1 /* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */
3 /* GLIB - Library of useful routines for C programming
4 * Copyright (C) 2008 Red Hat, Inc.
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General
17 * Public License along with this library; if not, see <http://www.gnu.org/licenses/>.
28 #include "ghostutils.h"
33 #include "gstrfuncs.h"
36 #ifdef G_PLATFORM_WIN32
43 * @short_description: Internet hostname utilities
45 * Functions for manipulating internet hostnames; in particular, for
46 * converting between Unicode and ASCII-encoded forms of
47 * Internationalized Domain Names (IDNs).
50 * [Internationalized Domain Names for Applications (IDNA)](http://www.ietf.org/rfc/rfc3490.txt)
51 * standards allow for the use
52 * of Unicode domain names in applications, while providing
53 * backward-compatibility with the old ASCII-only DNS, by defining an
54 * ASCII-Compatible Encoding of any given Unicode name, which can be
55 * used with non-IDN-aware applications and protocols. (For example,
56 * "Παν語.org" maps to "xn--4wa8awb4637h.org".)
59 #define IDNA_ACE_PREFIX "xn--"
60 #define IDNA_ACE_PREFIX_LEN 4
62 /* Punycode constants, from RFC 3492. */
64 #define PUNYCODE_BASE 36
65 #define PUNYCODE_TMIN 1
66 #define PUNYCODE_TMAX 26
67 #define PUNYCODE_SKEW 38
68 #define PUNYCODE_DAMP 700
69 #define PUNYCODE_INITIAL_BIAS 72
70 #define PUNYCODE_INITIAL_N 0x80
72 #define PUNYCODE_IS_BASIC(cp) ((guint)(cp) < 0x80)
74 /* Encode/decode a single base-36 digit */
76 encode_digit (guint dig)
81 return dig - 26 + '0';
85 decode_digit (gchar dig)
87 if (dig >= 'A' && dig <= 'Z')
89 else if (dig >= 'a' && dig <= 'z')
91 else if (dig >= '0' && dig <= '9')
92 return dig - '0' + 26;
97 /* Punycode bias adaptation algorithm, RFC 3492 section 6.1 */
105 delta = firsttime ? delta / PUNYCODE_DAMP : delta / 2;
106 delta += delta / numpoints;
109 while (delta > ((PUNYCODE_BASE - PUNYCODE_TMIN) * PUNYCODE_TMAX) / 2)
111 delta /= PUNYCODE_BASE - PUNYCODE_TMIN;
115 return k + ((PUNYCODE_BASE - PUNYCODE_TMIN + 1) * delta /
116 (delta + PUNYCODE_SKEW));
119 /* Punycode encoder, RFC 3492 section 6.3. The algorithm is
120 * sufficiently bizarre that it's not really worth trying to explain
124 punycode_encode (const gchar *input_utf8,
125 gsize input_utf8_length,
128 guint delta, handled_chars, num_basic_chars, bias, j, q, k, t, digit;
129 gunichar n, m, *input;
131 gboolean success = FALSE;
133 /* Convert from UTF-8 to Unicode code points */
134 input = g_utf8_to_ucs4 (input_utf8, input_utf8_length, NULL,
135 &input_length, NULL);
139 /* Copy basic chars */
140 for (j = num_basic_chars = 0; j < input_length; j++)
142 if (PUNYCODE_IS_BASIC (input[j]))
144 g_string_append_c (output, g_ascii_tolower (input[j]));
149 g_string_append_c (output, '-');
151 handled_chars = num_basic_chars;
153 /* Encode non-basic chars */
155 bias = PUNYCODE_INITIAL_BIAS;
156 n = PUNYCODE_INITIAL_N;
157 while (handled_chars < input_length)
159 /* let m = the minimum {non-basic} code point >= n in the input */
160 for (m = G_MAXUINT, j = 0; j < input_length; j++)
162 if (input[j] >= n && input[j] < m)
166 if (m - n > (G_MAXUINT - delta) / (handled_chars + 1))
168 delta += (m - n) * (handled_chars + 1);
171 for (j = 0; j < input_length; j++)
178 else if (input[j] == n)
181 for (k = PUNYCODE_BASE; ; k += PUNYCODE_BASE)
185 else if (k >= bias + PUNYCODE_TMAX)
191 digit = t + (q - t) % (PUNYCODE_BASE - t);
192 g_string_append_c (output, encode_digit (digit));
193 q = (q - t) / (PUNYCODE_BASE - t);
196 g_string_append_c (output, encode_digit (q));
197 bias = adapt (delta, handled_chars + 1, handled_chars == num_basic_chars);
214 /* From RFC 3454, Table B.1 */
215 #define idna_is_junk(ch) ((ch) == 0x00AD || (ch) == 0x1806 || (ch) == 0x200B || (ch) == 0x2060 || (ch) == 0xFEFF || (ch) == 0x034F || (ch) == 0x180B || (ch) == 0x180C || (ch) == 0x180D || (ch) == 0x200C || (ch) == 0x200D || ((ch) >= 0xFE00 && (ch) <= 0xFE0F))
217 /* Scan @str for "junk" and return a cleaned-up string if any junk
218 * is found. Else return %NULL.
