X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=urlmatch.c;h=f1742c89ac48629d8fc06315c99d07e896660702;hp=735e8f85ccf794e74fe2c7b32689ba677b6ece96;hb=d01bb4028a9d19a62672a8d7d8d13f09ae270851;hpb=5f4c9d4b813d75a28db9ba9349879be1c6c63f86 diff --git a/urlmatch.c b/urlmatch.c index 735e8f85..f1742c89 100644 --- a/urlmatch.c +++ b/urlmatch.c @@ -1,4 +1,3 @@ -const char urlmatch_rcs[] = "$Id: urlmatch.c,v 1.22 2008/03/30 15:02:32 fabiankeil Exp $"; /********************************************************************* * * File : $Source: /cvsroot/ijbswa/current/urlmatch.c,v $ @@ -6,8 +5,8 @@ const char urlmatch_rcs[] = "$Id: urlmatch.c,v 1.22 2008/03/30 15:02:32 fabianke * Purpose : Declares functions to match URLs against URL * patterns. * - * Copyright : Written by and Copyright (C) 2001-2003, 2006-2007 the SourceForge - * Privoxy team. http://www.privoxy.org/ + * Copyright : Written by and Copyright (C) 2001-2014 + * the Privoxy team. http://www.privoxy.org/ * * Based on the Internet Junkbuster originally written * by and Copyright (C) 1997 Anonymous Coders and @@ -31,135 +30,8 @@ const char urlmatch_rcs[] = "$Id: urlmatch.c,v 1.22 2008/03/30 15:02:32 fabianke * or write to the Free Software Foundation, Inc., 59 * Temple Place - Suite 330, Boston, MA 02111-1307, USA. * - * Revisions : - * $Log: urlmatch.c,v $ - * Revision 1.22 2008/03/30 15:02:32 fabiankeil - * SZitify unknown_method(). - * - * Revision 1.21 2007/12/24 16:34:23 fabiankeil - * Band-aid (and micro-optimization) that makes it less likely to run out of - * stack space with overly-complex path patterns. Probably masks the problem - * reported by Lee in #1856679. Hohoho. - * - * Revision 1.20 2007/09/02 15:31:20 fabiankeil - * Move match_portlist() from filter.c to urlmatch.c. - * It's used for url matching, not for filtering. - * - * Revision 1.19 2007/09/02 13:42:11 fabiankeil - * - Allow port lists in url patterns. - * - Ditch unused url_spec member pathlen. - * - * Revision 1.18 2007/07/30 16:42:21 fabiankeil - * Move the method check into unknown_method() - * and loop through the known methods instead - * of using a screen-long OR chain. - * - * Revision 1.17 2007/04/15 16:39:21 fabiankeil - * Introduce tags as alternative way to specify which - * actions apply to a request. At the moment tags can be - * created based on client and server headers. - * - * Revision 1.16 2007/02/13 13:59:24 fabiankeil - * Remove redundant log message. - * - * Revision 1.15 2007/01/28 16:11:23 fabiankeil - * Accept WebDAV methods for subversion - * in parse_http_request(). Closes FR 1581425. - * - * Revision 1.14 2007/01/06 14:23:56 fabiankeil - * Fix gcc43 warnings. Mark *csp as immutable - * for parse_http_url() and url_match(). - * Replace a sprintf call with snprintf. - * - * Revision 1.13 2006/12/06 19:50:54 fabiankeil - * parse_http_url() now handles intercepted - * HTTP request lines as well. Moved parts - * of parse_http_url()'s code into - * init_domain_components() so that it can - * be reused in chat(). - * - * Revision 1.12 2006/07/18 14:48:47 david__schmidt - * Reorganizing the repository: swapping out what was HEAD (the old 3.1 branch) - * with what was really the latest development (the v_3_0_branch branch) - * - * Revision 1.10.2.7 2003/05/17 15:57:24 oes - * - parse_http_url now checks memory allocation failure for - * duplication of "*" URL and rejects "*something" URLs - * Closes bug #736344 - * - Added a comment to what might look like a bug in - * create_url_spec (see !bug #736931) - * - Comment cosmetics - * - * Revision 1.10.2.6 2003/05/07 12:39:48 oes - * Fix typo: Default port for https URLs is 443, not 143. - * Thanks to Scott Tregear for spotting this one. - * - * Revision 1.10.2.5 2003/02/28 13:09:29 oes - * Fixed a rare double free condition as per Bug #694713 - * - * Revision 1.10.2.4 2003/02/28 12:57:44 oes - * Moved freeing of http request structure to its owner - * as per Dan Price's observations in Bug #694713 - * - * Revision 1.10.2.3 2002/11/12 16:50:40 oes - * Fixed memory leak in parse_http_request() reported by Oliver Stoeneberg. Fixes bug #637073 - * - * Revision 1.10.2.2 2002/09/25 14:53:15 oes - * Added basic support for OPTIONS and TRACE HTTP methods: - * parse_http_url now recognizes the "*" URI as well as - * the OPTIONS and TRACE method keywords. - * - * Revision 1.10.2.1 2002/06/06 19:06:44 jongfoster - * Adding support for proprietary Microsoft WebDAV extensions - * - * Revision 1.10 2002/05/12 21:40:37 jongfoster - * - Removing some unused code - * - * Revision 1.9 2002/04/04 00:36:36 gliptak - * always use pcre for matching - * - * Revision 1.8 2002/04/03 23:32:47 jongfoster - * Fixing memory leak on error - * - * Revision 1.7 2002/03/26 22:29:55 swa - * we have a new homepage! - * - * Revision 1.6 2002/03/24 13:25:43 swa - * name change related issues - * - * Revision 1.5 2002/03/13 00:27:05 jongfoster - * Killing warnings - * - * Revision 1.4 2002/03/07 03:46:17 oes - * Fixed compiler warnings - * - * Revision 1.3 2002/03/03 14:51:11 oes - * Fixed CLF logging: Added ocmd member for client's request to struct http_request - * - * Revision 1.2 2002/01/21 00:14:09 jongfoster - * Correcting comment style - * Fixing an uninitialized memory bug in create_url_spec() - * - * Revision 1.1 2002/01/17 20:53:46 jongfoster - * Moving all our URL and URL pattern parsing code to the same file - it - * was scattered around in filters.c, loaders.c and parsers.c. - * - * Providing a single, simple