1 /* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */
3 /* GLIB - Library of useful routines for C programming
4 * Copyright (C) 2008 Red Hat, Inc.
6 * SPDX-License-Identifier: LGPL-2.1-or-later
8 * This library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public
10 * License as published by the Free Software Foundation; either
11 * version 2.1 of the License, or (at your option) any later version.
13 * This library is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
18 * You should have received a copy of the GNU Lesser General
19 * Public License along with this library; if not, see <http://www.gnu.org/licenses/>.
23 #include "glibconfig.h"
31 #include "ghostutils.h"
36 #include "gstrfuncs.h"
39 #ifdef G_PLATFORM_WIN32
46 * @short_description: Internet hostname utilities
48 * Functions for manipulating internet hostnames; in particular, for
49 * converting between Unicode and ASCII-encoded forms of
50 * Internationalized Domain Names (IDNs).
53 * [Internationalized Domain Names for Applications (IDNA)](http://www.ietf.org/rfc/rfc3490.txt)
54 * standards allow for the use
55 * of Unicode domain names in applications, while providing
56 * backward-compatibility with the old ASCII-only DNS, by defining an
57 * ASCII-Compatible Encoding of any given Unicode name, which can be
58 * used with non-IDN-aware applications and protocols. (For example,
59 * "Παν語.org" maps to "xn--4wa8awb4637h.org".)
62 #define IDNA_ACE_PREFIX "xn--"
63 #define IDNA_ACE_PREFIX_LEN 4
65 /* Punycode constants, from RFC 3492. */
67 #define PUNYCODE_BASE 36
68 #define PUNYCODE_TMIN 1
69 #define PUNYCODE_TMAX 26
70 #define PUNYCODE_SKEW 38
71 #define PUNYCODE_DAMP 700
72 #define PUNYCODE_INITIAL_BIAS 72
73 #define PUNYCODE_INITIAL_N 0x80
75 #define PUNYCODE_IS_BASIC(cp) ((guint)(cp) < 0x80)
77 /* Encode/decode a single base-36 digit */
79 encode_digit (guint dig)
84 return dig - 26 + '0';
88 decode_digit (gchar dig)
90 if (dig >= 'A' && dig <= 'Z')
92 else if (dig >= 'a' && dig <= 'z')
94 else if (dig >= '0' && dig <= '9')
95 return dig - '0' + 26;
100 /* Punycode bias adaptation algorithm, RFC 3492 section 6.1 */
108 delta = firsttime ? delta / PUNYCODE_DAMP : delta / 2;
109 delta += delta / numpoints;
112 while (delta > ((PUNYCODE_BASE - PUNYCODE_TMIN) * PUNYCODE_TMAX) / 2)
114 delta /= PUNYCODE_BASE - PUNYCODE_TMIN;
118 return k + ((PUNYCODE_BASE - PUNYCODE_TMIN + 1) * delta /
119 (delta + PUNYCODE_SKEW));
122 /* Punycode encoder, RFC 3492 section 6.3. The algorithm is
123 * sufficiently bizarre that it's not really worth trying to explain
127 punycode_encode (const gchar *input_utf8,
128 gsize input_utf8_length,
131 guint delta, handled_chars, num_basic_chars, bias, j, q, k, t, digit;
132 gunichar n, m, *input;
135 gboolean success = FALSE;
137 /* Convert from UTF-8 to Unicode code points */
138 input = g_utf8_to_ucs4 (input_utf8, input_utf8_length, NULL,
139 &written_chars, NULL);
143 input_length = (gsize) (written_chars > 0 ? written_chars : 0);
145 /* Copy basic chars */
146 for (j = num_basic_chars = 0; j < input_length; j++)
148 if (PUNYCODE_IS_BASIC (input[j]))
150 g_string_append_c (output, g_ascii_tolower (input[j]));
155 g_string_append_c (output, '-');
157 handled_chars = num_basic_chars;
159 /* Encode non-basic chars */
161 bias = PUNYCODE_INITIAL_BIAS;
162 n = PUNYCODE_INITIAL_N;
163 while (handled_chars < input_length)
165 /* let m = the minimum {non-basic} code point >= n in the input */
166 for (m = G_MAXUINT, j = 0; j < input_length; j++)
