Adding upstream version 1.44.3.upstream/1.44.3upstream

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 409 insertions, 0 deletions

diff --git a/web/server/h2o/libh2o/lib/common/url.c b/web/server/h2o/libh2o/lib/common/url.c
new file mode 100644
index 00000000..d65d18fb
--- /dev/null
+++ b/web/server/h2o/libh2o/lib/common/url.c
@@ -0,0 +1,409 @@
+/*
+ * Copyright (c) 2014,2015 DeNA Co., Ltd.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to
+ * deal in the Software without restriction, including without limitation the
+ * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+ * sell copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+ * IN THE SOFTWARE.
+ */
+#include <sys/socket.h>
+#include <sys/types.h>
+#include <sys/un.h>
+#include "h2o/memory.h"
+#include "h2o/string_.h"
+#include "h2o/url.h"
+
+const h2o_url_scheme_t H2O_URL_SCHEME_HTTP = {{H2O_STRLIT("http")}, 80};
+const h2o_url_scheme_t H2O_URL_SCHEME_HTTPS = {{H2O_STRLIT("https")}, 443};
+
+static int decode_hex(int ch)
+{
+    if ('0' <= ch && ch <= '9')
+        return ch - '0';
+    if ('A' <= ch && ch <= 'F')
+        return ch - 'A' + 0xa;
+    if ('a' <= ch && ch <= 'f')
+        return ch - 'a' + 0xa;
+    return -1;
+}
+
+static size_t handle_special_paths(const char *path, size_t off, size_t last_slash)
+{
+    size_t orig_off = off, part_size = off - last_slash;
+
+    if (part_size == 2 && path[off - 1] == '.') {
+        --off;
+    } else if (part_size == 3 && path[off - 2] == '.' && path[off - 1] == '.') {
+        off -= 2;
+        if (off > 1) {
+            for (--off; path[off - 1] != '/'; --off)
+                ;
+        }
+    }
+    return orig_off - off;
+}
+
+/* Perform path normalization and URL decoding in one pass.
+ * See h2o_req_t for the purpose of @norm_indexes. */
+static h2o_iovec_t rebuild_path(h2o_mem_pool_t *pool, const char *src, size_t src_len, size_t *query_at, size_t **norm_indexes)
+{
+    char *dst;
+    size_t src_off = 0, dst_off = 0, last_slash, rewind;
+
+    { /* locate '?', and set len to the end of input path */
+        const char *q = memchr(src, '?', src_len);
+        if (q != NULL) {
+            src_len = *query_at = q - src;
+        } else {
+            *query_at = SIZE_MAX;
+        }
+    }
+
+    /* dst can be 1 byte more than src if src is missing the prefixing '/' */
+    dst = h2o_mem_alloc_pool(pool, src_len + 1);
+    *norm_indexes = h2o_mem_alloc_pool(pool, (src_len + 1) * sizeof(*norm_indexes[0]));
+
+    if (src[0] == '/')
+        src_off++;
+    last_slash = dst_off;
+    dst[dst_off] = '/';
+    (*norm_indexes)[dst_off] = src_off;
+    dst_off++;
+
+    /* decode %xx */
+    while (src_off < src_len) {
+        int hi, lo;
+        char decoded;
+
+        if (src[src_off] == '%' && (src_off + 2 < src_len) && (hi = decode_hex(src[src_off + 1])) != -1 &&
+            (lo = decode_hex(src[src_off + 2])) != -1) {
+            decoded = (hi << 4) | lo;
+            src_off += 3;
+        } else {
+            decoded = src[src_off++];
+        }
+        if (decoded == '/') {
+            rewind = handle_special_paths(dst, dst_off, last_slash);
+            if (rewind > 0) {
+                dst_off -= rewind;
+                last_slash = dst_off - 1;
+                continue;
+            }
+            last_slash = dst_off;
+        }
+        dst[dst_off] = decoded;
+        (*norm_indexes)[dst_off] = src_off;
+        dst_off++;
+    }
+    rewind = handle_special_paths(dst, dst_off, last_slash);
+    dst_off -= rewind;
+
+    return h2o_iovec_init(dst, dst_off);
+}
+
+h2o_iovec_t h2o_url_normalize_path(h2o_mem_pool_t *pool, const char *path, size_t len, size_t *query_at, size_t **norm_indexes)
+{
+    const char *p = path, *end = path + len;
+    h2o_iovec_t ret;
+
+    *query_at = SIZE_MAX;
+    *norm_indexes = NULL;
+
+    if (len == 0) {
+        ret = h2o_iovec_init("/", 1);
+        return ret;
+    }
+
+    if (path[0] != '/')
+        goto Rewrite;
+
+    for (; p + 1 < end; ++p) {
+        if ((p[0] == '/' && p[1] == '.') || p[0] == '%') {
+            /* detect false positives as well */
+            goto Rewrite;
+        } else if (p[0] == '?') {
+            *query_at = p - path;
+            goto Return;
+        }
+    }
+    for (; p < end; ++p) {
+        if (p[0] == '?') {
