1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/base/net_util.h"
6
7 #include <errno.h>
8
9 #include <algorithm>
10 #include <iterator>
11 #include <set>
12
13 #include "build/build_config.h"
14
15 #if defined(OS_WIN)
16 #include <windows.h>
17 #include <iphlpapi.h>
18 #include <winsock2.h>
19 #include <ws2bth.h>
20 #pragma comment(lib, "iphlpapi.lib")
21 #elif defined(OS_POSIX)
22 #include <fcntl.h>
23 #include <netdb.h>
24 #include <netinet/in.h>
25 #include <unistd.h>
26 #if !defined(OS_NACL)
27 #include <net/if.h>
28 #if !defined(OS_ANDROID)
29 #include <ifaddrs.h>
30 #endif // !defined(OS_NACL)
31 #endif // !defined(OS_ANDROID)
32 #endif // defined(OS_POSIX)
33
34 #include "base/basictypes.h"
35 #include "base/json/string_escape.h"
36 #include "base/lazy_instance.h"
37 #include "base/logging.h"
38 #include "base/strings/string_number_conversions.h"
39 #include "base/strings/string_piece.h"
40 #include "base/strings/string_split.h"
41 #include "base/strings/string_util.h"
42 #include "base/strings/stringprintf.h"
43 #include "base/strings/utf_string_conversions.h"
44 #include "base/sys_byteorder.h"
45 #include "base/values.h"
46 #include "grit/net_resources.h"
47 #include "url/gurl.h"
48 #include "url/url_canon.h"
49 #include "url/url_canon_ip.h"
50 #include "url/url_parse.h"
51 #include "net/base/dns_util.h"
52 #include "net/base/net_module.h"
53 #include "net/base/registry_controlled_domains/registry_controlled_domain.h"
54 #include "net/http/http_content_disposition.h"
55
56 #if defined(OS_ANDROID)
57 #include "net/android/network_library.h"
58 #endif
59 #if defined(OS_WIN)
60 #include "net/base/winsock_init.h"
61 #endif
62
63 namespace net {
64
65 namespace {
66
67 // The general list of blocked ports. Will be blocked unless a specific
68 // protocol overrides it. (Ex: ftp can use ports 20 and 21)
69 static const int kRestrictedPorts[] = {
70 1, // tcpmux
71 7, // echo
72 9, // discard
73 11, // systat
74 13, // daytime
75 15, // netstat
76 17, // qotd
77 19, // chargen
78 20, // ftp data
79 21, // ftp access
80 22, // ssh
81 23, // telnet
82 25, // smtp
83 37, // time
84 42, // name
85 43, // nicname
86 53, // domain
87 77, // priv-rjs
88 79, // finger
89 87, // ttylink
90 95, // supdup
91 101, // hostriame
92 102, // iso-tsap
93 103, // gppitnp
94 104, // acr-nema
95 109, // pop2
96 110, // pop3
97 111, // sunrpc
98 113, // auth
99 115, // sftp
100 117, // uucp-path
101 119, // nntp
102 123, // NTP
103 135, // loc-srv /epmap
104 139, // netbios
105 143, // imap2
106 179, // BGP
107 389, // ldap
108 465, // smtp+ssl
109 512, // print / exec
110 513, // login
111 514, // shell
112 515, // printer
113 526, // tempo
114 530, // courier
115 531, // chat
116 532, // netnews
117 540, // uucp
118 556, // remotefs
119 563, // nntp+ssl
120 587, // stmp?
121 601, // ??
122 636, // ldap+ssl
123 993, // ldap+ssl
124 995, // pop3+ssl
125 2049, // nfs
126 3659, // apple-sasl / PasswordServer
127 4045, // lockd
128 6000, // X11
129 6665, // Alternate IRC [Apple addition]
130 6666, // Alternate IRC [Apple addition]
131 6667, // Standard IRC [Apple addition]
132 6668, // Alternate IRC [Apple addition]
133 6669, // Alternate IRC [Apple addition]
134 0xFFFF, // Used to block all invalid port numbers (see
135 // third_party/WebKit/Source/platform/weborigin/KURL.cpp,
136 // KURL::port())
137 };
138
139 // FTP overrides the following restricted ports.
140 static const int kAllowedFtpPorts[] = {
141 21, // ftp data
142 22, // ssh
143 };
144
IPNumberPrefixCheck(const IPAddressNumber & ip_number,const unsigned char * ip_prefix,size_t prefix_length_in_bits)145 bool IPNumberPrefixCheck(const IPAddressNumber& ip_number,
146 const unsigned char* ip_prefix,
147 size_t prefix_length_in_bits) {
148 // Compare all the bytes that fall entirely within the prefix.
149 int num_entire_bytes_in_prefix = prefix_length_in_bits / 8;
150 for (int i = 0; i < num_entire_bytes_in_prefix; ++i) {
151 if (ip_number[i] != ip_prefix[i])
152 return false;
153 }
154
155 // In case the prefix was not a multiple of 8, there will be 1 byte
156 // which is only partially masked.