168 if (input[j] >= n && input[j] < m)
172 if (m - n > (G_MAXUINT - delta) / (handled_chars + 1))
174 delta += (m - n) * (handled_chars + 1);
177 for (j = 0; j < input_length; j++)
184 else if (input[j] == n)
187 for (k = PUNYCODE_BASE; ; k += PUNYCODE_BASE)
191 else if (k >= bias + PUNYCODE_TMAX)
197 digit = t + (q - t) % (PUNYCODE_BASE - t);
198 g_string_append_c (output, encode_digit (digit));
199 q = (q - t) / (PUNYCODE_BASE - t);
202 g_string_append_c (output, encode_digit (q));
203 bias = adapt (delta, handled_chars + 1, handled_chars == num_basic_chars);
220 /* From RFC 3454, Table B.1 */
221 #define idna_is_junk(ch) ((ch) == 0x00AD || (ch) == 0x1806 || (ch) == 0x200B || (ch) == 0x2060 || (ch) == 0xFEFF || (ch) == 0x034F || (ch) == 0x180B || (ch) == 0x180C || (ch) == 0x180D || (ch) == 0x200C || (ch) == 0x200D || ((ch) >= 0xFE00 && (ch) <= 0xFE0F))
223 /* Scan @str for "junk" and return a cleaned-up string if any junk
224 * is found. Else return %NULL.
227 remove_junk (const gchar *str,
230 GString *cleaned = NULL;
234 for (p = str; len == -1 ? *p : p < str + len; p = g_utf8_next_char (p))
236 ch = g_utf8_get_char (p);
237 if (idna_is_junk (ch))
241 cleaned = g_string_new (NULL);
242 g_string_append_len (cleaned, str, p - str);
246 g_string_append_unichar (cleaned, ch);
250 return g_string_free (cleaned, FALSE);
255 static inline gboolean
256 contains_uppercase_letters (const gchar *str,
261 for (p = str; len == -1 ? *p : p < str + len; p = g_utf8_next_char (p))
263 if (g_unichar_isupper (g_utf8_get_char (p)))
269 static inline gboolean
270 contains_non_ascii (const gchar *str,
275 for (p = str; len == -1 ? *p : p < str + len; p++)
277 if ((guchar)*p > 0x80)
283 /* RFC 3454, Appendix C. ish. */
284 static inline gboolean
285 idna_is_prohibited (gunichar ch)
287 switch (g_unichar_type (ch))
289 case G_UNICODE_CONTROL:
290 case G_UNICODE_FORMAT:
291 case G_UNICODE_UNASSIGNED:
292 case G_UNICODE_PRIVATE_USE:
293 case G_UNICODE_SURROGATE:
294 case G_UNICODE_LINE_SEPARATOR:
295 case G_UNICODE_PARAGRAPH_SEPARATOR:
296 case G_UNICODE_SPACE_SEPARATOR:
299 case G_UNICODE_OTHER_SYMBOL:
300 if (ch == 0xFFFC || ch == 0xFFFD ||
301 (ch >= 0x2FF0 && ch <= 0x2FFB))
305 case G_UNICODE_NON_SPACING_MARK:
306 if (ch == 0x0340 || ch == 0x0341)
315 /* RFC 3491 IDN cleanup algorithm. */
317 nameprep (const gchar *hostname,
319 gboolean *is_unicode)
321 gchar *name, *tmp = NULL, *p;
323 /* It would be nice if we could do this without repeatedly
324 * allocating strings and converting back and forth between
325 * gunichars and UTF-8... The code does at least avoid doing most of
326 * the sub-operations when they would just be equivalent to a
330 /* Remove presentation-only characters */
331 name = remove_junk (hostname, len);
338 name = (gchar *)hostname;
340 /* Convert to lowercase */
341 if (contains_uppercase_letters (name, len))
343 name = g_utf8_strdown (name, len);
349 /* If there are no UTF8 characters, we're done. */
350 if (!contains_non_ascii (name, len))
353 if (name == (gchar *)hostname)
354 return len == -1 ? g_strdup (hostname) : g_strndup (hostname, len);
362 name = g_utf8_normalize (name, len, G_NORMALIZE_NFKC);
369 /* KC normalization may have created more capital letters (eg,
370 * angstrom -> capital A with ring). So we have to lowercasify a
371 * second time. (This is more-or-less how the nameprep algorithm
372 * does it. If tolower(nfkc(tolower(X))) is guaranteed to be the
373 * same as tolower(nfkc(X)), then we could skip the first tolower,
374 * but I'm not sure it is.)
