1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "net/base/net_util.h" 6 7 #include <errno.h> 8 #include <string.h> 9 10 #include <algorithm> 11 #include <iterator> 12 #include <set> 13 14 #include "build/build_config.h" 15 16 #if defined(OS_WIN) 17 #include <windows.h> 18 #include <iphlpapi.h> 19 #include <winsock2.h> 20 #include <ws2bth.h> 21 #pragma comment(lib, "iphlpapi.lib") 22 #elif defined(OS_POSIX) 23 #include <fcntl.h> 24 #include <netdb.h> 25 #include <netinet/in.h> 26 #include <unistd.h> 27 #if !defined(OS_NACL) 28 #include <net/if.h> 29 #if !defined(OS_ANDROID) 30 #include <ifaddrs.h> 31 #endif // !defined(OS_NACL) 32 #endif // !defined(OS_ANDROID) 33 #endif // defined(OS_POSIX) 34 35 #include "base/basictypes.h" 36 #include "base/json/string_escape.h" 37 #include "base/lazy_instance.h" 38 #include "base/logging.h" 39 #include "base/strings/string_number_conversions.h" 40 #include "base/strings/string_piece.h" 41 #include "base/strings/string_split.h" 42 #include "base/strings/string_util.h" 43 #include "base/strings/stringprintf.h" 44 #include "base/strings/utf_string_conversions.h" 45 #include "base/sys_byteorder.h" 46 #include "base/values.h" 47 #include "url/gurl.h" 48 #include "url/url_canon.h" 49 #include "url/url_canon_ip.h" 50 #include "url/url_parse.h" 51 #include "net/base/dns_util.h" 52 #include "net/base/net_module.h" 53 #include "net/base/registry_controlled_domains/registry_controlled_domain.h" 54 #include "net/grit/net_resources.h" 55 #include "net/http/http_content_disposition.h" 56 57 #if defined(OS_ANDROID) 58 #include "net/android/network_library.h" 59 #endif 60 #if defined(OS_WIN) 61 #include "net/base/winsock_init.h" 62 #endif 63 64 namespace net { 65 66 namespace { 67 68 // The general list of blocked ports. Will be blocked unless a specific 69 // protocol overrides it. (Ex: ftp can use ports 20 and 21) 70 static const int kRestrictedPorts[] = { 71 1, // tcpmux 72 7, // echo 73 9, // discard 74 11, // systat 75 13, // daytime 76 15, // netstat 77 17, // qotd 78 19, // chargen 79 20, // ftp data 80 21, // ftp access 81 22, // ssh 82 23, // telnet 83 25, // smtp 84 37, // time 85 42, // name 86 43, // nicname 87 53, // domain 88 77, // priv-rjs 89 79, // finger 90 87, // ttylink 91 95, // supdup 92 101, // hostriame 93 102, // iso-tsap 94 103, // gppitnp 95 104, // acr-nema 96 109, // pop2 97 110, // pop3 98 111, // sunrpc 99 113, // auth 100 115, // sftp 101 117, // uucp-path 102 119, // nntp 103 123, // NTP 104 135, // loc-srv /epmap 105 139, // netbios 106 143, // imap2 107 179, // BGP 108 389, // ldap 109 465, // smtp+ssl 110 512, // print / exec 111 513, // login 112 514, // shell 113 515, // printer 114 526, // tempo 115 530, // courier 116 531, // chat 117 532, // netnews 118 540, // uucp 119 556, // remotefs 120 563, // nntp+ssl 121 587, // stmp? 122 601, // ?? 123 636, // ldap+ssl 124 993, // ldap+ssl 125 995, // pop3+ssl 126 2049, // nfs 127 3659, // apple-sasl / PasswordServer 128 4045, // lockd 129 6000, // X11 130 6665, // Alternate IRC [Apple addition] 131 6666, // Alternate IRC [Apple addition] 132 6667, // Standard IRC [Apple addition] 133 6668, // Alternate IRC [Apple addition] 134 6669, // Alternate IRC [Apple addition] 135 0xFFFF, // Used to block all invalid port numbers (see 136 // third_party/WebKit/Source/platform/weborigin/KURL.cpp, 137 // KURL::port()) 138 }; 139 140 // FTP overrides the following restricted ports. 141 static const int kAllowedFtpPorts[] = { 142 21, // ftp data 143 22, // ssh 144 }; 145 146 bool IPNumberPrefixCheck(const IPAddressNumber& ip_number, 147 const unsigned char* ip_prefix, 148 size_t prefix_length_in_bits) { 149 // Compare all the bytes that fall entirely within the prefix. 150 int num_entire_bytes_in_prefix = prefix_length_in_bits / 8; 151 for (int i = 0; i < num_entire_bytes_in_prefix; ++i) { 152 if (ip_number[i] != ip_prefix[i]) 153 return false; 154 } 155 156 // In case the prefix was not a multiple of 8, there will be 1 byte 157 // which is only partially masked. 