1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/base/net_util.h"
6
7 #include <errno.h>
8 #include <string.h>
9
10 #include <algorithm>
11 #include <iterator>
12 #include <set>
13
14 #include "build/build_config.h"
15
16 #if defined(OS_WIN)
17 #include <windows.h>
18 #include <iphlpapi.h>
19 #include <winsock2.h>
20 #include <ws2bth.h>
21 #pragma comment(lib, "iphlpapi.lib")
22 #elif defined(OS_POSIX)
23 #include <fcntl.h>
24 #include <netdb.h>
25 #include <netinet/in.h>
26 #include <unistd.h>
27 #if !defined(OS_NACL)
28 #include <net/if.h>
29 #if !defined(OS_ANDROID)
30 #include <ifaddrs.h>
31 #endif // !defined(OS_NACL)
32 #endif // !defined(OS_ANDROID)
33 #endif // defined(OS_POSIX)
34
35 #include "base/basictypes.h"
36 #include "base/json/string_escape.h"
37 #include "base/lazy_instance.h"
38 #include "base/logging.h"
39 #include "base/strings/string_number_conversions.h"
40 #include "base/strings/string_piece.h"
41 #include "base/strings/string_split.h"
42 #include "base/strings/string_util.h"
43 #include "base/strings/stringprintf.h"
44 #include "base/strings/utf_string_conversions.h"
45 #include "base/sys_byteorder.h"
46 #include "base/values.h"
47 #include "url/gurl.h"
48 #include "url/url_canon.h"
49 #include "url/url_canon_ip.h"
50 #include "url/url_parse.h"
51 #include "net/base/dns_util.h"
52 #include "net/base/net_module.h"
53 #include "net/base/registry_controlled_domains/registry_controlled_domain.h"
54 #include "net/grit/net_resources.h"
55 #include "net/http/http_content_disposition.h"
56
57 #if defined(OS_ANDROID)
58 #include "net/android/network_library.h"
59 #endif
60 #if defined(OS_WIN)
61 #include "net/base/winsock_init.h"
62 #endif
63
64 namespace net {
65
66 namespace {
67
68 // The general list of blocked ports. Will be blocked unless a specific
69 // protocol overrides it. (Ex: ftp can use ports 20 and 21)
70 static const int kRestrictedPorts[] = {
71 1, // tcpmux
72 7, // echo
73 9, // discard
74 11, // systat
75 13, // daytime
76 15, // netstat
77 17, // qotd
78 19, // chargen
79 20, // ftp data
80 21, // ftp access
81 22, // ssh
82 23, // telnet
83 25, // smtp
84 37, // time
85 42, // name
86 43, // nicname
87 53, // domain
88 77, // priv-rjs
89 79, // finger
90 87, // ttylink
91 95, // supdup
92 101, // hostriame
93 102, // iso-tsap
94 103, // gppitnp
95 104, // acr-nema
96 109, // pop2
97 110, // pop3
98 111, // sunrpc
99 113, // auth
100 115, // sftp
101 117, // uucp-path
102 119, // nntp
103 123, // NTP
104 135, // loc-srv /epmap
105 139, // netbios
106 143, // imap2
107 179, // BGP
108 389, // ldap
109 465, // smtp+ssl
110 512, // print / exec
111 513, // login
112 514, // shell
113 515, // printer
114 526, // tempo
115 530, // courier
116 531, // chat
117 532, // netnews
118 540, // uucp
119 556, // remotefs
120 563, // nntp+ssl
121 587, // stmp?
122 601, // ??
123 636, // ldap+ssl
124 993, // ldap+ssl
125 995, // pop3+ssl
126 2049, // nfs
127 3659, // apple-sasl / PasswordServer
128 4045, // lockd
129 6000, // X11
130 6665, // Alternate IRC [Apple addition]
131 6666, // Alternate IRC [Apple addition]
132 6667, // Standard IRC [Apple addition]
133 6668, // Alternate IRC [Apple addition]
134 6669, // Alternate IRC [Apple addition]
135 0xFFFF, // Used to block all invalid port numbers (see
136 // third_party/WebKit/Source/platform/weborigin/KURL.cpp,
137 // KURL::port())
138 };
139
140 // FTP overrides the following restricted ports.
141 static const int kAllowedFtpPorts[] = {
142 21, // ftp data
143 22, // ssh
144 };
145
IPNumberPrefixCheck(const IPAddressNumber & ip_number,const unsigned char * ip_prefix,size_t prefix_length_in_bits)146 bool IPNumberPrefixCheck(const IPAddressNumber& ip_number,
147 const unsigned char* ip_prefix,
148 size_t prefix_length_in_bits) {
149 // Compare all the bytes that fall entirely within the prefix.
150 int num_entire_bytes_in_prefix = prefix_length_in_bits / 8;
151 for (int i = 0; i < num_entire_bytes_in_prefix; ++i) {
152 if (ip_number[i] != ip_prefix[i])
153 return false;
154 }
155
156 // In case the prefix was not a multiple of 8, there will be 1 byte
157 // which is only partially masked.