376 if (contains_uppercase_letters (name, -1))
378 name = g_utf8_strdown (name, -1);
383 /* Check for prohibited characters */
384 for (p = name; *p; p = g_utf8_next_char (p))
386 if (idna_is_prohibited (g_utf8_get_char (p)))
394 /* FIXME: We're supposed to verify certain constraints on bidi
395 * characters, but glib does not appear to have that information.
402 /* RFC 3490, section 3.1 says '.', 0x3002, 0xFF0E, and 0xFF61 count as
403 * label-separating dots. @str must be '\0'-terminated.
405 #define idna_is_dot(str) ( \
406 ((guchar)(str)[0] == '.') || \
407 ((guchar)(str)[0] == 0xE3 && (guchar)(str)[1] == 0x80 && (guchar)(str)[2] == 0x82) || \
408 ((guchar)(str)[0] == 0xEF && (guchar)(str)[1] == 0xBC && (guchar)(str)[2] == 0x8E) || \
409 ((guchar)(str)[0] == 0xEF && (guchar)(str)[1] == 0xBD && (guchar)(str)[2] == 0xA1) )
412 idna_end_of_label (const gchar *str)
414 for (; *str; str = g_utf8_next_char (str))
416 if (idna_is_dot (str))
423 get_hostname_max_length_bytes (void)
425 #if defined(G_OS_WIN32)
426 wchar_t tmp[MAX_COMPUTERNAME_LENGTH];
427 return sizeof (tmp) / sizeof (tmp[0]);
428 #elif defined(_SC_HOST_NAME_MAX)
429 glong max = sysconf (_SC_HOST_NAME_MAX);
434 return HOST_NAME_MAX;
436 return _POSIX_HOST_NAME_MAX;
437 #endif /* HOST_NAME_MAX */
439 /* Fallback to some reasonable value
440 * See https://stackoverflow.com/questions/8724954/what-is-the-maximum-number-of-characters-for-a-host-name-in-unix/28918017#28918017 */
445 /* Returns %TRUE if `strlen (str) > comparison_length`, but without actually
446 * running `strlen(str)`, as that would take a very long time for long
447 * (untrusted) input strings. */
449 strlen_greater_than (const gchar *str,
450 gsize comparison_length)
454 for (i = 0; str[i] != '\0'; i++)
455 if (i > comparison_length)
462 * g_hostname_to_ascii:
463 * @hostname: a valid UTF-8 or ASCII hostname
465 * Converts @hostname to its canonical ASCII form; an ASCII-only
466 * string containing no uppercase letters and not ending with a
469 * Returns: (nullable) (transfer full): an ASCII hostname, which must be freed,
470 * or %NULL if @hostname is in some way invalid.
475 g_hostname_to_ascii (const gchar *hostname)
477 gchar *name, *label, *p;
481 gsize hostname_max_length_bytes = get_hostname_max_length_bytes ();
483 /* Do an initial check on the hostname length, as overlong hostnames take a
484 * long time in the IDN cleanup algorithm in nameprep(). The ultimate
485 * restriction is that the IDN-decoded (i.e. pure ASCII) hostname cannot be
486 * longer than 255 bytes. That’s the least restrictive limit on hostname
487 * length of all the ways hostnames can be interpreted. Typically, the
488 * hostname will be an FQDN, which is limited to 253 bytes long. POSIX
489 * hostnames are limited to `get_hostname_max_length_bytes()` (typically 255
492 * See https://stackoverflow.com/a/28918017/2931197
494 * It’s possible for a hostname to be %-encoded, in which case its decoded
495 * length will be as much as 3× shorter.
497 * It’s also possible for a hostname to use overlong UTF-8 encodings, in which
498 * case its decoded length will be as much as 4× shorter.
500 * Note: This check is not intended as an absolute guarantee that a hostname
501 * is the right length and will be accepted by other systems. It’s intended to
502 * stop wildly-invalid hostnames from taking forever in nameprep().
