1 /* dnsmasq is Copyright (c) 2000-2022 Simon Kelley
3 This program is free software; you can redistribute it and/or modify
4 it under the terms of the GNU General Public License as published by
5 the Free Software Foundation; version 2 dated June, 1991, or
6 (at your option) version 3 dated 29 June, 2007.
8 This program is distributed in the hope that it will be useful,
9 but WITHOUT ANY WARRANTY; without even the implied warranty of
10 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 GNU General Public License for more details.
13 You should have received a copy of the GNU General Public License
14 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 my_syslog(LOG_DEBUG, __VA_ARGS__); \
26 #define ASSERT(condition) \
29 my_syslog(LOG_ERR, _("[pattern.c:%d] Assertion failure: %s"), __LINE__, #condition); \
33 * Determines whether a given string value matches against a glob pattern
34 * which may contain zero-or-more-character wildcards denoted by '*'.
36 * Based on "Glob Matching Can Be Simple And Fast Too" by Russ Cox,
37 * See https://research.swtch.com/glob
39 * @param value A string value.
40 * @param num_value_bytes The number of bytes of the string value.
41 * @param pattern A glob pattern.
42 * @param num_pattern_bytes The number of bytes of the glob pattern.
44 * @return 1 If the provided value matches against the glob pattern.
45 * @return 0 Otherwise.
47 static int is_string_matching_glob_pattern(
49 size_t num_value_bytes,
51 size_t num_pattern_bytes)
56 size_t value_index = 0;
57 size_t next_value_index = 0;
58 size_t pattern_index = 0;
59 size_t next_pattern_index = 0;
60 while (value_index < num_value_bytes || pattern_index < num_pattern_bytes)
62 if (pattern_index < num_pattern_bytes)
64 char pattern_character = pattern[pattern_index];
65 if ('a' <= pattern_character && pattern_character <= 'z')
66 pattern_character -= 'a' - 'A';
67 if (pattern_character == '*')
69 /* zero-or-more-character wildcard */
70 /* Try to match at value_index, otherwise restart at value_index + 1 next. */
71 next_pattern_index = pattern_index;
73 if (value_index < num_value_bytes)
74 next_value_index = value_index + 1;
81 /* ordinary character */
82 if (value_index < num_value_bytes)
84 char value_character = value[value_index];
85 if ('a' <= value_character && value_character <= 'z')
86 value_character -= 'a' - 'A';
87 if (value_character == pattern_character)
98 pattern_index = next_pattern_index;
99 value_index = next_value_index;
108 * Determines whether a given string value represents a valid DNS name.
110 * - DNS names must adhere to RFC 1123: 1 to 253 characters in length, consisting of a sequence of labels
111 * delimited by dots ("."). Each label must be 1 to 63 characters in length, contain only
112 * ASCII letters ("a"-"Z"), digits ("0"-"9"), or hyphens ("-") and must not start or end with a hyphen.
114 * - A valid name must be fully qualified, i.e., consist of at least two labels.
115 * The final label must not be fully numeric, and must not be the "local" pseudo-TLD.
118 * Valid: "example.com"
119 * Invalid: "ipcamera", "ipcamera.local", "8.8.8.8"
121 * @param value A string value.
123 * @return 1 If the provided string value is a valid DNS name.
124 * @return 0 Otherwise.
126 int is_valid_dns_name(const char *value)
130 size_t num_bytes = 0;
131 size_t num_labels = 0;
132 const char *c, *label = NULL;
133 int is_label_numeric = 1;
134 for (c = value;; c++)
137 *c != '-' && *c != '.' &&
138 (*c < '0' || *c > '9') &&
139 (*c < 'A' || *c > 'Z') &&
140 (*c < 'a' || *c > 'z'))
142 LOG(_("Invalid DNS name: Invalid character %c."), *c);
149 if (!*c || *c == '.')
151 LOG(_("Invalid DNS name: Empty label."));
156 LOG(_("Invalid DNS name: Label starts with hyphen."));
163 if (*c < '0' || *c > '9')
164 is_label_numeric = 0;
170 LOG(_("Invalid DNS name: Label ends with hyphen."));
173 size_t num_label_bytes = (size_t) (c - label);
174 if (num_label_bytes > 63)
176 LOG(_("Invalid DNS name: Label is too long (%zu)."), num_label_bytes);
184 LOG(_("Invalid DNS name: Not enough labels (%zu)."), num_labels);
187 if (is_label_numeric)
189 LOG(_("Invalid DNS name: Final label is fully numeric."));
192 if (num_label_bytes == 5 &&
193 (label[0] == 'l' || label[0] == 'L') &&
194 (label[1] == 'o' || label[1] == 'O') &&
195 (label[2] == 'c' || label[2] == 'C') &&
196 (label[3] == 'a' || label[3] == 'A') &&
197 (label[4] == 'l' || label[4] == 'L'))
199 LOG(_("Invalid DNS name: \"local\" pseudo-TLD."));
202 if (num_bytes < 1 || num_bytes > 253)
204 LOG(_("DNS name has invalid length (%zu)."), num_bytes);
210 is_label_numeric = 1;
216 * Determines whether a given string value represents a valid DNS name pattern.