221 remove_junk (const gchar *str,
224 GString *cleaned = NULL;
228 for (p = str; len == -1 ? *p : p < str + len; p = g_utf8_next_char (p))
230 ch = g_utf8_get_char (p);
231 if (idna_is_junk (ch))
235 cleaned = g_string_new (NULL);
236 g_string_append_len (cleaned, str, p - str);
240 g_string_append_unichar (cleaned, ch);
244 return g_string_free (cleaned, FALSE);
249 static inline gboolean
250 contains_uppercase_letters (const gchar *str,
255 for (p = str; len == -1 ? *p : p < str + len; p = g_utf8_next_char (p))
257 if (g_unichar_isupper (g_utf8_get_char (p)))
263 static inline gboolean
264 contains_non_ascii (const gchar *str,
269 for (p = str; len == -1 ? *p : p < str + len; p++)
271 if ((guchar)*p > 0x80)
277 /* RFC 3454, Appendix C. ish. */
278 static inline gboolean
279 idna_is_prohibited (gunichar ch)
281 switch (g_unichar_type (ch))
283 case G_UNICODE_CONTROL:
284 case G_UNICODE_FORMAT:
285 case G_UNICODE_UNASSIGNED:
286 case G_UNICODE_PRIVATE_USE:
287 case G_UNICODE_SURROGATE:
288 case G_UNICODE_LINE_SEPARATOR:
289 case G_UNICODE_PARAGRAPH_SEPARATOR:
290 case G_UNICODE_SPACE_SEPARATOR:
293 case G_UNICODE_OTHER_SYMBOL:
294 if (ch == 0xFFFC || ch == 0xFFFD ||
295 (ch >= 0x2FF0 && ch <= 0x2FFB))
299 case G_UNICODE_NON_SPACING_MARK:
300 if (ch == 0x0340 || ch == 0x0341)
309 /* RFC 3491 IDN cleanup algorithm. */
311 nameprep (const gchar *hostname,
313 gboolean *is_unicode)
315 gchar *name, *tmp = NULL, *p;
317 /* It would be nice if we could do this without repeatedly
318 * allocating strings and converting back and forth between
319 * gunichars and UTF-8... The code does at least avoid doing most of
320 * the sub-operations when they would just be equivalent to a
324 /* Remove presentation-only characters */
325 name = remove_junk (hostname, len);
332 name = (gchar *)hostname;
334 /* Convert to lowercase */
335 if (contains_uppercase_letters (name, len))
337 name = g_utf8_strdown (name, len);
343 /* If there are no UTF8 characters, we're done. */
344 if (!contains_non_ascii (name, len))
347 if (name == (gchar *)hostname)
348 return len == -1 ? g_strdup (hostname) : g_strndup (hostname, len);
356 name = g_utf8_normalize (name, len, G_NORMALIZE_NFKC);
363 /* KC normalization may have created more capital letters (eg,
364 * angstrom -> capital A with ring). So we have to lowercasify a
365 * second time. (This is more-or-less how the nameprep algorithm
366 * does it. If tolower(nfkc(tolower(X))) is guaranteed to be the
367 * same as tolower(nfkc(X)), then we could skip the first tolower,
368 * but I'm not sure it is.)