158 int remaining_bits = prefix_length_in_bits % 8; 159 if (remaining_bits != 0) { 160 unsigned char mask = 0xFF << (8 - remaining_bits); 161 int i = num_entire_bytes_in_prefix; 162 if ((ip_number[i] & mask) != (ip_prefix[i] & mask)) 163 return false; 164 } 165 return true; 166 } 167 168 } // namespace 169 170 static base::LazyInstance<std::multiset<int> >::Leaky 171 g_explicitly_allowed_ports = LAZY_INSTANCE_INITIALIZER; 172 173 size_t GetCountOfExplicitlyAllowedPorts() { 174 return g_explicitly_allowed_ports.Get().size(); 175 } 176 177 std::string GetSpecificHeader(const std::string& headers, 178 const std::string& name) { 179 // We want to grab the Value from the "Key: Value" pairs in the headers, 180 // which should look like this (no leading spaces, \n-separated) (we format 181 // them this way in url_request_inet.cc): 182 // HTTP/1.1 200 OK\n 183 // ETag: "6d0b8-947-24f35ec0"\n 184 // Content-Length: 2375\n 185 // Content-Type: text/html; charset=UTF-8\n 186 // Last-Modified: Sun, 03 Sep 2006 04:34:43 GMT\n 187 if (headers.empty()) 188 return std::string(); 189 190 std::string match('\n' + name + ':'); 191 192 std::string::const_iterator begin = 193 std::search(headers.begin(), headers.end(), match.begin(), match.end(), 194 base::CaseInsensitiveCompareASCII<char>()); 195 196 if (begin == headers.end()) 197 return std::string(); 198 199 begin += match.length(); 200 201 std::string ret; 202 base::TrimWhitespace(std::string(begin, 203 std::find(begin, headers.end(), '\n')), 204 base::TRIM_ALL, &ret); 205 return ret; 206 } 207 208 std::string CanonicalizeHost(const std::string& host, 209 url::CanonHostInfo* host_info) { 210 // Try to canonicalize the host. 211 const url::Component raw_host_component(0, static_cast<int>(host.length())); 212 std::string canon_host; 213 url::StdStringCanonOutput canon_host_output(&canon_host); 214 url::CanonicalizeHostVerbose(host.c_str(), raw_host_component, 215 &canon_host_output, host_info); 216 217 if (host_info->out_host.is_nonempty() && 218 host_info->family != url::CanonHostInfo::BROKEN) { 219 // Success! Assert that there's no extra garbage. 220 canon_host_output.Complete(); 221 DCHECK_EQ(host_info->out_host.len, static_cast<int>(canon_host.length())); 222 } else { 223 // Empty host, or canonicalization failed. We'll return empty. 224 canon_host.clear(); 225 } 226 227 return canon_host; 228 } 229 230 std::string GetDirectoryListingHeader(const base::string16& title) { 231 static const base::StringPiece header( 232 NetModule::GetResource(IDR_DIR_HEADER_HTML)); 233 // This can be null in unit tests. 234 DLOG_IF(WARNING, header.empty()) << 235 "Missing resource: directory listing header"; 236 237 std::string result; 238 if (!header.empty()) 239 result.assign(header.data(), header.size()); 240 241 result.append("<script>start("); 242 base::EscapeJSONString(title, true, &result); 243 result.append(");</script>\n"); 244 245 return result; 246 } 247 248 inline bool IsHostCharAlphanumeric(char c) { 249 // We can just check lowercase because uppercase characters have already been 250 // normalized. 251 return ((c >= 'a') && (c <= 'z')) || ((c >= '0') && (c <= '9')); 252 } 253 254 bool IsCanonicalizedHostCompliant(const std::string& host, 255 const std::string& desired_tld) { 256 if (host.empty()) 257 return false; 258 259 bool in_component = false; 260 bool most_recent_component_started_alphanumeric = false; 261 bool last_char_was_underscore = false; 262 263 for (std::string::const_iterator i(host.begin()); i != host.end(); ++i) { 264 const char c = *i; 265 if (!in_component) { 266 most_recent_component_started_alphanumeric = IsHostCharAlphanumeric(c); 267 if (!most_recent_component_started_alphanumeric && (c != '-')) 268 return false; 269 in_component = true; 270 } else { 271 if (c == '.') { 272 if (last_char_was_underscore) 273 return false; 274 in_component = false; 275 } else if (IsHostCharAlphanumeric(c) || (c == '-')) { 276 last_char_was_underscore = false; 277 } else if (c == '_') { 278 last_char_was_underscore = true; 279 } else { 280 return false; 281 } 282 } 283 } 284 285 return most_recent_component_started_alphanumeric || 286 (!desired_tld.empty() && IsHostCharAlphanumeric(desired_tld[0])); 287 } 288 289 base::string16 StripWWW(const base::string16& text) { 290 const base::string16 www(base::ASCIIToUTF16("www.")); 291 return StartsWith(text, www, true) ? text.substr(www.length()) : text; 292 } 293 294 base::string16 StripWWWFromHost(const GURL& url) { 295 DCHECK(url.is_valid()); 296 return StripWWW(base::ASCIIToUTF16(url.host())); 297 } 298 299 bool IsPortAllowedByDefault(int port) { 300 int array_size = arraysize(kRestrictedPorts); 301 for (int i = 0; i < array_size; i++) { 302 if (kRestrictedPorts[i] == port) { 303 return false; 304 } 305 } 306 return true; 307 } 308 309 bool IsPortAllowedByFtp(int port) { 310 int array_size = arraysize(kAllowedFtpPorts); 311 for (int i = 0; i < array_size; i++) { 312 if (kAllowedFtpPorts[i] == port) { 313 return true; 314 } 315 } 316 // Port not explicitly allowed by FTP, so return the default restrictions. 