158 int remaining_bits = prefix_length_in_bits % 8;
159 if (remaining_bits != 0) {
160 unsigned char mask = 0xFF << (8 - remaining_bits);
161 int i = num_entire_bytes_in_prefix;
162 if ((ip_number[i] & mask) != (ip_prefix[i] & mask))
163 return false;
164 }
165 return true;
166 }
167
168 } // namespace
169
170 static base::LazyInstance<std::multiset<int> >::Leaky
171 g_explicitly_allowed_ports = LAZY_INSTANCE_INITIALIZER;
172
GetCountOfExplicitlyAllowedPorts()173 size_t GetCountOfExplicitlyAllowedPorts() {
174 return g_explicitly_allowed_ports.Get().size();
175 }
176
GetSpecificHeader(const std::string & headers,const std::string & name)177 std::string GetSpecificHeader(const std::string& headers,
178 const std::string& name) {
179 // We want to grab the Value from the "Key: Value" pairs in the headers,
180 // which should look like this (no leading spaces, \n-separated) (we format
181 // them this way in url_request_inet.cc):
182 // HTTP/1.1 200 OK\n
183 // ETag: "6d0b8-947-24f35ec0"\n
184 // Content-Length: 2375\n
185 // Content-Type: text/html; charset=UTF-8\n
186 // Last-Modified: Sun, 03 Sep 2006 04:34:43 GMT\n
187 if (headers.empty())
188 return std::string();
189
190 std::string match('\n' + name + ':');
191
192 std::string::const_iterator begin =
193 std::search(headers.begin(), headers.end(), match.begin(), match.end(),
194 base::CaseInsensitiveCompareASCII<char>());
195
196 if (begin == headers.end())
197 return std::string();
198
199 begin += match.length();
200
201 std::string ret;
202 base::TrimWhitespace(std::string(begin,
203 std::find(begin, headers.end(), '\n')),
204 base::TRIM_ALL, &ret);
205 return ret;
206 }
207
CanonicalizeHost(const std::string & host,url::CanonHostInfo * host_info)208 std::string CanonicalizeHost(const std::string& host,
209 url::CanonHostInfo* host_info) {
210 // Try to canonicalize the host.
211 const url::Component raw_host_component(0, static_cast<int>(host.length()));
212 std::string canon_host;
213 url::StdStringCanonOutput canon_host_output(&canon_host);
214 url::CanonicalizeHostVerbose(host.c_str(), raw_host_component,
215 &canon_host_output, host_info);
216
217 if (host_info->out_host.is_nonempty() &&
218 host_info->family != url::CanonHostInfo::BROKEN) {
219 // Success! Assert that there's no extra garbage.
220 canon_host_output.Complete();
221 DCHECK_EQ(host_info->out_host.len, static_cast<int>(canon_host.length()));
222 } else {
223 // Empty host, or canonicalization failed. We'll return empty.
224 canon_host.clear();
225 }
226
227 return canon_host;
228 }
229
GetDirectoryListingHeader(const base::string16 & title)230 std::string GetDirectoryListingHeader(const base::string16& title) {
231 static const base::StringPiece header(
232 NetModule::GetResource(IDR_DIR_HEADER_HTML));
233 // This can be null in unit tests.
234 DLOG_IF(WARNING, header.empty()) <<
235 "Missing resource: directory listing header";
236
237 std::string result;
238 if (!header.empty())
239 result.assign(header.data(), header.size());
240
241 result.append("<script>start(");
242 base::EscapeJSONString(title, true, &result);
243 result.append(");</script>\n");
244
245 return result;
246 }
247
IsHostCharAlphanumeric(char c)248 inline bool IsHostCharAlphanumeric(char c) {
249 // We can just check lowercase because uppercase characters have already been
250 // normalized.
251 return ((c >= 'a') && (c <= 'z')) || ((c >= '0') && (c <= '9'));
252 }
253
IsCanonicalizedHostCompliant(const std::string & host,const std::string & desired_tld)254 bool IsCanonicalizedHostCompliant(const std::string& host,
255 const std::string& desired_tld) {
256 if (host.empty())
257 return false;
258
259 bool in_component = false;
260 bool most_recent_component_started_alphanumeric = false;
261 bool last_char_was_underscore = false;
262
263 for (std::string::const_iterator i(host.begin()); i != host.end(); ++i) {
264 const char c = *i;
265 if (!in_component) {
266 most_recent_component_started_alphanumeric = IsHostCharAlphanumeric(c);
267 if (!most_recent_component_started_alphanumeric && (c != '-'))
268 return false;
269 in_component = true;
270 } else {
271 if (c == '.') {
272 if (last_char_was_underscore)
273 return false;
274 in_component = false;
275 } else if (IsHostCharAlphanumeric(c) || (c == '-')) {
276 last_char_was_underscore = false;
277 } else if (c == '_') {
278 last_char_was_underscore = true;
279 } else {
280 return false;
281 }
282 }
283 }
284
285 return most_recent_component_started_alphanumeric ||
286 (!desired_tld.empty() && IsHostCharAlphanumeric(desired_tld[0]));
287 }
288
StripWWW(const base::string16 & text)289 base::string16 StripWWW(const base::string16& text) {
290 const base::string16 www(base::ASCIIToUTF16("www."));
291 return StartsWith(text, www, true) ? text.substr(www.length()) : text;
292 }
293
StripWWWFromHost(const GURL & url)294 base::string16 StripWWWFromHost(const GURL& url) {
295 DCHECK(url.is_valid());
296 return StripWWW(base::ASCIIToUTF16(url.host()));
297 }
298
IsPortAllowedByDefault(int port)299 bool IsPortAllowedByDefault(int port) {
300 int array_size = arraysize(kRestrictedPorts);
301 for (int i = 0; i < array_size; i++) {
302 if (kRestrictedPorts[i] == port) {
303 return false;
304 }
305 }
306 return true;
307 }
308
IsPortAllowedByFtp(int port)309 bool IsPortAllowedByFtp(int port) {
310 int array_size = arraysize(kAllowedFtpPorts);
311 for (int i = 0; i < array_size; i++) {
312 if (kAllowedFtpPorts[i] == port) {
313 return true;
314 }
315 }
316 // Port not explicitly allowed by FTP, so return the default restrictions.