157 int remaining_bits = prefix_length_in_bits % 8;
158 if (remaining_bits != 0) {
159 unsigned char mask = 0xFF << (8 - remaining_bits);
160 int i = num_entire_bytes_in_prefix;
161 if ((ip_number[i] & mask) != (ip_prefix[i] & mask))
162 return false;
163 }
164 return true;
165 }
166
167 } // namespace
168
169 static base::LazyInstance<std::multiset<int> >::Leaky
170 g_explicitly_allowed_ports = LAZY_INSTANCE_INITIALIZER;
171
GetCountOfExplicitlyAllowedPorts()172 size_t GetCountOfExplicitlyAllowedPorts() {
173 return g_explicitly_allowed_ports.Get().size();
174 }
175
GetSpecificHeader(const std::string & headers,const std::string & name)176 std::string GetSpecificHeader(const std::string& headers,
177 const std::string& name) {
178 // We want to grab the Value from the "Key: Value" pairs in the headers,
179 // which should look like this (no leading spaces, \n-separated) (we format
180 // them this way in url_request_inet.cc):
181 // HTTP/1.1 200 OK\n
182 // ETag: "6d0b8-947-24f35ec0"\n
183 // Content-Length: 2375\n
184 // Content-Type: text/html; charset=UTF-8\n
185 // Last-Modified: Sun, 03 Sep 2006 04:34:43 GMT\n
186 if (headers.empty())
187 return std::string();
188
189 std::string match('\n' + name + ':');
190
191 std::string::const_iterator begin =
192 std::search(headers.begin(), headers.end(), match.begin(), match.end(),
193 base::CaseInsensitiveCompareASCII<char>());
194
195 if (begin == headers.end())
196 return std::string();
197
198 begin += match.length();
199
200 std::string ret;
201 base::TrimWhitespace(std::string(begin,
202 std::find(begin, headers.end(), '\n')),
203 base::TRIM_ALL, &ret);
204 return ret;
205 }
206
CanonicalizeHost(const std::string & host,url::CanonHostInfo * host_info)207 std::string CanonicalizeHost(const std::string& host,
208 url::CanonHostInfo* host_info) {
209 // Try to canonicalize the host.
210 const url::Component raw_host_component(0, static_cast<int>(host.length()));
211 std::string canon_host;
212 url::StdStringCanonOutput canon_host_output(&canon_host);
213 url::CanonicalizeHostVerbose(host.c_str(), raw_host_component,
214 &canon_host_output, host_info);
215
216 if (host_info->out_host.is_nonempty() &&
217 host_info->family != url::CanonHostInfo::BROKEN) {
218 // Success! Assert that there's no extra garbage.
219 canon_host_output.Complete();
220 DCHECK_EQ(host_info->out_host.len, static_cast<int>(canon_host.length()));
221 } else {
222 // Empty host, or canonicalization failed. We'll return empty.
223 canon_host.clear();
224 }
225
226 return canon_host;
227 }
228
GetDirectoryListingHeader(const base::string16 & title)229 std::string GetDirectoryListingHeader(const base::string16& title) {
230 static const base::StringPiece header(
231 NetModule::GetResource(IDR_DIR_HEADER_HTML));
232 // This can be null in unit tests.
233 DLOG_IF(WARNING, header.empty()) <<
234 "Missing resource: directory listing header";
235
236 std::string result;
237 if (!header.empty())
238 result.assign(header.data(), header.size());
239
240 result.append("<script>start(");
241 base::EscapeJSONString(title, true, &result);
242 result.append(");</script>\n");
243
244 return result;
245 }
246
IsHostCharAlphanumeric(char c)247 inline bool IsHostCharAlphanumeric(char c) {
248 // We can just check lowercase because uppercase characters have already been
249 // normalized.
250 return ((c >= 'a') && (c <= 'z')) || ((c >= '0') && (c <= '9'));
251 }
252
IsCanonicalizedHostCompliant(const std::string & host,const std::string & desired_tld)253 bool IsCanonicalizedHostCompliant(const std::string& host,
254 const std::string& desired_tld) {
255 if (host.empty())
256 return false;
257
258 bool in_component = false;
259 bool most_recent_component_started_alphanumeric = false;
260 bool last_char_was_underscore = false;
261
262 for (std::string::const_iterator i(host.begin()); i != host.end(); ++i) {
263 const char c = *i;
264 if (!in_component) {
265 most_recent_component_started_alphanumeric = IsHostCharAlphanumeric(c);
266 if (!most_recent_component_started_alphanumeric && (c != '-'))
267 return false;
268 in_component = true;
269 } else {
270 if (c == '.') {
271 if (last_char_was_underscore)
272 return false;
273 in_component = false;
274 } else if (IsHostCharAlphanumeric(c) || (c == '-')) {
275 last_char_was_underscore = false;
276 } else if (c == '_') {
277 last_char_was_underscore = true;
278 } else {
279 return false;
280 }
281 }
282 }
283
284 return most_recent_component_started_alphanumeric ||
285 (!desired_tld.empty() && IsHostCharAlphanumeric(desired_tld[0]));
286 }
287
StripWWW(const base::string16 & text)288 base::string16 StripWWW(const base::string16& text) {
289 const base::string16 www(base::ASCIIToUTF16("www."));
290 return StartsWith(text, www, true) ? text.substr(www.length()) : text;
291 }
292
StripWWWFromHost(const GURL & url)293 base::string16 StripWWWFromHost(const GURL& url) {
294 DCHECK(url.is_valid());
295 return StripWWW(base::ASCIIToUTF16(url.host()));
296 }
297
IsPortAllowedByDefault(int port)298 bool IsPortAllowedByDefault(int port) {
299 int array_size = arraysize(kRestrictedPorts);
300 for (int i = 0; i < array_size; i++) {
301 if (kRestrictedPorts[i] == port) {
302 return false;
303 }
304 }
305 return true;
306 }
307
IsPortAllowedByFtp(int port)308 bool IsPortAllowedByFtp(int port) {
309 int array_size = arraysize(kAllowedFtpPorts);
310 for (int i = 0; i < array_size; i++) {
311 if (kAllowedFtpPorts[i] == port) {
312 return true;
313 }
314 }
315 // Port not explicitly allowed by FTP, so return the default restrictions.