url_match(pattern,url) function - rather than - * the 3-line match routine which was repeated all over the place. - * - * Renaming free_url to free_url_spec, since it frees a struct url_spec. - * - * Providing parse_http_url() so that URLs can be parsed without faking a - * HTTP request line for parse_http_request() or repeating the parsing - * code (both of which were techniques that were actually in use). - * - * Standardizing that struct http_request is used to represent a URL, and - * struct url_spec is used to represent a URL pattern. (Before, URLs were - * represented as seperate variables and a partially-filled-in url_spec). - * - * *********************************************************************/ - + #include "config.h" @@ -183,8 +55,14 @@ const char urlmatch_rcs[] = "$Id: urlmatch.c,v 1.22 2008/03/30 15:02:32 fabianke #include "miscutil.h" #include "errlog.h" -const char urlmatch_h_rcs[] = URLMATCH_H_VERSION; - +enum regex_anchoring +{ + NO_ANCHORING, + LEFT_ANCHORED, + RIGHT_ANCHORED, + RIGHT_ANCHORED_HOST +}; +static jb_err compile_host_pattern(struct pattern_spec *url, const char *host_pattern); /********************************************************************* * @@ -211,12 +89,15 @@ void free_http_request(struct http_request *http) freez(http->path); freez(http->ver); freez(http->host_ip_addr_str); +#ifndef FEATURE_EXTENDED_HOST_PATTERNS freez(http->dbuffer); freez(http->dvec); http->dcount = 0; +#endif } +#ifndef FEATURE_EXTENDED_HOST_PATTERNS /********************************************************************* * * Function : init_domain_components @@ -231,7 +112,6 @@ void free_http_request(struct http_request *http) * 1 : http = pointer to the http structure to hold elements. * * Returns : JB_ERR_OK on success - * JB_ERR_MEMORY on out of memory * JB_ERR_PARSE on malformed command/URL * or >100 domains deep. * @@ -242,20 +122,16 @@ jb_err init_domain_components(struct http_request *http) size_t size; char *p; - http->dbuffer = strdup(http->host); - if (NULL == http->dbuffer) - { - return JB_ERR_MEMORY; - } + http->dbuffer = strdup_or_die(http->host); /* map to lower case */ for (p = http->dbuffer; *p ; p++) { - *p = (char)tolower((int)(unsigned char)*p); + *p = (char)privoxy_tolower(*p); } /* split the domain name into components */ - http->dcount = ssplit(http->dbuffer, ".", vec, SZ(vec), 1, 1); + http->dcount = ssplit(http->dbuffer, ".", vec, SZ(vec)); if (http->dcount <= 0) { @@ -270,16 +146,60 @@ jb_err init_domain_components(struct http_request *http) /* save a copy of the pointers in dvec */ size = (size_t)http->dcount * sizeof(*http->dvec); - http->dvec = (char **)malloc(size); - if (NULL == http->dvec) - { - return JB_ERR_MEMORY; - } + http->dvec = malloc_or_die(size); memcpy(http->dvec, vec, size); return JB_ERR_OK; } +#endif /* ndef FEATURE_EXTENDED_HOST_PATTERNS */ + + +/********************************************************************* + * + * Function : url_requires_percent_encoding + * + * Description : Checks if an URL contains invalid characters + * according to RFC 3986 that should be percent-encoded. + * Does not verify whether or not the passed string + * actually is a valid URL. + * + * Parameters : + * 1 : url = URL to check + * + * Returns : True in case of valid URLs, false otherwise + * + *********************************************************************/ +int url_requires_percent_encoding(const char *url) +{ + static const char allowed_characters[128] = { + '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', + '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', + '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', + '\0', '\0', '\0', '!', '\0', '#', '$', '%', '&', '\'', + '(', ')', '*', '+', ',', '-', '.', '/', '0', '1', + '2', '3', '4', '5', '6', '7', '8', '9', ':', ';', + '\0', '=', '\0', '?', '@', 'A', 'B', 'C', 'D', 'E', + 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', + 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', + 'Z', '[', '\0', ']', '\0', '_', '\0', 'a', 'b', 'c', + 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', + 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', + 'x', 'y', 'z', '\0', '\0', '\0', '~', '\0' + }; + + while (*url != '\0') + { + const unsigned int i = (unsigned char)*url++; + if (i >= sizeof(allowed_characters) || '\0' == allowed_characters[i]) + { + return TRUE; + } + } + + return FALSE; + +} /********************************************************************* @@ -292,49 +212,31 @@ jb_err init_domain_components(struct http_request *http) * Parameters : * 1 : url = URL (or is it URI?) to break down * 2 : http = pointer to the http structure to hold elements. - * Will be zeroed before use. Note that this - * function sets the http->gpc and http->ver - * members to NULL. - * 3 : csp = Current client state (buffers, headers, etc...) + * Must be initialized with valid values (like NULLs). + * 3 : require_protocol = Whether or not URLs without + * protocol are acceptable. * * Returns : JB_ERR_OK on success - * JB_ERR_MEMORY on out of memory * JB_ERR_PARSE on malformed command/URL * or >100 domains deep. * *********************************************************************/ -jb_err parse_http_url(const char * url, - struct http_request *http, - const struct client_state *csp) +jb_err parse_http_url(const char *url, struct http_request *http, int require_protocol) { int host_available = 1; /* A proxy can dream. */ - /* - * Zero out the results structure - */ - memset(http, '\0', sizeof(*http)); - - /* * Save our initial URL */ - http->url = strdup(url); - if (http->url == NULL) - { - return JB_ERR_MEMORY; - } - + http->url = strdup_or_die(url); /* * Check for * URI. If found, we're done. - */ + */ if (*http->url == '*') { - if ( NULL == (http->path = strdup("*")) - || NULL == (http->hostport = strdup("")) ) - { - return JB_ERR_MEMORY; - } + http->path = strdup_or_die("*"); + http->hostport = strdup_or_die(""); if (http->url[1] != '\0') { return JB_ERR_PARSE; @@ -351,21 +253,19 @@ jb_err parse_http_url(const char * url, char *url_noproto; char *url_path; - buf = strdup(url); - if (buf == NULL) - { - return JB_ERR_MEMORY; - } + buf = strdup_or_die(url); /* Find the start of the URL in our scratch space */ url_noproto = buf; if (strncmpic(url_noproto, "http://", 7) == 0) { url_noproto += 7; - http->ssl = 0; } else if (strncmpic(url_noproto, "https://", 8) == 0) { + /* + * Should only happen when called from cgi_show_url_info(). + */ url_noproto += 8; http->ssl = 1; } @@ -376,13 +276,13 @@ jb_err parse_http_url(const char * url, * Most likely because the client's request * was intercepted and redirected into Privoxy. */ - http->ssl = 0; http->host = NULL; host_available = 0; } - else + else if (require_protocol) { - http->ssl = 0; + freez(buf); + return JB_ERR_PARSE; } url_path = strchr(url_noproto, '/'); @@ -396,9 +296,9 @@ jb_err parse_http_url(const char * url, * https URL in and it's parsed by the function. (When the * URL is actually retrieved, SSL hides the path part). */ - http->path = strdup(http->ssl ? "/" : url_path); + http->path = strdup_or_die(http->ssl ? "/" : url_path); *url_path = '\0'; - http->hostport = strdup(url_noproto); + http->hostport = strdup_or_die(url_noproto); } else { @@ -406,17 +306,11 @@ jb_err parse_http_url(const char * url, * Repair broken HTTP requests that don't contain a path, * or CONNECT requests */ - http->path = strdup("/"); - http->hostport = strdup(url_noproto); + http->path = strdup_or_die("/"); + http->hostport = strdup_or_die(url_noproto); } freez(buf); - - if ( (http->path == NULL) - || (http->hostport == NULL)) - { - return JB_ERR_MEMORY; - } } if (!host_available) @@ -433,11 +327,7 @@ jb_err parse_http_url(const char * url, char *host; char *port; - buf = strdup(http->hostport); - if (buf == NULL) - { - return JB_ERR_MEMORY; - } + buf = strdup_or_die(http->hostport); /* check if url contains username and/or password */ host = strchr(buf, '@'); @@ -452,14 +342,55 @@ jb_err parse_http_url(const char * url, host = buf; } + /* Move after hostname before port number */ + if (*host == '[') + { + /* Numeric IPv6 address delimited by brackets */ + host++; + port = strchr(host, ']'); + + if (port == NULL) + { + /* Missing closing bracket */ + freez(buf); + return JB_ERR_PARSE; + } + + *port++ = '\0'; + + if (*port == '\0') + { + port = NULL; + } + else if (*port != ':') + { + /* Garbage after closing bracket */ + freez(buf); + return JB_ERR_PARSE; + } + } + else + { + /* Plain non-escaped hostname */ + port = strchr(host, ':'); + } + /* check if url contains port */ - port = strchr(host, ':'); if (port != NULL) { /* Contains port */ + char *endptr; + long parsed_port; /* Terminate hostname and point to start of port string */ *port++ = '\0'; - http->port = atoi(port); + parsed_port = strtol(port, &endptr, 10); + if ((parsed_port <= 0) || (parsed_port > 65535) || (*endptr != '\0')) + { + log_error(LOG_LEVEL_ERROR, "Invalid port in URL: %s.", url); + freez(buf); + return JB_ERR_PARSE; + } + http->port = (int)parsed_port; } else { @@ -467,20 +398,17 @@ jb_err parse_http_url(const char * url, http->port = (http->ssl ? 443 : 80); } - http->host = strdup(host); - - free(buf); + http->host = strdup_or_die(host); - if (http->host == NULL) - { - return JB_ERR_MEMORY; - } + freez(buf); } - /* - * Split domain name so we can compare it against wildcards - */ +#ifdef FEATURE_EXTENDED_HOST_PATTERNS + return JB_ERR_OK; +#else + /* Split domain name so we can compare it against wildcards */ return init_domain_components(http); +#endif /* def FEATURE_EXTENDED_HOST_PATTERNS */ } @@ -499,7 +427,7 @@ jb_err parse_http_url(const char * url, *********************************************************************/ static int unknown_method(const char *method) { - static const char *known_http_methods[] = { + static const char * const known_http_methods[] = { /* Basic HTTP request type */ "GET", "HEAD", "POST", "PUT", "DELETE", "OPTIONS", "TRACE", "CONNECT", /* webDAV extensions (RFC2518) */ @@ -508,14 +436,14 @@ static int unknown_method(const char *method) * Microsoft webDAV extension for Exchange 2000. See: * http://lists.w3.org/Archives/Public/w3c-dist-auth/2002JanMar/0001.html * http://msdn.microsoft.com/library/en-us/wss/wss/_webdav_methods.asp - */ + */ "BCOPY", "BMOVE", "BDELETE", "BPROPFIND", "BPROPPATCH", /* * Another Microsoft webDAV extension for Exchange 2000. See: * http://systems.cs.colorado.edu/grunwald/MobileComputing/Papers/draft-cohen-gena-p-base-00.txt * http://lists.w3.org/Archives/Public/w3c-dist-auth/2002JanMar/0001.html * http://msdn.microsoft.com/library/en-us/wss/wss/_webdav_methods.asp - */ + */ "SUBSCRIBE", "UNSUBSCRIBE", "NOTIFY", "POLL", /* * Yet another WebDAV extension, this time for @@ -523,6 +451,12 @@ static int unknown_method(const char *method) */ "VERSION-CONTROL", "REPORT", "CHECKOUT", "CHECKIN", "UNCHECKOUT", "MKWORKSPACE", "UPDATE", "LABEL", "MERGE", "BASELINE-CONTROL", "MKACTIVITY", + /* + * The