370 if (contains_uppercase_letters (name, -1))
372 name = g_utf8_strdown (name, -1);
377 /* Check for prohibited characters */
378 for (p = name; *p; p = g_utf8_next_char (p))
380 if (idna_is_prohibited (g_utf8_get_char (p)))
388 /* FIXME: We're supposed to verify certain constraints on bidi
389 * characters, but glib does not appear to have that information.
396 /* RFC 3490, section 3.1 says '.', 0x3002, 0xFF0E, and 0xFF61 count as
397 * label-separating dots. @str must be '\0'-terminated.
399 #define idna_is_dot(str) ( \
400 ((guchar)(str)[0] == '.') || \
401 ((guchar)(str)[0] == 0xE3 && (guchar)(str)[1] == 0x80 && (guchar)(str)[2] == 0x82) || \
402 ((guchar)(str)[0] == 0xEF && (guchar)(str)[1] == 0xBC && (guchar)(str)[2] == 0x8E) || \
403 ((guchar)(str)[0] == 0xEF && (guchar)(str)[1] == 0xBD && (guchar)(str)[2] == 0xA1) )
406 idna_end_of_label (const gchar *str)
408 for (; *str; str = g_utf8_next_char (str))
410 if (idna_is_dot (str))
417 get_hostname_max_length_bytes (void)
419 #if defined(G_OS_WIN32)
420 wchar_t tmp[MAX_COMPUTERNAME_LENGTH];
421 return sizeof (tmp) / sizeof (tmp[0]);
422 #elif defined(_SC_HOST_NAME_MAX)
423 glong max = sysconf (_SC_HOST_NAME_MAX);
428 return HOST_NAME_MAX;
430 return _POSIX_HOST_NAME_MAX;
431 #endif /* HOST_NAME_MAX */
433 /* Fallback to some reasonable value
434 * See https://stackoverflow.com/questions/8724954/what-is-the-maximum-number-of-characters-for-a-host-name-in-unix/28918017#28918017 */
439 /* Returns %TRUE if `strlen (str) > comparison_length`, but without actually
440 * running `strlen(str)`, as that would take a very long time for long
441 * (untrusted) input strings. */
443 strlen_greater_than (const gchar *str,
444 gsize comparison_length)
448 for (i = 0; str[i] != '\0'; i++)
449 if (i > comparison_length)
456 * g_hostname_to_ascii:
457 * @hostname: a valid UTF-8 or ASCII hostname
459 * Converts @hostname to its canonical ASCII form; an ASCII-only
460 * string containing no uppercase letters and not ending with a
463 * Returns: (nullable) (transfer full): an ASCII hostname, which must be freed,
464 * or %NULL if @hostname is in some way invalid.
469 g_hostname_to_ascii (const gchar *hostname)
471 gchar *name, *label, *p;
475 gsize hostname_max_length_bytes = get_hostname_max_length_bytes ();
477 /* Do an initial check on the hostname length, as overlong hostnames take a
478 * long time in the IDN cleanup algorithm in nameprep(). The ultimate
479 * restriction is that the IDN-decoded (i.e. pure ASCII) hostname cannot be
480 * longer than 255 bytes. That’s the least restrictive limit on hostname
481 * length of all the ways hostnames can be interpreted. Typically, the
482 * hostname will be an FQDN, which is limited to 253 bytes long. POSIX
483 * hostnames are limited to `get_hostname_max_length_bytes()` (typically 255
486 * See https://stackoverflow.com/a/28918017/2931197
488 * It’s possible for a hostname to be %-encoded, in which case its decoded
489 * length will be as much as 3× shorter.
491 * It’s also possible for a hostname to use overlong UTF-8 encodings, in which
492 * case its decoded length will be as much as 4× shorter.
494 * Note: This check is not intended as an absolute guarantee that a hostname
495 * is the right length and will be accepted by other systems. It’s intended to
496 * stop wildly-invalid hostnames from taking forever in nameprep().