317 return IsPortAllowedByDefault(port); 318 } 319 320 bool IsPortAllowedByOverride(int port) { 321 if (g_explicitly_allowed_ports.Get().empty()) 322 return false; 323 324 return g_explicitly_allowed_ports.Get().count(port) > 0; 325 } 326 327 int SetNonBlocking(int fd) { 328 #if defined(OS_WIN) 329 unsigned long no_block = 1; 330 return ioctlsocket(fd, FIONBIO, &no_block); 331 #elif defined(OS_POSIX) 332 int flags = fcntl(fd, F_GETFL, 0); 333 if (-1 == flags) 334 return flags; 335 return fcntl(fd, F_SETFL, flags | O_NONBLOCK); 336 #endif 337 } 338 339 bool ParseHostAndPort(std::string::const_iterator host_and_port_begin, 340 std::string::const_iterator host_and_port_end, 341 std::string* host, 342 int* port) { 343 if (host_and_port_begin >= host_and_port_end) 344 return false; 345 346 // When using url, we use char*. 347 const char* auth_begin = &(*host_and_port_begin); 348 int auth_len = host_and_port_end - host_and_port_begin; 349 350 url::Component auth_component(0, auth_len); 351 url::Component username_component; 352 url::Component password_component; 353 url::Component hostname_component; 354 url::Component port_component; 355 356 url::ParseAuthority(auth_begin, auth_component, &username_component, 357 &password_component, &hostname_component, &port_component); 358 359 // There shouldn't be a username/password. 360 if (username_component.is_valid() || password_component.is_valid()) 361 return false; 362 363 if (!hostname_component.is_nonempty()) 364 return false; // Failed parsing. 365 366 int parsed_port_number = -1; 367 if (port_component.is_nonempty()) { 368 parsed_port_number = url::ParsePort(auth_begin, port_component); 369 370 // If parsing failed, port_number will be either PORT_INVALID or 371 // PORT_UNSPECIFIED, both of which are negative. 372 if (parsed_port_number < 0) 373 return false; // Failed parsing the port number. 374 } 375 376 if (port_component.len == 0) 377 return false; // Reject inputs like "foo:" 378 379 unsigned char tmp_ipv6_addr[16]; 380 381 // If the hostname starts with a bracket, it is either an IPv6 literal or 382 // invalid. If it is an IPv6 literal then strip the brackets. 383 if (hostname_component.len > 0 && 384 auth_begin[hostname_component.begin] == '[') { 385 if (auth_begin[hostname_component.end() - 1] == ']' && 386 url::IPv6AddressToNumber( 387 auth_begin, hostname_component, tmp_ipv6_addr)) { 388 // Strip the brackets. 389 hostname_component.begin++; 390 hostname_component.len -= 2; 391 } else { 392 return false; 393 } 394 } 395 396 // Pass results back to caller. 397 host->assign(auth_begin + hostname_component.begin, hostname_component.len); 398 *port = parsed_port_number; 399 400 return true; // Success. 401 } 402 403 bool ParseHostAndPort(const std::string& host_and_port, 404 std::string* host, 405 int* port) { 406 return ParseHostAndPort( 407 host_and_port.begin(), host_and_port.end(), host, port); 408 } 409 410 std::string GetHostAndPort(const GURL& url) { 411 // For IPv6 literals, GURL::host() already includes the brackets so it is 412 // safe to just append a colon. 413 return base::StringPrintf("%s:%d", url.host().c_str(), 414 url.EffectiveIntPort()); 415 } 416 417 std::string GetHostAndOptionalPort(const GURL& url) { 418 // For IPv6 literals, GURL::host() already includes the brackets 419 // so it is safe to just append a colon. 420 if (url.has_port()) 421 return base::StringPrintf("%s:%s", url.host().c_str(), url.port().c_str()); 422 return url.host(); 423 } 424 425 bool IsHostnameNonUnique(const std::string& hostname) { 426 // CanonicalizeHost requires surrounding brackets to parse an IPv6 address. 427 const std::string host_or_ip = hostname.find(':') != std::string::npos ? 