317 return IsPortAllowedByDefault(port);
318 }
319
IsPortAllowedByOverride(int port)320 bool IsPortAllowedByOverride(int port) {
321 if (g_explicitly_allowed_ports.Get().empty())
322 return false;
323
324 return g_explicitly_allowed_ports.Get().count(port) > 0;
325 }
326
SetNonBlocking(int fd)327 int SetNonBlocking(int fd) {
328 #if defined(OS_WIN)
329 unsigned long no_block = 1;
330 return ioctlsocket(fd, FIONBIO, &no_block);
331 #elif defined(OS_POSIX)
332 int flags = fcntl(fd, F_GETFL, 0);
333 if (-1 == flags)
334 return flags;
335 return fcntl(fd, F_SETFL, flags | O_NONBLOCK);
336 #endif
337 }
338
ParseHostAndPort(std::string::const_iterator host_and_port_begin,std::string::const_iterator host_and_port_end,std::string * host,int * port)339 bool ParseHostAndPort(std::string::const_iterator host_and_port_begin,
340 std::string::const_iterator host_and_port_end,
341 std::string* host,
342 int* port) {
343 if (host_and_port_begin >= host_and_port_end)
344 return false;
345
346 // When using url, we use char*.
347 const char* auth_begin = &(*host_and_port_begin);
348 int auth_len = host_and_port_end - host_and_port_begin;
349
350 url::Component auth_component(0, auth_len);
351 url::Component username_component;
352 url::Component password_component;
353 url::Component hostname_component;
354 url::Component port_component;
355
356 url::ParseAuthority(auth_begin, auth_component, &username_component,
357 &password_component, &hostname_component, &port_component);
358
359 // There shouldn't be a username/password.
360 if (username_component.is_valid() || password_component.is_valid())
361 return false;
362
363 if (!hostname_component.is_nonempty())
364 return false; // Failed parsing.
365
366 int parsed_port_number = -1;
367 if (port_component.is_nonempty()) {
368 parsed_port_number = url::ParsePort(auth_begin, port_component);
369
370 // If parsing failed, port_number will be either PORT_INVALID or
371 // PORT_UNSPECIFIED, both of which are negative.
372 if (parsed_port_number < 0)
373 return false; // Failed parsing the port number.
374 }
375
376 if (port_component.len == 0)
377 return false; // Reject inputs like "foo:"
378
379 unsigned char tmp_ipv6_addr[16];
380
381 // If the hostname starts with a bracket, it is either an IPv6 literal or
382 // invalid. If it is an IPv6 literal then strip the brackets.
383 if (hostname_component.len > 0 &&
384 auth_begin[hostname_component.begin] == '[') {
385 if (auth_begin[hostname_component.end() - 1] == ']' &&
386 url::IPv6AddressToNumber(
387 auth_begin, hostname_component, tmp_ipv6_addr)) {
388 // Strip the brackets.
389 hostname_component.begin++;
390 hostname_component.len -= 2;
391 } else {
392 return false;
393 }
394 }
395
396 // Pass results back to caller.
397 host->assign(auth_begin + hostname_component.begin, hostname_component.len);
398 *port = parsed_port_number;
399
400 return true; // Success.
401 }
402
ParseHostAndPort(const std::string & host_and_port,std::string * host,int * port)403 bool ParseHostAndPort(const std::string& host_and_port,
404 std::string* host,
405 int* port) {
406 return ParseHostAndPort(
407 host_and_port.begin(), host_and_port.end(), host, port);
408 }
409
GetHostAndPort(const GURL & url)410 std::string GetHostAndPort(const GURL& url) {
411 // For IPv6 literals, GURL::host() already includes the brackets so it is
412 // safe to just append a colon.
413 return base::StringPrintf("%s:%d", url.host().c_str(),
414 url.EffectiveIntPort());
415 }
416
GetHostAndOptionalPort(const GURL & url)417 std::string GetHostAndOptionalPort(const GURL& url) {
418 // For IPv6 literals, GURL::host() already includes the brackets
419 // so it is safe to just append a colon.
420 if (url.has_port())
421 return base::StringPrintf("%s:%s", url.host().c_str(), url.port().c_str());
422 return url.host();
423 }
424
IsHostnameNonUnique(const std::string & hostname)425 bool IsHostnameNonUnique(const std::string& hostname) {
426 // CanonicalizeHost requires surrounding brackets to parse an IPv6 address.
427 const std::string host_or_ip = hostname.find(':') != std::string::npos ?
428 "[" + hostname + "]" : hostname;
429 url::CanonHostInfo host_info;
430 std::string canonical_name = CanonicalizeHost(host_or_ip, &host_info);
431
432 // If canonicalization fails, then the input is truly malformed. However,
433 // to avoid mis-reporting bad inputs as "non-unique", treat them as unique.
434 if (canonical_name.empty())
435 return false;
436
437 // If |hostname| is an IP address, check to see if it's in an IANA-reserved
438 // range.
