1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "net/base/net_util.h"
11 #include "build/build_config.h"
17 #pragma comment(lib, "iphlpapi.lib")
18 #elif defined(OS_POSIX)
20 #if !defined(OS_ANDROID)
25 #include <netinet/in.h>
28 #include "base/basictypes.h"
29 #include "base/file_util.h"
30 #include "base/files/file_path.h"
31 #include "base/i18n/file_util_icu.h"
32 #include "base/i18n/icu_string_conversions.h"
33 #include "base/i18n/time_formatting.h"
34 #include "base/json/string_escape.h"
35 #include "base/lazy_instance.h"
36 #include "base/logging.h"
37 #include "base/memory/singleton.h"
38 #include "base/message_loop/message_loop.h"
39 #include "base/metrics/histogram.h"
40 #include "base/path_service.h"
41 #include "base/stl_util.h"
42 #include "base/strings/string_number_conversions.h"
43 #include "base/strings/string_piece.h"
44 #include "base/strings/string_split.h"
45 #include "base/strings/string_tokenizer.h"
46 #include "base/strings/string_util.h"
47 #include "base/strings/stringprintf.h"
48 #include "base/strings/sys_string_conversions.h"
49 #include "base/strings/utf_offset_string_conversions.h"
50 #include "base/strings/utf_string_conversions.h"
51 #include "base/synchronization/lock.h"
52 #include "base/sys_byteorder.h"
53 #include "base/time/time.h"
54 #include "base/values.h"
55 #include "grit/net_resources.h"
57 #include "url/url_canon.h"
58 #include "url/url_canon_ip.h"
59 #include "url/url_parse.h"
60 #if defined(OS_ANDROID)
61 #include "net/android/network_library.h"
63 #include "net/base/dns_util.h"
64 #include "net/base/escape.h"
65 #include "net/base/mime_util.h"
66 #include "net/base/net_module.h"
67 #include "net/base/registry_controlled_domains/registry_controlled_domain.h"
69 #include "net/base/winsock_init.h"
71 #include "net/http/http_content_disposition.h"
72 #include "third_party/icu/source/common/unicode/uidna.h"
73 #include "third_party/icu/source/common/unicode/uniset.h"
74 #include "third_party/icu/source/common/unicode/uscript.h"
75 #include "third_party/icu/source/common/unicode/uset.h"
76 #include "third_party/icu/source/i18n/unicode/datefmt.h"
77 #include "third_party/icu/source/i18n/unicode/regex.h"
78 #include "third_party/icu/source/i18n/unicode/ulocdata.h"
86 typedef std::vector<size_t> Offsets;
88 // what we prepend to get a file URL
89 static const base::FilePath::CharType kFileURLPrefix[] =
90 FILE_PATH_LITERAL("file:///");
92 // The general list of blocked ports. Will be blocked unless a specific
93 // protocol overrides it. (Ex: ftp can use ports 20 and 21)
94 static const int kRestrictedPorts[] = {
128 135, // loc-srv /epmap
151 3659, // apple-sasl / PasswordServer
154 6665, // Alternate IRC [Apple addition]
155 6666, // Alternate IRC [Apple addition]
156 6667, // Standard IRC [Apple addition]
157 6668, // Alternate IRC [Apple addition]
158 6669, // Alternate IRC [Apple addition]
159 0xFFFF, // Used to block all invalid port numbers (see
160 // third_party/WebKit/Source/WebCore/platform/KURLGoogle.cpp, port())
163 // FTP overrides the following restricted ports.
164 static const int kAllowedFtpPorts[] = {
169 // Does some simple normalization of scripts so we can allow certain scripts
170 // to exist together.
171 // TODO(brettw) bug 880223: we should allow some other languages to be
172 // oombined such as Chinese and Latin. We will probably need a more
173 // complicated system of language pairs to have more fine-grained control.
174 UScriptCode NormalizeScript(UScriptCode code) {
176 case USCRIPT_KATAKANA:
177 case USCRIPT_HIRAGANA:
178 case USCRIPT_KATAKANA_OR_HIRAGANA:
179 case USCRIPT_HANGUL: // This one is arguable.