+            *query_at = p - path;
+            goto Return;
+        }
+    }
+
+Return:
+    ret.base = (char *)path;
+    ret.len = p - path;
+    return ret;
+
+Rewrite:
+    ret = rebuild_path(pool, path, len, query_at, norm_indexes);
+    if (ret.len == 0)
+        goto RewriteError;
+    if (ret.base[0] != '/')
+        goto RewriteError;
+    if (h2o_strstr(ret.base, ret.len, H2O_STRLIT("/../")) != SIZE_MAX)
+        goto RewriteError;
+    if (ret.len >= 3 && memcmp(ret.base + ret.len - 3, "/..", 3) == 0)
+        goto RewriteError;
+    return ret;
+RewriteError:
+    fprintf(stderr, "failed to normalize path: `%.*s` => `%.*s`\n", (int)len, path, (int)ret.len, ret.base);
+    ret = h2o_iovec_init("/", 1);
+    return ret;
+}
+
+static const char *parse_scheme(const char *s, const char *end, const h2o_url_scheme_t **scheme)
+{
+    if (end - s >= 5 && memcmp(s, "http:", 5) == 0) {
+        *scheme = &H2O_URL_SCHEME_HTTP;
+        return s + 5;
+    } else if (end - s >= 6 && memcmp(s, "https:", 6) == 0) {
+        *scheme = &H2O_URL_SCHEME_HTTPS;
+        return s + 6;
+    }
+    return NULL;
+}
+
+const char *h2o_url_parse_hostport(const char *s, size_t len, h2o_iovec_t *host, uint16_t *port)
+{
+    const char *token_start = s, *token_end, *end = s + len;
+
+    *port = 65535;
+
+    if (token_start == end)
+        return NULL;
+
+    if (*token_start == '[') {
+        /* is IPv6 address */
+        ++token_start;
+        if ((token_end = memchr(token_start, ']', end - token_start)) == NULL)
+            return NULL;
+        *host = h2o_iovec_init(token_start, token_end - token_start);
+        token_start = token_end + 1;
+    } else {
+        for (token_end = token_start; !(token_end == end || *token_end == '/' || *token_end == ':'); ++token_end)
+            ;
+        *host = h2o_iovec_init(token_start, token_end - token_start);
+        token_start = token_end;
+    }
+
+    /* disallow zero-length host */
+    if (host->len == 0)
+        return NULL;
+
+    /* parse port */
+    if (token_start != end && *token_start == ':') {
+        size_t p;
+        ++token_start;
+        if ((token_end = memchr(token_start, '/', end - token_start)) == NULL)
+            token_end = end;
+        if ((p = h2o_strtosize(token_start, token_end - token_start)) >= 65535)
+            return NULL;
+        *port = (uint16_t)p;
+        token_start = token_end;
+    }
+
+    return token_start;
+}
+
+static int parse_authority_and_path(const char *src, const char *url_end, h2o_url_t *parsed)
+{
+    const char *p = h2o_url_parse_hostport(src, url_end - src, &parsed->host, &parsed->_port);
+    if (p == NULL)
+        return -1;
+    parsed->authority = h2o_iovec_init(src, p - src);
+    if (p == url_end) {
+        parsed->path = h2o_iovec_init(H2O_STRLIT("/"));
+    } else {
+        if (*p != '/')
+            return -1;
+        parsed->path = h2o_iovec_init(p, url_end - p);
+    }
+    return 0;
+}
+
+int h2o_url_parse(const char *url, size_t url_len, h2o_url_t *parsed)
+{
+    const char *url_end, *p;
+
+    if (url_len == SIZE_MAX)
+        url_len = strlen(url);
+    url_end = url + url_len;
+
+    /* check and skip scheme */
+    if ((p = parse_scheme(url, url_end, &parsed->scheme)) == NULL)
+        return -1;
+
+    /* skip "//" */
+    if (!(url_end - p >= 2 && p[0] == '/' && p[1] == '/'))
+        return -1;
+    p += 2;
+
+    return parse_authority_and_path(p, url_end, parsed);
+}
+
+int h2o_url_parse_relative(const char *url, size_t url_len, h2o_url_t *parsed)
+{
+    const char *url_end, *p;
+
+    if (url_len == SIZE_MAX)
+        url_len = strlen(url);
+    url_end = url + url_len;
+
+    /* obtain scheme and port number */
+    if ((p = parse_scheme(url, url_end, &parsed->scheme)) == NULL) {
+        parsed->scheme = NULL;
+        p = url;
+    }
+
+    /* handle "//" */
+    if (url_end - p >= 2 && p[0] == '/' && p[1] == '/')
+        return parse_authority_and_path(p + 2, url_end, parsed);
+
+    /* reset authority, host, port, and set path */
+    parsed->authority = (h2o_iovec_t){NULL};
+    parsed->host = (h2o_iovec_t){NULL};
+    parsed->_port = 65535;
+    parsed->path = h2o_iovec_init(p, url_end - p);
+
+    return 0;
+}
+
+h2o_iovec_t h2o_url_resolve(h2o_mem_pool_t *pool, const h2o_url_t *base, const h2o_url_t *relative, h2o_url_t *dest)