428 "[" + hostname + "]" : hostname; 429 url::CanonHostInfo host_info; 430 std::string canonical_name = CanonicalizeHost(host_or_ip, &host_info); 431 432 // If canonicalization fails, then the input is truly malformed. However, 433 // to avoid mis-reporting bad inputs as "non-unique", treat them as unique. 434 if (canonical_name.empty()) 435 return false; 436 437 // If |hostname| is an IP address, check to see if it's in an IANA-reserved 438 // range. 439 if (host_info.IsIPAddress()) { 440 IPAddressNumber host_addr; 441 if (!ParseIPLiteralToNumber(hostname.substr(host_info.out_host.begin, 442 host_info.out_host.len), 443 &host_addr)) { 444 return false; 445 } 446 switch (host_info.family) { 447 case url::CanonHostInfo::IPV4: 448 case url::CanonHostInfo::IPV6: 449 return IsIPAddressReserved(host_addr); 450 case url::CanonHostInfo::NEUTRAL: 451 case url::CanonHostInfo::BROKEN: 452 return false; 453 } 454 } 455 456 // Check for a registry controlled portion of |hostname|, ignoring private 457 // registries, as they already chain to ICANN-administered registries, 458 // and explicitly ignoring unknown registries. 459 // 460 // Note: This means that as new gTLDs are introduced on the Internet, they 461 // will be treated as non-unique until the registry controlled domain list 462 // is updated. However, because gTLDs are expected to provide significant 463 // advance notice to deprecate older versions of this code, this an 464 // acceptable tradeoff. 465 return 0 == registry_controlled_domains::GetRegistryLength( 466 canonical_name, 467 registry_controlled_domains::EXCLUDE_UNKNOWN_REGISTRIES, 468 registry_controlled_domains::EXCLUDE_PRIVATE_REGISTRIES); 469 } 470 471 // Don't compare IPv4 and IPv6 addresses (they have different range 472 // reservations). Keep separate reservation arrays for each IP type, and 473 // consolidate adjacent reserved ranges within a reservation array when 474 // possible. 475 // Sources for info: 476 // www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xhtml 477 // www.iana.org/assignments/ipv6-address-space/ipv6-address-space.xhtml 478 // They're formatted here with the prefix as the last element. For example: 479 // 10.0.0.0/8 becomes 10,0,0,0,8 and fec0::/10 becomes 0xfe,0xc0,0,0,0...,10. 480 bool IsIPAddressReserved(const IPAddressNumber& host_addr) { 481 static const unsigned char kReservedIPv4[][5] = { 482 { 0,0,0,0,8 }, { 10,0,0,0,8 }, { 100,64,0,0,10 }, { 127,0,0,0,8 }, 483 { 169,254,0,0,16 }, { 172,16,0,0,12 }, { 192,0,2,0,24 }, 484 { 192,88,99,0,24 }, { 192,168,0,0,16 }, { 198,18,0,0,15 }, 485 { 198,51,100,0,24 }, { 203,0,113,0,24 }, { 224,0,0,0,3 } 486 }; 487 static const unsigned char kReservedIPv6[][17] = { 488 { 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8 }, 489 { 0x40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2 }, 490 { 0x80,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2 }, 491 { 0xc0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3 }, 492 { 0xe0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4 }, 493 { 0xf0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5 }, 494 { 0xf8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6 }, 495 { 0xfc,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7 }, 496 { 0xfe,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9 }, 497 { 0xfe,0x80,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10 }, 498 { 0xfe,0xc0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10 }, 499 }; 500 size_t array_size = 0; 501 const unsigned char* array = NULL; 502 switch (host_addr.size()) { 503 case kIPv4AddressSize: 504 array_size = arraysize(kReservedIPv4); 505 array = kReservedIPv4[0]; 506 break; 507 case kIPv6AddressSize: 508 array_size = arraysize(kReservedIPv6); 509 array = kReservedIPv6[0]; 510 break; 511 } 512 if (!array) 513 return false; 514 size_t width = host_addr.size() + 1; 515 for (size_t i = 0; i < array_size; ++i, array += width) { 516 if (IPNumberPrefixCheck(host_addr, array, array[width-1])) 517 return true; 518 } 519 return false; 520 } 521 522 SockaddrStorage::SockaddrStorage(const SockaddrStorage& other) 523 : addr_len(other.addr_len), 524 addr(reinterpret_cast<struct sockaddr*>(&addr_storage)) { 525 memcpy(addr, other.addr, addr_len); 526 } 527 528 void SockaddrStorage::operator=(const SockaddrStorage& other) { 529 addr_len = other.addr_len; 530 // addr is already set to &this->addr_storage by default ctor. 531 memcpy(addr, other.addr, addr_len); 532 } 533 534 // Extracts the address and port portions of a sockaddr. 