1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "net/base/net_util.h" 6 7 #include <unicode/regex.h> 8 #include <unicode/ucnv.h> 9 #include <unicode/uidna.h> 10 #include <unicode/ulocdata.h> 11 #include <unicode/uniset.h> 12 #include <unicode/uscript.h> 13 #include <unicode/uset.h> 14 #include <algorithm> 15 #include <iterator> 16 #include <map> 17 18 #include "build/build_config.h" 19 20 #if defined(OS_WIN) 21 #include <windows.h> 22 #include <winsock2.h> 23 #include <iphlpapi.h> 24 #pragma comment(lib, "iphlpapi.lib") 25 #elif defined(OS_POSIX) 26 #include <fcntl.h> 27 #ifndef ANDROID 28 #include <ifaddrs.h> 29 #endif 30 #include <netdb.h> 31 #include <net/if.h> 32 #include <netinet/in.h> 33 #if defined(__BIONIC__) && defined(ANDROID) 34 #include <netinet/in6.h> 35 #endif 36 #endif 37 38 #include "base/base64.h" 39 #include "base/basictypes.h" 40 #include "base/file_path.h" 41 #include "base/file_util.h" 42 #include "base/i18n/file_util_icu.h" 43 #include "base/i18n/icu_string_conversions.h" 44 #include "base/i18n/time_formatting.h" 45 #include "base/json/string_escape.h" 46 #include "base/logging.h" 47 #include "base/memory/singleton.h" 48 #include "base/message_loop.h" 49 #include "base/metrics/histogram.h" 50 #include "base/path_service.h" 51 #include "base/stl_util-inl.h" 52 #include "base/string_number_conversions.h" 53 #include "base/string_piece.h" 54 #include "base/string_split.h" 55 #include "base/string_tokenizer.h" 56 #include "base/string_util.h" 57 #include "base/stringprintf.h" 58 #include "base/synchronization/lock.h" 59 #include "base/sys_string_conversions.h" 60 #include "base/time.h" 61 #include "base/utf_offset_string_conversions.h" 62 #include "base/utf_string_conversions.h" 63 #include "googleurl/src/gurl.h" 64 #include "googleurl/src/url_canon.h" 65 #include "googleurl/src/url_canon_ip.h" 66 #include "googleurl/src/url_parse.h" 67 #include "grit/net_resources.h" 68 #include "net/base/dns_util.h" 69 #include "net/base/escape.h" 70 #include "net/base/net_module.h" 71 #if defined(OS_WIN) 72 #include "net/base/winsock_init.h" 73 #endif 74 #include "unicode/datefmt.h" 75 76 using base::Time; 77 78 namespace net { 79 80 namespace { 81 82 // what we prepend to get a file URL 83 static const FilePath::CharType kFileURLPrefix[] = 84 FILE_PATH_LITERAL("file:///"); 85 86 // The general list of blocked ports. Will be blocked unless a specific 87 // protocol overrides it. (Ex: ftp can use ports 20 and 21) 88 static const int kRestrictedPorts[] = { 89 1, // tcpmux 90 7, // echo 91 9, // discard 92 11, // systat 93 13, // daytime 94 15, // netstat 95 17, // qotd 96 19, // chargen 97 20, // ftp data 98 21, // ftp access 99 22, // ssh 100 23, // telnet 101 25, // smtp 102 37, // time 103 42, // name 104 43, // nicname 105 53, // domain 106 77, // priv-rjs 107 79, // finger 108 87, // ttylink 109 95, // supdup 110 101, // hostriame 111 102, // iso-tsap 112 103, // gppitnp 113 104, // acr-nema 114 109, // pop2 115 110, // pop3 116 111, // sunrpc 117 113, // auth 118 115, // sftp 119 117, // uucp-path 120 119, // nntp 121 123, // NTP 122 135, // loc-srv /epmap 123 139, // netbios 124 143, // imap2 125 179, // BGP 126 389, // ldap 127 465, // smtp+ssl 128 512, // print / exec 129 513, // login 130 514, // shell 131 515, // printer 132 526, // tempo 133 530, // courier 134 531, // chat 135 532, // netnews 136 540, // uucp 137 556, // remotefs 138 563, // nntp+ssl 139 587, // stmp? 140 601, // ?? 141 636, // ldap+ssl 142 993, // ldap+ssl 143 995, // pop3+ssl 144 2049, // nfs 145 3659, // apple-sasl / PasswordServer 146 4045, // lockd 147 6000, // X11 148 6665, // Alternate IRC [Apple addition] 149 6666, // Alternate IRC [Apple addition] 150 6667, // Standard IRC [Apple addition] 151 6668, // Alternate IRC [Apple addition] 152 6669, // Alternate IRC [Apple addition] 153 0xFFFF, // Used to block all invalid port numbers (see 154 // third_party/WebKit/Source/WebCore/platform/KURLGoogle.cpp, port()) 155 }; 156 157 // FTP overrides the following restricted ports. 158 static const int kAllowedFtpPorts[] = { 159 21, // ftp data 160 22, // ssh 161 }; 162 163 template<typename STR> 164 STR GetSpecificHeaderT(const STR& headers, const STR& name) { 165 // We want to grab the Value from the "Key: Value" pairs in the headers, 166 // which should look like this (no leading spaces, \n-separated) (we format 167 // them this way in url_request_inet.cc): 168 // HTTP/1.1 200 OK\n 169 // ETag: "6d0b8-947-24f35ec0"\n 170 // Content-Length: 2375\n 171 // Content-Type: text/html; charset=UTF-8\n 172 // Last-Modified: Sun, 03 Sep 2006 04:34:43 GMT\n 173 if (headers.empty()) 174 return STR(); 175 176 STR match; 177 match.push_back('\n'); 178 match.append(name); 179 match.push_back(':'); 180 181 typename STR::const_iterator begin = 182 search(headers.begin(), headers.end(), match.begin(), match.end(), 183 base::CaseInsensitiveCompareASCII<typename STR::value_type>()); 184 185 if (begin == headers.end()) 186 return STR(); 187 188 begin += match.length(); 189 190 typename STR::const_iterator end = find(begin, headers.end(), '\n'); 191 192 STR ret; 193 TrimWhitespace(STR(begin, end), TRIM_ALL, &ret); 194 return ret; 195 } 196 197 // Similar to Base64Decode. Decodes a Q-encoded string to a sequence 198 // of bytes. If input is invalid, return false. 199 bool QPDecode(const std::string& input, std::string* output) { 200 std::string temp; 201 temp.reserve(input.size()); 202 std::string::const_iterator it = input.begin(); 203 while (it != input.end()) { 204 if (*it == '_') { 205 temp.push_back(' '); 206 } else if (*it == '=') { 207 if (input.end() - it < 3) { 208 return false; 209 } 210 if (IsHexDigit(static_cast<unsigned char>(*(it + 1))) && 211 IsHexDigit(static_cast<unsigned char>(*(it + 2)))) { 212 unsigned char ch = HexDigitToInt(*(it + 1)) * 16 + 213 HexDigitToInt(*(it + 2)); 214 temp.push_back(static_cast<char>(ch)); 215 ++it; 216 ++it; 217 } else { 218 return false; 219 } 220 } else if (0x20 < *it && *it < 0x7F) { 221 // In a Q-encoded word, only printable ASCII characters 222 // represent themselves. Besides, space, '=', '_' and '?' are 223 // not allowed, but they're already filtered out. 224 DCHECK(*it != 0x3D && *it != 0x5F && *it != 0x3F); 225 temp.push_back(*it); 226 } else { 227 return false; 228 } 229 ++it; 230 } 231 output->swap(temp); 232 return true; 233 } 234 235 enum RFC2047EncodingType {Q_ENCODING, B_ENCODING}; 236 bool DecodeBQEncoding(const std::string& part, RFC2047EncodingType enc_type, 237 const std::string& charset, std::string* output) { 238 std::string decoded; 239 if (enc_type == B_ENCODING) { 240 if (!base::Base64Decode(part, &decoded)) { 241 return false; 242 } 243 } else { 244 if (!QPDecode(part, &decoded)) { 245 return false; 246 } 247 } 248 249 UErrorCode err = U_ZERO_ERROR; 250 UConverter* converter(ucnv_open(charset.c_str(), &err)); 251 if (U_FAILURE(err)) { 252 return false; 253 } 254 255 // A single byte in a legacy encoding can be expanded to 3 bytes in UTF-8. 256 // A 'two-byte character' in a legacy encoding can be expanded to 4 bytes 257 // in UTF-8. Therefore, the expansion ratio is 3 at most. 258 int length = static_cast<int>(decoded.length()); 259 char* buf = WriteInto(output, length * 3); 260 length = ucnv_toAlgorithmic(UCNV_UTF8, converter, buf, length * 3, 261 decoded.data(), length, &err); 262 ucnv_close(converter); 263 if (U_FAILURE(err)) { 264 return false; 265 } 266 output->resize(length); 267 return true; 268 } 269 270 bool DecodeWord(const std::string& encoded_word, 271 const std::string& referrer_charset, 272 bool* is_rfc2047, 273 std::string* output) { 274 *is_rfc2047 = false; 275 output->clear(); 276 if (encoded_word.empty()) 277 return true; 278 279 if (!IsStringASCII(encoded_word)) { 280 // Try UTF-8, referrer_charset and the native OS default charset in turn. 281 if (IsStringUTF8(encoded_word)) { 282 *output = encoded_word; 283 } else { 284 std::wstring wide_output; 285 if (!referrer_charset.empty() && 286 base::CodepageToWide(encoded_word, referrer_charset.c_str(), 287 base::OnStringConversionError::FAIL, 288 &wide_output)) { 289 *output = WideToUTF8(wide_output); 290 } else { 291 *output = WideToUTF8(base::SysNativeMBToWide(encoded_word)); 292 } 293 } 294 295 return true; 296 } 297 298 // RFC 2047 : one of encoding methods supported by Firefox and relatively 299 // widely used by web servers. 300 // =?charset?<E>?<encoded string>?= where '<E>' is either 'B' or 'Q'. 301 // We don't care about the length restriction (72 bytes) because 302 // many web servers generate encoded words longer than the limit. 303 std::string tmp; 304 *is_rfc2047 = true; 305 int part_index = 0; 306 std::string charset; 307 StringTokenizer t(encoded_word, "?"); 308 RFC2047EncodingType enc_type = Q_ENCODING; 309 while (*is_rfc2047 && t.GetNext()) { 310 std::string part = t.token(); 311 switch (part_index) { 312 case 0: 313 if (part != "=") { 314 *is_rfc2047 = false; 315 break; 316 } 317 ++part_index; 318 break; 319 case 1: 320 // Do we need charset validity check here? 321 charset = part; 322 ++part_index; 323 break; 324 case 2: 325 if (part.size() > 1 || 326 part.find_first_of("bBqQ") == std::string::npos) { 327 *is_rfc2047 = false; 328 break; 329 } 330 if (part[0] == 'b' || part[0] == 'B') { 331 enc_type = B_ENCODING; 332 } 333 ++part_index; 334 break; 335 case 3: 336 *is_rfc2047 = DecodeBQEncoding(part, enc_type, charset, &tmp); 337 if (!*is_rfc2047) { 338 // Last minute failure. Invalid B/Q encoding. Rather than 339 // passing it through, return now. 340 return false; 341 } 342 ++part_index; 343 break; 344 case 4: 345 if (part != "=") { 346 // Another last minute failure ! 347 // Likely to be a case of two encoded-words in a row or 348 // an encoded word followed by a non-encoded word. We can be 349 // generous, but it does not help much in terms of compatibility, 350 // I believe. Return immediately. 351 *is_rfc2047 = false; 352 return false; 353 } 354 ++part_index; 355 break; 356 default: 357 *is_rfc2047 = false; 358 return false; 359 } 360 } 361 362 if (*is_rfc2047) { 363 if (*(encoded_word.end() - 1) == '=') { 364 output->swap(tmp); 365 return true; 366 } 367 // encoded_word ending prematurelly with '?' or extra '?' 