316 return IsPortAllowedByDefault(port);
317 }
318
IsPortAllowedByOverride(int port)319 bool IsPortAllowedByOverride(int port) {
320 if (g_explicitly_allowed_ports.Get().empty())
321 return false;
322
323 return g_explicitly_allowed_ports.Get().count(port) > 0;
324 }
325
SetNonBlocking(int fd)326 int SetNonBlocking(int fd) {
327 #if defined(OS_WIN)
328 unsigned long no_block = 1;
329 return ioctlsocket(fd, FIONBIO, &no_block);
330 #elif defined(OS_POSIX)
331 int flags = fcntl(fd, F_GETFL, 0);
332 if (-1 == flags)
333 return flags;
334 return fcntl(fd, F_SETFL, flags | O_NONBLOCK);
335 #endif
336 }
337
ParseHostAndPort(std::string::const_iterator host_and_port_begin,std::string::const_iterator host_and_port_end,std::string * host,int * port)338 bool ParseHostAndPort(std::string::const_iterator host_and_port_begin,
339 std::string::const_iterator host_and_port_end,
340 std::string* host,
341 int* port) {
342 if (host_and_port_begin >= host_and_port_end)
343 return false;
344
345 // When using url, we use char*.
346 const char* auth_begin = &(*host_and_port_begin);
347 int auth_len = host_and_port_end - host_and_port_begin;
348
349 url::Component auth_component(0, auth_len);
350 url::Component username_component;
351 url::Component password_component;
352 url::Component hostname_component;
353 url::Component port_component;
354
355 url::ParseAuthority(auth_begin, auth_component, &username_component,
356 &password_component, &hostname_component, &port_component);
357
358 // There shouldn't be a username/password.
359 if (username_component.is_valid() || password_component.is_valid())
360 return false;
361
362 if (!hostname_component.is_nonempty())
363 return false; // Failed parsing.
364
365 int parsed_port_number = -1;
366 if (port_component.is_nonempty()) {
367 parsed_port_number = url::ParsePort(auth_begin, port_component);
368
369 // If parsing failed, port_number will be either PORT_INVALID or
370 // PORT_UNSPECIFIED, both of which are negative.
371 if (parsed_port_number < 0)
372 return false; // Failed parsing the port number.
373 }
374
375 if (port_component.len == 0)
376 return false; // Reject inputs like "foo:"
377
378 // Pass results back to caller.
379 host->assign(auth_begin + hostname_component.begin, hostname_component.len);
380 *port = parsed_port_number;
381
382 return true; // Success.
383 }
384
ParseHostAndPort(const std::string & host_and_port,std::string * host,int * port)385 bool ParseHostAndPort(const std::string& host_and_port,
386 std::string* host,
387 int* port) {
388 return ParseHostAndPort(
389 host_and_port.begin(), host_and_port.end(), host, port);
390 }
391
GetHostAndPort(const GURL & url)392 std::string GetHostAndPort(const GURL& url) {
393 // For IPv6 literals, GURL::host() already includes the brackets so it is
394 // safe to just append a colon.
395 return base::StringPrintf("%s:%d", url.host().c_str(),
396 url.EffectiveIntPort());
397 }
398
GetHostAndOptionalPort(const GURL & url)399 std::string GetHostAndOptionalPort(const GURL& url) {
400 // For IPv6 literals, GURL::host() already includes the brackets
401 // so it is safe to just append a colon.
402 if (url.has_port())
403 return base::StringPrintf("%s:%s", url.host().c_str(), url.port().c_str());
404 return url.host();
405 }
406
IsHostnameNonUnique(const std::string & hostname)407 bool IsHostnameNonUnique(const std::string& hostname) {
408 // CanonicalizeHost requires surrounding brackets to parse an IPv6 address.
409 const std::string host_or_ip = hostname.find(':') != std::string::npos ?
410 "[" + hostname + "]" : hostname;
411 url::CanonHostInfo host_info;
412 std::string canonical_name = CanonicalizeHost(host_or_ip, &host_info);
413
414 // If canonicalization fails, then the input is truly malformed. However,
415 // to avoid mis-reporting bad inputs as "non-unique", treat them as unique.
