1 const char urlmatch_rcs[] = "$Id: urlmatch.c,v 1.14 2007/01/06 14:23:56 fabiankeil Exp $";
2 /*********************************************************************
4 * File : $Source: /cvsroot/ijbswa/current/urlmatch.c,v $
6 * Purpose : Declares functions to match URLs against URL
9 * Copyright : Written by and Copyright (C) 2001-2003, 2006-2007 the SourceForge
10 * Privoxy team. http://www.privoxy.org/
12 * Based on the Internet Junkbuster originally written
13 * by and Copyright (C) 1997 Anonymous Coders and
14 * Junkbusters Corporation. http://www.junkbusters.com
16 * This program is free software; you can redistribute it
17 * and/or modify it under the terms of the GNU General
18 * Public License as published by the Free Software
19 * Foundation; either version 2 of the License, or (at
20 * your option) any later version.
22 * This program is distributed in the hope that it will
23 * be useful, but WITHOUT ANY WARRANTY; without even the
24 * implied warranty of MERCHANTABILITY or FITNESS FOR A
25 * PARTICULAR PURPOSE. See the GNU General Public
26 * License for more details.
28 * The GNU General Public License should be included with
29 * this file. If not, you can view it at
30 * http://www.gnu.org/copyleft/gpl.html
31 * or write to the Free Software Foundation, Inc., 59
32 * Temple Place - Suite 330, Boston, MA 02111-1307, USA.
35 * $Log: urlmatch.c,v $
36 * Revision 1.14 2007/01/06 14:23:56 fabiankeil
37 * Fix gcc43 warnings. Mark *csp as immutable
38 * for parse_http_url() and url_match().
39 * Replace a sprintf call with snprintf.
41 * Revision 1.13 2006/12/06 19:50:54 fabiankeil
42 * parse_http_url() now handles intercepted
43 * HTTP request lines as well. Moved parts
44 * of parse_http_url()'s code into
45 * init_domain_components() so that it can
46 * be reused in chat().
48 * Revision 1.12 2006/07/18 14:48:47 david__schmidt
49 * Reorganizing the repository: swapping out what was HEAD (the old 3.1 branch)
50 * with what was really the latest development (the v_3_0_branch branch)
52 * Revision 1.10.2.7 2003/05/17 15:57:24 oes
53 * - parse_http_url now checks memory allocation failure for
54 * duplication of "*" URL and rejects "*something" URLs
56 * - Added a comment to what might look like a bug in
57 * create_url_spec (see !bug #736931)
60 * Revision 1.10.2.6 2003/05/07 12:39:48 oes
61 * Fix typo: Default port for https URLs is 443, not 143.
62 * Thanks to Scott Tregear for spotting this one.
64 * Revision 1.10.2.5 2003/02/28 13:09:29 oes
65 * Fixed a rare double free condition as per Bug #694713
67 * Revision 1.10.2.4 2003/02/28 12:57:44 oes
68 * Moved freeing of http request structure to its owner
69 * as per Dan Price's observations in Bug #694713
71 * Revision 1.10.2.3 2002/11/12 16:50:40 oes
72 * Fixed memory leak in parse_http_request() reported by Oliver Stoeneberg. Fixes bug #637073
74 * Revision 1.10.2.2 2002/09/25 14:53:15 oes
75 * Added basic support for OPTIONS and TRACE HTTP methods:
76 * parse_http_url now recognizes the "*" URI as well as
77 * the OPTIONS and TRACE method keywords.
79 * Revision 1.10.2.1 2002/06/06 19:06:44 jongfoster
80 * Adding support for proprietary Microsoft WebDAV extensions
82 * Revision 1.10 2002/05/12 21:40:37 jongfoster
83 * - Removing some unused code
85 * Revision 1.9 2002/04/04 00:36:36 gliptak
86 * always use pcre for matching
88 * Revision 1.8 2002/04/03 23:32:47 jongfoster
89 * Fixing memory leak on error
91 * Revision 1.7 2002/03/26 22:29:55 swa
92 * we have a new homepage!