368 *is_rfc2047 = false; 369 return false; 370 } 371 372 // We're not handling 'especial' characters quoted with '\', but 373 // it should be Ok because we're not an email client but a 374 // web browser. 375 376 // What IE6/7 does: %-escaped UTF-8. 377 tmp = UnescapeURLComponent(encoded_word, UnescapeRule::SPACES); 378 if (IsStringUTF8(tmp)) { 379 output->swap(tmp); 380 return true; 381 // We can try either the OS default charset or 'origin charset' here, 382 // As far as I can tell, IE does not support it. However, I've seen 383 // web servers emit %-escaped string in a legacy encoding (usually 384 // origin charset). 385 // TODO(jungshik) : Test IE further and consider adding a fallback here. 386 } 387 return false; 388 } 389 390 bool DecodeParamValue(const std::string& input, 391 const std::string& referrer_charset, 392 std::string* output) { 393 std::string tmp; 394 // Tokenize with whitespace characters. 395 StringTokenizer t(input, " \t\n\r"); 396 t.set_options(StringTokenizer::RETURN_DELIMS); 397 bool is_previous_token_rfc2047 = true; 398 while (t.GetNext()) { 399 if (t.token_is_delim()) { 400 // If the previous non-delimeter token is not RFC2047-encoded, 401 // put in a space in its place. Otheriwse, skip over it. 402 if (!is_previous_token_rfc2047) { 403 tmp.push_back(' '); 404 } 405 continue; 406 } 407 // We don't support a single multibyte character split into 408 // adjacent encoded words. Some broken mail clients emit headers 409 // with that problem, but most web servers usually encode a filename 410 // in a single encoded-word. Firefox/Thunderbird do not support 411 // it, either. 412 std::string decoded; 413 if (!DecodeWord(t.token(), referrer_charset, &is_previous_token_rfc2047, 414 &decoded)) 415 return false; 416 tmp.append(decoded); 417 } 418 output->swap(tmp); 419 return true; 420 } 421 422 // TODO(mpcomplete): This is a quick and dirty implementation for now. I'm 423 // sure this doesn't properly handle all (most?) cases. 424 template<typename STR> 425 STR GetHeaderParamValueT(const STR& header, const STR& param_name, 426 QuoteRule::Type quote_rule) { 427 // This assumes args are formatted exactly like "bla; arg1=value; arg2=value". 428 typename STR::const_iterator param_begin = 429 search(header.begin(), header.end(), param_name.begin(), param_name.end(), 430 base::CaseInsensitiveCompareASCII<typename STR::value_type>()); 431 432 if (param_begin == header.end()) 433 return STR(); 434 param_begin += param_name.length(); 435 436 STR whitespace; 437 whitespace.push_back(' '); 438 whitespace.push_back('\t'); 439 const typename STR::size_type equals_offset = 440 header.find_first_not_of(whitespace, param_begin - header.begin()); 441 if (equals_offset == STR::npos || header.at(equals_offset) != '=') 442 return STR(); 443 444 param_begin = header.begin() + equals_offset + 1; 445 if (param_begin == header.end()) 446 return STR(); 447 448 typename STR::const_iterator param_end; 449 if (*param_begin == '"' && quote_rule == QuoteRule::REMOVE_OUTER_QUOTES) { 450 ++param_begin; // skip past the quote. 451 param_end = find(param_begin, header.end(), '"'); 452 // If the closing quote is missing, we will treat the rest of the 453 // string as the parameter. We can't set |param_end| to the 454 // location of the separator (';'), since the separator is 455 // technically quoted. See: http://crbug.com/58840 456 } else { 457 param_end = find(param_begin+1, header.end(), ';'); 458 } 459 460 return STR(param_begin, param_end); 461 } 462 463 // Does some simple normalization of scripts so we can allow certain scripts 464 // to exist together. 465 // TODO(brettw) bug 880223: we should allow some other languages to be 466 // oombined such as Chinese and Latin. We will probably need a more 467 // complicated system of language pairs to have more fine-grained control. 468 UScriptCode NormalizeScript(UScriptCode code) { 469 switch (code) { 470 case USCRIPT_KATAKANA: 471 case USCRIPT_HIRAGANA: 472 case USCRIPT_KATAKANA_OR_HIRAGANA: 473 case USCRIPT_HANGUL: // This one is arguable. 474 return USCRIPT_HAN; 475 default: 476 return code; 477 } 478 } 479 480 bool IsIDNComponentInSingleScript(const char16* str, int str_len) { 481 UScriptCode first_script = USCRIPT_INVALID_CODE; 482 bool is_first = true; 483 484 int i = 0; 485 while (i < str_len) { 486 unsigned code_point; 487 U16_NEXT(str, i, str_len, code_point); 488 489 UErrorCode err = U_ZERO_ERROR; 490 UScriptCode cur_script = uscript_getScript(code_point, &err); 491 if (err != U_ZERO_ERROR) 492 return false; // Report mixed on error. 493 cur_script = NormalizeScript(cur_script); 494 495 // TODO(brettw) We may have to check for USCRIPT_INHERENT as well. 496 if (is_first && cur_script != USCRIPT_COMMON) { 497 first_script = cur_script; 498 is_first = false; 499 } else { 500 if (cur_script != USCRIPT_COMMON && cur_script != first_script) 501 return false; 502 } 503 } 504 return true; 505 } 506 507 // Check if the script of a language can be 'safely' mixed with 508 // Latin letters in the ASCII range. 509 bool IsCompatibleWithASCIILetters(const std::string& lang) { 510 // For now, just list Chinese, Japanese and Korean (positive list). 511 // An alternative is negative-listing (languages using Greek and 512 // Cyrillic letters), but it can be more dangerous. 513 return !lang.substr(0, 2).compare("zh") || 514 !lang.substr(0, 2).compare("ja") || 515 !lang.substr(0, 2).compare("ko"); 516 } 517 518 typedef std::map<std::string, icu::UnicodeSet*> LangToExemplarSetMap; 519 520 class LangToExemplarSet { 521 public: 522 static LangToExemplarSet* GetInstance() { 523 return Singleton<LangToExemplarSet>::get(); 524 } 525 526 private: 527 LangToExemplarSetMap map; 528 LangToExemplarSet() { } 529 ~LangToExemplarSet() { 530 STLDeleteContainerPairSecondPointers(map.begin(), map.end()); 531 } 532 533 friend class Singleton<LangToExemplarSet>; 534 friend struct DefaultSingletonTraits<LangToExemplarSet>; 535 friend bool GetExemplarSetForLang(const std::string&, icu::UnicodeSet**); 536 friend void SetExemplarSetForLang(const std::string&, icu::UnicodeSet*); 537 538 DISALLOW_COPY_AND_ASSIGN(LangToExemplarSet); 539 }; 540 541 bool GetExemplarSetForLang(const std::string& lang, 542 icu::UnicodeSet** lang_set) { 543 const LangToExemplarSetMap& map = LangToExemplarSet::GetInstance()->map; 544 LangToExemplarSetMap::const_iterator pos = map.find(lang); 545 if (pos != map.end()) { 546 *lang_set = pos->second; 547 return true; 548 } 549 return false; 550 } 551 552 void SetExemplarSetForLang(const std::string& lang, 553 icu::UnicodeSet* lang_set) { 554 LangToExemplarSetMap& map = LangToExemplarSet::GetInstance()->map; 555 map.insert(std::make_pair(lang, lang_set)); 556 } 557 558 static base::Lock lang_set_lock; 559 560 // Returns true if all the characters in component_characters are used by 561 // the language |lang|. 562 bool IsComponentCoveredByLang(const icu::UnicodeSet& component_characters, 563 const std::string& lang) { 564 static const icu::UnicodeSet kASCIILetters(0x61, 0x7a); // [a-z] 565 icu::UnicodeSet* lang_set; 566 // We're called from both the UI thread and the history thread. 567 { 568 base::AutoLock lock(lang_set_lock); 569 if (!GetExemplarSetForLang(lang, &lang_set)) { 570 UErrorCode status = U_ZERO_ERROR; 571 ULocaleData* uld = ulocdata_open(lang.c_str(), &status); 572 // TODO(jungshik) Turn this check on when the ICU data file is 573 // rebuilt with the minimal subset of locale data for languages 574 // to which Chrome is not localized but which we offer in the list 575 // of languages selectable for Accept-Languages. With the rebuilt ICU 576 // data, ulocdata_open never should fall back to the default locale. 577 // (issue 2078) 578 // DCHECK(U_SUCCESS(status) && status != U_USING_DEFAULT_WARNING); 579 if (U_SUCCESS(status) && status != U_USING_DEFAULT_WARNING) { 580 lang_set = reinterpret_cast<icu::UnicodeSet *>( 581 ulocdata_getExemplarSet(uld, NULL, 0, 582 ULOCDATA_ES_STANDARD, &status)); 583 // If |lang| is compatible with ASCII Latin letters, add them. 584 if (IsCompatibleWithASCIILetters(lang)) 585 lang_set->addAll(kASCIILetters); 586 } else { 587 lang_set = new icu::UnicodeSet(1, 0); 588 } 589 lang_set->freeze(); 590 SetExemplarSetForLang(lang, lang_set); 591 ulocdata_close(uld); 592 } 593 } 594 return !lang_set->isEmpty() && lang_set->containsAll(component_characters); 595 } 596 597 // Returns true if the given Unicode host component is safe to display to the 598 // user. 599 bool IsIDNComponentSafe(const char16* str, 600 int str_len, 601 const std::wstring& languages) { 602 // Most common cases (non-IDN) do not reach here so that we don't 603 // need a fast return path. 604 // TODO(jungshik) : Check if there's any character inappropriate 605 // (although allowed) for domain names. 606 // See http://www.unicode.org/reports/tr39/#IDN_Security_Profiles and 607 // http://www.unicode.org/reports/tr39/data/xidmodifications.txt 608 // For now, we borrow the list from Mozilla and tweaked it slightly. 