416 if (canonical_name.empty())
417 return false;
418
419 // If |hostname| is an IP address, check to see if it's in an IANA-reserved
420 // range.
421 if (host_info.IsIPAddress()) {
422 IPAddressNumber host_addr;
423 if (!ParseIPLiteralToNumber(hostname.substr(host_info.out_host.begin,
424 host_info.out_host.len),
425 &host_addr)) {
426 return false;
427 }
428 switch (host_info.family) {
429 case url::CanonHostInfo::IPV4:
430 case url::CanonHostInfo::IPV6:
431 return IsIPAddressReserved(host_addr);
432 case url::CanonHostInfo::NEUTRAL:
433 case url::CanonHostInfo::BROKEN:
434 return false;
435 }
436 }
437
438 // Check for a registry controlled portion of |hostname|, ignoring private
439 // registries, as they already chain to ICANN-administered registries,
440 // and explicitly ignoring unknown registries.
441 //
442 // Note: This means that as new gTLDs are introduced on the Internet, they
443 // will be treated as non-unique until the registry controlled domain list
444 // is updated. However, because gTLDs are expected to provide significant
445 // advance notice to deprecate older versions of this code, this an
446 // acceptable tradeoff.
447 return 0 == registry_controlled_domains::GetRegistryLength(
448 canonical_name,
449 registry_controlled_domains::EXCLUDE_UNKNOWN_REGISTRIES,
450 registry_controlled_domains::EXCLUDE_PRIVATE_REGISTRIES);
451 }
452
453 // Don't compare IPv4 and IPv6 addresses (they have different range
454 // reservations). Keep separate reservation arrays for each IP type, and
455 // consolidate adjacent reserved ranges within a reservation array when
456 // possible.
457 // Sources for info:
458 // www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xhtml
459 // www.iana.org/assignments/ipv6-address-space/ipv6-address-space.xhtml
460 // They're formatted here with the prefix as the last element. For example:
461 // 10.0.0.0/8 becomes 10,0,0,0,8 and fec0::/10 becomes 0xfe,0xc0,0,0,0...,10.
IsIPAddressReserved(const IPAddressNumber & host_addr)462 bool IsIPAddressReserved(const IPAddressNumber& host_addr) {
463 static const unsigned char kReservedIPv4[][5] = {
464 { 0,0,0,0,8 }, { 10,0,0,0,8 }, { 100,64,0,0,10 }, { 127,0,0,0,8 },
465 { 169,254,0,0,16 }, { 172,16,0,0,12 }, { 192,0,2,0,24 },
466 { 192,88,99,0,24 }, { 192,168,0,0,16 }, { 198,18,0,0,15 },
467 { 198,51,100,0,24 }, { 203,0,113,0,24 }, { 224,0,0,0,3 }
468 };
469 static const unsigned char kReservedIPv6[][17] = {
470 { 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8 },
471 { 0x40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2 },
472 { 0x80,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2 },
473 { 0xc0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3 },
474 { 0xe0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4 },
475 { 0xf0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5 },
476 { 0xf8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6 },
477 { 0xfc,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7 },
478 { 0xfe,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9 },
479 { 0xfe,0x80,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10 },
480 { 0xfe,0xc0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10 },
481 };
482 size_t array_size = 0;
483 const unsigned char* array = NULL;
484 switch (host_addr.size()) {
485 case kIPv4AddressSize:
486 array_size = arraysize(kReservedIPv4);
487 array = kReservedIPv4[0];
488 break;
489 case kIPv6AddressSize:
490 array_size = arraysize(kReservedIPv6);
491 array = kReservedIPv6[0];
492 break;
493 }
494 if (!array)
495 return false;
496 size_t width = host_addr.size() + 1;
497 for (size_t i = 0; i < array_size; ++i, array += width) {
498 if (IPNumberPrefixCheck(host_addr, array, array[width-1]))
499 return true;
500 }
501 return false;
502 }
503
504 // Extracts the address and port portions of a sockaddr.
GetIPAddressFromSockAddr(const struct sockaddr * sock_addr,socklen_t sock_addr_len,const uint8 ** address,size_t * address_len,uint16 * port)505 bool GetIPAddressFromSockAddr(const struct sockaddr* sock_addr,
506 socklen_t sock_addr_len,
507 const uint8** address,
508 size_t* address_len,
509 uint16* port) {
510 if (sock_addr->sa_family == AF_INET) {
511 if (sock_addr_len < static_cast<socklen_t>(sizeof(struct sockaddr_in)))
512 return false;
513 const struct sockaddr_in* addr =
514 reinterpret_cast<const struct sockaddr_in*>(sock_addr);
515 *address = reinterpret_cast<const uint8*>(&addr->sin_addr);
516 *address_len = kIPv4AddressSize;
517 if (port)
518 *port = base::NetToHost16(addr->sin_port);
519 return true;
520 }
521
522 if (sock_addr->sa_family == AF_INET6) {
523 if (sock_addr_len < static_cast<socklen_t>(sizeof(struct sockaddr_in6)))
524 return false;
525 const struct sockaddr_in6* addr =
526 reinterpret_cast<const struct sockaddr_in6*>(sock_addr);
527 *address = reinterpret_cast<const uint8*>(&addr->sin6_addr);
528 *address_len = kIPv6AddressSize;
529 if (port)
530 *port = base::NetToHost16(addr->sin6_port);
531 return true;
532 }
533
534 #if defined(OS_WIN)
535 if (sock_addr->sa_family == AF_BTH) {
536 if (sock_addr_len < static_cast<socklen_t>(sizeof(SOCKADDR_BTH)))
537 return false;
538 const SOCKADDR_BTH* addr =
539 reinterpret_cast<const SOCKADDR_BTH*>(sock_addr);
540 *address = reinterpret_cast<const uint8*>(&addr->btAddr);
541 *address_len = kBluetoothAddressSize;
542 if (port)
543 *port = addr->port;
544 return true;
545 }
546 #endif
547
548 return false; // Unrecognized |sa_family|.