218 * - DNS names must adhere to RFC 1123: 1 to 253 characters in length, consisting of a sequence of labels
219 * delimited by dots ("."). Each label must be 1 to 63 characters in length, contain only
220 * ASCII letters ("a"-"Z"), digits ("0"-"9"), or hyphens ("-") and must not start or end with a hyphen.
222 * - Patterns follow the syntax of DNS names, but additionally allow the wildcard character "*" to be used up to
223 * twice per label to match 0 or more characters within that label. Note that the wildcard never matches a dot
224 * (e.g., "*.example.com" matches "api.example.com" but not "api.us.example.com").
226 * - A valid name or pattern must be fully qualified, i.e., consist of at least two labels.
227 * The final label must not be fully numeric, and must not be the "local" pseudo-TLD.
228 * A pattern must end with at least two literal (non-wildcard) labels.
231 * Valid: "example.com", "*.example.com", "video*.example.com", "api*.*.example.com", "*-prod-*.example.com"
232 * Invalid: "ipcamera", "ipcamera.local", "*", "*.com", "8.8.8.8"
234 * @param value A string value.
236 * @return 1 If the provided string value is a valid DNS name pattern.
237 * @return 0 Otherwise.
239 int is_valid_dns_name_pattern(const char *value)
243 size_t num_bytes = 0;
244 size_t num_labels = 0;
245 const char *c, *label = NULL;
246 int is_label_numeric = 1;
247 size_t num_wildcards = 0;
248 int previous_label_has_wildcard = 1;
249 for (c = value;; c++)
252 *c != '*' && /* Wildcard. */
253 *c != '-' && *c != '.' &&
254 (*c < '0' || *c > '9') &&
255 (*c < 'A' || *c > 'Z') &&
256 (*c < 'a' || *c > 'z'))
258 LOG(_("Invalid DNS name pattern: Invalid character %c."), *c);
265 if (!*c || *c == '.')
267 LOG(_("Invalid DNS name pattern: Empty label."));
272 LOG(_("Invalid DNS name pattern: Label starts with hyphen."));
279 if (*c < '0' || *c > '9')
280 is_label_numeric = 0;
283 if (num_wildcards >= 2)
285 LOG(_("Invalid DNS name pattern: Wildcard character used more than twice per label."));
295 LOG(_("Invalid DNS name pattern: Label ends with hyphen."));
298 size_t num_label_bytes = (size_t) (c - label) - num_wildcards;
299 if (num_label_bytes > 63)
301 LOG(_("Invalid DNS name pattern: Label is too long (%zu)."), num_label_bytes);
309 LOG(_("Invalid DNS name pattern: Not enough labels (%zu)."), num_labels);
312 if (num_wildcards != 0 || previous_label_has_wildcard)
314 LOG(_("Invalid DNS name pattern: Wildcard within final two labels."));
317 if (is_label_numeric)
319 LOG(_("Invalid DNS name pattern: Final label is fully numeric."));
322 if (num_label_bytes == 5 &&
323 (label[0] == 'l' || label[0] == 'L') &&
324 (label[1] == 'o' || label[1] == 'O') &&
325 (label[2] == 'c' || label[2] == 'C') &&
326 (label[3] == 'a' || label[3] == 'A') &&
327 (label[4] == 'l' || label[4] == 'L'))
329 LOG(_("Invalid DNS name pattern: \"local\" pseudo-TLD."));
332 if (num_bytes < 1 || num_bytes > 253)
334 LOG(_("DNS name pattern has invalid length after removing wildcards (%zu)."), num_bytes);
340 is_label_numeric = 1;
341 previous_label_has_wildcard = num_wildcards != 0;
348 * Determines whether a given DNS name matches against a DNS name pattern.
350 * @param name A valid DNS name.
351 * @param pattern A valid DNS name pattern.
353 * @return 1 If the provided DNS name matches against the DNS name pattern.
354 * @return 0 Otherwise.
356 int is_dns_name_matching_pattern(const char *name, const char *pattern)
359 ASSERT(is_valid_dns_name(name));
361 ASSERT(is_valid_dns_name_pattern(pattern));
363 const char *n = name;
364 const char *p = pattern;
367 const char *name_label = n;
368 while (*n && *n != '.')
370 const char *pattern_label = p;
371 while (*p && *p != '.')
373 if (!is_string_matching_glob_pattern(
374 name_label, (size_t) (n - name_label),
375 pattern_label, (size_t) (p - pattern_label)))