439 if (host_info.IsIPAddress()) {
440 IPAddressNumber host_addr;
441 if (!ParseIPLiteralToNumber(hostname.substr(host_info.out_host.begin,
442 host_info.out_host.len),
443 &host_addr)) {
444 return false;
445 }
446 switch (host_info.family) {
447 case url::CanonHostInfo::IPV4:
448 case url::CanonHostInfo::IPV6:
449 return IsIPAddressReserved(host_addr);
450 case url::CanonHostInfo::NEUTRAL:
451 case url::CanonHostInfo::BROKEN:
452 return false;
453 }
454 }
455
456 // Check for a registry controlled portion of |hostname|, ignoring private
457 // registries, as they already chain to ICANN-administered registries,
458 // and explicitly ignoring unknown registries.
459 //
460 // Note: This means that as new gTLDs are introduced on the Internet, they
461 // will be treated as non-unique until the registry controlled domain list
462 // is updated. However, because gTLDs are expected to provide significant
463 // advance notice to deprecate older versions of this code, this an
464 // acceptable tradeoff.
465 return 0 == registry_controlled_domains::GetRegistryLength(
466 canonical_name,
467 registry_controlled_domains::EXCLUDE_UNKNOWN_REGISTRIES,
468 registry_controlled_domains::EXCLUDE_PRIVATE_REGISTRIES);
469 }
470
471 // Don't compare IPv4 and IPv6 addresses (they have different range
472 // reservations). Keep separate reservation arrays for each IP type, and
473 // consolidate adjacent reserved ranges within a reservation array when
474 // possible.
475 // Sources for info:
476 // www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xhtml
477 // www.iana.org/assignments/ipv6-address-space/ipv6-address-space.xhtml
478 // They're formatted here with the prefix as the last element. For example:
479 // 10.0.0.0/8 becomes 10,0,0,0,8 and fec0::/10 becomes 0xfe,0xc0,0,0,0...,10.
IsIPAddressReserved(const IPAddressNumber & host_addr)480 bool IsIPAddressReserved(const IPAddressNumber& host_addr) {
481 static const unsigned char kReservedIPv4[][5] = {
482 { 0,0,0,0,8 }, { 10,0,0,0,8 }, { 100,64,0,0,10 }, { 127,0,0,0,8 },
483 { 169,254,0,0,16 }, { 172,16,0,0,12 }, { 192,0,2,0,24 },
484 { 192,88,99,0,24 }, { 192,168,0,0,16 }, { 198,18,0,0,15 },
485 { 198,51,100,0,24 }, { 203,0,113,0,24 }, { 224,0,0,0,3 }
486 };
487 static const unsigned char kReservedIPv6[][17] = {
488 { 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8 },
489 { 0x40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2 },
490 { 0x80,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2 },
491 { 0xc0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3 },
492 { 0xe0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4 },
493 { 0xf0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5 },
494 { 0xf8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6 },
495 { 0xfc,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7 },
496 { 0xfe,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9 },
497 { 0xfe,0x80,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10 },
498 { 0xfe,0xc0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10 },
499 };
500 size_t array_size = 0;
501 const unsigned char* array = NULL;
502 switch (host_addr.size()) {
503 case kIPv4AddressSize:
504 array_size = arraysize(kReservedIPv4);
505 array = kReservedIPv4[0];
506 break;
507 case kIPv6AddressSize:
508 array_size = arraysize(kReservedIPv6);
509 array = kReservedIPv6[0];
510 break;
511 }
512 if (!array)
513 return false;
514 size_t width = host_addr.size() + 1;
515 for (size_t i = 0; i < array_size; ++i, array += width) {
516 if (IPNumberPrefixCheck(host_addr, array, array[width-1]))
517 return true;
518 }
519 return false;
520 }
521
SockaddrStorage(const SockaddrStorage & other)522 SockaddrStorage::SockaddrStorage(const SockaddrStorage& other)
523 : addr_len(other.addr_len),
524 addr(reinterpret_cast<struct sockaddr*>(&addr_storage)) {
525 memcpy(addr, other.addr, addr_len);
526 }
527
operator =(const SockaddrStorage & other)528 void SockaddrStorage::operator=(const SockaddrStorage& other) {
529 addr_len = other.addr_len;
530 // addr is already set to &this->addr_storage by default ctor.
531 memcpy(addr, other.addr, addr_len);
532 }
533
534 // Extracts the address and port portions of a sockaddr.
GetIPAddressFromSockAddr(const struct sockaddr * sock_addr,socklen_t sock_addr_len,const uint8 ** address,size_t * address_len,uint16 * port)535 bool GetIPAddressFromSockAddr(const struct sockaddr* sock_addr,
536 socklen_t sock_addr_len,
537 const uint8** address,
538 size_t* address_len,
539 uint16* port) {
540 if (sock_addr->sa_family == AF_INET) {
541 if (sock_addr_len < static_cast<socklen_t>(sizeof(struct sockaddr_in)))
542 return false;
543 const struct sockaddr_in* addr =
544 reinterpret_cast<const struct sockaddr_in*>(sock_addr);
545 *address = reinterpret_cast<const uint8*>(&addr->sin_addr);
546 *address_len = kIPv4AddressSize;
547 if (port)
548 *port = base::NetToHost16(addr->sin_port);
549 return true;
550 }
551
552 if (sock_addr->sa_family == AF_INET6) {
553 if (sock_addr_len < static_cast<socklen_t>(sizeof(struct sockaddr_in6)))
554 return false;
555 const struct sockaddr_in6* addr =
556 reinterpret_cast<const struct sockaddr_in6*>(sock_addr);
557 *address = reinterpret_cast<const uint8*>(&addr->sin6_addr);
558 *address_len = kIPv6AddressSize;
559 if (port)
560 *port = base::NetToHost16(addr->sin6_port);
561 return true;
562 }
563
564 #if defined(OS_WIN)
565 if (sock_addr->sa_family == AF_BTH) {
566 if (sock_addr_len < static_cast<socklen_t>(sizeof(SOCKADDR_BTH)))
567 return false;
568 const SOCKADDR_BTH* addr =
569 reinterpret_cast<const SOCKADDR_BTH*>(sock_addr);
570 *address = reinterpret_cast<const uint8*>(&addr->btAddr);
571 *address_len = kBluetoothAddressSize;
572 if (port)
573 *port = addr->port;
574 return true;
575 }
576 #endif
577
578 return false; // Unrecognized |sa_family|.