535 bool GetIPAddressFromSockAddr(const struct sockaddr* sock_addr, 536 socklen_t sock_addr_len, 537 const uint8** address, 538 size_t* address_len, 539 uint16* port) { 540 if (sock_addr->sa_family == AF_INET) { 541 if (sock_addr_len < static_cast<socklen_t>(sizeof(struct sockaddr_in))) 542 return false; 543 const struct sockaddr_in* addr = 544 reinterpret_cast<const struct sockaddr_in*>(sock_addr); 545 *address = reinterpret_cast<const uint8*>(&addr->sin_addr); 546 *address_len = kIPv4AddressSize; 547 if (port) 548 *port = base::NetToHost16(addr->sin_port); 549 return true; 550 } 551 552 if (sock_addr->sa_family == AF_INET6) { 553 if (sock_addr_len < static_cast<socklen_t>(sizeof(struct sockaddr_in6))) 554 return false; 555 const struct sockaddr_in6* addr = 556 reinterpret_cast<const struct sockaddr_in6*>(sock_addr); 557 *address = reinterpret_cast<const uint8*>(&addr->sin6_addr); 558 *address_len = kIPv6AddressSize; 559 if (port) 560 *port = base::NetToHost16(addr->sin6_port); 561 return true; 562 } 563 564 #if defined(OS_WIN) 565 if (sock_addr->sa_family == AF_BTH) { 566 if (sock_addr_len < static_cast<socklen_t>(sizeof(SOCKADDR_BTH))) 567 return false; 568 const SOCKADDR_BTH* addr = 569 reinterpret_cast<const SOCKADDR_BTH*>(sock_addr); 570 *address = reinterpret_cast<const uint8*>(&addr->btAddr); 571 *address_len = kBluetoothAddressSize; 572 if (port) 573 *port = addr->port; 574 return true; 575 } 576 #endif 577 578 return false; // Unrecognized |sa_family|. 579 } 580 581 std::string IPAddressToString(const uint8* address, 582 size_t address_len) { 583 std::string str; 584 url::StdStringCanonOutput output(&str); 585 586 if (address_len == kIPv4AddressSize) { 587 url::AppendIPv4Address(address, &output); 588 } else if (address_len == kIPv6AddressSize) { 589 url::AppendIPv6Address(address, &output); 590 } else { 591 CHECK(false) << "Invalid IP address with length: " << address_len; 592 } 593 594 output.Complete(); 595 return str; 596 } 597 598 std::string IPAddressToStringWithPort(const uint8* address, 599 size_t address_len, 600 uint16 port) { 601 std::string address_str = IPAddressToString(address, address_len); 602 603 if (address_len == kIPv6AddressSize) { 604 // Need to bracket IPv6 addresses since they contain colons. 605 return base::StringPrintf("[%s]:%d", address_str.c_str(), port); 606 } 607 return base::StringPrintf("%s:%d", address_str.c_str(), port); 608 } 609 610 std::string NetAddressToString(const struct sockaddr* sa, 611 socklen_t sock_addr_len) { 612 const uint8* address; 613 size_t address_len; 614 if (!GetIPAddressFromSockAddr(sa, sock_addr_len, &address, 615 &address_len, NULL)) { 616 NOTREACHED(); 617 return std::string(); 618 } 619 return IPAddressToString(address, address_len); 620 } 621 622 std::string NetAddressToStringWithPort(const struct sockaddr* sa, 623 socklen_t sock_addr_len) { 624 const uint8* address; 625 size_t address_len; 626 uint16 port; 627 if (!GetIPAddressFromSockAddr(sa, sock_addr_len, &address, 628 &address_len, &port)) { 629 NOTREACHED(); 630 return std::string(); 631 } 632 return IPAddressToStringWithPort(address, address_len, port); 633 } 634 635 std::string IPAddressToString(const IPAddressNumber& addr) { 636 return IPAddressToString(&addr.front(), addr.size()); 637 } 638 639 std::string IPAddressToStringWithPort(const IPAddressNumber& addr, 640 uint16 port) { 641 return IPAddressToStringWithPort(&addr.front(), addr.size(), port); 642 } 643 644 std::string IPAddressToPackedString(const IPAddressNumber& addr) { 645 return std::string(reinterpret_cast<const char *>(&addr.front()), 646 addr.size()); 647 } 648 649 std::string GetHostName() { 650 #if defined(OS_NACL) 651 NOTIMPLEMENTED(); 652 return std::string(); 653 #else // defined(OS_NACL) 654 #if defined(OS_WIN) 655 EnsureWinsockInit(); 656 #endif 657 658 // Host names are limited to 255 bytes. 