94 * Revision 1.6 2002/03/24 13:25:43 swa
95 * name change related issues
97 * Revision 1.5 2002/03/13 00:27:05 jongfoster
100 * Revision 1.4 2002/03/07 03:46:17 oes
101 * Fixed compiler warnings
103 * Revision 1.3 2002/03/03 14:51:11 oes
104 * Fixed CLF logging: Added ocmd member for client's request to struct http_request
106 * Revision 1.2 2002/01/21 00:14:09 jongfoster
107 * Correcting comment style
108 * Fixing an uninitialized memory bug in create_url_spec()
110 * Revision 1.1 2002/01/17 20:53:46 jongfoster
111 * Moving all our URL and URL pattern parsing code to the same file - it
112 * was scattered around in filters.c, loaders.c and parsers.c.
114 * Providing a single, simple url_match(pattern,url) function - rather than
115 * the 3-line match routine which was repeated all over the place.
117 * Renaming free_url to free_url_spec, since it frees a struct url_spec.
119 * Providing parse_http_url() so that URLs can be parsed without faking a
120 * HTTP request line for parse_http_request() or repeating the parsing
121 * code (both of which were techniques that were actually in use).
123 * Standardizing that struct http_request is used to represent a URL, and
124 * struct url_spec is used to represent a URL pattern. (Before, URLs were
125 * represented as seperate variables and a partially-filled-in url_spec).
128 *********************************************************************/
135 #include <sys/types.h>
143 #if !defined(_WIN32) && !defined(__OS2__)
148 #include "urlmatch.h"
150 #include "miscutil.h"
153 const char urlmatch_h_rcs[] = URLMATCH_H_VERSION;
156 /*********************************************************************
158 * Function : free_http_request
160 * Description : Freez a http_request structure
163 * 1 : http = points to a http_request structure to free
167 *********************************************************************/
168 void free_http_request(struct http_request *http)
177 freez(http->hostport);
180 freez(http->host_ip_addr_str);
181 freez(http->dbuffer);
186 /*********************************************************************
188 * Function : init_domain_components
190 * Description : Splits the domain name so we can compare it
191 * against wildcards. It used to be part of
192 * parse_http_url, but was separated because the
193 * same code is required in chat in case of
194 * intercepted requests.
197 * 1 : http = pointer to the http structure to hold elements.
199 * Returns : JB_ERR_OK on success
200 * JB_ERR_MEMORY on out of memory
201 * JB_ERR_PARSE on malformed command/URL
202 * or >100 domains deep.
204 *********************************************************************/
205 jb_err init_domain_components(struct http_request *http)
207 char *vec[BUFFER_SIZE];
211 http->dbuffer = strdup(http->host);
212 if (NULL == http->dbuffer)
214 return JB_ERR_MEMORY;
217 /* map to lower case */
218 for (p = http->dbuffer; *p ; p++)
220 *p = (char)tolower((int)(unsigned char)*p);
223 /* split the domain name into components */
224 http->dcount = ssplit(http->dbuffer, ".", vec, SZ(vec), 1, 1);
226 if (http->dcount <= 0)
229 * Error: More than SZ(vec) components in domain
230 * or: no components in domain
232 log_error(LOG_LEVEL_ERROR, "More than SZ(vec) components in domain or none at all.");
236 /* save a copy of the pointers in dvec */
237 size = (size_t)http->dcount * sizeof(*http->dvec);
239 http->dvec = (char **)malloc(size);
240 if (NULL == http->dvec)
242 return JB_ERR_MEMORY;
245 memcpy(http->dvec, vec, size);
250 /*********************************************************************
252 * Function : parse_http_url
254 * Description : Parse out the host and port from the URL. Find the
255 * hostname & path, port (if ':'), and/or password (if '@')
258 * 1 : url = URL (or is it URI?) to break down
259 * 2 : http = pointer to the http structure to hold elements.
260 * Will be zeroed before use. Note that this
261 * function sets the http->gpc and http->ver
263 * 3 : csp = Current client state (buffers, headers, etc...)
265 * Returns : JB_ERR_OK on success
266 * JB_ERR_MEMORY on out of memory
267 * JB_ERR_PARSE on malformed command/URL
268 * or >100 domains deep.
270 *********************************************************************/
271 jb_err parse_http_url(const char * url,
272 struct http_request *http,
273 const struct client_state *csp)
275 int host_available = 1; /* A proxy can dream. */
278 * Zero out the results structure
280 memset(http, '\0', sizeof(*http));
284 * Save our initial URL
286 http->url = strdup(url);
287 if (http->url == NULL)
289 return JB_ERR_MEMORY;
294 * Check for * URI. If found, we're done.