609 // (e.g. Characters like U+00A0, U+3000, U+3002 are omitted because 610 // they're gonna be canonicalized to U+0020 and full stop before 611 // reaching here.) 612 // The original list is available at 613 // http://kb.mozillazine.org/Network.IDN.blacklist_chars and 614 // at http://mxr.mozilla.org/seamonkey/source/modules/libpref/src/init/all.js#703 615 616 UErrorCode status = U_ZERO_ERROR; 617 #ifdef U_WCHAR_IS_UTF16 618 icu::UnicodeSet dangerous_characters(icu::UnicodeString( 619 L"[[\\ \u00bc\u00bd\u01c3\u0337\u0338" 620 L"\u05c3\u05f4\u06d4\u0702\u115f\u1160][\u2000-\u200b]" 621 L"[\u2024\u2027\u2028\u2029\u2039\u203a\u2044\u205f]" 622 L"[\u2154-\u2156][\u2159-\u215b][\u215f\u2215\u23ae" 623 L"\u29f6\u29f8\u2afb\u2afd][\u2ff0-\u2ffb][\u3014" 624 L"\u3015\u3033\u3164\u321d\u321e\u33ae\u33af\u33c6\u33df\ufe14" 625 L"\ufe15\ufe3f\ufe5d\ufe5e\ufeff\uff0e\uff06\uff61\uffa0\ufff9]" 626 L"[\ufffa-\ufffd]]"), status); 627 DCHECK(U_SUCCESS(status)); 628 icu::RegexMatcher dangerous_patterns(icu::UnicodeString( 629 // Lone katakana no, so, or n 630 L"[^\\p{Katakana}][\u30ce\u30f3\u30bd][^\\p{Katakana}]" 631 // Repeating Japanese accent characters 632 L"|[\u3099\u309a\u309b\u309c][\u3099\u309a\u309b\u309c]"), 633 0, status); 634 #else 635 icu::UnicodeSet dangerous_characters(icu::UnicodeString( 636 "[[\\u0020\\u00bc\\u00bd\\u01c3\\u0337\\u0338" 637 "\\u05c3\\u05f4\\u06d4\\u0702\\u115f\\u1160][\\u2000-\\u200b]" 638 "[\\u2024\\u2027\\u2028\\u2029\\u2039\\u203a\\u2044\\u205f]" 639 "[\\u2154-\\u2156][\\u2159-\\u215b][\\u215f\\u2215\\u23ae" 640 "\\u29f6\\u29f8\\u2afb\\u2afd][\\u2ff0-\\u2ffb][\\u3014" 641 "\\u3015\\u3033\\u3164\\u321d\\u321e\\u33ae\\u33af\\u33c6\\u33df\\ufe14" 642 "\\ufe15\\ufe3f\\ufe5d\\ufe5e\\ufeff\\uff0e\\uff06\\uff61\\uffa0\\ufff9]" 643 "[\\ufffa-\\ufffd]]", -1, US_INV), status); 644 DCHECK(U_SUCCESS(status)); 645 icu::RegexMatcher dangerous_patterns(icu::UnicodeString( 646 // Lone katakana no, so, or n 647 "[^\\p{Katakana}][\\u30ce\\u30f3\u30bd][^\\p{Katakana}]" 648 // Repeating Japanese accent characters 649 "|[\\u3099\\u309a\\u309b\\u309c][\\u3099\\u309a\\u309b\\u309c]"), 650 0, status); 651 #endif 652 DCHECK(U_SUCCESS(status)); 653 icu::UnicodeSet component_characters; 654 icu::UnicodeString component_string(str, str_len); 655 component_characters.addAll(component_string); 656 if (dangerous_characters.containsSome(component_characters)) 657 return false; 658 659 DCHECK(U_SUCCESS(status)); 660 dangerous_patterns.reset(component_string); 661 if (dangerous_patterns.find()) 662 return false; 663 664 // If the language list is empty, the result is completely determined 665 // by whether a component is a single script or not. This will block 666 // even "safe" script mixing cases like <Chinese, Latin-ASCII> that are 667 // allowed with |languages| (while it blocks Chinese + Latin letters with 668 // an accent as should be the case), but we want to err on the safe side 669 // when |languages| is empty. 670 if (languages.empty()) 671 return IsIDNComponentInSingleScript(str, str_len); 672 673 // |common_characters| is made up of ASCII numbers, hyphen, plus and 674 // underscore that are used across scripts and allowed in domain names. 675 // (sync'd with characters allowed in url_canon_host with square 676 // brackets excluded.) See kHostCharLookup[] array in url_canon_host.cc. 677 icu::UnicodeSet common_characters(UNICODE_STRING_SIMPLE("[[0-9]\\-_+\\ ]"), 678 status); 679 DCHECK(U_SUCCESS(status)); 680 // Subtract common characters because they're always allowed so that 681 // we just have to check if a language-specific set contains 682 // the remainder. 683 component_characters.removeAll(common_characters); 684 685 std::string languages_list(WideToASCII(languages)); 686 StringTokenizer t(languages_list, ","); 687 while (t.GetNext()) { 688 if (IsComponentCoveredByLang(component_characters, t.token())) 689 return true; 690 } 691 return false; 692 } 693 694 // Converts one component of a host (between dots) to IDN if safe. The result 695 // will be APPENDED to the given output string and will be the same as the input 696 // if it is not IDN or the IDN is unsafe to display. Returns whether any 697 // conversion was performed. 698 bool IDNToUnicodeOneComponent(const char16* comp, 699 size_t comp_len, 700 const std::wstring& languages, 701 string16* out) { 702 DCHECK(out); 703 if (comp_len == 0) 704 return false; 705 706 // Only transform if the input can be an IDN component. 707 static const char16 kIdnPrefix[] = {'x', 'n', '-', '-'}; 708 if ((comp_len > arraysize(kIdnPrefix)) && 709 !memcmp(comp, kIdnPrefix, arraysize(kIdnPrefix) * sizeof(char16))) { 710 // Repeatedly expand the output string until it's big enough. It looks like 711 // ICU will return the required size of the buffer, but that's not 712 // documented, so we'll just grow by 2x. This should be rare and is not on a 713 // critical path. 714 size_t original_length = out->length(); 715 for (int extra_space = 64; ; extra_space *= 2) { 716 UErrorCode status = U_ZERO_ERROR; 717 out->resize(out->length() + extra_space); 718 int output_chars = uidna_IDNToUnicode(comp, 719 static_cast<int32_t>(comp_len), &(*out)[original_length], extra_space, 720 UIDNA_DEFAULT, NULL, &status); 721 if (status == U_ZERO_ERROR) { 722 // Converted successfully. 723 out->resize(original_length + output_chars); 724 if (IsIDNComponentSafe(out->data() + original_length, output_chars, 725 languages)) 726 return true; 727 } 728 729 if (status != U_BUFFER_OVERFLOW_ERROR) 730 break; 731 } 732 // Failed, revert back to original string. 733 out->resize(original_length); 734 } 735 736 // We get here with no IDN or on error, in which case we just append the 737 // literal input. 738 out->append(comp, comp_len); 739 return false; 740 } 741 742 struct SubtractFromOffset { 743 explicit SubtractFromOffset(size_t amount) 744 : amount(amount) {} 745 void operator()(size_t& offset) { 746 if (offset != std::wstring::npos) { 747 if (offset >= amount) 748 offset -= amount; 749 else 750 offset = std::wstring::npos; 751 } 752 } 753 754 size_t amount; 755 }; 756 757 struct AddToOffset { 758 explicit AddToOffset(size_t amount) 759 : amount(amount) {} 760 void operator()(size_t& offset) { 761 if (offset != std::wstring::npos) 762 offset += amount; 763 } 764 765 size_t amount; 766 }; 767 768 std::vector<size_t> OffsetsIntoSection( 769 std::vector<size_t>* offsets_for_adjustment, 770 size_t section_begin) { 771 std::vector<size_t> offsets_into_section; 772 if (offsets_for_adjustment) { 773 std::transform(offsets_for_adjustment->begin(), 774 offsets_for_adjustment->end(), 775 std::back_inserter(offsets_into_section), 776 ClampComponentOffset(section_begin)); 777 std::for_each(offsets_into_section.begin(), offsets_into_section.end(), 778 SubtractFromOffset(section_begin)); 779 } 780 return offsets_into_section; 781 } 782 783 void ApplySectionAdjustments(const std::vector<size_t>& offsets_into_section, 784 std::vector<size_t>* offsets_for_adjustment, 785 size_t old_section_len, 786 size_t new_section_len, 787 size_t section_begin) { 788 if (offsets_for_adjustment) { 789 DCHECK_EQ(offsets_for_adjustment->size(), offsets_into_section.size()); 790 std::vector<size_t>::const_iterator host_offsets_iter = 791 offsets_into_section.begin(); 792 for (std::vector<size_t>::iterator offsets_iter = 793 offsets_for_adjustment->begin(); 794 offsets_iter != offsets_for_adjustment->end(); 795 ++offsets_iter, ++host_offsets_iter) { 796 size_t offset = *offsets_iter; 797 if (offset == std::wstring::npos || offset < section_begin) { 798 // The offset is before the host section so leave it as is. 799 continue; 800 } 801 if (offset >= section_begin + old_section_len) { 802 // The offset is after the host section so adjust by host length delta. 803 offset += new_section_len - old_section_len; 804 } else if (*host_offsets_iter != std::wstring::npos) { 805 // The offset is within the host and valid so adjust by the host 806 // reformatting offsets results. 807 offset = section_begin + *host_offsets_iter; 808 } else { 809 // The offset is invalid. 810 offset = std::wstring::npos; 811 } 812 *offsets_iter = offset; 813 } 814 } 815 } 816 817 // If |component| is valid, its begin is incremented by |delta|. 818 void AdjustComponent(int delta, url_parse::Component* component) { 819 if (!component->is_valid()) 820 return; 821 822 DCHECK(delta >= 0 || component->begin >= -delta); 823 component->begin += delta; 824 } 825 826 // Adjusts all the components of |parsed| by |delta|, except for the scheme. 827 void AdjustComponents(int delta, url_parse::Parsed* parsed) { 828 AdjustComponent(delta, &(parsed->username)); 829 AdjustComponent(delta, &(parsed->password)); 830 AdjustComponent(delta, &(parsed->host)); 831 AdjustComponent(delta, &(parsed->port)); 832 AdjustComponent(delta, &(parsed->path)); 833 AdjustComponent(delta, &(parsed->query)); 834 AdjustComponent(delta, &(parsed->ref)); 835 } 836 837 std::wstring FormatUrlInternal(const GURL& url, 838 const std::wstring& languages, 839 FormatUrlTypes format_types, 840 UnescapeRule::Type unescape_rules, 841 url_parse::Parsed* new_parsed, 842 size_t* prefix_end, 843 std::vector<size_t>* offsets_for_adjustment); 844 845 // Helper for FormatUrl()/FormatUrlInternal(). 846 std::wstring FormatViewSourceUrl(const GURL& url, 847 const std::wstring& languages, 848 FormatUrlTypes format_types, 849 UnescapeRule::Type unescape_rules, 850 url_parse::Parsed* new_parsed, 851 size_t* prefix_end, 852 std::vector<size_t>* offsets_for_adjustment) { 853 DCHECK(new_parsed); 854 DCHECK(offsets_for_adjustment); 855 const wchar_t* const kWideViewSource = L"view-source:"; 856 const size_t kViewSourceLengthPlus1 = 12; 857 std::vector<size_t> saved_offsets(*offsets_for_adjustment); 858 859 GURL real_url(url.possibly_invalid_spec().substr(kViewSourceLengthPlus1)); 860 // Clamp the offsets to the source area. 861 std::for_each(offsets_for_adjustment->begin(), 862 offsets_for_adjustment->end(), 863 SubtractFromOffset(kViewSourceLengthPlus1)); 864 std::wstring result = FormatUrlInternal(real_url, languages, format_types, 865 unescape_rules, new_parsed, prefix_end, offsets_for_adjustment); 866 result.insert(0, kWideViewSource); 867 868 // Adjust position values. 869 if (new_parsed->scheme.is_nonempty()) { 870 // Assume "view-source:real-scheme" as a scheme. 871 new_parsed->scheme.len += kViewSourceLengthPlus1; 872 } else { 873 new_parsed->scheme.begin = 0; 874 new_parsed->scheme.len = kViewSourceLengthPlus1 - 1; 875 } 876 AdjustComponents(kViewSourceLengthPlus1, new_parsed); 877 if (prefix_end) 878 *prefix_end += kViewSourceLengthPlus1; 879 std::for_each(offsets_for_adjustment->begin(), 880 offsets_for_adjustment->end(), 881 AddToOffset(kViewSourceLengthPlus1)); 882 // Restore all offsets which were not affected by FormatUrlInternal. 