659 char buffer[256]; 660 int result = gethostname(buffer, sizeof(buffer)); 661 if (result != 0) { 662 DVLOG(1) << "gethostname() failed with " << result; 663 buffer[0] = '\0'; 664 } 665 return std::string(buffer); 666 #endif // !defined(OS_NACL) 667 } 668 669 void GetIdentityFromURL(const GURL& url, 670 base::string16* username, 671 base::string16* password) { 672 UnescapeRule::Type flags = 673 UnescapeRule::SPACES | UnescapeRule::URL_SPECIAL_CHARS; 674 *username = UnescapeAndDecodeUTF8URLComponent(url.username(), flags); 675 *password = UnescapeAndDecodeUTF8URLComponent(url.password(), flags); 676 } 677 678 std::string GetHostOrSpecFromURL(const GURL& url) { 679 return url.has_host() ? TrimEndingDot(url.host()) : url.spec(); 680 } 681 682 bool CanStripTrailingSlash(const GURL& url) { 683 // Omit the path only for standard, non-file URLs with nothing but "/" after 684 // the hostname. 685 return url.IsStandard() && !url.SchemeIsFile() && 686 !url.SchemeIsFileSystem() && !url.has_query() && !url.has_ref() 687 && url.path() == "/"; 688 } 689 690 GURL SimplifyUrlForRequest(const GURL& url) { 691 DCHECK(url.is_valid()); 692 GURL::Replacements replacements; 693 replacements.ClearUsername(); 694 replacements.ClearPassword(); 695 replacements.ClearRef(); 696 return url.ReplaceComponents(replacements); 697 } 698 699 // Specifies a comma separated list of port numbers that should be accepted 700 // despite bans. If the string is invalid no allowed ports are stored. 701 void SetExplicitlyAllowedPorts(const std::string& allowed_ports) { 702 if (allowed_ports.empty()) 703 return; 704 705 std::multiset<int> ports; 706 size_t last = 0; 707 size_t size = allowed_ports.size(); 708 // The comma delimiter. 709 const std::string::value_type kComma = ','; 710 711 // Overflow is still possible for evil user inputs. 712 for (size_t i = 0; i <= size; ++i) { 713 // The string should be composed of only digits and commas. 714 if (i != size && !IsAsciiDigit(allowed_ports[i]) && 715 (allowed_ports[i] != kComma)) 716 return; 717 if (i == size || allowed_ports[i] == kComma) { 718 if (i > last) { 719 int port; 720 base::StringToInt(base::StringPiece(allowed_ports.begin() + last, 721 allowed_ports.begin() + i), 722 &port); 723 ports.insert(port); 724 } 725 last = i + 1; 726 } 727 } 728 g_explicitly_allowed_ports.Get() = ports; 729 } 730 731 ScopedPortException::ScopedPortException(int port) : port_(port) { 732 g_explicitly_allowed_ports.Get().insert(port); 733 } 734 735 ScopedPortException::~ScopedPortException() { 736 std::multiset<int>::iterator it = 737 g_explicitly_allowed_ports.Get().find(port_); 738 if (it != g_explicitly_allowed_ports.Get().end()) 739 g_explicitly_allowed_ports.Get().erase(it); 740 else 741 NOTREACHED(); 742 } 743 744 bool HaveOnlyLoopbackAddresses() { 745 #if defined(OS_ANDROID) 746 return android::HaveOnlyLoopbackAddresses(); 747 #elif defined(OS_NACL) 748 NOTIMPLEMENTED(); 749 return false; 750 #elif defined(OS_POSIX) 751 struct ifaddrs* interface_addr = NULL; 752 int rv = getifaddrs(&interface_addr); 753 if (rv != 0) { 754 DVLOG(1) << "getifaddrs() failed with errno = " << errno; 755 return false; 756 } 757 758 bool result = true; 759 for (struct ifaddrs* interface = interface_addr; 760 interface != NULL; 761 interface = interface->ifa_next) { 762 if (!(IFF_UP & interface->ifa_flags)) 763 continue; 764 if (IFF_LOOPBACK & interface->ifa_flags) 765 continue; 766 const struct sockaddr* addr = interface->ifa_addr; 767 if (!addr) 768 continue; 769 if (addr->sa_family == AF_INET6) { 770 // Safe cast since this is AF_INET6. 771 const struct sockaddr_in6* addr_in6 = 772 reinterpret_cast<const struct sockaddr_in6*>(addr); 773 const struct in6_addr* sin6_addr = &addr_in6->sin6_addr; 774 if (IN6_IS_ADDR_LOOPBACK(sin6_addr) || IN6_IS_ADDR_LINKLOCAL(sin6_addr)) 775 continue; 776 } 777 if (addr->sa_family != AF_INET6 && addr->sa_family != AF_INET) 778 continue; 779 780 result = false; 781 break; 782 } 783 freeifaddrs(interface_addr); 784 return result; 785 #elif defined(OS_WIN) 786 // TODO(wtc): implement with the GetAdaptersAddresses function. 