PATCH method is defined by RFC5789, the format of the + * actual patch in the body depends on the application, but from + * Privoxy's point of view it doesn't matter. + */ + "PATCH", }; int i; @@ -539,6 +473,50 @@ static int unknown_method(const char *method) } +/********************************************************************* + * + * Function : normalize_http_version + * + * Description : Take a supported HTTP version string and remove + * leading zeroes etc., reject unsupported versions. + * + * This is an explicit RFC 2616 (3.1) MUST and + * RFC 7230 mandates that intermediaries send their + * own HTTP-version in forwarded messages. + * + * Parameters : + * 1 : http_version = HTTP version string + * + * Returns : JB_ERR_OK on success + * JB_ERR_PARSE if the HTTP version is unsupported + * + *********************************************************************/ +static jb_err normalize_http_version(char *http_version) +{ + unsigned int major_version; + unsigned int minor_version; + + if (2 != sscanf(http_version, "HTTP/%u.%u", &major_version, &minor_version)) + { + log_error(LOG_LEVEL_ERROR, "Unsupported HTTP version: %s", http_version); + return JB_ERR_PARSE; + } + + if (major_version != 1 || (minor_version != 0 && minor_version != 1)) + { + log_error(LOG_LEVEL_ERROR, "The only supported HTTP " + "versions are 1.0 and 1.1. This rules out: %s", http_version); + return JB_ERR_PARSE; + } + + assert(strlen(http_version) >= 8); + snprintf(http_version, 9, "HTTP/%u.%u", major_version, minor_version); + + return JB_ERR_OK; + +} + + /********************************************************************* * * Function : parse_http_request @@ -549,36 +527,27 @@ static int unknown_method(const char *method) * Parameters : * 1 : req = HTTP request line to break down * 2 : http = pointer to the http structure to hold elements - * 3 : csp = Current client state (buffers, headers, etc...) * * Returns : JB_ERR_OK on success - * JB_ERR_MEMORY on out of memory * JB_ERR_CGI_PARAMS on malformed command/URL * or >100 domains deep. * *********************************************************************/ -jb_err parse_http_request(const char *req, - struct http_request *http, - const struct client_state *csp) +jb_err parse_http_request(const char *req, struct http_request *http) { char *buf; - char *v[10]; /* XXX: Why 10? We should only need three. */ + char *v[3]; int n; jb_err err; - int is_connect = 0; memset(http, '\0', sizeof(*http)); - buf = strdup(req); - if (buf == NULL) - { - return JB_ERR_MEMORY; - } + buf = strdup_or_die(req); - n = ssplit(buf, " \r\n", v, SZ(v), 1, 1); + n = ssplit(buf, " \r\n", v, SZ(v)); if (n != 3) { - free(buf); + freez(buf); return JB_ERR_PARSE; } @@ -594,44 +563,235 @@ jb_err parse_http_request(const char *req, if (unknown_method(v[0])) { log_error(LOG_LEVEL_ERROR, "Unknown HTTP method detected: %s", v[0]); - free(buf); + freez(buf); return JB_ERR_PARSE; } - if (strcmpic(v[0], "CONNECT") == 0) + if (JB_ERR_OK != normalize_http_version(v[2])) { - is_connect = 1; + freez(buf); + return JB_ERR_PARSE; } - err = parse_http_url(v[1], http, csp); + http->ssl = !strcmpic(v[0], "CONNECT"); + + err = parse_http_url(v[1], http, !http->ssl); if (err) { - free(buf); + freez(buf); return err; } /* * Copy the details into the structure */ - http->ssl = is_connect; - http->cmd = strdup(req); - http->gpc = strdup(v[0]); - http->ver = strdup(v[2]); - - if ( (http->cmd == NULL) - || (http->gpc == NULL) - || (http->ver == NULL) ) + http->cmd = strdup_or_die(req); + http->gpc = strdup_or_die(v[0]); + http->ver = strdup_or_die(v[2]); + http->ocmd = strdup_or_die(http->cmd); + + freez(buf); + + return JB_ERR_OK; + +} + + +/********************************************************************* + * + * Function : compile_pattern + * + * Description : Compiles a host, domain or TAG pattern. + * + * Parameters : + * 1 : pattern = The pattern to compile. + * 2 : anchoring = How the regex should be modified + * before compilation. Can be either + * one of NO_ANCHORING, LEFT_ANCHORED, + * RIGHT_ANCHORED or RIGHT_ANCHORED_HOST. + * 3 : url = In case of failures, the spec member is + * logged and the structure freed. + * 4 : regex = Where the compiled regex should be stored. + * + * Returns : JB_ERR_OK - Success + * JB_ERR_PARSE - Cannot parse regex + * + *********************************************************************/ +static jb_err compile_pattern(const char *pattern, enum regex_anchoring anchoring, + struct pattern_spec *url, regex_t **regex) +{ + int errcode; + const char *fmt = NULL; + char *rebuf; + size_t rebuf_size; + + assert(pattern); + + if (pattern[0] == '\0') + { + *regex = NULL; + return JB_ERR_OK; + } + + switch (anchoring) + { + case NO_ANCHORING: + fmt = "%s"; + break; + case RIGHT_ANCHORED: + fmt = "%s$"; + break; + case RIGHT_ANCHORED_HOST: + fmt = "%s\\.?