883 DCHECK_EQ(saved_offsets.size(), offsets_for_adjustment->size()); 884 for (size_t i = 0; i < saved_offsets.size(); ++i) { 885 if (saved_offsets[i] < kViewSourceLengthPlus1) 886 (*offsets_for_adjustment)[i] = saved_offsets[i]; 887 } 888 return result; 889 } 890 891 // Appends the substring |in_component| inside of the URL |spec| to |output|, 892 // and the resulting range will be filled into |out_component|. |unescape_rules| 893 // defines how to clean the URL for human readability. |offsets_for_adjustment| 894 // is an array of offsets into |output| each of which will be adjusted based on 895 // how it maps to the component being converted; if it is less than 896 // output->length(), it will be untouched, and if it is greater than 897 // output->length() + in_component.len it will be adjusted by the difference in 898 // lengths between the input and output components. Otherwise it points into 899 // the component being converted, and is adjusted to point to the same logical 900 // place in |output|. |offsets_for_adjustment| may not be NULL. 901 void AppendFormattedComponent(const std::string& spec, 902 const url_parse::Component& in_component, 903 UnescapeRule::Type unescape_rules, 904 std::wstring* output, 905 url_parse::Component* out_component, 906 std::vector<size_t>* offsets_for_adjustment) { 907 DCHECK(output); 908 DCHECK(offsets_for_adjustment); 909 if (in_component.is_nonempty()) { 910 size_t component_begin = output->length(); 911 out_component->begin = static_cast<int>(component_begin); 912 913 // Compose a list of offsets within the component area. 914 std::vector<size_t> offsets_into_component = 915 OffsetsIntoSection(offsets_for_adjustment, component_begin); 916 917 if (unescape_rules == UnescapeRule::NONE) { 918 output->append(UTF8ToWideAndAdjustOffsets( 919 spec.substr(in_component.begin, in_component.len), 920 &offsets_into_component)); 921 } else { 922 output->append(UTF16ToWideHack( 923 UnescapeAndDecodeUTF8URLComponentWithOffsets( 924 spec.substr(in_component.begin, in_component.len), unescape_rules, 925 &offsets_into_component))); 926 } 927 size_t new_component_len = output->length() - component_begin; 928 out_component->len = static_cast<int>(new_component_len); 929 930 // Apply offset adjustments. 931 size_t old_component_len = static_cast<size_t>(in_component.len); 932 ApplySectionAdjustments(offsets_into_component, offsets_for_adjustment, 933 old_component_len, new_component_len, component_begin); 934 } else { 935 out_component->reset(); 936 } 937 } 938 939 // TODO(viettrungluu): This is really the old-fashioned version, made internal. 940 // I need to really convert |FormatUrl()|. 941 std::wstring FormatUrlInternal(const GURL& url, 942 const std::wstring& languages, 943 FormatUrlTypes format_types, 944 UnescapeRule::Type unescape_rules, 945 url_parse::Parsed* new_parsed, 946 size_t* prefix_end, 947 std::vector<size_t>* offsets_for_adjustment) { 948 url_parse::Parsed parsed_temp; 949 if (!new_parsed) 950 new_parsed = &parsed_temp; 951 else 952 *new_parsed = url_parse::Parsed(); 953 954 std::vector<size_t> offsets_temp; 955 if (!offsets_for_adjustment) 956 offsets_for_adjustment = &offsets_temp; 957 958 std::wstring url_string; 959 960 // Check for empty URLs or 0 available text width. 961 if (url.is_empty()) { 962 if (prefix_end) 963 *prefix_end = 0; 964 std::for_each(offsets_for_adjustment->begin(), 965 offsets_for_adjustment->end(), 966 LimitOffset<std::wstring>(0)); 967 return url_string; 968 } 969 970 // Special handling for view-source:. Don't use chrome::kViewSourceScheme 971 // because this library shouldn't depend on chrome. 972 const char* const kViewSource = "view-source"; 973 // Reject "view-source:view-source:..." to avoid deep recursion. 974 const char* const kViewSourceTwice = "view-source:view-source:"; 975 if (url.SchemeIs(kViewSource) && 976 !StartsWithASCII(url.possibly_invalid_spec(), kViewSourceTwice, false)) { 977 return FormatViewSourceUrl(url, languages, format_types, 978 unescape_rules, new_parsed, prefix_end, offsets_for_adjustment); 979 } 980 981 // We handle both valid and invalid URLs (this will give us the spec 982 // regardless of validity). 983 const std::string& spec = url.possibly_invalid_spec(); 984 const url_parse::Parsed& parsed = url.parsed_for_possibly_invalid_spec(); 985 size_t spec_length = spec.length(); 986 std::for_each(offsets_for_adjustment->begin(), 987 offsets_for_adjustment->end(), 988 LimitOffset<std::wstring>(spec_length)); 989 990 // Copy everything before the username (the scheme and the separators.) 991 // These are ASCII. 992 url_string.insert(url_string.end(), spec.begin(), 993 spec.begin() + parsed.CountCharactersBefore(url_parse::Parsed::USERNAME, 994 true)); 995 996 const wchar_t kHTTP[] = L"http://"; 997 const char kFTP[] = "ftp."; 998 // URLFixerUpper::FixupURL() treats "ftp.foo.com" as ftp://ftp.foo.com. This 999 // means that if we trim "http://" off a URL whose host starts with "ftp." and 1000 // the user inputs this into any field subject to fixup (which is basically 1001 // all input fields), the meaning would be changed. (In fact, often the 1002 // formatted URL is directly pre-filled into an input field.) For this reason 1003 // we avoid stripping "http://" in this case. 1004 bool omit_http = 1005 (format_types & kFormatUrlOmitHTTP) && (url_string == kHTTP) && 1006 (url.host().compare(0, arraysize(kFTP) - 1, kFTP) != 0); 1007 1008 new_parsed->scheme = parsed.scheme; 1009 1010 if ((format_types & kFormatUrlOmitUsernamePassword) != 0) { 1011 // Remove the username and password fields. We don't want to display those 1012 // to the user since they can be used for attacks, 1013 // e.g. "http://google.com:search@evil.ru/" 1014 new_parsed->username.reset(); 1015 new_parsed->password.reset(); 1016 // Update the offsets based on removed username and/or password. 1017 if (!offsets_for_adjustment->empty() && 1018 (parsed.username.is_nonempty() || parsed.password.is_nonempty())) { 1019 AdjustOffset::Adjustments adjustments; 1020 if (parsed.username.is_nonempty() && parsed.password.is_nonempty()) { 1021 // The seeming off-by-one and off-by-two in these first two lines are to 1022 // account for the ':' after the username and '@' after the password. 1023 adjustments.push_back(AdjustOffset::Adjustment( 1024 static_cast<size_t>(parsed.username.begin), 1025 static_cast<size_t>(parsed.username.len + parsed.password.len + 1026 2), 0)); 1027 } else { 1028 const url_parse::Component* nonempty_component = 1029 parsed.username.is_nonempty() ? &parsed.username : &parsed.password; 1030 // The seeming off-by-one in below is to account for the '@' after the 1031 // username/password. 1032 adjustments.push_back(AdjustOffset::Adjustment( 1033 static_cast<size_t>(nonempty_component->begin), 1034 static_cast<size_t>(nonempty_component->len + 1), 0)); 1035 } 1036 1037 // Make offset adjustment. 1038 std::for_each(offsets_for_adjustment->begin(), 1039 offsets_for_adjustment->end(), 1040 AdjustOffset(adjustments)); 1041 } 1042 } else { 1043 AppendFormattedComponent(spec, parsed.username, unescape_rules, &url_string, 1044 &new_parsed->username, offsets_for_adjustment); 1045 if (parsed.password.is_valid()) 1046 url_string.push_back(':'); 1047 AppendFormattedComponent(spec, parsed.password, unescape_rules, &url_string, 1048 &new_parsed->password, offsets_for_adjustment); 1049 if (parsed.username.is_valid() || parsed.password.is_valid()) 1050 url_string.push_back('@'); 1051 } 1052 if (prefix_end) 1053 *prefix_end = static_cast<size_t>(url_string.length()); 1054 1055 AppendFormattedHostWithOffsets(url, languages, &url_string, new_parsed, 1056 offsets_for_adjustment); 1057 1058 // Port. 1059 if (parsed.port.is_nonempty()) { 1060 url_string.push_back(':'); 1061 new_parsed->port.begin = url_string.length(); 1062 url_string.insert(url_string.end(), 1063 spec.begin() + parsed.port.begin, 1064 spec.begin() + parsed.port.end()); 1065 new_parsed->port.len = url_string.length() - new_parsed->port.begin; 1066 } else { 1067 new_parsed->port.reset(); 1068 } 1069 1070 // Path and query both get the same general unescape & convert treatment. 1071 if (!(format_types & kFormatUrlOmitTrailingSlashOnBareHostname) || 1072 !CanStripTrailingSlash(url)) { 1073 AppendFormattedComponent(spec, parsed.path, unescape_rules, &url_string, 1074 &new_parsed->path, offsets_for_adjustment); 1075 } 1076 if (parsed.query.is_valid()) 1077 url_string.push_back('?'); 1078 AppendFormattedComponent(spec, parsed.query, unescape_rules, &url_string, 1079 &new_parsed->query, offsets_for_adjustment); 1080 1081 // Reference is stored in valid, unescaped UTF-8, so we can just convert. 1082 if (parsed.ref.is_valid()) { 1083 url_string.push_back('#'); 1084 size_t ref_begin = url_string.length(); 1085 new_parsed->ref.begin = static_cast<int>(ref_begin); 1086 1087 // Compose a list of offsets within the section. 1088 std::vector<size_t> offsets_into_ref = 1089 OffsetsIntoSection(offsets_for_adjustment, ref_begin); 1090 1091 if (parsed.ref.len > 0) { 1092 url_string.append(UTF8ToWideAndAdjustOffsets(spec.substr(parsed.ref.begin, 1093 parsed.ref.len), 1094 &offsets_into_ref)); 1095 } 1096 size_t old_ref_len = static_cast<size_t>(parsed.ref.len); 1097 size_t new_ref_len = url_string.length() - new_parsed->ref.begin; 1098 new_parsed->ref.len = static_cast<int>(new_ref_len); 1099 1100 // Apply offset adjustments. 1101 ApplySectionAdjustments(offsets_into_ref, offsets_for_adjustment, 1102 old_ref_len, new_ref_len, ref_begin); 1103 } 1104 1105 // If we need to strip out http do it after the fact. This way we don't need 1106 // to worry about how offset_for_adjustment is interpreted. 1107 const size_t kHTTPSize = arraysize(kHTTP) - 1; 1108 if (omit_http && !url_string.compare(0, kHTTPSize, kHTTP)) { 1109 url_string = url_string.substr(kHTTPSize); 1110 AdjustOffset::Adjustments adjustments; 1111 adjustments.push_back(AdjustOffset::Adjustment(0, kHTTPSize, 0)); 1112 std::for_each(offsets_for_adjustment->begin(), 1113 offsets_for_adjustment->end(), 1114 AdjustOffset(adjustments)); 1115 if (prefix_end) 1116 *prefix_end -= kHTTPSize; 1117 1118 // Adjust new_parsed. 1119 DCHECK(new_parsed->scheme.is_valid()); 1120 int delta = -(new_parsed->scheme.len + 3); // +3 for ://. 