296 if (*http->url == '*')
298 if ( NULL == (http->path = strdup("*"))
299 || NULL == (http->hostport = strdup("")) )
301 return JB_ERR_MEMORY;
303 if (http->url[1] != '\0')
312 * Split URL into protocol,hostport,path.
322 return JB_ERR_MEMORY;
325 /* Find the start of the URL in our scratch space */
327 if (strncmpic(url_noproto, "http://", 7) == 0)
332 else if (strncmpic(url_noproto, "https://", 8) == 0)
337 else if (*url_noproto == '/')
340 * Short request line without protocol and host.
341 * Most likely because the client's request
342 * was intercepted and redirected into Privoxy.
353 url_path = strchr(url_noproto, '/');
354 if (url_path != NULL)
359 * NOTE: The following line ignores the path for HTTPS URLS.
360 * This means that you get consistent behaviour if you type a
361 * https URL in and it's parsed by the function. (When the
362 * URL is actually retrieved, SSL hides the path part).
364 http->path = strdup(http->ssl ? "/" : url_path);
366 http->hostport = strdup(url_noproto);
371 * Repair broken HTTP requests that don't contain a path,
372 * or CONNECT requests
374 http->path = strdup("/");
375 http->hostport = strdup(url_noproto);
380 if ( (http->path == NULL)
381 || (http->hostport == NULL))
383 return JB_ERR_MEMORY;
389 /* Without host, there is nothing left to do here */
394 * Split hostport into user/password (ignored), host, port.
401 buf = strdup(http->hostport);
404 return JB_ERR_MEMORY;
407 /* check if url contains username and/or password */
408 host = strchr(buf, '@');
411 /* Contains username/password, skip it and the @ sign. */
416 /* No username or password. */
420 /* check if url contains port */
421 port = strchr(host, ':');
425 /* Terminate hostname and point to start of port string */
427 http->port = atoi(port);
431 /* No port specified. */
432 http->port = (http->ssl ? 443 : 80);
435 http->host = strdup(host);
439 if (http->host == NULL)
441 return JB_ERR_MEMORY;
446 * Split domain name so we can compare it against wildcards
448 return init_domain_components(http);
453 /*********************************************************************
455 * Function : parse_http_request
457 * Description : Parse out the host and port from the URL. Find the
458 * hostname & path, port (if ':'), and/or password (if '@')
461 * 1 : req = HTTP request line to break down
462 * 2 : http = pointer to the http structure to hold elements
463 * 3 : csp = Current client state (buffers, headers, etc...)
465 * Returns : JB_ERR_OK on success
466 * JB_ERR_MEMORY on out of memory
467 * JB_ERR_CGI_PARAMS on malformed command/URL
468 * or >100 domains deep.
470 *********************************************************************/
471 jb_err parse_http_request(const char *req,
472 struct http_request *http,
473 const struct client_state *csp)
481 memset(http, '\0', sizeof(*http));
486 return JB_ERR_MEMORY;
489 n = ssplit(buf, " \r\n", v, SZ(v), 1, 1);
492 log_error(LOG_LEVEL_ERROR, "Trouble ssplitting: %s", buf);
497 /* this could be a CONNECT request */
498 if (strcmpic(v[0], "connect") == 0)
503 /* or it could be any other basic HTTP request type */
504 else if ((0 == strcmpic(v[0], "get"))
505 || (0 == strcmpic(v[0], "head"))
506 || (0 == strcmpic(v[0], "post"))
507 || (0 == strcmpic(v[0], "put"))
508 || (0 == strcmpic(v[0], "delete"))
509 || (0 == strcmpic(v[0], "options"))
510 || (0 == strcmpic(v[0], "trace"))
512 /* or a webDAV extension (RFC2518) */
513 || (0 == strcmpic(v[0], "propfind"))
514 || (0 == strcmpic(v[0], "proppatch"))
515 || (0 == strcmpic(v[0], "move"))
516 || (0 == strcmpic(v[0], "copy"))
517 || (0 == strcmpic(v[0], "mkcol"))
518 || (0 == strcmpic(v[0], "lock"))
519 || (0 == strcmpic(v[0], "unlock"))
521 /* Or a Microsoft webDAV extension for Exchange 2000. See: */
522 /* http://lists.w3.org/Archives/Public/w3c-dist-auth/2002JanMar/0001.html */
523 /* http://msdn.microsoft.com/library/en-us/wss/wss/_webdav_methods.asp */
524 || (0 == strcmpic(v[0], "bcopy"))
525 || (0 == strcmpic(v[0], "bmove"))
526 || (0 == strcmpic(v[0], "bdelete"))
527 || (0 == strcmpic(v[0], "bpropfind"))