549 }
550
IPAddressToString(const uint8 * address,size_t address_len)551 std::string IPAddressToString(const uint8* address,
552 size_t address_len) {
553 std::string str;
554 url::StdStringCanonOutput output(&str);
555
556 if (address_len == kIPv4AddressSize) {
557 url::AppendIPv4Address(address, &output);
558 } else if (address_len == kIPv6AddressSize) {
559 url::AppendIPv6Address(address, &output);
560 } else {
561 CHECK(false) << "Invalid IP address with length: " << address_len;
562 }
563
564 output.Complete();
565 return str;
566 }
567
IPAddressToStringWithPort(const uint8 * address,size_t address_len,uint16 port)568 std::string IPAddressToStringWithPort(const uint8* address,
569 size_t address_len,
570 uint16 port) {
571 std::string address_str = IPAddressToString(address, address_len);
572
573 if (address_len == kIPv6AddressSize) {
574 // Need to bracket IPv6 addresses since they contain colons.
575 return base::StringPrintf("[%s]:%d", address_str.c_str(), port);
576 }
577 return base::StringPrintf("%s:%d", address_str.c_str(), port);
578 }
579
NetAddressToString(const struct sockaddr * sa,socklen_t sock_addr_len)580 std::string NetAddressToString(const struct sockaddr* sa,
581 socklen_t sock_addr_len) {
582 const uint8* address;
583 size_t address_len;
584 if (!GetIPAddressFromSockAddr(sa, sock_addr_len, &address,
585 &address_len, NULL)) {
586 NOTREACHED();
587 return std::string();
588 }
589 return IPAddressToString(address, address_len);
590 }
591
NetAddressToStringWithPort(const struct sockaddr * sa,socklen_t sock_addr_len)592 std::string NetAddressToStringWithPort(const struct sockaddr* sa,
593 socklen_t sock_addr_len) {
594 const uint8* address;
595 size_t address_len;
596 uint16 port;
597 if (!GetIPAddressFromSockAddr(sa, sock_addr_len, &address,
598 &address_len, &port)) {
599 NOTREACHED();
600 return std::string();
601 }
602 return IPAddressToStringWithPort(address, address_len, port);
603 }
604
IPAddressToString(const IPAddressNumber & addr)605 std::string IPAddressToString(const IPAddressNumber& addr) {
606 return IPAddressToString(&addr.front(), addr.size());
607 }
608
IPAddressToStringWithPort(const IPAddressNumber & addr,uint16 port)609 std::string IPAddressToStringWithPort(const IPAddressNumber& addr,
610 uint16 port) {
611 return IPAddressToStringWithPort(&addr.front(), addr.size(), port);
612 }
613
IPAddressToPackedString(const IPAddressNumber & addr)614 std::string IPAddressToPackedString(const IPAddressNumber& addr) {
615 return std::string(reinterpret_cast<const char *>(&addr.front()),
616 addr.size());
617 }
618
GetHostName()619 std::string GetHostName() {
620 #if defined(OS_NACL)
621 NOTIMPLEMENTED();
622 return std::string();
623 #else // defined(OS_NACL)
624 #if defined(OS_WIN)
625 EnsureWinsockInit();
626 #endif
627
628 // Host names are limited to 255 bytes.
629 char buffer[256];
630 int result = gethostname(buffer, sizeof(buffer));
631 if (result != 0) {
632 DVLOG(1) << "gethostname() failed with " << result;
633 buffer[0] = '\0';
634 }
635 return std::string(buffer);
636 #endif // !defined(OS_NACL)
637 }
638
GetIdentityFromURL(const GURL & url,base::string16 * username,base::string16 * password)639 void GetIdentityFromURL(const GURL& url,
640 base::string16* username,
641 base::string16* password) {
642 UnescapeRule::Type flags =
643 UnescapeRule::SPACES | UnescapeRule::URL_SPECIAL_CHARS;
644 *username = UnescapeAndDecodeUTF8URLComponent(url.username(), flags);
645 *password = UnescapeAndDecodeUTF8URLComponent(url.password(), flags);
646 }
647
GetHostOrSpecFromURL(const GURL & url)648 std::string GetHostOrSpecFromURL(const GURL& url) {
649 return url.has_host() ? TrimEndingDot(url.host()) : url.spec();
650 }
651
CanStripTrailingSlash(const GURL & url)652 bool CanStripTrailingSlash(const GURL& url) {
653 // Omit the path only for standard, non-file URLs with nothing but "/" after
654 // the hostname.