1121 new_parsed->scheme.reset(); 1122 AdjustComponents(delta, new_parsed); 1123 } 1124 1125 return url_string; 1126 } 1127 1128 char* do_strdup(const char* src) { 1129 #if defined(OS_WIN) 1130 return _strdup(src); 1131 #else 1132 return strdup(src); 1133 #endif 1134 } 1135 1136 } // namespace 1137 1138 const FormatUrlType kFormatUrlOmitNothing = 0; 1139 const FormatUrlType kFormatUrlOmitUsernamePassword = 1 << 0; 1140 const FormatUrlType kFormatUrlOmitHTTP = 1 << 1; 1141 const FormatUrlType kFormatUrlOmitTrailingSlashOnBareHostname = 1 << 2; 1142 const FormatUrlType kFormatUrlOmitAll = kFormatUrlOmitUsernamePassword | 1143 kFormatUrlOmitHTTP | kFormatUrlOmitTrailingSlashOnBareHostname; 1144 1145 // TODO(viettrungluu): We don't want non-POD globals; change this. 1146 std::multiset<int> explicitly_allowed_ports; 1147 1148 GURL FilePathToFileURL(const FilePath& path) { 1149 // Produce a URL like "file:///C:/foo" for a regular file, or 1150 // "file://///server/path" for UNC. The URL canonicalizer will fix up the 1151 // latter case to be the canonical UNC form: "file://server/path" 1152 FilePath::StringType url_string(kFileURLPrefix); 1153 url_string.append(path.value()); 1154 1155 // Now do replacement of some characters. Since we assume the input is a 1156 // literal filename, anything the URL parser might consider special should 1157 // be escaped here. 1158 1159 // must be the first substitution since others will introduce percents as the 1160 // escape character 1161 ReplaceSubstringsAfterOffset(&url_string, 0, 1162 FILE_PATH_LITERAL("%"), FILE_PATH_LITERAL("%25")); 1163 1164 // semicolon is supposed to be some kind of separator according to RFC 2396 1165 ReplaceSubstringsAfterOffset(&url_string, 0, 1166 FILE_PATH_LITERAL(";"), FILE_PATH_LITERAL("%3B")); 1167 1168 ReplaceSubstringsAfterOffset(&url_string, 0, 1169 FILE_PATH_LITERAL("#"), FILE_PATH_LITERAL("%23")); 1170 1171 #if defined(OS_POSIX) 1172 ReplaceSubstringsAfterOffset(&url_string, 0, 1173 FILE_PATH_LITERAL("\\"), FILE_PATH_LITERAL("%5C")); 1174 #endif 1175 1176 return GURL(url_string); 1177 } 1178 1179 std::wstring GetSpecificHeader(const std::wstring& headers, 1180 const std::wstring& name) { 1181 return GetSpecificHeaderT(headers, name); 1182 } 1183 1184 std::string GetSpecificHeader(const std::string& headers, 1185 const std::string& name) { 1186 return GetSpecificHeaderT(headers, name); 1187 } 1188 1189 bool DecodeCharset(const std::string& input, 1190 std::string* decoded_charset, 1191 std::string* value) { 1192 StringTokenizer t(input, "'"); 1193 t.set_options(StringTokenizer::RETURN_DELIMS); 1194 std::string temp_charset; 1195 std::string temp_value; 1196 int numDelimsSeen = 0; 1197 while (t.GetNext()) { 1198 if (t.token_is_delim()) { 1199 ++numDelimsSeen; 1200 continue; 1201 } else { 1202 switch (numDelimsSeen) { 1203 case 0: 1204 temp_charset = t.token(); 1205 break; 1206 case 1: 1207 // Language is ignored. 1208 break; 1209 case 2: 1210 temp_value = t.token(); 1211 break; 1212 default: 1213 return false; 1214 } 1215 } 1216 } 1217 if (numDelimsSeen != 2) 1218 return false; 1219 if (temp_charset.empty() || temp_value.empty()) 1220 return false; 1221 decoded_charset->swap(temp_charset); 1222 value->swap(temp_value); 1223 return true; 1224 } 1225 1226 std::string GetFileNameFromCD(const std::string& header, 1227 const std::string& referrer_charset) { 1228 std::string decoded; 1229 std::string param_value = GetHeaderParamValue(header, "filename*", 1230 QuoteRule::KEEP_OUTER_QUOTES); 1231 if (!param_value.empty()) { 1232 if (param_value.find('"') == std::string::npos) { 1233 std::string charset; 1234 std::string value; 1235 if (DecodeCharset(param_value, &charset, &value)) { 1236 // RFC 5987 value should be ASCII-only. 1237 if (!IsStringASCII(value)) 1238 return std::string(); 1239 std::string tmp = UnescapeURLComponent( 1240 value, 1241 UnescapeRule::SPACES | UnescapeRule::URL_SPECIAL_CHARS); 1242 if (base::ConvertToUtf8AndNormalize(tmp, charset, &decoded)) 1243 return decoded; 1244 } 1245 } 1246 } 1247 param_value = GetHeaderParamValue(header, "filename", 1248 QuoteRule::REMOVE_OUTER_QUOTES); 1249 if (param_value.empty()) { 1250 // Some servers use 'name' parameter. 1251 param_value = GetHeaderParamValue(header, "name", 1252 QuoteRule::REMOVE_OUTER_QUOTES); 1253 } 1254 if (param_value.empty()) 1255 return std::string(); 1256 if (DecodeParamValue(param_value, referrer_charset, &decoded)) 1257 return decoded; 1258 return std::string(); 1259 } 1260 1261 std::wstring GetHeaderParamValue(const std::wstring& field, 1262 const std::wstring& param_name, 1263 QuoteRule::Type quote_rule) { 1264 return GetHeaderParamValueT(field, param_name, quote_rule); 1265 } 1266 1267 std::string GetHeaderParamValue(const std::string& field, 1268 const std::string& param_name, 1269 QuoteRule::Type quote_rule) { 1270 return GetHeaderParamValueT(field, param_name, quote_rule); 1271 } 1272 1273 // TODO(brettw) bug 734373: check the scripts for each host component and 1274 // don't un-IDN-ize if there is more than one. Alternatively, only IDN for 1275 // scripts that the user has installed. For now, just put the entire 1276 // path through IDN. Maybe this feature can be implemented in ICU itself? 1277 // 1278 // We may want to skip this step in the case of file URLs to allow unicode 1279 // UNC hostnames regardless of encodings. 1280 std::wstring IDNToUnicodeWithOffsets( 1281 const char* host, 1282 size_t host_len, 1283 const std::wstring& languages, 1284 std::vector<size_t>* offsets_for_adjustment) { 1285 // Convert the ASCII input to a wide string for ICU. 1286 string16 input16; 1287 input16.reserve(host_len); 1288 input16.insert(input16.end(), host, host + host_len); 1289 1290 // Do each component of the host separately, since we enforce script matching 1291 // on a per-component basis. 1292 AdjustOffset::Adjustments adjustments; 1293 string16 out16; 1294 for (size_t component_start = 0, component_end; 1295 component_start < input16.length(); 1296 component_start = component_end + 1) { 1297 // Find the end of the component. 1298 component_end = input16.find('.', component_start); 1299 if (component_end == string16::npos) 1300 component_end = input16.length(); // For getting the last component. 1301 size_t component_length = component_end - component_start; 1302 size_t new_component_start = out16.length(); 1303 bool converted_idn = false; 1304 if (component_end > component_start) { 1305 // Add the substring that we just found. 1306 converted_idn = IDNToUnicodeOneComponent(input16.data() + component_start, 1307 component_length, languages, &out16); 1308 } 1309 size_t new_component_length = out16.length() - new_component_start; 1310 1311 if (converted_idn && offsets_for_adjustment) { 1312 adjustments.push_back(AdjustOffset::Adjustment( 1313 component_start, component_length, new_component_length)); 1314 } 1315 1316 // Need to add the dot we just found (if we found one). 1317 if (component_end < input16.length()) 1318 out16.push_back('.'); 1319 } 1320 1321 // Make offset adjustment. 1322 if (offsets_for_adjustment && !adjustments.empty()) { 1323 std::for_each(offsets_for_adjustment->begin(), 1324 offsets_for_adjustment->end(), 1325 AdjustOffset(adjustments)); 1326 } 1327 1328 return UTF16ToWideAndAdjustOffsets(out16, offsets_for_adjustment); 1329 } 1330 1331 std::wstring IDNToUnicode(const char* host, 1332 size_t host_len, 1333 const std::wstring& languages, 1334 size_t* offset_for_adjustment) { 1335 std::vector<size_t> offsets; 1336 if (offset_for_adjustment) 1337 offsets.push_back(*offset_for_adjustment); 1338 std::wstring result = 1339 IDNToUnicodeWithOffsets(host, host_len, languages, &offsets); 1340 if (offset_for_adjustment) 1341 *offset_for_adjustment = offsets[0]; 1342 return result; 1343 } 1344 1345 std::string CanonicalizeHost(const std::string& host, 1346 url_canon::CanonHostInfo* host_info) { 1347 // Try to canonicalize the host. 1348 const url_parse::Component raw_host_component( 1349 0, static_cast<int>(host.length())); 1350 std::string canon_host; 1351 url_canon::StdStringCanonOutput canon_host_output(&canon_host); 1352 url_canon::CanonicalizeHostVerbose(host.c_str(), raw_host_component, 1353 &canon_host_output, host_info); 1354 1355 if (host_info->out_host.is_nonempty() && 1356 host_info->family != url_canon::CanonHostInfo::BROKEN) { 1357 // Success! Assert that there's no extra garbage. 1358 canon_host_output.Complete(); 1359 DCHECK_EQ(host_info->out_host.len, static_cast<int>(canon_host.length())); 1360 } else { 1361 // Empty host, or canonicalization failed. We'll return empty. 1362 canon_host.clear(); 1363 } 1364 1365 return canon_host; 1366 } 1367 1368 std::string CanonicalizeHost(const std::wstring& host, 1369 url_canon::CanonHostInfo* host_info) { 1370 std::string converted_host; 1371 WideToUTF8(host.c_str(), host.length(), &converted_host); 1372 return CanonicalizeHost(converted_host, host_info); 1373 } 1374 1375 std::string GetDirectoryListingHeader(const string16& title) { 1376 static const base::StringPiece header( 1377 NetModule::GetResource(IDR_DIR_HEADER_HTML)); 1378 // This can be null in unit tests. 1379 DLOG_IF(WARNING, header.empty()) << 1380 "Missing resource: directory listing header"; 1381 1382 std::string result; 1383 if (!header.empty()) 1384 result.assign(header.data(), header.size()); 1385 1386 result.append("<script>start("); 1387 base::JsonDoubleQuote(title, true, &result); 1388 result.append(");</script>\n"); 1389 1390 return result; 1391 } 1392 1393 inline bool IsHostCharAlpha(char c) { 1394 // We can just check lowercase because uppercase characters have already been 1395 // normalized. 1396 return (c >= 'a') && (c <= 'z'); 1397 } 1398 1399 inline bool IsHostCharDigit(char c) { 1400 return (c >= '0') && (c <= '9'); 1401 } 1402 1403 bool IsCanonicalizedHostCompliant(const std::string& host, 1404 const std::string& desired_tld) { 1405 if (host.empty()) 1406 return false; 1407 1408 bool in_component = false; 1409 bool most_recent_component_started_alpha = false; 1410 bool last_char_was_hyphen_or_underscore = false; 1411 1412 for (std::string::const_iterator i(host.begin()); i != host.end(); ++i) { 1413 const char c = *i; 1414 if (!in_component) { 1415 most_recent_component_started_alpha = IsHostCharAlpha(c); 1416 if (!most_recent_component_started_alpha && !IsHostCharDigit(c)) 1417 return false; 1418 in_component = true; 1419 } else { 1420 if (c == '.') { 1421 if (last_char_was_hyphen_or_underscore) 1422 return false; 1423 in_component = false; 1424 } else if (IsHostCharAlpha(c) || IsHostCharDigit(c)) { 1425 last_char_was_hyphen_or_underscore = false; 1426 } else if ((c == '-') || (c == '_')) { 1427 last_char_was_hyphen_or_underscore = true; 1428 } else { 1429 return false; 1430 } 1431 } 1432 } 1433 1434 return most_recent_component_started_alpha || 1435 (!desired_tld.empty() && IsHostCharAlpha(desired_tld[0])); 1436 } 1437 1438 std::string GetDirectoryListingEntry(const string16& name, 1439 const std::string& raw_bytes, 1440 bool is_dir, 1441 int64 size, 1442 Time modified) { 1443 std::string result; 1444 result.append("<script>addRow("); 1445 base::JsonDoubleQuote(name, true, &result); 1446 result.append(","); 1447 if (raw_bytes.empty()) { 1448 base::JsonDoubleQuote(EscapePath(UTF16ToUTF8(name)), 1449 true, &result); 1450 } else { 1451 base::JsonDoubleQuote(EscapePath(raw_bytes), true, &result); 1452 } 1453 if (is_dir) { 1454 result.append(",1,"); 1455 } else { 1456 result.append(",0,"); 1457 } 1458 1459 base::JsonDoubleQuote( 1460 FormatBytes(size, GetByteDisplayUnits(size), true), 1461 true, 1462 &result); 1463 1464 result.append(","); 1465 1466 string16 modified_str; 1467 // |modified| can be NULL in FTP listings. 