || (0 == strcmpic(v[0], "propfind"))
517 || (0 == strcmpic(v[0], "proppatch"))
518 || (0 == strcmpic(v[0], "move"))
519 || (0 == strcmpic(v[0], "copy"))
520 || (0 == strcmpic(v[0], "mkcol"))
521 || (0 == strcmpic(v[0], "lock"))
522 || (0 == strcmpic(v[0], "unlock"))
524 /* Or a Microsoft webDAV extension for Exchange 2000. See: */
525 /* http://lists.w3.org/Archives/Public/w3c-dist-auth/2002JanMar/0001.html */
526 /* http://msdn.microsoft.com/library/en-us/wss/wss/_webdav_methods.asp */
527 || (0 == strcmpic(v[0], "bcopy"))
528 || (0 == strcmpic(v[0], "bmove"))
529 || (0 == strcmpic(v[0], "bdelete"))
530 || (0 == strcmpic(v[0], "bpropfind"))
531 || (0 == strcmpic(v[0], "bproppatch"))
533 /* Or another Microsoft webDAV extension for Exchange 2000. See: */
534 /* http://systems.cs.colorado.edu/grunwald/MobileComputing/Papers/draft-cohen-gena-p-base-00.txt */
535 /* http://lists.w3.org/Archives/Public/w3c-dist-auth/2002JanMar/0001.html */
536 /* http://msdn.microsoft.com/library/en-us/wss/wss/_webdav_methods.asp */
537 || (0 == strcmpic(v[0], "subscribe"))
538 || (0 == strcmpic(v[0], "unsubscribe"))
539 || (0 == strcmpic(v[0], "notify"))
540 || (0 == strcmpic(v[0], "poll"))
543 * Or yet another WebDAV extension, this time for
544 * Web Distributed Authoring and Versioning (RFC3253)
546 || (0 == strcmpic(v[0], "version-control"))
547 || (0 == strcmpic(v[0], "report"))
548 || (0 == strcmpic(v[0], "checkout"))
549 || (0 == strcmpic(v[0], "checkin"))
550 || (0 == strcmpic(v[0], "uncheckout"))
551 || (0 == strcmpic(v[0], "mkworkspace"))
552 || (0 == strcmpic(v[0], "update"))
553 || (0 == strcmpic(v[0], "label"))
554 || (0 == strcmpic(v[0], "merge"))
555 || (0 == strcmpic(v[0], "baseline-control"))
556 || (0 == strcmpic(v[0], "mkactivity"))
564 /* Unknown HTTP method */
565 log_error(LOG_LEVEL_ERROR, "Unknown HTTP method detected: %s", v[0]);
570 err = parse_http_url(v[1], http, csp);
578 * Copy the details into the structure
580 http->ssl = is_connect;
581 http->cmd = strdup(req);
582 http->gpc = strdup(v[0]);
583 http->ver = strdup(v[2]);
585 if ( (http->cmd == NULL)
586 || (http->gpc == NULL)
587 || (http->ver == NULL) )
590 return JB_ERR_MEMORY;
599 /*********************************************************************
601 * Function : simple_domaincmp
603 * Description : Domain-wise Compare fqdn's. The comparison is
604 * both left- and right-anchored. The individual
605 * domain names are compared with simplematch().
606 * This is only used by domain_match.
609 * 1 : pv = array of patterns to compare
610 * 2 : fv = array of domain components to compare
611 * 3 : len = length of the arrays (both arrays are the
612 * same length - if they weren't, it couldn't
613 * possibly be a match).
615 * Returns : 0 => domains are equivalent, else no match.
617 *********************************************************************/
618 static int simple_domaincmp(char **pv, char **fv, int len)
622 for (n = 0; n < len; n++)
624 if (simplematch(pv[n], fv[n]))
635 /*********************************************************************
637 * Function : domain_match
639 * Description : Domain-wise Compare fqdn's. Governed by the bimap in
640 * pattern->unachored, the comparison is un-, left-,
641 * right-anchored, or both.
642 * The individual domain names are compared with
646 * 1 : pattern = a domain that may contain a '*' as a wildcard.
647 * 2 : fqdn = domain name against which the patterns are compared.
649 * Returns : 0 => domains are equivalent, else no match.