655 return url.IsStandard() && !url.SchemeIsFile() &&
656 !url.SchemeIsFileSystem() && !url.has_query() && !url.has_ref()
657 && url.path() == "/";
658 }
659
SimplifyUrlForRequest(const GURL & url)660 GURL SimplifyUrlForRequest(const GURL& url) {
661 DCHECK(url.is_valid());
662 GURL::Replacements replacements;
663 replacements.ClearUsername();
664 replacements.ClearPassword();
665 replacements.ClearRef();
666 return url.ReplaceComponents(replacements);
667 }
668
669 // Specifies a comma separated list of port numbers that should be accepted
670 // despite bans. If the string is invalid no allowed ports are stored.
SetExplicitlyAllowedPorts(const std::string & allowed_ports)671 void SetExplicitlyAllowedPorts(const std::string& allowed_ports) {
672 if (allowed_ports.empty())
673 return;
674
675 std::multiset<int> ports;
676 size_t last = 0;
677 size_t size = allowed_ports.size();
678 // The comma delimiter.
679 const std::string::value_type kComma = ',';
680
681 // Overflow is still possible for evil user inputs.
682 for (size_t i = 0; i <= size; ++i) {
683 // The string should be composed of only digits and commas.
684 if (i != size && !IsAsciiDigit(allowed_ports[i]) &&
685 (allowed_ports[i] != kComma))
686 return;
687 if (i == size || allowed_ports[i] == kComma) {
688 if (i > last) {
689 int port;
690 base::StringToInt(base::StringPiece(allowed_ports.begin() + last,
691 allowed_ports.begin() + i),
692 &port);
693 ports.insert(port);
694 }
695 last = i + 1;
696 }
697 }
698 g_explicitly_allowed_ports.Get() = ports;
699 }
700
ScopedPortException(int port)701 ScopedPortException::ScopedPortException(int port) : port_(port) {
702 g_explicitly_allowed_ports.Get().insert(port);
703 }
704
~ScopedPortException()705 ScopedPortException::~ScopedPortException() {
706 std::multiset<int>::iterator it =
707 g_explicitly_allowed_ports.Get().find(port_);
708 if (it != g_explicitly_allowed_ports.Get().end())
709 g_explicitly_allowed_ports.Get().erase(it);
710 else
711 NOTREACHED();
712 }
713
HaveOnlyLoopbackAddresses()714 bool HaveOnlyLoopbackAddresses() {
715 #if defined(OS_ANDROID)
716 return android::HaveOnlyLoopbackAddresses();
717 #elif defined(OS_NACL)
718 NOTIMPLEMENTED();
719 return false;
720 #elif defined(OS_POSIX)
721 struct ifaddrs* interface_addr = NULL;
722 int rv = getifaddrs(&interface_addr);
723 if (rv != 0) {
724 DVLOG(1) << "getifaddrs() failed with errno = " << errno;
725 return false;
726 }
727
728 bool result = true;
729 for (struct ifaddrs* interface = interface_addr;
730 interface != NULL;
731 interface = interface->ifa_next) {
732 if (!(IFF_UP & interface->ifa_flags))
733 continue;
734 if (IFF_LOOPBACK & interface->ifa_flags)
735 continue;
736 const struct sockaddr* addr = interface->ifa_addr;
737 if (!addr)
738 continue;
739 if (addr->sa_family == AF_INET6) {
740 // Safe cast since this is AF_INET6.
741 const struct sockaddr_in6* addr_in6 =
742 reinterpret_cast<const struct sockaddr_in6*>(addr);
743 const struct in6_addr* sin6_addr = &addr_in6->sin6_addr;
744 if (IN6_IS_ADDR_LOOPBACK(sin6_addr) || IN6_IS_ADDR_LINKLOCAL(sin6_addr))
745 continue;
746 }
747 if (addr->sa_family != AF_INET6 && addr->sa_family != AF_INET)
748 continue;
749
750 result = false;
751 break;
752 }
753 freeifaddrs(interface_addr);
754 return result;
755 #elif defined(OS_WIN)
756 // TODO(wtc): implement with the GetAdaptersAddresses function.
757 NOTIMPLEMENTED();
758 return false;
759 #else
760 NOTIMPLEMENTED();
761 return false;
762 #endif // defined(various platforms)
763 }
764
GetAddressFamily(const IPAddressNumber & address)765 AddressFamily GetAddressFamily(const IPAddressNumber& address) {
766 switch (address.size()) {
767 case kIPv4AddressSize:
768 return ADDRESS_FAMILY_IPV4;
769 case kIPv6AddressSize:
770 return ADDRESS_FAMILY_IPV6;
771 default:
772 return ADDRESS_FAMILY_UNSPECIFIED;
773 }
774 }
775
ConvertAddressFamily(AddressFamily address_family)776 int ConvertAddressFamily(AddressFamily address_family) {
777 switch (address_family) {
778 case ADDRESS_FAMILY_UNSPECIFIED:
779 return AF_UNSPEC;
780 case ADDRESS_FAMILY_IPV4:
781 return AF_INET;
782 case ADDRESS_FAMILY_IPV6:
783 return AF_INET6;
784 }
785 NOTREACHED();
786 return AF_UNSPEC;
787 }
788
ParseIPLiteralToNumber(const std::string & ip_literal,IPAddressNumber * ip_number)789 bool ParseIPLiteralToNumber(const std::string& ip_literal,
790 IPAddressNumber* ip_number) {
791 // |ip_literal| could be either a IPv4 or an IPv6 literal. If it contains
792 // a colon however, it must be an IPv6 address.