528 || (0 == strcmpic(v[0], "bproppatch"))
530 /* Or another Microsoft webDAV extension for Exchange 2000. See: */
531 /* http://systems.cs.colorado.edu/grunwald/MobileComputing/Papers/draft-cohen-gena-p-base-00.txt */
532 /* http://lists.w3.org/Archives/Public/w3c-dist-auth/2002JanMar/0001.html */
533 /* http://msdn.microsoft.com/library/en-us/wss/wss/_webdav_methods.asp */
534 || (0 == strcmpic(v[0], "subscribe"))
535 || (0 == strcmpic(v[0], "unsubscribe"))
536 || (0 == strcmpic(v[0], "notify"))
537 || (0 == strcmpic(v[0], "poll"))
540 * Or yet another WebDAV extension, this time for
541 * Web Distributed Authoring and Versioning (RFC3253)
543 || (0 == strcmpic(v[0], "version-control"))
544 || (0 == strcmpic(v[0], "report"))
545 || (0 == strcmpic(v[0], "checkout"))
546 || (0 == strcmpic(v[0], "checkin"))
547 || (0 == strcmpic(v[0], "uncheckout"))
548 || (0 == strcmpic(v[0], "mkworkspace"))
549 || (0 == strcmpic(v[0], "update"))
550 || (0 == strcmpic(v[0], "label"))
551 || (0 == strcmpic(v[0], "merge"))
552 || (0 == strcmpic(v[0], "baseline-control"))
553 || (0 == strcmpic(v[0], "mkactivity"))
561 /* Unknown HTTP method */
562 log_error(LOG_LEVEL_ERROR, "Unknown HTTP method detected: %s", v[0]);
567 err = parse_http_url(v[1], http, csp);
575 * Copy the details into the structure
577 http->ssl = is_connect;
578 http->cmd = strdup(req);
579 http->gpc = strdup(v[0]);
580 http->ver = strdup(v[2]);
582 if ( (http->cmd == NULL)
583 || (http->gpc == NULL)
584 || (http->ver == NULL) )
587 return JB_ERR_MEMORY;
596 /*********************************************************************
598 * Function : simple_domaincmp
600 * Description : Domain-wise Compare fqdn's. The comparison is
601 * both left- and right-anchored. The individual
602 * domain names are compared with simplematch().
603 * This is only used by domain_match.
606 * 1 : pv = array of patterns to compare
607 * 2 : fv = array of domain components to compare
608 * 3 : len = length of the arrays (both arrays are the
609 * same length - if they weren't, it couldn't
610 * possibly be a match).
612 * Returns : 0 => domains are equivalent, else no match.
614 *********************************************************************/
615 static int simple_domaincmp(char **pv, char **fv, int len)
619 for (n = 0; n < len; n++)
621 if (simplematch(pv[n], fv[n]))
632 /*********************************************************************
634 * Function : domain_match
636 * Description : Domain-wise Compare fqdn's. Governed by the bimap in
637 * pattern->unachored, the comparison is un-, left-,
638 * right-anchored, or both.
639 * The individual domain names are compared with
643 * 1 : pattern = a domain that may contain a '*' as a wildcard.
644 * 2 : fqdn = domain name against which the patterns are compared.
646 * Returns : 0 => domains are equivalent, else no match.
648 *********************************************************************/
649 static int domain_match(const struct url_spec *pattern, const struct http_request *fqdn)
651 char **pv, **fv; /* vectors */
653 int unanchored = pattern->unanchored & (ANCHOR_RIGHT | ANCHOR_LEFT);
655 plen = pattern->dcount;
660 /* fqdn is too short to match this pattern */
667 if (unanchored == ANCHOR_LEFT)
672 * Convert this into a fully anchored pattern with
673 * the fqdn and pattern the same length
675 fv += (flen - plen); /* flen - plen >= 0 due to check above */
676 return simple_domaincmp(pv, fv, plen);
678 else if (unanchored == 0)
680 /* Fully anchored, check length */
685 return simple_domaincmp(pv, fv, plen);
687 else if (unanchored == ANCHOR_RIGHT)
689 /* Left anchored, ignore all extra in fqdn */
690 return simple_domaincmp(pv, fv, plen);
696 int maxn = flen - plen;
697 for (n = 0; n <= maxn; n++)
699 if (!simple_domaincmp(pv, fv, plen))
704 * Doesn't match from start of fqdn
705 * Try skipping first part of fqdn
715 /*********************************************************************
717 * Function : create_url_spec
719 * Description : Creates a "url_spec" structure from a string.