+{
+    h2o_iovec_t base_path, relative_path, ret;
+
+    assert(base->path.len != 0);
+    assert(base->path.base[0] == '/');
+
+    if (relative == NULL) {
+        /* build URL using base copied to dest */
+        *dest = *base;
+        base_path = base->path;
+        relative_path = h2o_iovec_init(NULL, 0);
+        goto Build;
+    }
+
+    /* scheme */
+    dest->scheme = relative->scheme != NULL ? relative->scheme : base->scheme;
+
+    /* authority (and host:port) */
+    if (relative->authority.base != NULL) {
+        assert(relative->host.base != NULL);
+        dest->authority = relative->authority;
+        dest->host = relative->host;
+        dest->_port = relative->_port;
+    } else {
+        assert(relative->host.base == NULL);
+        assert(relative->_port == 65535);
+        dest->authority = base->authority;
+        dest->host = base->host;
+        dest->_port = base->_port;
+    }
+
+    /* path */
+    base_path = base->path;
+    if (relative->path.base != NULL) {
+        relative_path = relative->path;
+        h2o_url_resolve_path(&base_path, &relative_path);
+    } else {
+        assert(relative->path.len == 0);
+        relative_path = (h2o_iovec_t){NULL};
+    }
+
+Build:
+    /* build the output */
+    ret = h2o_concat(pool, dest->scheme->name, h2o_iovec_init(H2O_STRLIT("://")), dest->authority, base_path, relative_path);
+    /* adjust dest */
+    dest->authority.base = ret.base + dest->scheme->name.len + 3;
+    dest->host.base = dest->authority.base;
+    if (dest->authority.len != 0 && dest->authority.base[0] == '[')
+        ++dest->host.base;
+    dest->path.base = dest->authority.base + dest->authority.len;
+    dest->path.len = ret.base + ret.len - dest->path.base;
+
+    return ret;
+}
+
+void h2o_url_resolve_path(h2o_iovec_t *base, h2o_iovec_t *relative)
+{
+    size_t base_path_len = base->len, rel_path_offset = 0;
+
+    if (relative->len != 0 && relative->base[0] == '/') {
+        base_path_len = 0;
+    } else {
+        /* relative path */
+        while (base->base[--base_path_len] != '/')
+            ;
+        while (rel_path_offset != relative->len) {
+            if (relative->base[rel_path_offset] == '.') {
+                if (relative->len - rel_path_offset >= 2 && relative->base[rel_path_offset + 1] == '.' &&
+                    (relative->len - rel_path_offset == 2 || relative->base[rel_path_offset + 2] == '/')) {
+                    if (base_path_len != 0) {
+                        while (base->base[--base_path_len] != '/')
+                            ;
+                    }
+                    rel_path_offset += relative->len - rel_path_offset == 2 ? 2 : 3;
+                    continue;
+                }
+                if (relative->len - rel_path_offset == 1) {
+                    rel_path_offset += 1;
+                    continue;
+                } else if (relative->base[rel_path_offset + 1] == '/') {
+                    rel_path_offset += 2;
+                    continue;
+                }
+            }
+            break;
+        }
+        base_path_len += 1;
+    }
+
+    base->len = base_path_len;
+    *relative = h2o_iovec_init(relative->base + rel_path_offset, relative->len - rel_path_offset);
+}
+
+void h2o_url_copy(h2o_mem_pool_t *pool, h2o_url_t *dest, const h2o_url_t *src)
+{
+    dest->scheme = src->scheme;
+    dest->authority = h2o_strdup(pool, src->authority.base, src->authority.len);
+    dest->host = h2o_strdup(pool, src->host.base, src->host.len);
+    dest->path = h2o_strdup(pool, src->path.base, src->path.len);
+    dest->_port = src->_port;
+}
+
+const char *h2o_url_host_to_sun(h2o_iovec_t host, struct sockaddr_un *sa)
+{
+#define PREFIX "unix:"
+
+    if (host.len < sizeof(PREFIX) - 1 || memcmp(host.base, PREFIX, sizeof(PREFIX) - 1) != 0)
+        return h2o_url_host_to_sun_err_is_not_unix_socket;
+
+    if (host.len - sizeof(PREFIX) - 1 >= sizeof(sa->sun_path))
+        return "unix-domain socket path is too long";
+
+    memset(sa, 0, sizeof(*sa));
+    sa->sun_family = AF_UNIX;
+    memcpy(sa->sun_path, host.base + sizeof(PREFIX) - 1, host.len - (sizeof(PREFIX) - 1));
+    return NULL;
+
+#undef PREFIX
+}
+
+const char *h2o_url_host_to_sun_err_is_not_unix_socket = "supplied name does not look like an unix-domain socket";