793 if (ip_literal.find(':') != std::string::npos) {
794 // GURL expects IPv6 hostnames to be surrounded with brackets.
795 std::string host_brackets = "[" + ip_literal + "]";
796 url::Component host_comp(0, host_brackets.size());
797
798 // Try parsing the hostname as an IPv6 literal.
799 ip_number->resize(16); // 128 bits.
800 return url::IPv6AddressToNumber(host_brackets.data(), host_comp,
801 &(*ip_number)[0]);
802 }
803
804 // Otherwise the string is an IPv4 address.
805 ip_number->resize(4); // 32 bits.
806 url::Component host_comp(0, ip_literal.size());
807 int num_components;
808 url::CanonHostInfo::Family family = url::IPv4AddressToNumber(
809 ip_literal.data(), host_comp, &(*ip_number)[0], &num_components);
810 return family == url::CanonHostInfo::IPV4;
811 }
812
813 namespace {
814
815 const unsigned char kIPv4MappedPrefix[] =
816 { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF };
817 }
818
ConvertIPv4NumberToIPv6Number(const IPAddressNumber & ipv4_number)819 IPAddressNumber ConvertIPv4NumberToIPv6Number(
820 const IPAddressNumber& ipv4_number) {
821 DCHECK(ipv4_number.size() == 4);
822
823 // IPv4-mapped addresses are formed by:
824 // <80 bits of zeros> + <16 bits of ones> + <32-bit IPv4 address>.
825 IPAddressNumber ipv6_number;
826 ipv6_number.reserve(16);
827 ipv6_number.insert(ipv6_number.end(),
828 kIPv4MappedPrefix,
829 kIPv4MappedPrefix + arraysize(kIPv4MappedPrefix));
830 ipv6_number.insert(ipv6_number.end(), ipv4_number.begin(), ipv4_number.end());
831 return ipv6_number;
832 }
833
IsIPv4Mapped(const IPAddressNumber & address)834 bool IsIPv4Mapped(const IPAddressNumber& address) {
835 if (address.size() != kIPv6AddressSize)
836 return false;
837 return std::equal(address.begin(),
838 address.begin() + arraysize(kIPv4MappedPrefix),
839 kIPv4MappedPrefix);
840 }
841
ConvertIPv4MappedToIPv4(const IPAddressNumber & address)842 IPAddressNumber ConvertIPv4MappedToIPv4(const IPAddressNumber& address) {
843 DCHECK(IsIPv4Mapped(address));
844 return IPAddressNumber(address.begin() + arraysize(kIPv4MappedPrefix),
845 address.end());
846 }
847
ParseCIDRBlock(const std::string & cidr_literal,IPAddressNumber * ip_number,size_t * prefix_length_in_bits)848 bool ParseCIDRBlock(const std::string& cidr_literal,
849 IPAddressNumber* ip_number,
850 size_t* prefix_length_in_bits) {
851 // We expect CIDR notation to match one of these two templates:
852 // <IPv4-literal> "/" <number of bits>
853 // <IPv6-literal> "/" <number of bits>
854
855 std::vector<std::string> parts;
856 base::SplitString(cidr_literal, '/', &parts);
857 if (parts.size() != 2)
858 return false;
859
860 // Parse the IP address.
861 if (!ParseIPLiteralToNumber(parts[0], ip_number))
862 return false;
863
864 // Parse the prefix length.
865 int number_of_bits = -1;
866 if (!base::StringToInt(parts[1], &number_of_bits))
867 return false;
868
869 // Make sure the prefix length is in a valid range.
870 if (number_of_bits < 0 ||
871 number_of_bits > static_cast<int>(ip_number->size() * 8))
872 return false;
873
874 *prefix_length_in_bits = static_cast<size_t>(number_of_bits);
875 return true;
876 }
877
IPNumberMatchesPrefix(const IPAddressNumber & ip_number,const IPAddressNumber & ip_prefix,size_t prefix_length_in_bits)878 bool IPNumberMatchesPrefix(const IPAddressNumber& ip_number,
879 const IPAddressNumber& ip_prefix,
880 size_t prefix_length_in_bits) {
881 // Both the input IP address and the prefix IP address should be
882 // either IPv4 or IPv6.
883 DCHECK(ip_number.size() == 4 || ip_number.size() == 16);
884 DCHECK(ip_prefix.size() == 4 || ip_prefix.size() == 16);
885
886 DCHECK_LE(prefix_length_in_bits, ip_prefix.size() * 8);
887
888 // In case we have an IPv6 / IPv4 mismatch, convert the IPv4 addresses to
889 // IPv6 addresses in order to do the comparison.