651 *********************************************************************/
652 static int domain_match(const struct url_spec *pattern, const struct http_request *fqdn)
654 char **pv, **fv; /* vectors */
656 int unanchored = pattern->unanchored & (ANCHOR_RIGHT | ANCHOR_LEFT);
658 plen = pattern->dcount;
663 /* fqdn is too short to match this pattern */
670 if (unanchored == ANCHOR_LEFT)
675 * Convert this into a fully anchored pattern with
676 * the fqdn and pattern the same length
678 fv += (flen - plen); /* flen - plen >= 0 due to check above */
679 return simple_domaincmp(pv, fv, plen);
681 else if (unanchored == 0)
683 /* Fully anchored, check length */
688 return simple_domaincmp(pv, fv, plen);
690 else if (unanchored == ANCHOR_RIGHT)
692 /* Left anchored, ignore all extra in fqdn */
693 return simple_domaincmp(pv, fv, plen);
699 int maxn = flen - plen;
700 for (n = 0; n <= maxn; n++)
702 if (!simple_domaincmp(pv, fv, plen))
707 * Doesn't match from start of fqdn
708 * Try skipping first part of fqdn
718 /*********************************************************************
720 * Function : create_url_spec
722 * Description : Creates a "url_spec" structure from a string.
723 * When finished, free with free_url_spec().
726 * 1 : url = Target url_spec to be filled in. Will be
728 * 2 : buf = Source pattern, null terminated. NOTE: The
729 * contents of this buffer are destroyed by this
730 * function. If this function succeeds, the
731 * buffer is copied to url->spec. If this
732 * function fails, the contents of the buffer
735 * Returns : JB_ERR_OK - Success
736 * JB_ERR_MEMORY - Out of memory
737 * JB_ERR_PARSE - Cannot parse regex (Detailed message
738 * written to system log)
740 *********************************************************************/
741 jb_err create_url_spec(struct url_spec * url, const char * buf)
751 memset(url, '\0', sizeof(*url));
754 * Save a copy of the orignal specification
756 if ((url->spec = strdup(buf)) == NULL)
758 return JB_ERR_MEMORY;
761 if ((p = strchr(buf, '/')) != NULL)
763 if (NULL == (url->path = strdup(p)))
766 return JB_ERR_MEMORY;
768 url->pathlen = strlen(url->path);
779 char rebuf[BUFFER_SIZE];
781 if (NULL == (url->preg = zalloc(sizeof(*url->preg))))
785 return JB_ERR_MEMORY;
788 snprintf(rebuf, sizeof(rebuf), "^(%s)", url->path);
790 errcode = regcomp(url->preg, rebuf,
791 (REG_EXTENDED|REG_NOSUB|REG_ICASE));
794 size_t errlen = regerror(errcode,
795 url->preg, rebuf, sizeof(rebuf));
797 if (errlen > (sizeof(rebuf) - (size_t)1))
799 errlen = sizeof(rebuf) - (size_t)1;
801 rebuf[errlen] = '\0';
803 log_error(LOG_LEVEL_ERROR, "error compiling %s: %s",
814 if ((p = strchr(buf, ':')) == NULL)
832 if (buf[strlen(buf) - 1] == '.')
834 url->unanchored |= ANCHOR_RIGHT;
838 url->unanchored |= ANCHOR_LEFT;
842 * Split domain into components
844 url->dbuffer = strdup(buf);
845 if (NULL == url->dbuffer)
851 return JB_ERR_MEMORY;
857 for (p = url->dbuffer; *p ; p++)
859 *p = (char)tolower((int)(unsigned char)*p);
863 * Split the domain name into components
865 url->dcount = ssplit(url->dbuffer, ".", v, SZ(v), 1, 1);
875 return JB_ERR_MEMORY;
877 else if (url->dcount != 0)
881 * Save a copy of the pointers in dvec
883 size = (size_t)url->dcount * sizeof(*url->dvec);
885 url->dvec = (char **)malloc(size);
886 if (NULL == url->dvec)
894 return JB_ERR_MEMORY;
897 memcpy(url->dvec, v, size);
900 * else dcount == 0 in which case we needn't do anything,
901 * since dvec will never be accessed and the pattern will
911 /*********************************************************************
913 * Function : free_url_spec
915 * Description : Called from the "unloaders". Freez the url
916 * structure elements.
919 * 1 : url = pointer to a url_spec structure.
923 *********************************************************************/
924 void free_url_spec(struct url_spec *url)
926 if (url == NULL) return;
940 /*********************************************************************
942 * Function : url_match
944 * Description : Compare a URL against a URL pattern.
947 * 1 : pattern = a URL pattern
948 * 2 : url = URL to match
950 * Returns : 0 iff the URL matches the pattern, else nonzero.
952 *********************************************************************/
953 int url_match(const struct url_spec *pattern,
954 const struct http_request *url)
956 return ((pattern->port == 0) || (pattern->port == url->port))
957 && ((pattern->dbuffer == NULL) || (domain_match(pattern, url) == 0))
958 && ((pattern->path == NULL) ||
959 (regexec(pattern->preg, url->path, 0, NULL, 0) == 0)
projects / privoxy.git / blob