787 NOTIMPLEMENTED(); 788 return false; 789 #else 790 NOTIMPLEMENTED(); 791 return false; 792 #endif // defined(various platforms) 793 } 794 795 AddressFamily GetAddressFamily(const IPAddressNumber& address) { 796 switch (address.size()) { 797 case kIPv4AddressSize: 798 return ADDRESS_FAMILY_IPV4; 799 case kIPv6AddressSize: 800 return ADDRESS_FAMILY_IPV6; 801 default: 802 return ADDRESS_FAMILY_UNSPECIFIED; 803 } 804 } 805 806 int ConvertAddressFamily(AddressFamily address_family) { 807 switch (address_family) { 808 case ADDRESS_FAMILY_UNSPECIFIED: 809 return AF_UNSPEC; 810 case ADDRESS_FAMILY_IPV4: 811 return AF_INET; 812 case ADDRESS_FAMILY_IPV6: 813 return AF_INET6; 814 } 815 NOTREACHED(); 816 return AF_UNSPEC; 817 } 818 819 bool ParseURLHostnameToNumber(const std::string& hostname, 820 IPAddressNumber* ip_number) { 821 // |hostname| is an already canoncalized hostname, conforming to RFC 3986. 822 // For an IP address, this is defined in Section 3.2.2 of RFC 3986, with 823 // the canonical form for IPv6 addresses defined in Section 4 of RFC 5952. 824 url::Component host_comp(0, hostname.size()); 825 826 // If it has a bracket, try parsing it as an IPv6 address. 827 if (hostname[0] == '[') { 828 ip_number->resize(16); // 128 bits. 829 return url::IPv6AddressToNumber( 830 hostname.data(), host_comp, &(*ip_number)[0]); 831 } 832 833 // Otherwise, try IPv4. 834 ip_number->resize(4); // 32 bits. 835 int num_components; 836 url::CanonHostInfo::Family family = url::IPv4AddressToNumber( 837 hostname.data(), host_comp, &(*ip_number)[0], &num_components); 838 return family == url::CanonHostInfo::IPV4; 839 } 840 841 bool ParseIPLiteralToNumber(const std::string& ip_literal, 842 IPAddressNumber* ip_number) { 843 // |ip_literal| could be either a IPv4 or an IPv6 literal. If it contains 844 // a colon however, it must be an IPv6 address. 845 if (ip_literal.find(':') != std::string::npos) { 846 // GURL expects IPv6 hostnames to be surrounded with brackets. 847 std::string host_brackets = "[" + ip_literal + "]"; 848 url::Component host_comp(0, host_brackets.size()); 849 850 // Try parsing the hostname as an IPv6 literal. 851 ip_number->resize(16); // 128 bits. 852 return url::IPv6AddressToNumber(host_brackets.data(), host_comp, 853 &(*ip_number)[0]); 854 } 855 856 // Otherwise the string is an IPv4 address. 857 ip_number->resize(4); // 32 bits. 858 url::Component host_comp(0, ip_literal.size()); 859 int num_components; 860 url::CanonHostInfo::Family family = url::IPv4AddressToNumber( 861 ip_literal.data(), host_comp, &(*ip_number)[0], &num_components); 862 return family == url::CanonHostInfo::IPV4; 863 } 864 865 namespace { 866 867 const unsigned char kIPv4MappedPrefix[] = 868 { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF }; 869 } 870 871 IPAddressNumber ConvertIPv4NumberToIPv6Number( 872 const IPAddressNumber& ipv4_number) { 873 DCHECK(ipv4_number.size() == 4); 874 875 // IPv4-mapped addresses are formed by: 876 // <80 bits of zeros> + <16 bits of ones> + <32-bit IPv4 address>. 877 IPAddressNumber ipv6_number; 878 ipv6_number.reserve(16); 879 ipv6_number.insert(ipv6_number.end(), 880 kIPv4MappedPrefix, 881 kIPv4MappedPrefix + arraysize(kIPv4MappedPrefix)); 882 ipv6_number.insert(ipv6_number.end(), ipv4_number.begin(), ipv4_number.end()); 883 return ipv6_number; 884 } 885 886 bool IsIPv4Mapped(const IPAddressNumber& address) { 887 if (address.size() != kIPv6AddressSize) 888 return false; 889 return std::equal(address.begin(), 890 address.begin() + arraysize(kIPv4MappedPrefix), 891 kIPv4MappedPrefix); 892 } 893 894 IPAddressNumber ConvertIPv4MappedToIPv4(const IPAddressNumber& address) { 895 DCHECK(IsIPv4Mapped(address)); 896 return IPAddressNumber(address.begin() + arraysize(kIPv4MappedPrefix), 897 address.end()); 898 } 899 900 bool ParseCIDRBlock(const std::string& cidr_literal, 901 IPAddressNumber* ip_number, 902 size_t* prefix_length_in_bits) { 903 // We expect CIDR notation to match one of these two templates: 904 // <IPv4-literal> "/" <number of bits> 905 // <IPv6-literal> "/" <number of bits> 906 907 std::vector<std::string> parts; 908 base::SplitString(cidr_literal, '/', &parts); 909 if (parts.size() != 2) 910 return false; 911 912 // Parse the IP address. 913 if (!ParseIPLiteralToNumber(parts[0], ip_number)) 914 return false; 915 916 // Parse the prefix length. 917 int number_of_bits = -1; 918 if (!base::StringToInt(parts[1], &number_of_bits)) 919 return false; 920 921 // Make sure the prefix length is in a valid range. 