1468 if (!modified.is_null()) { 1469 modified_str = base::TimeFormatShortDateAndTime(modified); 1470 } 1471 base::JsonDoubleQuote(modified_str, true, &result); 1472 1473 result.append(");</script>\n"); 1474 1475 return result; 1476 } 1477 1478 string16 StripWWW(const string16& text) { 1479 const string16 www(ASCIIToUTF16("www.")); 1480 return StartsWith(text, www, true) ? text.substr(www.length()) : text; 1481 } 1482 1483 string16 GetSuggestedFilename(const GURL& url, 1484 const std::string& content_disposition, 1485 const std::string& referrer_charset, 1486 const string16& default_name) { 1487 // TODO: this function to be updated to match the httpbis recommendations. 1488 // Talk to abarth for the latest news. 1489 1490 // We don't translate this fallback string, "download". If localization is 1491 // needed, the caller should provide localized fallback default_name. 1492 static const char* kFinalFallbackName = "download"; 1493 1494 // about: and data: URLs don't have file names, but esp. data: URLs may 1495 // contain parts that look like ones (i.e., contain a slash). 1496 // Therefore we don't attempt to divine a file name out of them. 1497 if (url.SchemeIs("about") || url.SchemeIs("data")) { 1498 return default_name.empty() ? ASCIIToUTF16(kFinalFallbackName) 1499 : default_name; 1500 } 1501 1502 std::string filename = GetFileNameFromCD(content_disposition, 1503 referrer_charset); 1504 1505 if (!filename.empty()) { 1506 // Replace any path information the server may have sent, by changing 1507 // path separators with underscores. 1508 ReplaceSubstringsAfterOffset(&filename, 0, "/", "_"); 1509 ReplaceSubstringsAfterOffset(&filename, 0, "\\", "_"); 1510 1511 // Next, remove "." from the beginning and end of the file name to avoid 1512 // tricks with hidden files, "..", and "." 1513 TrimString(filename, ".", &filename); 1514 } 1515 if (filename.empty()) { 1516 if (url.is_valid()) { 1517 const std::string unescaped_url_filename = UnescapeURLComponent( 1518 url.ExtractFileName(), 1519 UnescapeRule::SPACES | UnescapeRule::URL_SPECIAL_CHARS); 1520 1521 // The URL's path should be escaped UTF-8, but may not be. 1522 std::string decoded_filename = unescaped_url_filename; 1523 if (!IsStringASCII(decoded_filename)) { 1524 bool ignore; 1525 // TODO(jshin): this is probably not robust enough. To be sure, we 1526 // need encoding detection. 1527 DecodeWord(unescaped_url_filename, referrer_charset, &ignore, 1528 &decoded_filename); 1529 } 1530 1531 filename = decoded_filename; 1532 } 1533 } 1534 1535 #if defined(OS_WIN) 1536 { // Handle CreateFile() stripping trailing dots and spaces on filenames 1537 // http://support.microsoft.com/kb/115827 1538 std::string::size_type pos = filename.find_last_not_of(" ."); 1539 if (pos == std::string::npos) 1540 filename.resize(0); 1541 else 1542 filename.resize(++pos); 1543 } 1544 #endif 1545 // Trim '.' once more. 1546 TrimString(filename, ".", &filename); 1547 1548 // If there's no filename or it gets trimed to be empty, use 1549 // the URL hostname or default_name 1550 if (filename.empty()) { 1551 if (!default_name.empty()) { 1552 return default_name; 1553 } else if (url.is_valid()) { 1554 // Some schemes (e.g. file) do not have a hostname. Even though it's 1555 // not likely to reach here, let's hardcode the last fallback name. 1556 // TODO(jungshik) : Decode a 'punycoded' IDN hostname. (bug 1264451) 1557 filename = url.host().empty() ? kFinalFallbackName : url.host(); 1558 } else { 1559 NOTREACHED(); 1560 } 1561 } 1562 1563 #if defined(OS_WIN) 1564 string16 path = UTF8ToUTF16(filename); 1565 file_util::ReplaceIllegalCharactersInPath(&path, '-'); 1566 return path; 1567 #else 1568 std::string path = filename; 1569 file_util::ReplaceIllegalCharactersInPath(&path, '-'); 1570 return UTF8ToUTF16(path); 1571 #endif 1572 } 1573 1574 bool IsPortAllowedByDefault(int port) { 1575 int array_size = arraysize(kRestrictedPorts); 1576 for (int i = 0; i < array_size; i++) { 1577 if (kRestrictedPorts[i] == port) { 1578 return false; 1579 } 1580 } 1581 return true; 1582 } 1583 1584 bool IsPortAllowedByFtp(int port) { 1585 int array_size = arraysize(kAllowedFtpPorts); 1586 for (int i = 0; i < array_size; i++) { 1587 if (kAllowedFtpPorts[i] == port) { 1588 return true; 1589 } 1590 } 1591 // Port not explicitly allowed by FTP, so return the default restrictions. 1592 return IsPortAllowedByDefault(port); 1593 } 1594 1595 bool IsPortAllowedByOverride(int port) { 1596 if (explicitly_allowed_ports.empty()) 1597 return false; 1598 1599 return explicitly_allowed_ports.count(port) > 0; 1600 } 1601 1602 int SetNonBlocking(int fd) { 1603 #if defined(OS_WIN) 1604 unsigned long no_block = 1; 1605 return ioctlsocket(fd, FIONBIO, &no_block); 1606 #elif defined(OS_POSIX) 1607 int flags = fcntl(fd, F_GETFL, 0); 1608 if (-1 == flags) 1609 return flags; 1610 return fcntl(fd, F_SETFL, flags | O_NONBLOCK); 1611 #endif 1612 } 1613 1614 bool ParseHostAndPort(std::string::const_iterator host_and_port_begin, 1615 std::string::const_iterator host_and_port_end, 1616 std::string* host, 1617 int* port) { 1618 if (host_and_port_begin >= host_and_port_end) 1619 return false; 1620 1621 // When using url_parse, we use char*. 1622 const char* auth_begin = &(*host_and_port_begin); 1623 int auth_len = host_and_port_end - host_and_port_begin; 1624 1625 url_parse::Component auth_component(0, auth_len); 1626 url_parse::Component username_component; 1627 url_parse::Component password_component; 1628 url_parse::Component hostname_component; 1629 url_parse::Component port_component; 1630 1631 url_parse::ParseAuthority(auth_begin, auth_component, &username_component, 1632 &password_component, &hostname_component, &port_component); 1633 1634 // There shouldn't be a username/password. 1635 if (username_component.is_valid() || password_component.is_valid()) 1636 return false; 1637 1638 if (!hostname_component.is_nonempty()) 1639 return false; // Failed parsing. 1640 1641 int parsed_port_number = -1; 1642 if (port_component.is_nonempty()) { 1643 parsed_port_number = url_parse::ParsePort(auth_begin, port_component); 1644 1645 // If parsing failed, port_number will be either PORT_INVALID or 1646 // PORT_UNSPECIFIED, both of which are negative. 1647 if (parsed_port_number < 0) 1648 return false; // Failed parsing the port number. 1649 } 1650 1651 if (port_component.len == 0) 1652 return false; // Reject inputs like "foo:" 1653 1654 // Pass results back to caller. 1655 host->assign(auth_begin + hostname_component.begin, hostname_component.len); 1656 *port = parsed_port_number; 1657 1658 return true; // Success. 1659 } 1660 1661 bool ParseHostAndPort(const std::string& host_and_port, 1662 std::string* host, 1663 int* port) { 1664 return ParseHostAndPort( 1665 host_and_port.begin(), host_and_port.end(), host, port); 1666 } 1667 1668 std::string GetHostAndPort(const GURL& url) { 1669 // For IPv6 literals, GURL::host() already includes the brackets so it is 1670 // safe to just append a colon. 1671 return base::StringPrintf("%s:%d", url.host().c_str(), 1672 url.EffectiveIntPort()); 1673 } 1674 1675 std::string GetHostAndOptionalPort(const GURL& url) { 1676 // For IPv6 literals, GURL::host() already includes the brackets 1677 // so it is safe to just append a colon. 1678 if (url.has_port()) 1679 return base::StringPrintf("%s:%s", url.host().c_str(), url.port().c_str()); 1680 return url.host(); 1681 } 1682 1683 std::string NetAddressToString(const struct addrinfo* net_address) { 1684 return NetAddressToString(net_address->ai_addr, net_address->ai_addrlen); 1685 } 1686 1687 std::string NetAddressToString(const struct sockaddr* net_address, 1688 socklen_t address_len) { 1689 #if defined(OS_WIN) 1690 EnsureWinsockInit(); 1691 #endif 1692 1693 // This buffer is large enough to fit the biggest IPv6 string. 1694 char buffer[INET6_ADDRSTRLEN]; 1695 1696 int result = getnameinfo(net_address, address_len, buffer, sizeof(buffer), 1697 NULL, 0, NI_NUMERICHOST); 1698 1699 if (result != 0) { 1700 DVLOG(1) << "getnameinfo() failed with " << result << ": " 1701 << gai_strerror(result); 1702 buffer[0] = '\0'; 1703 } 1704 return std::string(buffer); 1705 } 1706 1707 std::string NetAddressToStringWithPort(const struct addrinfo* net_address) { 1708 return NetAddressToStringWithPort( 1709 net_address->ai_addr, net_address->ai_addrlen); 1710 } 1711 std::string NetAddressToStringWithPort(const struct sockaddr* net_address, 1712 socklen_t address_len) { 1713 std::string ip_address_string = NetAddressToString(net_address, address_len); 1714 if (ip_address_string.empty()) 1715 return std::string(); // Failed. 1716 1717 int port = GetPortFromSockaddr(net_address, address_len); 1718 1719 if (ip_address_string.find(':') != std::string::npos) { 1720 // Surround with square brackets to avoid ambiguity. 1721 return base::StringPrintf("[%s]:%d", ip_address_string.c_str(), port); 1722 } 1723 1724 return base::StringPrintf("%s:%d", ip_address_string.c_str(), port); 1725 } 1726 1727 std::string GetHostName() { 1728 #if defined(OS_WIN) 1729 EnsureWinsockInit(); 1730 #endif 1731 1732 // Host names are limited to 255 bytes. 