720 * When finished, free with free_url_spec().
723 * 1 : url = Target url_spec to be filled in. Will be
725 * 2 : buf = Source pattern, null terminated. NOTE: The
726 * contents of this buffer are destroyed by this
727 * function. If this function succeeds, the
728 * buffer is copied to url->spec. If this
729 * function fails, the contents of the buffer
732 * Returns : JB_ERR_OK - Success
733 * JB_ERR_MEMORY - Out of memory
734 * JB_ERR_PARSE - Cannot parse regex (Detailed message
735 * written to system log)
737 *********************************************************************/
738 jb_err create_url_spec(struct url_spec * url, const char * buf)
748 memset(url, '\0', sizeof(*url));
751 * Save a copy of the orignal specification
753 if ((url->spec = strdup(buf)) == NULL)
755 return JB_ERR_MEMORY;
758 if ((p = strchr(buf, '/')) != NULL)
760 if (NULL == (url->path = strdup(p)))
763 return JB_ERR_MEMORY;
765 url->pathlen = strlen(url->path);
776 char rebuf[BUFFER_SIZE];
778 if (NULL == (url->preg = zalloc(sizeof(*url->preg))))
782 return JB_ERR_MEMORY;
785 snprintf(rebuf, sizeof(rebuf), "^(%s)", url->path);
787 errcode = regcomp(url->preg, rebuf,
788 (REG_EXTENDED|REG_NOSUB|REG_ICASE));
791 size_t errlen = regerror(errcode,
792 url->preg, rebuf, sizeof(rebuf));
794 if (errlen > (sizeof(rebuf) - (size_t)1))
796 errlen = sizeof(rebuf) - (size_t)1;
798 rebuf[errlen] = '\0';
800 log_error(LOG_LEVEL_ERROR, "error compiling %s: %s",
811 if ((p = strchr(buf, ':')) == NULL)
829 if (buf[strlen(buf) - 1] == '.')
831 url->unanchored |= ANCHOR_RIGHT;
835 url->unanchored |= ANCHOR_LEFT;
839 * Split domain into components
841 url->dbuffer = strdup(buf);
842 if (NULL == url->dbuffer)
848 return JB_ERR_MEMORY;
854 for (p = url->dbuffer; *p ; p++)
856 *p = (char)tolower((int)(unsigned char)*p);
860 * Split the domain name into components
862 url->dcount = ssplit(url->dbuffer, ".", v, SZ(v), 1, 1);
872 return JB_ERR_MEMORY;
874 else if (url->dcount != 0)
878 * Save a copy of the pointers in dvec
880 size = (size_t)url->dcount * sizeof(*url->dvec);
882 url->dvec = (char **)malloc(size);
883 if (NULL == url->dvec)
891 return JB_ERR_MEMORY;
894 memcpy(url->dvec, v, size);
897 * else dcount == 0 in which case we needn't do anything,
898 * since dvec will never be accessed and the pattern will
908 /*********************************************************************
910 * Function : free_url_spec
912 * Description : Called from the "unloaders". Freez the url
913 * structure elements.
916 * 1 : url = pointer to a url_spec structure.
920 *********************************************************************/
921 void free_url_spec(struct url_spec *url)
923 if (url == NULL) return;
937 /*********************************************************************
939 * Function : url_match
941 * Description : Compare a URL against a URL pattern.
944 * 1 : pattern = a URL pattern
945 * 2 : url = URL to match
947 * Returns : 0 iff the URL matches the pattern, else nonzero.
949 *********************************************************************/
950 int url_match(const struct url_spec *pattern,
951 const struct http_request *url)
953 return ((pattern->port == 0) || (pattern->port == url->port))
954 && ((pattern->dbuffer == NULL) || (domain_match(pattern, url) == 0))
955 && ((pattern->path == NULL) ||
956 (regexec(pattern->preg, url->path, 0, NULL, 0) == 0)
projects / privoxy.git / blob