$"; + break; + case LEFT_ANCHORED: + fmt = "^%s"; + break; + default: + log_error(LOG_LEVEL_FATAL, + "Invalid anchoring in compile_pattern %d", anchoring); + } + rebuf_size = strlen(pattern) + strlen(fmt); + rebuf = malloc_or_die(rebuf_size); + *regex = zalloc_or_die(sizeof(**regex)); + + snprintf(rebuf, rebuf_size, fmt, pattern); + + errcode = regcomp(*regex, rebuf, (REG_EXTENDED|REG_NOSUB|REG_ICASE)); + + if (errcode) + { + size_t errlen = regerror(errcode, *regex, rebuf, rebuf_size); + if (errlen > (rebuf_size - (size_t)1)) + { + errlen = rebuf_size - (size_t)1; + } + rebuf[errlen] = '\0'; + log_error(LOG_LEVEL_ERROR, "error compiling %s from %s: %s", + pattern, url->spec, rebuf); + free_pattern_spec(url); + freez(rebuf); + + return JB_ERR_PARSE; + } + freez(rebuf); + + return JB_ERR_OK; + +} + + +/********************************************************************* + * + * Function : compile_url_pattern + * + * Description : Compiles the three parts of an URL pattern. + * + * Parameters : + * 1 : url = Target pattern_spec to be filled in. + * 2 : buf = The url pattern to compile. Will be messed up. + * + * Returns : JB_ERR_OK - Success + * JB_ERR_MEMORY - Out of memory + * JB_ERR_PARSE - Cannot parse regex + * + *********************************************************************/ +static jb_err compile_url_pattern(struct pattern_spec *url, char *buf) +{ + char *p; + + p = strchr(buf, '/'); + if (NULL != p) + { + /* + * Only compile the regex if it consists of more than + * a single slash, otherwise it wouldn't affect the result. + */ + if (p[1] != '\0') + { + /* + * XXX: does it make sense to compile the slash at the beginning? + */ + jb_err err = compile_pattern(p, LEFT_ANCHORED, url, &url->pattern.url_spec.preg); + + if (JB_ERR_OK != err) + { + return err; + } + } + *p = '\0'; + } + + /* + * IPv6 numeric hostnames can contain colons, thus we need + * to delimit the hostname before the real port separator. + * As brackets are already used in the hostname pattern, + * we use angle brackets ('<', '>') instead. + */ + if ((buf[0] == '<') && (NULL != (p = strchr(buf + 1, '>')))) + { + *p++ = '\0'; + buf++; + + if (*p == '\0') + { + /* IPv6 address without port number */ + p = NULL; + } + else if (*p != ':') + { + /* Garbage after address delimiter */ + return JB_ERR_PARSE; + } + } + else { - free(buf); - return JB_ERR_MEMORY; + p = strchr(buf, ':'); + } + + if (NULL != p) + { + *p++ = '\0'; + url->pattern.url_spec.port_list = strdup_or_die(p); + } + else + { + url->pattern.url_spec.port_list = NULL; + } + + if (buf[0] != '\0') + { + return compile_host_pattern(url, buf); } - free(buf); return JB_ERR_OK; } +#ifdef FEATURE_EXTENDED_HOST_PATTERNS +/********************************************************************* + * + * Function : compile_host_pattern + * + * Description : Parses and compiles a host pattern. + * + * Parameters : + * 1 : url = Target pattern_spec to be filled in. + * 2 : host_pattern = Host pattern to compile. + * + * Returns : JB_ERR_OK - Success + * JB_ERR_MEMORY - Out of memory + * JB_ERR_PARSE - Cannot parse regex + * + *********************************************************************/ +static jb_err compile_host_pattern(struct pattern_spec *url, const char *host_pattern) +{ + return compile_pattern(host_pattern, RIGHT_ANCHORED_HOST, url, &url->pattern.url_spec.host_regex); +} + +#else + /********************************************************************* * * Function : compile_host_pattern @@ -639,15 +799,14 @@ jb_err parse_http_request(const char *req, * Description : Parses and "compiles" an old-school host pattern. * * Parameters : - * 1 : url = Target url_spec to be filled in. + * 1 : url = Target pattern_spec to be filled in. * 2 : host_pattern = Host pattern to parse. * * Returns : JB_ERR_OK - Success - * JB_ERR_MEMORY - Out of memory * JB_ERR_PARSE - Cannot parse regex * *********************************************************************/ -static jb_err compile_host_pattern(struct url_spec *url, const char *host_pattern) +static jb_err compile_host_pattern(struct pattern_spec *url, const char *host_pattern) { char *v[150]; size_t size; @@ -658,69 +817,46 @@ static jb_err compile_host_pattern(struct url_spec *url, const char *host_patter */ if (host_pattern[strlen(host_pattern) - 1] == '.') { - url->unanchored |= ANCHOR_RIGHT; + url->pattern.url_spec.unanchored |= ANCHOR_RIGHT; } if (host_pattern[0] == '.') { - url->unanchored |= ANCHOR_LEFT; + url->pattern.url_spec.unanchored |= ANCHOR_LEFT; } - /* + /* * Split domain into components */ - url->dbuffer = strdup(host_pattern); - if (NULL == url->dbuffer) - { - freez(url->spec); - freez(url->path); - regfree(url->preg); - freez(url->preg); - return JB_ERR_MEMORY; - } + url->pattern.url_spec.dbuffer = strdup_or_die(host_pattern); - /* + /* * Map to lower case */ - for (p = url->dbuffer; *p ; p++) + for (p = url->pattern.url_spec.dbuffer; *p ; p++) { - *p = (char)tolower((int)(unsigned char)*p); + *p = (char)privoxy_tolower(*p); } - /* + /* * Split the domain name into components */ - url->dcount = ssplit(url->dbuffer, ".", v, SZ(v), 1, 1); + url->pattern.url_spec.dcount = ssplit(url->pattern.url_spec.dbuffer, ".", v, SZ(v)); - if (url->dcount < 0) + if (url->pattern.url_spec.dcount < 0) { - freez(url->spec); - freez(url->path); - regfree(url->preg); - freez(url->preg); - freez(url->dbuffer); - url->dcount = 0; - return JB_ERR_MEMORY; + free_pattern_spec(url); + return JB_ERR_PARSE; } - else if (url->dcount != 0) + else if (url->pattern.url_spec.dcount != 0) { - /* + /* * Save a copy of the pointers in dvec */ - size = (size_t)url->dcount * sizeof(*url->dvec); - - url->dvec = (char **)malloc(size); - if (NULL == url->dvec) - { - freez(url->spec); - freez(url->path); - regfree(url->preg); - freez(url->preg); - freez(url->dbuffer); - url->dcount = 0; - return JB_ERR_MEMORY; - } + size = (size_t)url->pattern.url_spec.dcount * sizeof(*url->pattern.url_spec.dvec); + + url->pattern.url_spec.dvec = malloc_or_die(size); - memcpy(url->dvec, v, size); + memcpy(url->pattern.url_spec.dvec, v, size); } /* * else dcount == 0 