922 if (number_of_bits < 0 || 923 number_of_bits > static_cast<int>(ip_number->size() * 8)) 924 return false; 925 926 *prefix_length_in_bits = static_cast<size_t>(number_of_bits); 927 return true; 928 } 929 930 bool IPNumberMatchesPrefix(const IPAddressNumber& ip_number, 931 const IPAddressNumber& ip_prefix, 932 size_t prefix_length_in_bits) { 933 // Both the input IP address and the prefix IP address should be 934 // either IPv4 or IPv6. 935 DCHECK(ip_number.size() == 4 || ip_number.size() == 16); 936 DCHECK(ip_prefix.size() == 4 || ip_prefix.size() == 16); 937 938 DCHECK_LE(prefix_length_in_bits, ip_prefix.size() * 8); 939 940 // In case we have an IPv6 / IPv4 mismatch, convert the IPv4 addresses to 941 // IPv6 addresses in order to do the comparison. 942 if (ip_number.size() != ip_prefix.size()) { 943 if (ip_number.size() == 4) { 944 return IPNumberMatchesPrefix(ConvertIPv4NumberToIPv6Number(ip_number), 945 ip_prefix, prefix_length_in_bits); 946 } 947 return IPNumberMatchesPrefix(ip_number, 948 ConvertIPv4NumberToIPv6Number(ip_prefix), 949 96 + prefix_length_in_bits); 950 } 951 952 return IPNumberPrefixCheck(ip_number, &ip_prefix[0], prefix_length_in_bits); 953 } 954 955 const uint16* GetPortFieldFromSockaddr(const struct sockaddr* address, 956 socklen_t address_len) { 957 if (address->sa_family == AF_INET) { 958 DCHECK_LE(sizeof(sockaddr_in), static_cast<size_t>(address_len)); 959 const struct sockaddr_in* sockaddr = 960 reinterpret_cast<const struct sockaddr_in*>(address); 961 return &sockaddr->sin_port; 962 } else if (address->sa_family == AF_INET6) { 963 DCHECK_LE(sizeof(sockaddr_in6), static_cast<size_t>(address_len)); 964 const struct sockaddr_in6* sockaddr = 965 reinterpret_cast<const struct sockaddr_in6*>(address); 966 return &sockaddr->sin6_port; 967 } else { 968 NOTREACHED(); 969 return NULL; 970 } 971 } 972 973 int GetPortFromSockaddr(const struct sockaddr* address, socklen_t address_len) { 974 const uint16* port_field = GetPortFieldFromSockaddr(address, address_len); 975 if (!port_field) 976 return -1; 977 return base::NetToHost16(*port_field); 978 } 979 980 bool IsLocalhost(const std::string& host) { 981 if (host == "localhost" || 982 host == "localhost.localdomain" || 983 host == "localhost6" || 984 host == "localhost6.localdomain6") 985 return true; 986 987 IPAddressNumber ip_number; 988 if (ParseIPLiteralToNumber(host, &ip_number)) { 989 size_t size = ip_number.size(); 990 switch (size) { 991 case kIPv4AddressSize: { 992 IPAddressNumber localhost_prefix; 993 localhost_prefix.push_back(127); 994 for (int i = 0; i < 3; ++i) { 995 localhost_prefix.push_back(0); 996 } 997 return IPNumberMatchesPrefix(ip_number, localhost_prefix, 8); 998 } 999 1000 case kIPv6AddressSize: { 1001 struct in6_addr sin6_addr; 1002 memcpy(&sin6_addr, &ip_number[0], kIPv6AddressSize); 1003 return !!IN6_IS_ADDR_LOOPBACK(&sin6_addr); 1004 } 1005 1006 default: 1007 NOTREACHED(); 1008 } 1009 } 1010 1011 return false; 1012 } 1013 1014 NetworkInterface::NetworkInterface() 1015 : type(NetworkChangeNotifier::CONNECTION_UNKNOWN), 1016 network_prefix(0) { 1017 } 1018 1019 NetworkInterface::NetworkInterface(const std::string& name, 1020 const std::string& friendly_name, 1021 uint32 interface_index, 1022 NetworkChangeNotifier::ConnectionType type, 1023 const IPAddressNumber& address, 1024 uint32 network_prefix, 1025 int ip_address_attributes) 1026 : name(name), 1027 friendly_name(friendly_name), 1028 interface_index(interface_index), 1029 type(type), 1030 address(address), 1031 network_prefix(network_prefix), 1032 ip_address_attributes(ip_address_attributes) { 1033 } 1034 1035 NetworkInterface::~NetworkInterface() { 1036 } 1037 1038 unsigned CommonPrefixLength(const IPAddressNumber& a1, 1039 const IPAddressNumber& a2) { 1040 DCHECK_EQ(a1.size(), a2.size()); 1041 for (size_t i = 0; i < a1.size(); ++i) { 1042 unsigned diff = a1[i] ^ a2[i]; 1043 if (!diff) 1044 continue; 1045 for (unsigned j = 0; j < CHAR_BIT; ++j) { 1046 if (diff & (1 << (CHAR_BIT - 1))) 1047 return i * CHAR_BIT + j; 1048 diff <<= 1; 1049 } 1050 NOTREACHED(); 1051 } 1052 return a1.size() * CHAR_BIT; 1053 } 1054 1055 unsigned MaskPrefixLength(const IPAddressNumber& mask) { 1056 IPAddressNumber all_ones(mask.size(), 0xFF); 1057 return CommonPrefixLength(mask, all_ones); 1058 } 1059 1060 ScopedWifiOptions::~ScopedWifiOptions() { 1061 } 1062 1063 } // namespace net 1064