1733 char buffer[256]; 1734 int result = gethostname(buffer, sizeof(buffer)); 1735 if (result != 0) { 1736 DVLOG(1) << "gethostname() failed with " << result; 1737 buffer[0] = '\0'; 1738 } 1739 return std::string(buffer); 1740 } 1741 1742 void GetIdentityFromURL(const GURL& url, 1743 string16* username, 1744 string16* password) { 1745 UnescapeRule::Type flags = 1746 UnescapeRule::SPACES | UnescapeRule::URL_SPECIAL_CHARS; 1747 *username = UnescapeAndDecodeUTF8URLComponent(url.username(), flags, NULL); 1748 *password = UnescapeAndDecodeUTF8URLComponent(url.password(), flags, NULL); 1749 } 1750 1751 std::string GetHostOrSpecFromURL(const GURL& url) { 1752 return url.has_host() ? TrimEndingDot(url.host()) : url.spec(); 1753 } 1754 1755 void AppendFormattedHostWithOffsets( 1756 const GURL& url, 1757 const std::wstring& languages, 1758 std::wstring* output, 1759 url_parse::Parsed* new_parsed, 1760 std::vector<size_t>* offsets_for_adjustment) { 1761 DCHECK(output); 1762 const url_parse::Component& host = 1763 url.parsed_for_possibly_invalid_spec().host; 1764 1765 if (host.is_nonempty()) { 1766 // Handle possible IDN in the host name. 1767 size_t host_begin = output->length(); 1768 if (new_parsed) 1769 new_parsed->host.begin = static_cast<int>(host_begin); 1770 size_t old_host_len = static_cast<size_t>(host.len); 1771 1772 // Compose a list of offsets within the host area. 1773 std::vector<size_t> offsets_into_host = 1774 OffsetsIntoSection(offsets_for_adjustment, host_begin); 1775 1776 const std::string& spec = url.possibly_invalid_spec(); 1777 DCHECK(host.begin >= 0 && 1778 ((spec.length() == 0 && host.begin == 0) || 1779 host.begin < static_cast<int>(spec.length()))); 1780 output->append(IDNToUnicodeWithOffsets(&spec[host.begin], old_host_len, 1781 languages, &offsets_into_host)); 1782 1783 size_t new_host_len = output->length() - host_begin; 1784 if (new_parsed) 1785 new_parsed->host.len = static_cast<int>(new_host_len); 1786 1787 // Apply offset adjustments. 1788 ApplySectionAdjustments(offsets_into_host, offsets_for_adjustment, 1789 old_host_len, new_host_len, host_begin); 1790 } else if (new_parsed) { 1791 new_parsed->host.reset(); 1792 } 1793 } 1794 1795 void AppendFormattedHost(const GURL& url, 1796 const std::wstring& languages, 1797 std::wstring* output, 1798 url_parse::Parsed* new_parsed, 1799 size_t* offset_for_adjustment) { 1800 std::vector<size_t> offsets; 1801 if (offset_for_adjustment) 1802 offsets.push_back(*offset_for_adjustment); 1803 AppendFormattedHostWithOffsets(url, languages, output, new_parsed, &offsets); 1804 if (offset_for_adjustment) 1805 *offset_for_adjustment = offsets[0]; 1806 } 1807 1808 // TODO(viettrungluu): convert the wstring |FormatUrlInternal()|. 1809 string16 FormatUrlWithOffsets(const GURL& url, 1810 const std::string& languages, 1811 FormatUrlTypes format_types, 1812 UnescapeRule::Type unescape_rules, 1813 url_parse::Parsed* new_parsed, 1814 size_t* prefix_end, 1815 std::vector<size_t>* offsets_for_adjustment) { 1816 return WideToUTF16Hack( 1817 FormatUrlInternal(url, ASCIIToWide(languages), format_types, 1818 unescape_rules, new_parsed, prefix_end, 1819 offsets_for_adjustment)); 1820 } 1821 1822 string16 FormatUrl(const GURL& url, 1823 const std::string& languages, 1824 FormatUrlTypes format_types, 1825 UnescapeRule::Type unescape_rules, 1826 url_parse::Parsed* new_parsed, 1827 size_t* prefix_end, 1828 size_t* offset_for_adjustment) { 1829 std::vector<size_t> offsets; 1830 if (offset_for_adjustment) 1831 offsets.push_back(*offset_for_adjustment); 1832 string16 result = WideToUTF16Hack( 1833 FormatUrlInternal(url, ASCIIToWide(languages), format_types, 1834 unescape_rules, new_parsed, prefix_end, &offsets)); 1835 if (offset_for_adjustment) 1836 *offset_for_adjustment = offsets[0]; 1837 return result; 1838 } 1839 1840 bool CanStripTrailingSlash(const GURL& url) { 1841 // Omit the path only for standard, non-file URLs with nothing but "/" after 1842 // the hostname. 1843 return url.IsStandard() && !url.SchemeIsFile() && !url.has_query() && 1844 !url.has_ref() && url.path() == "/"; 1845 } 1846 1847 GURL SimplifyUrlForRequest(const GURL& url) { 1848 DCHECK(url.is_valid()); 1849 GURL::Replacements replacements; 1850 replacements.ClearUsername(); 1851 replacements.ClearPassword(); 1852 replacements.ClearRef(); 1853 return url.ReplaceComponents(replacements); 1854 } 1855 1856 // Specifies a comma separated list of port numbers that should be accepted 1857 // despite bans. If the string is invalid no allowed ports are stored. 1858 void SetExplicitlyAllowedPorts(const std::string& allowed_ports) { 1859 if (allowed_ports.empty()) 1860 return; 1861 1862 std::multiset<int> ports; 1863 size_t last = 0; 1864 size_t size = allowed_ports.size(); 1865 // The comma delimiter. 1866 const std::string::value_type kComma = ','; 1867 1868 // Overflow is still possible for evil user inputs. 1869 for (size_t i = 0; i <= size; ++i) { 1870 // The string should be composed of only digits and commas. 1871 if (i != size && !IsAsciiDigit(allowed_ports[i]) && 1872 (allowed_ports[i] != kComma)) 1873 return; 1874 if (i == size || allowed_ports[i] == kComma) { 1875 if (i > last) { 1876 int port; 1877 base::StringToInt(allowed_ports.begin() + last, 1878 allowed_ports.begin() + i, 1879 &port); 1880 ports.insert(port); 1881 } 1882 last = i + 1; 1883 } 1884 } 1885 explicitly_allowed_ports = ports; 1886 } 1887 1888 ScopedPortException::ScopedPortException(int port) : port_(port) { 1889 explicitly_allowed_ports.insert(port); 1890 } 1891 1892 ScopedPortException::~ScopedPortException() { 1893 std::multiset<int>::iterator it = explicitly_allowed_ports.find(port_); 1894 if (it != explicitly_allowed_ports.end()) 1895 explicitly_allowed_ports.erase(it); 1896 else 1897 NOTREACHED(); 1898 } 1899 1900 enum IPv6SupportStatus { 1901 IPV6_CANNOT_CREATE_SOCKETS, 1902 IPV6_CAN_CREATE_SOCKETS, 1903 IPV6_GETIFADDRS_FAILED, 1904 IPV6_GLOBAL_ADDRESS_MISSING, 1905 IPV6_GLOBAL_ADDRESS_PRESENT, 1906 IPV6_INTERFACE_ARRAY_TOO_SHORT, 1907 IPV6_SUPPORT_MAX // Bounding values for enumeration. 1908 }; 1909 1910 static void IPv6SupportResults(IPv6SupportStatus result) { 1911 static bool run_once = false; 1912 if (!run_once) { 1913 run_once = true; 1914 UMA_HISTOGRAM_ENUMERATION("Net.IPv6Status", result, IPV6_SUPPORT_MAX); 1915 } else { 1916 UMA_HISTOGRAM_ENUMERATION("Net.IPv6Status_retest", result, 1917 IPV6_SUPPORT_MAX); 1918 } 1919 } 1920 1921 // TODO(jar): The following is a simple estimate of IPv6 support. We may need 1922 // to do a test resolution, and a test connection, to REALLY verify support. 1923 // static 1924 bool IPv6Supported() { 1925 #ifdef ANDROID 1926 // Android does not have the ifaddrs.h header 1927 return false; 1928 #elif defined(OS_POSIX) 1929 int test_socket = socket(AF_INET6, SOCK_STREAM, 0); 1930 if (test_socket == -1) { 1931 IPv6SupportResults(IPV6_CANNOT_CREATE_SOCKETS); 1932 return false; 1933 } 1934 close(test_socket); 1935 1936 // Check to see if any interface has a IPv6 address. 1937 struct ifaddrs* interface_addr = NULL; 1938 int rv = getifaddrs(&interface_addr); 1939 if (rv != 0) { 1940 IPv6SupportResults(IPV6_GETIFADDRS_FAILED); 1941 return true; // Don't yet block IPv6. 1942 } 1943 1944 bool found_ipv6 = false; 1945 for (struct ifaddrs* interface = interface_addr; 1946 interface != NULL; 1947 interface = interface->ifa_next) { 1948 if (!(IFF_UP & interface->ifa_flags)) 1949 continue; 1950 if (IFF_LOOPBACK & interface->ifa_flags) 1951 continue; 1952 struct sockaddr* addr = interface->ifa_addr; 1953 if (!addr) 1954 continue; 1955 if (addr->sa_family != AF_INET6) 1956 continue; 1957 // Safe cast since this is AF_INET6. 1958 struct sockaddr_in6* addr_in6 = 1959 reinterpret_cast<struct sockaddr_in6*>(addr); 1960 struct in6_addr* sin6_addr = &addr_in6->sin6_addr; 1961 if (IN6_IS_ADDR_LOOPBACK(sin6_addr) || IN6_IS_ADDR_LINKLOCAL(sin6_addr)) 1962 continue; 1963 found_ipv6 = true; 1964 break; 1965 } 1966 freeifaddrs(interface_addr); 1967 if (!found_ipv6) { 1968 IPv6SupportResults(IPV6_GLOBAL_ADDRESS_MISSING); 1969 return false; 1970 } 1971 1972 IPv6SupportResults(IPV6_GLOBAL_ADDRESS_PRESENT); 1973 return true; 1974 #elif defined(OS_WIN) 1975 EnsureWinsockInit(); 1976 SOCKET test_socket = socket(AF_INET6, SOCK_STREAM, 0); 1977 if (test_socket == INVALID_SOCKET) { 1978 IPv6SupportResults(IPV6_CANNOT_CREATE_SOCKETS); 1979 return false; 1980 } 1981 closesocket(test_socket); 1982 1983 // Check to see if any interface has a IPv6 address. 1984 // The GetAdaptersAddresses MSDN page recommends using a size of 15000 to 1985 // avoid reallocation. 1986 ULONG adapters_size = 15000; 1987 scoped_ptr_malloc<IP_ADAPTER_ADDRESSES> adapters; 1988 ULONG error; 1989 int num_tries = 0; 1990 do { 1991 adapters.reset( 1992 reinterpret_cast<PIP_ADAPTER_ADDRESSES>(malloc(adapters_size))); 1993 // Return only unicast addresses. 1994 error = GetAdaptersAddresses(AF_UNSPEC, 1995 GAA_FLAG_SKIP_ANYCAST | 1996 GAA_FLAG_SKIP_MULTICAST | 1997 GAA_FLAG_SKIP_DNS_SERVER | 1998 GAA_FLAG_SKIP_FRIENDLY_NAME, 1999 NULL, adapters.get(), &adapters_size); 2000 num_tries++; 2001 } while (error == ERROR_BUFFER_OVERFLOW && num_tries <= 3); 2002 if (error == ERROR_NO_DATA) { 2003 IPv6SupportResults(IPV6_GLOBAL_ADDRESS_MISSING); 2004 return false; 2005 } 2006 if (error != ERROR_SUCCESS) { 2007 IPv6SupportResults(IPV6_GETIFADDRS_FAILED); 2008 return true; // Don't yet block IPv6. 2009 } 2010 2011 PIP_ADAPTER_ADDRESSES adapter; 2012 for (adapter = adapters.get(); adapter; adapter = adapter->Next) { 2013 if (adapter->OperStatus != IfOperStatusUp) 2014 continue; 2015 if (adapter->IfType == IF_TYPE_SOFTWARE_LOOPBACK) 2016 continue; 2017 PIP_ADAPTER_UNICAST_ADDRESS unicast_address; 2018 for (unicast_address = adapter->FirstUnicastAddress; 2019 unicast_address; 2020 unicast_address = unicast_address->Next) { 2021 if (unicast_address->Address.lpSockaddr->sa_family != AF_INET6) 2022 continue; 2023 // Safe cast since this is AF_INET6. 