579 }
580
IPAddressToString(const uint8 * address,size_t address_len)581 std::string IPAddressToString(const uint8* address,
582 size_t address_len) {
583 std::string str;
584 url::StdStringCanonOutput output(&str);
585
586 if (address_len == kIPv4AddressSize) {
587 url::AppendIPv4Address(address, &output);
588 } else if (address_len == kIPv6AddressSize) {
589 url::AppendIPv6Address(address, &output);
590 } else {
591 CHECK(false) << "Invalid IP address with length: " << address_len;
592 }
593
594 output.Complete();
595 return str;
596 }
597
IPAddressToStringWithPort(const uint8 * address,size_t address_len,uint16 port)598 std::string IPAddressToStringWithPort(const uint8* address,
599 size_t address_len,
600 uint16 port) {
601 std::string address_str = IPAddressToString(address, address_len);
602
603 if (address_len == kIPv6AddressSize) {
604 // Need to bracket IPv6 addresses since they contain colons.
605 return base::StringPrintf("[%s]:%d", address_str.c_str(), port);
606 }
607 return base::StringPrintf("%s:%d", address_str.c_str(), port);
608 }
609
NetAddressToString(const struct sockaddr * sa,socklen_t sock_addr_len)610 std::string NetAddressToString(const struct sockaddr* sa,
611 socklen_t sock_addr_len) {
612 const uint8* address;
613 size_t address_len;
614 if (!GetIPAddressFromSockAddr(sa, sock_addr_len, &address,
615 &address_len, NULL)) {
616 NOTREACHED();
617 return std::string();
618 }
619 return IPAddressToString(address, address_len);
620 }
621
NetAddressToStringWithPort(const struct sockaddr * sa,socklen_t sock_addr_len)622 std::string NetAddressToStringWithPort(const struct sockaddr* sa,
623 socklen_t sock_addr_len) {
624 const uint8* address;
625 size_t address_len;
626 uint16 port;
627 if (!GetIPAddressFromSockAddr(sa, sock_addr_len, &address,
628 &address_len, &port)) {
629 NOTREACHED();
630 return std::string();
631 }
632 return IPAddressToStringWithPort(address, address_len, port);
633 }
634
IPAddressToString(const IPAddressNumber & addr)635 std::string IPAddressToString(const IPAddressNumber& addr) {
636 return IPAddressToString(&addr.front(), addr.size());
637 }
638
IPAddressToStringWithPort(const IPAddressNumber & addr,uint16 port)639 std::string IPAddressToStringWithPort(const IPAddressNumber& addr,
640 uint16 port) {
641 return IPAddressToStringWithPort(&addr.front(), addr.size(), port);
642 }
643
IPAddressToPackedString(const IPAddressNumber & addr)644 std::string IPAddressToPackedString(const IPAddressNumber& addr) {
645 return std::string(reinterpret_cast<const char *>(&addr.front()),
646 addr.size());
647 }
648
GetHostName()649 std::string GetHostName() {
650 #if defined(OS_NACL)
651 NOTIMPLEMENTED();
652 return std::string();
653 #else // defined(OS_NACL)
654 #if defined(OS_WIN)
655 EnsureWinsockInit();
656 #endif
657
658 // Host names are limited to 255 bytes.
659 char buffer[256];
660 int result = gethostname(buffer, sizeof(buffer));
661 if (result != 0) {
662 DVLOG(1) << "gethostname() failed with " << result;
663 buffer[0] = '\0';
664 }
665 return std::string(buffer);
666 #endif // !defined(OS_NACL)
667 }
668
GetIdentityFromURL(const GURL & url,base::string16 * username,base::string16 * password)669 void GetIdentityFromURL(const GURL& url,
670 base::string16* username,
671 base::string16* password) {
672 UnescapeRule::Type flags =
673 UnescapeRule::SPACES | UnescapeRule::URL_SPECIAL_CHARS;
674 *username = UnescapeAndDecodeUTF8URLComponent(url.username(), flags);
675 *password = UnescapeAndDecodeUTF8URLComponent(url.password(), flags);
676 }
677
GetHostOrSpecFromURL(const GURL & url)678 std::string GetHostOrSpecFromURL(const GURL& url) {
679 return url.has_host() ? TrimEndingDot(url.host()) : url.spec();
680 }
681
CanStripTrailingSlash(const GURL & url)682 bool CanStripTrailingSlash(const GURL& url) {
683 // Omit the path only for standard, non-file URLs with nothing but "/" after
684 // the hostname.