504 if (hostname_max_length_bytes <= G_MAXSIZE / 4 &&
505 strlen_greater_than (hostname, 4 * MAX (255, hostname_max_length_bytes)))
508 label = name = nameprep (hostname, -1, &unicode);
509 if (!name || !unicode)
512 out = g_string_new (NULL);
517 for (p = label; *p && !idna_is_dot (p); p++)
519 if ((guchar)*p > 0x80)
527 if (!strncmp (label, IDNA_ACE_PREFIX, IDNA_ACE_PREFIX_LEN))
530 g_string_append (out, IDNA_ACE_PREFIX);
531 if (!punycode_encode (label, llen, out))
535 g_string_append_len (out, label, llen);
537 if (out->len - oldlen > 63)
542 label = g_utf8_next_char (label);
544 g_string_append_c (out, '.');
549 return g_string_free (out, FALSE);
553 g_string_free (out, TRUE);
558 * g_hostname_is_non_ascii:
559 * @hostname: a hostname
561 * Tests if @hostname contains Unicode characters. If this returns
562 * %TRUE, you need to encode the hostname with g_hostname_to_ascii()
563 * before using it in non-IDN-aware contexts.
565 * Note that a hostname might contain a mix of encoded and unencoded
566 * segments, and so it is possible for g_hostname_is_non_ascii() and
567 * g_hostname_is_ascii_encoded() to both return %TRUE for a name.
569 * Returns: %TRUE if @hostname contains any non-ASCII characters
574 g_hostname_is_non_ascii (const gchar *hostname)
576 return contains_non_ascii (hostname, -1);
579 /* Punycode decoder, RFC 3492 section 6.2. As with punycode_encode(),
580 * read the RFC if you want to understand what this is actually doing.
583 punycode_decode (const gchar *input,
587 GArray *output_chars;
590 guint oldi, w, k, digit, t;
593 n = PUNYCODE_INITIAL_N;
595 bias = PUNYCODE_INITIAL_BIAS;
597 split = input + input_length - 1;
598 while (split > input && *split != '-')
602 output_chars = g_array_sized_new (FALSE, FALSE, sizeof (gunichar),
604 input_length -= (split - input) + 1;
605 while (input < split)
607 gunichar ch = (gunichar)*input++;
608 if (!PUNYCODE_IS_BASIC (ch))
610 g_array_append_val (output_chars, ch);
615 output_chars = g_array_new (FALSE, FALSE, sizeof (gunichar));
621 for (k = PUNYCODE_BASE; ; k += PUNYCODE_BASE)
625 digit = decode_digit (*input++);
626 if (digit >= PUNYCODE_BASE)
628 if (digit > (G_MAXUINT - i) / w)
633 else if (k >= bias + PUNYCODE_TMAX)
639 if (w > G_MAXUINT / (PUNYCODE_BASE - t))
641 w *= (PUNYCODE_BASE - t);
644 bias = adapt (i - oldi, output_chars->len + 1, oldi == 0);
646 if (i / (output_chars->len + 1) > G_MAXUINT - n)
648 n += i / (output_chars->len + 1);
649 i %= (output_chars->len + 1);
651 g_array_insert_val (output_chars, i++, n);
654 for (i = 0; i < output_chars->len; i++)
655 g_string_append_unichar (output, g_array_index (output_chars, gunichar, i));
656 g_array_free (output_chars, TRUE);
660 g_array_free (output_chars, TRUE);
665 * g_hostname_to_unicode:
666 * @hostname: a valid UTF-8 or ASCII hostname
668 * Converts @hostname to its canonical presentation form; a UTF-8
669 * string in Unicode normalization form C, containing no uppercase
670 * letters, no forbidden characters, and no ASCII-encoded segments,
671 * and not ending with a trailing dot.
673 * Of course if @hostname is not an internationalized hostname, then
674 * the canonical presentation form will be entirely ASCII.
676 * Returns: (nullable) (transfer full): a UTF-8 hostname, which must be freed,
677 * or %NULL if @hostname is in some way invalid.