2024 struct sockaddr_in6* addr_in6 = reinterpret_cast<struct sockaddr_in6*>( 2025 unicast_address->Address.lpSockaddr); 2026 struct in6_addr* sin6_addr = &addr_in6->sin6_addr; 2027 if (IN6_IS_ADDR_LOOPBACK(sin6_addr) || IN6_IS_ADDR_LINKLOCAL(sin6_addr)) 2028 continue; 2029 IPv6SupportResults(IPV6_GLOBAL_ADDRESS_PRESENT); 2030 return true; 2031 } 2032 } 2033 2034 IPv6SupportResults(IPV6_GLOBAL_ADDRESS_MISSING); 2035 return false; 2036 #else 2037 NOTIMPLEMENTED(); 2038 return true; 2039 #endif // defined(various platforms) 2040 } 2041 2042 bool HaveOnlyLoopbackAddresses() { 2043 #if defined(ANDROID) 2044 // Android has no <ifaddrs.h> 2045 return false; 2046 #elif defined(OS_POSIX) 2047 struct ifaddrs* interface_addr = NULL; 2048 int rv = getifaddrs(&interface_addr); 2049 if (rv != 0) { 2050 DVLOG(1) << "getifaddrs() failed with errno = " << errno; 2051 return false; 2052 } 2053 2054 bool result = true; 2055 for (struct ifaddrs* interface = interface_addr; 2056 interface != NULL; 2057 interface = interface->ifa_next) { 2058 if (!(IFF_UP & interface->ifa_flags)) 2059 continue; 2060 if (IFF_LOOPBACK & interface->ifa_flags) 2061 continue; 2062 const struct sockaddr* addr = interface->ifa_addr; 2063 if (!addr) 2064 continue; 2065 if (addr->sa_family == AF_INET6) { 2066 // Safe cast since this is AF_INET6. 2067 const struct sockaddr_in6* addr_in6 = 2068 reinterpret_cast<const struct sockaddr_in6*>(addr); 2069 const struct in6_addr* sin6_addr = &addr_in6->sin6_addr; 2070 if (IN6_IS_ADDR_LOOPBACK(sin6_addr) || IN6_IS_ADDR_LINKLOCAL(sin6_addr)) 2071 continue; 2072 } 2073 if (addr->sa_family != AF_INET6 && addr->sa_family != AF_INET) 2074 continue; 2075 2076 result = false; 2077 break; 2078 } 2079 freeifaddrs(interface_addr); 2080 return result; 2081 #elif defined(OS_WIN) 2082 // TODO(wtc): implement with the GetAdaptersAddresses function. 2083 NOTIMPLEMENTED(); 2084 return false; 2085 #else 2086 NOTIMPLEMENTED(); 2087 return false; 2088 #endif // defined(various platforms) 2089 } 2090 2091 bool ParseIPLiteralToNumber(const std::string& ip_literal, 2092 IPAddressNumber* ip_number) { 2093 // |ip_literal| could be either a IPv4 or an IPv6 literal. If it contains 2094 // a colon however, it must be an IPv6 address. 2095 if (ip_literal.find(':') != std::string::npos) { 2096 // GURL expects IPv6 hostnames to be surrounded with brackets. 2097 std::string host_brackets = "[" + ip_literal + "]"; 2098 url_parse::Component host_comp(0, host_brackets.size()); 2099 2100 // Try parsing the hostname as an IPv6 literal. 2101 ip_number->resize(16); // 128 bits. 2102 return url_canon::IPv6AddressToNumber(host_brackets.data(), 2103 host_comp, 2104 &(*ip_number)[0]); 2105 } 2106 2107 // Otherwise the string is an IPv4 address. 2108 ip_number->resize(4); // 32 bits. 2109 url_parse::Component host_comp(0, ip_literal.size()); 2110 int num_components; 2111 url_canon::CanonHostInfo::Family family = url_canon::IPv4AddressToNumber( 2112 ip_literal.data(), host_comp, &(*ip_number)[0], &num_components); 2113 return family == url_canon::CanonHostInfo::IPV4; 2114 } 2115 2116 IPAddressNumber ConvertIPv4NumberToIPv6Number( 2117 const IPAddressNumber& ipv4_number) { 2118 DCHECK(ipv4_number.size() == 4); 2119 2120 // IPv4-mapped addresses are formed by: 2121 // <80 bits of zeros> + <16 bits of ones> + <32-bit IPv4 address>. 2122 IPAddressNumber ipv6_number; 2123 ipv6_number.reserve(16); 2124 ipv6_number.insert(ipv6_number.end(), 10, 0); 2125 ipv6_number.push_back(0xFF); 2126 ipv6_number.push_back(0xFF); 2127 ipv6_number.insert(ipv6_number.end(), ipv4_number.begin(), ipv4_number.end()); 2128 return ipv6_number; 2129 } 2130 2131 bool ParseCIDRBlock(const std::string& cidr_literal, 2132 IPAddressNumber* ip_number, 2133 size_t* prefix_length_in_bits) { 2134 // We expect CIDR notation to match one of these two templates: 2135 // <IPv4-literal> "/" <number of bits> 2136 // <IPv6-literal> "/" <number of bits> 2137 2138 std::vector<std::string> parts; 2139 base::SplitString(cidr_literal, '/', &parts); 2140 if (parts.size() != 2) 2141 return false; 2142 2143 // Parse the IP address. 2144 if (!ParseIPLiteralToNumber(parts[0], ip_number)) 2145 return false; 2146 2147 // Parse the prefix length. 2148 int number_of_bits = -1; 2149 if (!base::StringToInt(parts[1], &number_of_bits)) 2150 return false; 2151 2152 // Make sure the prefix length is in a valid range. 2153 if (number_of_bits < 0 || 2154 number_of_bits > static_cast<int>(ip_number->size() * 8)) 2155 return false; 2156 2157 *prefix_length_in_bits = static_cast<size_t>(number_of_bits); 2158 return true; 2159 } 2160 2161 bool IPNumberMatchesPrefix(const IPAddressNumber& ip_number, 2162 const IPAddressNumber& ip_prefix, 2163 size_t prefix_length_in_bits) { 2164 // Both the input IP address and the prefix IP address should be 2165 // either IPv4 or IPv6. 2166 DCHECK(ip_number.size() == 4 || ip_number.size() == 16); 2167 DCHECK(ip_prefix.size() == 4 || ip_prefix.size() == 16); 2168 2169 DCHECK_LE(prefix_length_in_bits, ip_prefix.size() * 8); 2170 2171 // In case we have an IPv6 / IPv4 mismatch, convert the IPv4 addresses to 2172 // IPv6 addresses in order to do the comparison. 2173 if (ip_number.size() != ip_prefix.size()) { 2174 if (ip_number.size() == 4) { 2175 return IPNumberMatchesPrefix(ConvertIPv4NumberToIPv6Number(ip_number), 2176 ip_prefix, prefix_length_in_bits); 2177 } 2178 return IPNumberMatchesPrefix(ip_number, 2179 ConvertIPv4NumberToIPv6Number(ip_prefix), 2180 96 + prefix_length_in_bits); 2181 } 2182 2183 // Otherwise we are comparing two IPv4 addresses, or two IPv6 addresses. 2184 // Compare all the bytes that fall entirely within the prefix. 2185 int num_entire_bytes_in_prefix = prefix_length_in_bits / 8; 2186 for (int i = 0; i < num_entire_bytes_in_prefix; ++i) { 2187 if (ip_number[i] != ip_prefix[i]) 2188 return false; 2189 } 2190 2191 // In case the prefix was not a multiple of 8, there will be 1 byte 2192 // which is only partially masked. 2193 int remaining_bits = prefix_length_in_bits % 8; 2194 if (remaining_bits != 0) { 2195 unsigned char mask = 0xFF << (8 - remaining_bits); 2196 int i = num_entire_bytes_in_prefix; 2197 if ((ip_number[i] & mask) != (ip_prefix[i] & mask)) 2198 return false; 2199 } 2200 2201 return true; 2202 } 2203 2204 struct addrinfo* CreateCopyOfAddrinfo(const struct addrinfo* info, 2205 bool recursive) { 2206 DCHECK(info); 2207 struct addrinfo* copy = new addrinfo; 2208 2209 // Copy all the fields (some of these are pointers, we will fix that next). 2210 memcpy(copy, info, sizeof(addrinfo)); 2211 2212 // ai_canonname is a NULL-terminated string. 2213 if (info->ai_canonname) { 2214 copy->ai_canonname = do_strdup(info->ai_canonname); 2215 } 2216 2217 // ai_addr is a buffer of length ai_addrlen. 2218 if (info->ai_addr) { 2219 copy->ai_addr = reinterpret_cast<sockaddr *>(new char[info->ai_addrlen]); 2220 memcpy(copy->ai_addr, info->ai_addr, info->ai_addrlen); 2221 } 2222 2223 // Recursive copy. 2224 if (recursive && info->ai_next) 2225 copy->ai_next = CreateCopyOfAddrinfo(info->ai_next, recursive); 2226 else 2227 copy->ai_next = NULL; 2228 2229 return copy; 2230 } 2231 2232 void FreeCopyOfAddrinfo(struct addrinfo* info) { 2233 DCHECK(info); 2234 if (info->ai_canonname) 2235 free(info->ai_canonname); // Allocated by strdup. 2236 2237 if (info->ai_addr) 2238 delete [] reinterpret_cast<char*>(info->ai_addr); 2239 2240 struct addrinfo* next = info->ai_next; 2241 2242 delete info; 2243 2244 // Recursive free. 2245 if (next) 2246 FreeCopyOfAddrinfo(next); 2247 } 2248 2249 // Returns the port field of the sockaddr in |info|. 2250 uint16* GetPortFieldFromAddrinfo(struct addrinfo* info) { 2251 const struct addrinfo* const_info = info; 2252 const uint16* port_field = GetPortFieldFromAddrinfo(const_info); 2253 return const_cast<uint16*>(port_field); 2254 } 2255 2256 const uint16* GetPortFieldFromAddrinfo(const struct addrinfo* info) { 2257 DCHECK(info); 2258 const struct sockaddr* address = info->ai_addr; 2259 DCHECK(address); 2260 DCHECK_EQ(info->ai_family, address->sa_family); 2261 return GetPortFieldFromSockaddr(address, info->ai_addrlen); 2262 } 2263 2264 int GetPortFromAddrinfo(const struct addrinfo* info) { 2265 const uint16* port_field = GetPortFieldFromAddrinfo(info); 2266 if (!port_field) 2267 return -1; 2268 return ntohs(*port_field); 2269 } 2270 2271 const uint16* GetPortFieldFromSockaddr(const struct sockaddr* address, 2272 socklen_t address_len) { 2273 if (address->sa_family == AF_INET) { 2274 DCHECK_LE(sizeof(sockaddr_in), static_cast<size_t>(address_len)); 2275 const struct sockaddr_in* sockaddr = 2276 reinterpret_cast<const struct sockaddr_in*>(address); 2277 return &sockaddr->sin_port; 2278 } else if (address->sa_family == AF_INET6) { 2279 DCHECK_LE(sizeof(sockaddr_in6), static_cast<size_t>(address_len)); 2280 const struct sockaddr_in6* sockaddr = 2281 reinterpret_cast<const struct sockaddr_in6*>(address); 2282 return &sockaddr->sin6_port; 2283 } else { 2284 NOTREACHED(); 2285 return NULL; 2286 } 2287 } 2288 2289 int GetPortFromSockaddr(const struct sockaddr* address, socklen_t address_len) { 2290 const uint16* port_field = GetPortFieldFromSockaddr(address, address_len); 2291 if (!port_field) 2292 return -1; 2293 return ntohs(*port_field); 2294 } 2295 2296 bool IsLocalhost(const std::string& host) { 2297 if (host == "localhost" || 2298 host == "localhost.localdomain" || 2299 host == "localhost6" || 2300 host == "localhost6.localdomain6") 2301 return true; 2302 2303 IPAddressNumber ip_number; 2304 if (ParseIPLiteralToNumber(host, &ip_number)) { 2305 size_t size = ip_number.size(); 2306 switch (size) { 2307 case kIPv4AddressSize: { 2308 IPAddressNumber localhost_prefix; 2309 localhost_prefix.push_back(127); 2310 for (int i = 0; i < 3; ++i) { 2311 localhost_prefix.push_back(0); 2312 } 2313 return IPNumberMatchesPrefix(ip_number, localhost_prefix, 8); 2314 } 2315 2316 case kIPv6AddressSize: { 2317 struct in6_addr sin6_addr; 2318 memcpy(&sin6_addr, &ip_number[0], kIPv6AddressSize); 2319 return !!IN6_IS_ADDR_LOOPBACK(&sin6_addr); 2320 } 2321 2322 default: 2323 NOTREACHED(); 2324 } 2325 } 2326 2327 return false; 2328 } 2329 2330 NetworkInterface::NetworkInterface() { 2331 } 2332 2333 NetworkInterface::NetworkInterface(const std::string& name, 2334 const IPAddressNumber& address) 2335 : name(name), address(address) { 2336 } 2337 2338 NetworkInterface::~NetworkInterface() { 2339 } 2340 2341 ClampComponentOffset::ClampComponentOffset(size_t component_start) 2342 : component_start(component_start) {} 2343 2344 size_t ClampComponentOffset::operator()(size_t offset) { 2345 return (offset >= component_start) ? 2346 offset : std::wstring::npos; 2347 } 2348 2349 } // namespace net 2350