685 return url.IsStandard() && !url.SchemeIsFile() &&
686 !url.SchemeIsFileSystem() && !url.has_query() && !url.has_ref()
687 && url.path() == "/";
688 }
689
SimplifyUrlForRequest(const GURL & url)690 GURL SimplifyUrlForRequest(const GURL& url) {
691 DCHECK(url.is_valid());
692 GURL::Replacements replacements;
693 replacements.ClearUsername();
694 replacements.ClearPassword();
695 replacements.ClearRef();
696 return url.ReplaceComponents(replacements);
697 }
698
699 // Specifies a comma separated list of port numbers that should be accepted
700 // despite bans. If the string is invalid no allowed ports are stored.
SetExplicitlyAllowedPorts(const std::string & allowed_ports)701 void SetExplicitlyAllowedPorts(const std::string& allowed_ports) {
702 if (allowed_ports.empty())
703 return;
704
705 std::multiset<int> ports;
706 size_t last = 0;
707 size_t size = allowed_ports.size();
708 // The comma delimiter.
709 const std::string::value_type kComma = ',';
710
711 // Overflow is still possible for evil user inputs.
712 for (size_t i = 0; i <= size; ++i) {
713 // The string should be composed of only digits and commas.
714 if (i != size && !IsAsciiDigit(allowed_ports[i]) &&
715 (allowed_ports[i] != kComma))
716 return;
717 if (i == size || allowed_ports[i] == kComma) {
718 if (i > last) {
719 int port;
720 base::StringToInt(base::StringPiece(allowed_ports.begin() + last,
721 allowed_ports.begin() + i),
722 &port);
723 ports.insert(port);
724 }
725 last = i + 1;
726 }
727 }
728 g_explicitly_allowed_ports.Get() = ports;
729 }
730
ScopedPortException(int port)731 ScopedPortException::ScopedPortException(int port) : port_(port) {
732 g_explicitly_allowed_ports.Get().insert(port);
733 }
734
~ScopedPortException()735 ScopedPortException::~ScopedPortException() {
736 std::multiset<int>::iterator it =
737 g_explicitly_allowed_ports.Get().find(port_);
738 if (it != g_explicitly_allowed_ports.Get().end())
739 g_explicitly_allowed_ports.Get().erase(it);
740 else
741 NOTREACHED();
742 }
743
HaveOnlyLoopbackAddresses()744 bool HaveOnlyLoopbackAddresses() {
745 #if defined(OS_ANDROID)
746 return android::HaveOnlyLoopbackAddresses();
747 #elif defined(OS_NACL)
748 NOTIMPLEMENTED();
749 return false;
750 #elif defined(OS_POSIX)
751 struct ifaddrs* interface_addr = NULL;
752 int rv = getifaddrs(&interface_addr);
753 if (rv != 0) {
754 DVLOG(1) << "getifaddrs() failed with errno = " << errno;
755 return false;
756 }
757
758 bool result = true;
759 for (struct ifaddrs* interface = interface_addr;
760 interface != NULL;
761 interface = interface->ifa_next) {
762 if (!(IFF_UP & interface->ifa_flags))
763 continue;
764 if (IFF_LOOPBACK & interface->ifa_flags)
765 continue;
766 const struct sockaddr* addr = interface->ifa_addr;
767 if (!addr)
768 continue;
769 if (addr->sa_family == AF_INET6) {
770 // Safe cast since this is AF_INET6.
771 const struct sockaddr_in6* addr_in6 =
772 reinterpret_cast<const struct sockaddr_in6*>(addr);
773 const struct in6_addr* sin6_addr = &addr_in6->sin6_addr;
774 if (IN6_IS_ADDR_LOOPBACK(sin6_addr) || IN6_IS_ADDR_LINKLOCAL(sin6_addr))
775 continue;
776 }
777 if (addr->sa_family != AF_INET6 && addr->sa_family != AF_INET)
778 continue;
779
780 result = false;
781 break;
782 }
783 freeifaddrs(interface_addr);
784 return result;
785 #elif defined(OS_WIN)
786 // TODO(wtc): implement with the GetAdaptersAddresses function.
787 NOTIMPLEMENTED();
788 return false;
789 #else
790 NOTIMPLEMENTED();
791 return false;
792 #endif // defined(various platforms)
793 }
794
GetAddressFamily(const IPAddressNumber & address)795 AddressFamily GetAddressFamily(const IPAddressNumber& address) {
796 switch (address.size()) {
797 case kIPv4AddressSize:
798 return ADDRESS_FAMILY_IPV4;
799 case kIPv6AddressSize:
800 return ADDRESS_FAMILY_IPV6;
801 default:
802 return ADDRESS_FAMILY_UNSPECIFIED;
803 }
804 }
805
ConvertAddressFamily(AddressFamily address_family)806 int ConvertAddressFamily(AddressFamily address_family) {
807 switch (address_family) {
808 case ADDRESS_FAMILY_UNSPECIFIED:
809 return AF_UNSPEC;
810 case ADDRESS_FAMILY_IPV4:
811 return AF_INET;
812 case ADDRESS_FAMILY_IPV6:
813 return AF_INET6;
814 }
815 NOTREACHED();
816 return AF_UNSPEC;
817 }
818
ParseURLHostnameToNumber(const std::string & hostname,IPAddressNumber * ip_number)819 bool ParseURLHostnameToNumber(const std::string& hostname,
820 IPAddressNumber* ip_number) {
821 // |hostname| is an already canoncalized hostname, conforming to RFC 3986.
822 // For an IP address, this is defined in Section 3.2.2 of RFC 3986, with
823 // the canonical form for IPv6 addresses defined in Section 4 of RFC 5952.