682 g_hostname_to_unicode (const gchar *hostname)
686 gsize hostname_max_length_bytes = get_hostname_max_length_bytes ();
688 /* See the comment at the top of g_hostname_to_ascii(). */
689 if (hostname_max_length_bytes <= G_MAXSIZE / 4 &&
690 strlen_greater_than (hostname, 4 * MAX (255, hostname_max_length_bytes)))
693 out = g_string_new (NULL);
697 llen = idna_end_of_label (hostname) - hostname;
698 if (!g_ascii_strncasecmp (hostname, IDNA_ACE_PREFIX, IDNA_ACE_PREFIX_LEN))
700 hostname += IDNA_ACE_PREFIX_LEN;
701 llen -= IDNA_ACE_PREFIX_LEN;
702 if (!punycode_decode (hostname, llen, out))
704 g_string_free (out, TRUE);
711 gchar *canonicalized = nameprep (hostname, llen, &unicode);
715 g_string_free (out, TRUE);
718 g_string_append (out, canonicalized);
719 g_free (canonicalized);
724 hostname = g_utf8_next_char (hostname);
726 g_string_append_c (out, '.');
730 return g_string_free (out, FALSE);
734 * g_hostname_is_ascii_encoded:
735 * @hostname: a hostname
737 * Tests if @hostname contains segments with an ASCII-compatible
738 * encoding of an Internationalized Domain Name. If this returns
739 * %TRUE, you should decode the hostname with g_hostname_to_unicode()
740 * before displaying it to the user.
742 * Note that a hostname might contain a mix of encoded and unencoded
743 * segments, and so it is possible for g_hostname_is_non_ascii() and
744 * g_hostname_is_ascii_encoded() to both return %TRUE for a name.
746 * Returns: %TRUE if @hostname contains any ASCII-encoded
752 g_hostname_is_ascii_encoded (const gchar *hostname)
756 if (!g_ascii_strncasecmp (hostname, IDNA_ACE_PREFIX, IDNA_ACE_PREFIX_LEN))
758 hostname = idna_end_of_label (hostname);
760 hostname = g_utf8_next_char (hostname);
767 * g_hostname_is_ip_address:
768 * @hostname: a hostname (or IP address in string form)
770 * Tests if @hostname is the string form of an IPv4 or IPv6 address.
771 * (Eg, "192.168.0.1".)
773 * Since 2.66, IPv6 addresses with a zone-id are accepted (RFC6874).
775 * Returns: %TRUE if @hostname is an IP address
780 g_hostname_is_ip_address (const gchar *hostname)
783 gint nsegments, octet;
785 /* On Linux we could implement this using inet_pton, but the Windows
786 * equivalent of that requires linking against winsock, so we just
787 * figure this out ourselves. Tested by tests/hostutils.c.
790 p = (char *)hostname;
796 /* If it contains a ':', it's an IPv6 address (assuming it's an
797 * IP address at all). This consists of eight ':'-separated
798 * segments, each containing a 1-4 digit hex number, except that
799 * optionally: (a) the last two segments can be replaced by an
800 * IPv4 address, and (b) a single span of 1 to 8 "0000" segments
801 * can be replaced with just "::".
806 while (*p && *p != '%' && nsegments < 8)
808 /* Each segment after the first must be preceded by a ':'.
809 * (We also handle half of the "string starts with ::" case
812 if (p != (char *)hostname || (p[0] == ':' && p[1] == ':'))
819 /* If there's another ':', it means we're skipping some segments */
820 if (*p == ':' && !skipped)
825 /* Handle the "string ends with ::" case */
832 /* Read the segment, make sure it's valid. */
833 for (end = p; g_ascii_isxdigit (*end); end++)
835 if (end == p || end > p + 4)
840 if ((nsegments == 6 && !skipped) || (nsegments <= 6 && skipped))
850 return (!*p || (p[0] == '%' && p[1])) && (nsegments == 8 || skipped);
855 /* Parse IPv4: N.N.N.N, where each N <= 255 and doesn't have leading 0s. */
856 for (nsegments = 0; nsegments < 4; nsegments++)
865 /* Check the segment; a little tricker than the IPv6 case since
866 * we can't allow extra leading 0s, and we can't assume that all
867 * strings of valid length are within range.
874 for (end = p; g_ascii_isdigit (*end); end++)
876 octet = 10 * octet + (*end - '0');
882 if (end == p || end > p + 3 || octet > 255)
888 /* If there's nothing left to parse, then it's ok. */