498 if (hostname_max_length_bytes <= G_MAXSIZE / 4 &&
499 strlen_greater_than (hostname, 4 * MAX (255, hostname_max_length_bytes)))
502 label = name = nameprep (hostname, -1, &unicode);
503 if (!name || !unicode)
506 out = g_string_new (NULL);
511 for (p = label; *p && !idna_is_dot (p); p++)
513 if ((guchar)*p > 0x80)
521 if (!strncmp (label, IDNA_ACE_PREFIX, IDNA_ACE_PREFIX_LEN))
524 g_string_append (out, IDNA_ACE_PREFIX);
525 if (!punycode_encode (label, llen, out))
529 g_string_append_len (out, label, llen);
531 if (out->len - oldlen > 63)
536 label = g_utf8_next_char (label);
538 g_string_append_c (out, '.');
543 return g_string_free (out, FALSE);
547 g_string_free (out, TRUE);
552 * g_hostname_is_non_ascii:
553 * @hostname: a hostname
555 * Tests if @hostname contains Unicode characters. If this returns
556 * %TRUE, you need to encode the hostname with g_hostname_to_ascii()
557 * before using it in non-IDN-aware contexts.
559 * Note that a hostname might contain a mix of encoded and unencoded
560 * segments, and so it is possible for g_hostname_is_non_ascii() and
561 * g_hostname_is_ascii_encoded() to both return %TRUE for a name.
563 * Returns: %TRUE if @hostname contains any non-ASCII characters
568 g_hostname_is_non_ascii (const gchar *hostname)
570 return contains_non_ascii (hostname, -1);
573 /* Punycode decoder, RFC 3492 section 6.2. As with punycode_encode(),
574 * read the RFC if you want to understand what this is actually doing.
577 punycode_decode (const gchar *input,
581 GArray *output_chars;
584 guint oldi, w, k, digit, t;
587 n = PUNYCODE_INITIAL_N;
589 bias = PUNYCODE_INITIAL_BIAS;
591 split = input + input_length - 1;
592 while (split > input && *split != '-')
596 output_chars = g_array_sized_new (FALSE, FALSE, sizeof (gunichar),
598 input_length -= (split - input) + 1;
599 while (input < split)
601 gunichar ch = (gunichar)*input++;
602 if (!PUNYCODE_IS_BASIC (ch))
604 g_array_append_val (output_chars, ch);
609 output_chars = g_array_new (FALSE, FALSE, sizeof (gunichar));
615 for (k = PUNYCODE_BASE; ; k += PUNYCODE_BASE)
619 digit = decode_digit (*input++);
620 if (digit >= PUNYCODE_BASE)
622 if (digit > (G_MAXUINT - i) / w)
627 else if (k >= bias + PUNYCODE_TMAX)
633 if (w > G_MAXUINT / (PUNYCODE_BASE - t))
635 w *= (PUNYCODE_BASE - t);
638 bias = adapt (i - oldi, output_chars->len + 1, oldi == 0);
640 if (i / (output_chars->len + 1) > G_MAXUINT - n)
642 n += i / (output_chars->len + 1);
643 i %= (output_chars->len + 1);
645 g_array_insert_val (output_chars, i++, n);
648 for (i = 0; i < output_chars->len; i++)
649 g_string_append_unichar (output, g_array_index (output_chars, gunichar, i));
650 g_array_free (output_chars, TRUE);
654 g_array_free (output_chars, TRUE);
659 * g_hostname_to_unicode:
660 * @hostname: a valid UTF-8 or ASCII hostname
662 * Converts @hostname to its canonical presentation form; a UTF-8
663 * string in Unicode normalization form C, containing no uppercase
664 * letters, no forbidden characters, and no ASCII-encoded segments,
665 * and not ending with a trailing dot.
667 * Of course if @hostname is not an internationalized hostname, then
668 * the canonical presentation form will be entirely ASCII.
670 * Returns: (nullable) (transfer full): a UTF-8 hostname, which must be freed,
671 * or %NULL if @hostname is in some way invalid.