824 url::Component host_comp(0, hostname.size());
825
826 // If it has a bracket, try parsing it as an IPv6 address.
827 if (hostname[0] == '[') {
828 ip_number->resize(16); // 128 bits.
829 return url::IPv6AddressToNumber(
830 hostname.data(), host_comp, &(*ip_number)[0]);
831 }
832
833 // Otherwise, try IPv4.
834 ip_number->resize(4); // 32 bits.
835 int num_components;
836 url::CanonHostInfo::Family family = url::IPv4AddressToNumber(
837 hostname.data(), host_comp, &(*ip_number)[0], &num_components);
838 return family == url::CanonHostInfo::IPV4;
839 }
840
ParseIPLiteralToNumber(const std::string & ip_literal,IPAddressNumber * ip_number)841 bool ParseIPLiteralToNumber(const std::string& ip_literal,
842 IPAddressNumber* ip_number) {
843 // |ip_literal| could be either a IPv4 or an IPv6 literal. If it contains
844 // a colon however, it must be an IPv6 address.
845 if (ip_literal.find(':') != std::string::npos) {
846 // GURL expects IPv6 hostnames to be surrounded with brackets.
847 std::string host_brackets = "[" + ip_literal + "]";
848 url::Component host_comp(0, host_brackets.size());
849
850 // Try parsing the hostname as an IPv6 literal.
851 ip_number->resize(16); // 128 bits.
852 return url::IPv6AddressToNumber(host_brackets.data(), host_comp,
853 &(*ip_number)[0]);
854 }
855
856 // Otherwise the string is an IPv4 address.
857 ip_number->resize(4); // 32 bits.
858 url::Component host_comp(0, ip_literal.size());
859 int num_components;
860 url::CanonHostInfo::Family family = url::IPv4AddressToNumber(
861 ip_literal.data(), host_comp, &(*ip_number)[0], &num_components);
862 return family == url::CanonHostInfo::IPV4;
863 }
864
865 namespace {
866
867 const unsigned char kIPv4MappedPrefix[] =
868 { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF };
869 }
870
ConvertIPv4NumberToIPv6Number(const IPAddressNumber & ipv4_number)871 IPAddressNumber ConvertIPv4NumberToIPv6Number(
872 const IPAddressNumber& ipv4_number) {
873 DCHECK(ipv4_number.size() == 4);
874
875 // IPv4-mapped addresses are formed by:
876 // <80 bits of zeros> + <16 bits of ones> + <32-bit IPv4 address>.
877 IPAddressNumber ipv6_number;
878 ipv6_number.reserve(16);
879 ipv6_number.insert(ipv6_number.end(),
880 kIPv4MappedPrefix,
881 kIPv4MappedPrefix + arraysize(kIPv4MappedPrefix));
882 ipv6_number.insert(ipv6_number.end(), ipv4_number.begin(), ipv4_number.end());
883 return ipv6_number;
884 }
885
IsIPv4Mapped(const IPAddressNumber & address)886 bool IsIPv4Mapped(const IPAddressNumber& address) {
887 if (address.size() != kIPv6AddressSize)
888 return false;
889 return std::equal(address.begin(),
890 address.begin() + arraysize(kIPv4MappedPrefix),
891 kIPv4MappedPrefix);
892 }
893
ConvertIPv4MappedToIPv4(const IPAddressNumber & address)894 IPAddressNumber ConvertIPv4MappedToIPv4(const IPAddressNumber& address) {
895 DCHECK(IsIPv4Mapped(address));
896 return IPAddressNumber(address.begin() + arraysize(kIPv4MappedPrefix),
897 address.end());
898 }
899
ParseCIDRBlock(const std::string & cidr_literal,IPAddressNumber * ip_number,size_t * prefix_length_in_bits)900 bool ParseCIDRBlock(const std::string& cidr_literal,
901 IPAddressNumber* ip_number,
902 size_t* prefix_length_in_bits) {
903 // We expect CIDR notation to match one of these two templates:
904 // <IPv4-literal> "/" <number of bits>
905 // <IPv6-literal> "/" <number of bits>
906
907 std::vector<std::string> parts;
908 base::SplitString(cidr_literal, '/', &parts);
909 if (parts.size() != 2)
910 return false;
911
912 // Parse the IP address.
913 if (!ParseIPLiteralToNumber(parts[0], ip_number))
914 return false;
915
916 // Parse the prefix length.
917 int number_of_bits = -1;
918 if (!base::StringToInt(parts[1], &number_of_bits))
919 return false;
920
921 // Make sure the prefix length is in a valid range.
922 if (number_of_bits < 0 ||
923 number_of_bits > static_cast<int>(ip_number->size() * 8))
924 return false;
925
926 *prefix_length_in_bits = static_cast<size_t>(number_of_bits);
927 return true;
928 }
929
IPNumberMatchesPrefix(const IPAddressNumber & ip_number,const IPAddressNumber & ip_prefix,size_t prefix_length_in_bits)930 bool IPNumberMatchesPrefix(const IPAddressNumber& ip_number,
931 const IPAddressNumber& ip_prefix,
932 size_t prefix_length_in_bits) {
933 // Both the input IP address and the prefix IP address should be
934 // either IPv4 or IPv6.
935 DCHECK(ip_number.size() == 4 || ip_number.size() == 16);
936 DCHECK(ip_prefix.size() == 4 || ip_prefix.size() == 16);
937
938 DCHECK_LE(prefix_length_in_bits, ip_prefix.size() * 8);
939
940 // In case we have an IPv6 / IPv4 mismatch, convert the IPv4 addresses to
941 // IPv6 addresses in order to do the comparison.