890 if (ip_number.size() != ip_prefix.size()) {
891 if (ip_number.size() == 4) {
892 return IPNumberMatchesPrefix(ConvertIPv4NumberToIPv6Number(ip_number),
893 ip_prefix, prefix_length_in_bits);
894 }
895 return IPNumberMatchesPrefix(ip_number,
896 ConvertIPv4NumberToIPv6Number(ip_prefix),
897 96 + prefix_length_in_bits);
898 }
899
900 return IPNumberPrefixCheck(ip_number, &ip_prefix[0], prefix_length_in_bits);
901 }
902
GetPortFieldFromSockaddr(const struct sockaddr * address,socklen_t address_len)903 const uint16* GetPortFieldFromSockaddr(const struct sockaddr* address,
904 socklen_t address_len) {
905 if (address->sa_family == AF_INET) {
906 DCHECK_LE(sizeof(sockaddr_in), static_cast<size_t>(address_len));
907 const struct sockaddr_in* sockaddr =
908 reinterpret_cast<const struct sockaddr_in*>(address);
909 return &sockaddr->sin_port;
910 } else if (address->sa_family == AF_INET6) {
911 DCHECK_LE(sizeof(sockaddr_in6), static_cast<size_t>(address_len));
912 const struct sockaddr_in6* sockaddr =
913 reinterpret_cast<const struct sockaddr_in6*>(address);
914 return &sockaddr->sin6_port;
915 } else {
916 NOTREACHED();
917 return NULL;
918 }
919 }
920
GetPortFromSockaddr(const struct sockaddr * address,socklen_t address_len)921 int GetPortFromSockaddr(const struct sockaddr* address, socklen_t address_len) {
922 const uint16* port_field = GetPortFieldFromSockaddr(address, address_len);
923 if (!port_field)
924 return -1;
925 return base::NetToHost16(*port_field);
926 }
927
IsLocalhost(const std::string & host)928 bool IsLocalhost(const std::string& host) {
929 if (host == "localhost" ||
930 host == "localhost.localdomain" ||
931 host == "localhost6" ||
932 host == "localhost6.localdomain6")
933 return true;
934
935 IPAddressNumber ip_number;
936 if (ParseIPLiteralToNumber(host, &ip_number)) {
937 size_t size = ip_number.size();
938 switch (size) {
939 case kIPv4AddressSize: {
940 IPAddressNumber localhost_prefix;
941 localhost_prefix.push_back(127);
942 for (int i = 0; i < 3; ++i) {
943 localhost_prefix.push_back(0);
944 }
945 return IPNumberMatchesPrefix(ip_number, localhost_prefix, 8);
946 }
947
948 case kIPv6AddressSize: {
949 struct in6_addr sin6_addr;
950 memcpy(&sin6_addr, &ip_number[0], kIPv6AddressSize);
951 return !!IN6_IS_ADDR_LOOPBACK(&sin6_addr);
952 }
953
954 default:
955 NOTREACHED();
956 }
957 }
958
959 return false;
960 }
961
NetworkInterface()962 NetworkInterface::NetworkInterface()
963 : type(NetworkChangeNotifier::CONNECTION_UNKNOWN),
964 network_prefix(0) {
965 }
966
NetworkInterface(const std::string & name,const std::string & friendly_name,uint32 interface_index,NetworkChangeNotifier::ConnectionType type,const IPAddressNumber & address,size_t network_prefix)967 NetworkInterface::NetworkInterface(const std::string& name,
968 const std::string& friendly_name,
969 uint32 interface_index,
970 NetworkChangeNotifier::ConnectionType type,
971 const IPAddressNumber& address,
972 size_t network_prefix)
973 : name(name),
974 friendly_name(friendly_name),
975 interface_index(interface_index),
976 type(type),
977 address(address),
978 network_prefix(network_prefix) {
979 }
980
~NetworkInterface()981 NetworkInterface::~NetworkInterface() {
982 }
983
CommonPrefixLength(const IPAddressNumber & a1,const IPAddressNumber & a2)984 unsigned CommonPrefixLength(const IPAddressNumber& a1,
985 const IPAddressNumber& a2) {
986 DCHECK_EQ(a1.size(), a2.size());
987 for (size_t i = 0; i < a1.size(); ++i) {
988 unsigned diff = a1[i] ^ a2[i];
989 if (!diff)
990 continue;
991 for (unsigned j = 0; j < CHAR_BIT; ++j) {
992 if (diff & (1 << (CHAR_BIT - 1)))
993 return i * CHAR_BIT + j;
994 diff <<= 1;
995 }
996 NOTREACHED();
997 }
998 return a1.size() * CHAR_BIT;
999 }
1000
MaskPrefixLength(const IPAddressNumber & mask)1001 unsigned MaskPrefixLength(const IPAddressNumber& mask) {
1002 IPAddressNumber all_ones(mask.size(), 0xFF);
1003 return CommonPrefixLength(mask, all_ones);
1004 }
1005
1006 } // namespace net
1007