676 g_hostname_to_unicode (const gchar *hostname)
680 gsize hostname_max_length_bytes = get_hostname_max_length_bytes ();
682 /* See the comment at the top of g_hostname_to_ascii(). */
683 if (hostname_max_length_bytes <= G_MAXSIZE / 4 &&
684 strlen_greater_than (hostname, 4 * MAX (255, hostname_max_length_bytes)))
687 out = g_string_new (NULL);
691 llen = idna_end_of_label (hostname) - hostname;
692 if (!g_ascii_strncasecmp (hostname, IDNA_ACE_PREFIX, IDNA_ACE_PREFIX_LEN))
694 hostname += IDNA_ACE_PREFIX_LEN;
695 llen -= IDNA_ACE_PREFIX_LEN;
696 if (!punycode_decode (hostname, llen, out))
698 g_string_free (out, TRUE);
705 gchar *canonicalized = nameprep (hostname, llen, &unicode);
709 g_string_free (out, TRUE);
712 g_string_append (out, canonicalized);
713 g_free (canonicalized);
718 hostname = g_utf8_next_char (hostname);
720 g_string_append_c (out, '.');
724 return g_string_free (out, FALSE);
728 * g_hostname_is_ascii_encoded:
729 * @hostname: a hostname
731 * Tests if @hostname contains segments with an ASCII-compatible
732 * encoding of an Internationalized Domain Name. If this returns
733 * %TRUE, you should decode the hostname with g_hostname_to_unicode()
734 * before displaying it to the user.
736 * Note that a hostname might contain a mix of encoded and unencoded
737 * segments, and so it is possible for g_hostname_is_non_ascii() and
738 * g_hostname_is_ascii_encoded() to both return %TRUE for a name.
740 * Returns: %TRUE if @hostname contains any ASCII-encoded
746 g_hostname_is_ascii_encoded (const gchar *hostname)
750 if (!g_ascii_strncasecmp (hostname, IDNA_ACE_PREFIX, IDNA_ACE_PREFIX_LEN))
752 hostname = idna_end_of_label (hostname);
754 hostname = g_utf8_next_char (hostname);
761 * g_hostname_is_ip_address:
762 * @hostname: a hostname (or IP address in string form)
764 * Tests if @hostname is the string form of an IPv4 or IPv6 address.
765 * (Eg, "192.168.0.1".)
767 * Since 2.66, IPv6 addresses with a zone-id are accepted (RFC6874).
769 * Returns: %TRUE if @hostname is an IP address
774 g_hostname_is_ip_address (const gchar *hostname)
777 gint nsegments, octet;
779 /* On Linux we could implement this using inet_pton, but the Windows
780 * equivalent of that requires linking against winsock, so we just
781 * figure this out ourselves. Tested by tests/hostutils.c.
784 p = (char *)hostname;
790 /* If it contains a ':', it's an IPv6 address (assuming it's an
791 * IP address at all). This consists of eight ':'-separated
792 * segments, each containing a 1-4 digit hex number, except that
793 * optionally: (a) the last two segments can be replaced by an
794 * IPv4 address, and (b) a single span of 1 to 8 "0000" segments
795 * can be replaced with just "::".
800 while (*p && *p != '%' && nsegments < 8)
802 /* Each segment after the first must be preceded by a ':'.
803 * (We also handle half of the "string starts with ::" case
806 if (p != (char *)hostname || (p[0] == ':' && p[1] == ':'))
813 /* If there's another ':', it means we're skipping some segments */
814 if (*p == ':' && !skipped)
819 /* Handle the "string ends with ::" case */
826 /* Read the segment, make sure it's valid. */
827 for (end = p; g_ascii_isxdigit (*end); end++)
829 if (end == p || end > p + 4)
834 if ((nsegments == 6 && !skipped) || (nsegments <= 6 && skipped))
844 return (!*p || (p[0] == '%' && p[1])) && (nsegments == 8 || skipped);
849 /* Parse IPv4: N.N.N.N, where each N <= 255 and doesn't have leading 0s. */
850 for (nsegments = 0; nsegments < 4; nsegments++)
859 /* Check the segment; a little tricker than the IPv6 case since
860 * we can't allow extra leading 0s, and we can't assume that all
861 * strings of valid length are within range.
868 for (end = p; g_ascii_isdigit (*end); end++)
870 octet = 10 * octet + (*end - '0');
876 if (end == p || end > p + 3 || octet > 255)
882 /* If there's nothing left to parse, then it's ok. */