in which case we needn't do anything, @@ -731,6 +867,144 @@ static jb_err compile_host_pattern(struct url_spec *url, const char *host_patter } +/********************************************************************* + * + * Function : simplematch + * + * Description : String matching, with a (greedy) '*' wildcard that + * stands for zero or more arbitrary characters and + * character classes in [], which take both enumerations + * and ranges. + * + * Parameters : + * 1 : pattern = pattern for matching + * 2 : text = text to be matched + * + * Returns : 0 if match, else nonzero + * + *********************************************************************/ +static int simplematch(const char *pattern, const char *text) +{ + const unsigned char *pat = (const unsigned char *)pattern; + const unsigned char *txt = (const unsigned char *)text; + const unsigned char *fallback = pat; + int wildcard = 0; + + unsigned char lastchar = 'a'; + unsigned i; + unsigned char charmap[32]; + + while (*txt) + { + + /* EOF pattern but !EOF text? */ + if (*pat == '\0') + { + if (wildcard) + { + pat = fallback; + } + else + { + return 1; + } + } + + /* '*' in the pattern? */ + if (*pat == '*') + { + + /* The pattern ends afterwards? Speed up the return. */ + if (*++pat == '\0') + { + return 0; + } + + /* Else, set wildcard mode and remember position after '*' */ + wildcard = 1; + fallback = pat; + } + + /* Character range specification? */ + if (*pat == '[') + { + memset(charmap, '\0', sizeof(charmap)); + + while (*++pat != ']') + { + if (!*pat) + { + return 1; + } + else if (*pat == '-') + { + if ((*++pat == ']') || *pat == '\0') + { + return(1); + } + for (i = lastchar; i <= *pat; i++) + { + charmap[i / 8] |= (unsigned char)(1 << (i % 8)); + } + } + else + { + charmap[*pat / 8] |= (unsigned char)(1 << (*pat % 8)); + lastchar = *pat; + } + } + } /* -END- if Character range specification */ + + + /* + * Char match, or char range match? + */ + if ((*pat == *txt) + || (*pat == '?') + || ((*pat == ']') && (charmap[*txt / 8] & (1 << (*txt % 8))))) + { + /* + * Success: Go ahead + */ + pat++; + } + else if (!wildcard) + { + /* + * No match && no wildcard: No luck + */ + return 1; + } + else if (pat != fallback) + { + /* + * Increment text pointer if in char range matching + */ + if (*pat == ']') + { + txt++; + } + /* + * Wildcard mode && nonmatch beyond fallback: Rewind pattern + */ + pat = fallback; + /* + * Restart matching from current text pointer + */ + continue; + } + txt++; + } + + /* Cut off extra '*'s */ + if (*pat == '*') pat++; + + /* If this is the pattern's end, fine! */ + return(*pat); + +} + + /********************************************************************* * * Function : simple_domaincmp @@ -772,25 +1046,25 @@ static int simple_domaincmp(char **pv, char **fv, int len) * Function : domain_match * * Description : Domain-wise Compare fqdn's. Governed by the bimap in - * pattern->unachored, the comparison is un-, left-, + * p.pattern->unachored, the comparison is un-, left-, * right-anchored, or both. * The individual domain names are compared with * simplematch(). * * Parameters : - * 1 : pattern = a domain that may contain a '*' as a wildcard. + * 1 : p = a domain that may contain a '*' as a wildcard. * 2 : fqdn = domain name against which the patterns are compared. * * Returns : 0 => domains are equivalent, else no match. * *********************************************************************/ -static int domain_match(const struct url_spec *pattern, const struct http_request *fqdn) +static int domain_match(const struct pattern_spec *p, const struct http_request *fqdn) { char **pv, **fv; /* vectors */ int plen, flen; - int unanchored = pattern->unanchored & (ANCHOR_RIGHT | ANCHOR_LEFT); + int unanchored = p->pattern.url_spec.unanchored & (ANCHOR_RIGHT | ANCHOR_LEFT); - plen = pattern->dcount; + plen = p->pattern.url_spec.dcount; flen = fqdn->dcount; if (flen < plen) @@ -799,7 +1073,7 @@ static int domain_match(const struct url_spec *pattern, const struct http_reques return 1; } - pv = pattern->dvec; + pv = p->pattern.url_spec.dvec; fv = fqdn->dvec; if (unanchored == ANCHOR_LEFT) @@ -848,193 +1122,189 @@ static int domain_match(const struct url_spec *pattern, const struct http_reques } } +#endif /* def FEATURE_EXTENDED_HOST_PATTERNS */ /********************************************************************* * - * Function : create_url_spec + * Function : create_pattern_spec * - * Description : Creates a "url_spec" structure from a string. - * When finished, free with free_url_spec(). + * Description : Creates a "pattern_spec" structure from a string. + * When finished, free with free_pattern_spec(). * * Parameters : - * 1 : url = Target url_spec to be filled in. Will be - * zeroed before use. + * 1 : pattern = Target pattern_spec to be filled in. + * Will be zeroed before use. * 2 : buf = Source pattern, null terminated. NOTE: The * contents of this buffer are destroyed by this * function. If this function succeeds, the - * buffer is copied to url->spec. If this + * buffer is copied to pattern->spec. If this * function fails, the contents of the buffer * are lost forever. * * Returns : JB_ERR_OK - Success - * JB_ERR_MEMORY - Out of memory * JB_ERR_PARSE - Cannot parse regex (Detailed message * written to system log) * *********************************************************************/ -jb_err create_url_spec(struct url_spec * url, const char * buf) +jb_err create_pattern_spec(struct pattern_spec *pattern, char *buf) { - char *p; - int errcode; - size_t errlen; - char rebuf[BUFFER_SIZE]; + static const struct + { + /** The tag pattern prefix to match */ + const char *prefix; + + /** The length of the prefix to match */ + const size_t prefix_length; + + /** The pattern flag */ + const unsigned flag; + } tag_pattern[] = { + { "TAG:", 4, PATTERN_SPEC_TAG_PATTERN}, + #ifdef FEATURE_CLIENT_TAGS + { "CLIENT-TAG:", 11, PATTERN_SPEC_CLIENT_TAG_PATTERN}, + #endif + { "NO-REQUEST-TAG:", 15, PATTERN_SPEC_NO_REQUEST_TAG_PATTERN}, + { "NO-RESPONSE-TAG:", 16, PATTERN_SPEC_NO_RESPONSE_TAG_PATTERN} + }; + int i; - assert(url); + assert(pattern); assert(buf); - /* - * Zero memory - */ - memset(url, '\0', sizeof(*url)); + memset(pattern, '\0', sizeof(*pattern)); - /* - * Save a copy of the orignal specification - */ - if ((url->spec = strdup(buf)) == NULL) - { - return JB_ERR_MEMORY; - } + /* Remember the original specification for the CGI pages. */ + pattern->spec = strdup_or_die(buf); - /* Is it tag pattern? */ - if (0 == strncmpic("TAG:", url->spec, 4)) + /* Check if it's a tag pattern */ + for (i = 0; i < SZ(tag_pattern); i++) { - if (NULL == (url->tag_regex = zalloc(sizeof(*url->tag_regex)))) + if (0 == strncmpic(pattern->spec, tag_pattern[i].prefix, tag_pattern[i].prefix_length)) { - freez(url->spec); - return JB_ERR_MEMORY; - } + /* The regex starts after the prefix */ + const char *tag_regex = buf + tag_pattern[i].prefix_length; - /* buf + 4 to skip "TAG:" */ - errcode = regcomp(url->tag_regex, buf + 4, (REG_EXTENDED|REG_NOSUB|REG_ICASE)); - if (errcode) - { - errlen = regerror(errcode, url->preg, rebuf, sizeof(rebuf)); - if (errlen > (sizeof(rebuf) - 1)) - { - errlen = sizeof(rebuf) - 1; - } - rebuf[errlen] = '\0'; - - log_error(LOG_LEVEL_ERROR, "error compiling %s: %s", url->spec, rebuf); + pattern->flags |= tag_pattern[i].flag; - freez(url->spec); - regfree(url->tag_regex); - freez(url->tag_regex); - - return JB_ERR_PARSE; + return compile_pattern(tag_regex, NO_ANCHORING, pattern, + &pattern->pattern.tag_regex); } - return JB_ERR_OK; } - /* Only reached for URL patterns */ - p = strchr(buf, '/'); - if (NULL != p) - { - url->path = strdup(p); - if (NULL == url->path) - { - freez(url->spec); - return JB_ERR_MEMORY; - } - *p = '\0'; - } - else - { - url->path = NULL; - } - if (url->path) - { - if (NULL == (url->preg = zalloc(sizeof(*url->preg)))) - { - freez(url->spec); - freez(url->path); - return JB_ERR_MEMORY; - } - - snprintf(rebuf, sizeof(rebuf), "^(%s)", url->path); + /* If it isn't a tag pattern it must be an URL pattern. */ + pattern->flags |= PATTERN_SPEC_URL_PATTERN; - errcode = regcomp(url->preg, rebuf, - (REG_EXTENDED|REG_NOSUB|REG_ICASE)); - if (errcode) - { - errlen = regerror(errcode, url->preg, rebuf, sizeof(rebuf)); - - if (errlen > (sizeof(rebuf) - (size_t)1)) - { - errlen = sizeof(rebuf) - (size_t)1; - } - rebuf[errlen] = '\0'; + return compile_url_pattern(pattern, buf); - log_error(LOG_LEVEL_ERROR, "error compiling %s: %s", - url->spec, rebuf); +} - freez(url->spec); - freez(url->path); - regfree(url->preg); - freez(url->preg); - return JB_ERR_PARSE; - } - } +/********************************************************************* + * + * Function : free_pattern_spec + * + * Description : Called from the "unloaders". Freez the pattern + * structure elements. + * + * Parameters : + * 1 : pattern = pointer to a pattern_spec structure. + * + * Returns : N/A + * + *********************************************************************/ +void free_pattern_spec(struct pattern_spec *pattern) +{ + if (pattern == NULL) return; - p = strchr(buf, ':'); - if (NULL != p) + freez(pattern->spec); +#ifdef FEATURE_EXTENDED_HOST_PATTERNS + if (pattern->pattern.url_spec.host_regex) { - *p++ = '\0'; - url->port_list = strdup(p); - if (NULL == url->port_list) - { - return JB_ERR_MEMORY; - } + regfree(pattern->pattern.url_spec.host_regex); + freez(pattern->pattern.url_spec.host_regex); } - else +#else + freez(pattern->pattern.url_spec.dbuffer); + freez(pattern->pattern.url_spec.dvec); + pattern->pattern.url_spec.dcount = 0; +#endif /* ndef FEATURE_EXTENDED_HOST_PATTERNS */ + freez(pattern->pattern.url_spec.port_list); + if (pattern->pattern.url_spec.preg) { - url->port_list = NULL; + regfree(pattern->pattern.url_spec.preg); + freez(pattern->pattern.url_spec.preg); } - - if (buf[0] != '\0') + if (pattern->pattern.tag_regex) { - return compile_host_pattern(url, buf); + regfree(pattern->pattern.tag_regex); + freez(pattern->pattern.tag_regex); } +} - return JB_ERR_OK; +/********************************************************************* + * + * Function : port_matches + * + * Description : Compares a port against a port list. + * + * Parameters : + * 1 : port = The port to check. + * 2 : port_list = The list of port to compare with. + * + * Returns : TRUE for yes, FALSE otherwise. + * + *********************************************************************/ +static int port_matches(const int port, const char *port_list) +{ + return ((NULL == port_list) || match_portlist(port_list, port)); } /********************************************************************* * - * Function : free_url_spec + * Function : host_matches * - * Description : Called from the "unloaders". Freez the url - * structure elements. + * Description : Compares a host against a host pattern. * * Parameters : - * 1 : url = pointer to a url_spec structure. + * 1 : url = The URL to match + * 2 : pattern = The URL pattern * - * Returns : N/A + * Returns : TRUE for yes, FALSE otherwise. * *********************************************************************/ -void free_url_spec(struct url_spec *url) +static int host_matches(const struct http_request *http, + const struct pattern_spec *pattern) { - if (url == NULL) return; - - freez(url->spec); - freez(url->dbuffer); - freez(url->dvec); - freez(url->path); - freez(url->port_list); - if (url->preg) - { - regfree(url->preg); - freez(url->preg); - } - if (url->tag_regex) - { - regfree(url->tag_regex); - freez(url->tag_regex); - } + assert(http->host != NULL); +#ifdef FEATURE_EXTENDED_HOST_PATTERNS + return ((NULL == pattern->pattern.url_spec.host_regex) + || (0 == regexec(pattern->pattern.url_spec.host_regex, http->host, 0, NULL, 0))); +#else + return ((NULL == pattern->pattern.url_spec.dbuffer) || (0 == domain_match(pattern, http))); +#endif +} + + +/********************************************************************* + * + * Function : path_matches + * + * Description : Compares a path against a path pattern. + * + * Parameters : + * 1 : path = The path to match + * 2 : pattern = The URL pattern + * + * Returns : TRUE for yes, FALSE otherwise. + * + *********************************************************************/ +static int path_matches(const char *path, const struct pattern_spec *pattern) +{ + return ((NULL == pattern->pattern.url_spec.preg) + || (0 == regexec(pattern->pattern.url_spec.preg, path, 0, NULL, 0))); } @@ -1051,21 +1321,17 @@ void free_url_spec(struct url_spec *url) * Returns : Nonzero if the URL matches the pattern, else 0. * *********************************************************************/ -int url_match(const struct url_spec *pattern, - const struct http_request *url) +int url_match(const struct pattern_spec *pattern, + const struct http_request *http) { - /* XXX: these should probably be functions. */ -#define PORT_MATCHES ((NULL == pattern->port_list) || match_portlist(pattern->port_list, url->port)) -#define DOMAIN_MATCHES ((NULL == pattern->dbuffer) || (0 == domain_match(pattern, url))) -#define PATH_MATCHES ((NULL == pattern->path) || (0 == regexec(pattern->preg, url->path, 0, NULL, 0))) - - if (pattern->tag_regex != NULL) + if (!(pattern->flags & PATTERN_SPEC_URL_PATTERN)) { - /* It's a tag pattern and shouldn't be matched against URLs */ + /* It's not an URL pattern and thus shouldn't be matched against URLs */ return 0; - } + } - return (PORT_MATCHES && DOMAIN_MATCHES && PATH_MATCHES); + return (port_matches(http->port, pattern->pattern.url_spec.port_list) + && host_matches(http, pattern) && path_matches(http->path, pattern)); } @@ -1089,7 +1355,7 @@ int match_portlist(const char *portlist, int port) { char *min, *max, *next, *portlist_copy; - min = next = portlist_copy = strdup(portlist); + min = portlist_copy = strdup_or_die(portlist); /* * Zero-terminate first item and remember offset for next @@ -1102,7 +1368,7 @@ int match_portlist(const char *portlist, int port) /* * Loop through all items, checking for match */ - while(min) + while (NULL != min) { if (NULL == (max = strchr(min, (int) '-'))) { @@ -1111,7 +1377,7 @@ int match_portlist(const char *portlist, int port) */ if (port == atoi(min)) { - free(portlist_copy); + freez(portlist_copy); return(1); } } @@ -1122,9 +1388,9 @@ int match_portlist(const char *portlist, int port) * or, if max was omitted, between min and 65K */ *max++ = '\0'; - if(port >= atoi(min) && port <= (atoi(max) ? atoi(max) : 65535)) + if (port >= atoi(min) && port <= (atoi(max) ? atoi(max) : 65535)) { - free(portlist_copy); + freez(portlist_copy); return(1); } @@ -1144,12 +1410,80 @@ int match_portlist(const char *portlist, int port) } } - free(portlist_copy); + freez(portlist_copy); return 0; } +/********************************************************************* + * + * Function : parse_forwarder_address + * + * Description : Parse out the username, password, host and port from + * a forwarder address. + * + * Parameters : + * 1 : address = The forwarder address to parse. + * 2 : hostname = Used to return the hostname. NULL on error. + * 3 : port = Used to return the port. Untouched if no port + * is specified. + * 4 : username = Used to return the username if any. + * 5 : password = Used to return the password if any. + * + * Returns : JB_ERR_OK on success + * JB_ERR_MEMORY on out of memory + * JB_ERR_PARSE on malformed address. + * + *********************************************************************/ +jb_err parse_forwarder_address(char *address, char **hostname, int *port, + char **username, char **password) +{ + char *p; + *hostname = strdup_or_die(address); + + /* Parse username and password */ + if (username && password && (NULL != (p = strchr(*hostname, '@')))) + { + *p++ = '\0'; + *username = *hostname; + *hostname = p; + + if (NULL != (p = strchr(*username, ':'))) + { + *p++ = '\0'; + *password = strdup_or_die(p); + } + } + + /* Parse hostname and port */ + p = *hostname; + if ((*p == '[') && (NULL == strchr(p, ']'))) + { + /* XXX: Should do some more validity checks here. */ + return JB_ERR_PARSE; + } + + if ((**hostname == '[') && (NULL != (p = strchr(*hostname, ']')))) + { + *p++ = '\0'; + memmove(*hostname, (*hostname + 1), (size_t)(p - *hostname)); + if (*p == ':') + { + *port = (int)strtol(++p, NULL, 0); + } + } + else if (NULL != (p = strchr(*hostname, ':'))) + { + *p++ = '\0'; + *port = (int)strtol(p, NULL, 0); + } + + return JB_ERR_OK; + +} + + /* Local Variables: tab-width: 3