942 if (ip_number.size() != ip_prefix.size()) {
943 if (ip_number.size() == 4) {
944 return IPNumberMatchesPrefix(ConvertIPv4NumberToIPv6Number(ip_number),
945 ip_prefix, prefix_length_in_bits);
946 }
947 return IPNumberMatchesPrefix(ip_number,
948 ConvertIPv4NumberToIPv6Number(ip_prefix),
949 96 + prefix_length_in_bits);
950 }
951
952 return IPNumberPrefixCheck(ip_number, &ip_prefix[0], prefix_length_in_bits);
953 }
954
GetPortFieldFromSockaddr(const struct sockaddr * address,socklen_t address_len)955 const uint16* GetPortFieldFromSockaddr(const struct sockaddr* address,
956 socklen_t address_len) {
957 if (address->sa_family == AF_INET) {
958 DCHECK_LE(sizeof(sockaddr_in), static_cast<size_t>(address_len));
959 const struct sockaddr_in* sockaddr =
960 reinterpret_cast<const struct sockaddr_in*>(address);
961 return &sockaddr->sin_port;
962 } else if (address->sa_family == AF_INET6) {
963 DCHECK_LE(sizeof(sockaddr_in6), static_cast<size_t>(address_len));
964 const struct sockaddr_in6* sockaddr =
965 reinterpret_cast<const struct sockaddr_in6*>(address);
966 return &sockaddr->sin6_port;
967 } else {
968 NOTREACHED();
969 return NULL;
970 }
971 }
972
GetPortFromSockaddr(const struct sockaddr * address,socklen_t address_len)973 int GetPortFromSockaddr(const struct sockaddr* address, socklen_t address_len) {
974 const uint16* port_field = GetPortFieldFromSockaddr(address, address_len);
975 if (!port_field)
976 return -1;
977 return base::NetToHost16(*port_field);
978 }
979
IsLocalhost(const std::string & host)980 bool IsLocalhost(const std::string& host) {
981 if (host == "localhost" ||
982 host == "localhost.localdomain" ||
983 host == "localhost6" ||
984 host == "localhost6.localdomain6")
985 return true;
986
987 IPAddressNumber ip_number;
988 if (ParseIPLiteralToNumber(host, &ip_number)) {
989 size_t size = ip_number.size();
990 switch (size) {
991 case kIPv4AddressSize: {
992 IPAddressNumber localhost_prefix;
993 localhost_prefix.push_back(127);
994 for (int i = 0; i < 3; ++i) {
995 localhost_prefix.push_back(0);
996 }
997 return IPNumberMatchesPrefix(ip_number, localhost_prefix, 8);
998 }
999
1000 case kIPv6AddressSize: {
1001 struct in6_addr sin6_addr;
1002 memcpy(&sin6_addr, &ip_number[0], kIPv6AddressSize);
1003 return !!IN6_IS_ADDR_LOOPBACK(&sin6_addr);
1004 }
1005
1006 default:
1007 NOTREACHED();
1008 }
1009 }
1010
1011 return false;
1012 }
1013
NetworkInterface()1014 NetworkInterface::NetworkInterface()
1015 : type(NetworkChangeNotifier::CONNECTION_UNKNOWN),
1016 network_prefix(0) {
1017 }
1018
NetworkInterface(const std::string & name,const std::string & friendly_name,uint32 interface_index,NetworkChangeNotifier::ConnectionType type,const IPAddressNumber & address,uint32 network_prefix,int ip_address_attributes)1019 NetworkInterface::NetworkInterface(const std::string& name,
1020 const std::string& friendly_name,
1021 uint32 interface_index,
1022 NetworkChangeNotifier::ConnectionType type,
1023 const IPAddressNumber& address,
1024 uint32 network_prefix,
1025 int ip_address_attributes)
1026 : name(name),
1027 friendly_name(friendly_name),
1028 interface_index(interface_index),
1029 type(type),
1030 address(address),
1031 network_prefix(network_prefix),
1032 ip_address_attributes(ip_address_attributes) {
1033 }
1034
~NetworkInterface()1035 NetworkInterface::~NetworkInterface() {
1036 }
1037
CommonPrefixLength(const IPAddressNumber & a1,const IPAddressNumber & a2)1038 unsigned CommonPrefixLength(const IPAddressNumber& a1,
1039 const IPAddressNumber& a2) {
1040 DCHECK_EQ(a1.size(), a2.size());
1041 for (size_t i = 0; i < a1.size(); ++i) {
1042 unsigned diff = a1[i] ^ a2[i];
1043 if (!diff)
1044 continue;
1045 for (unsigned j = 0; j < CHAR_BIT; ++j) {
1046 if (diff & (1 << (CHAR_BIT - 1)))
1047 return i * CHAR_BIT + j;
1048 diff <<= 1;
1049 }
1050 NOTREACHED();
1051 }
1052 return a1.size() * CHAR_BIT;
1053 }
1054
MaskPrefixLength(const IPAddressNumber & mask)1055 unsigned MaskPrefixLength(const IPAddressNumber& mask) {
1056 IPAddressNumber all_ones(mask.size(), 0xFF);
1057 return CommonPrefixLength(mask, all_ones);
1058 }
1059
~ScopedWifiOptions()1060 ScopedWifiOptions::~ScopedWifiOptions() {
1061 }
1062
1063 } // namespace net
1064