186 bool IsIDNComponentInSingleScript(const base::char16* str, int str_len) {
187 UScriptCode first_script = USCRIPT_INVALID_CODE;
188 bool is_first = true;
191 while (i < str_len) {
193 U16_NEXT(str, i, str_len, code_point);
195 UErrorCode err = U_ZERO_ERROR;
196 UScriptCode cur_script = uscript_getScript(code_point, &err);
197 if (err != U_ZERO_ERROR)
198 return false; // Report mixed on error.
199 cur_script = NormalizeScript(cur_script);
201 // TODO(brettw) We may have to check for USCRIPT_INHERENT as well.
202 if (is_first && cur_script != USCRIPT_COMMON) {
203 first_script = cur_script;
206 if (cur_script != USCRIPT_COMMON && cur_script != first_script)
213 // Check if the script of a language can be 'safely' mixed with
214 // Latin letters in the ASCII range.
215 bool IsCompatibleWithASCIILetters(const std::string& lang) {
216 // For now, just list Chinese, Japanese and Korean (positive list).
217 // An alternative is negative-listing (languages using Greek and
218 // Cyrillic letters), but it can be more dangerous.
219 return !lang.substr(0, 2).compare("zh") ||
220 !lang.substr(0, 2).compare("ja") ||
221 !lang.substr(0, 2).compare("ko");
224 typedef std::map<std::string, icu::UnicodeSet*> LangToExemplarSetMap;
226 class LangToExemplarSet {
228 static LangToExemplarSet* GetInstance() {
229 return Singleton<LangToExemplarSet>::get();
233 LangToExemplarSetMap map;
234 LangToExemplarSet() { }
235 ~LangToExemplarSet() {
236 STLDeleteContainerPairSecondPointers(map.begin(), map.end());
239 friend class Singleton<LangToExemplarSet>;
240 friend struct DefaultSingletonTraits<LangToExemplarSet>;
241 friend bool GetExemplarSetForLang(const std::string&, icu::UnicodeSet**);
242 friend void SetExemplarSetForLang(const std::string&, icu::UnicodeSet*);
244 DISALLOW_COPY_AND_ASSIGN(LangToExemplarSet);
247 bool GetExemplarSetForLang(const std::string& lang,
248 icu::UnicodeSet** lang_set) {
249 const LangToExemplarSetMap& map = LangToExemplarSet::GetInstance()->map;
250 LangToExemplarSetMap::const_iterator pos = map.find(lang);
251 if (pos != map.end()) {
252 *lang_set = pos->second;
258 void SetExemplarSetForLang(const std::string& lang,
259 icu::UnicodeSet* lang_set) {
260 LangToExemplarSetMap& map = LangToExemplarSet::GetInstance()->map;
261 map.insert(std::make_pair(lang, lang_set));
264 static base::LazyInstance<base::Lock>::Leaky
265 g_lang_set_lock = LAZY_INSTANCE_INITIALIZER;
267 // Returns true if all the characters in component_characters are used by
268 // the language |lang|.
269 bool IsComponentCoveredByLang(const icu::UnicodeSet& component_characters,
270 const std::string& lang) {
271 CR_DEFINE_STATIC_LOCAL(
272 const icu::UnicodeSet, kASCIILetters, ('a', 'z'));
273 icu::UnicodeSet* lang_set = NULL;
274 // We're called from both the UI thread and the history thread.
276 base::AutoLock lock(g_lang_set_lock.Get());
277 if (!GetExemplarSetForLang(lang, &lang_set)) {
278 UErrorCode status = U_ZERO_ERROR;
279 ULocaleData* uld = ulocdata_open(lang.c_str(), &status);
280 // TODO(jungshik) Turn this check on when the ICU data file is
281 // rebuilt with the minimal subset of locale data for languages
282 // to which Chrome is not localized but which we offer in the list
283 // of languages selectable for Accept-Languages. With the rebuilt ICU
284 // data, ulocdata_open never should fall back to the default locale.
286 // DCHECK(U_SUCCESS(status) && status != U_USING_DEFAULT_WARNING);
287 if (U_SUCCESS(status) && status != U_USING_DEFAULT_WARNING) {
288 lang_set = reinterpret_cast<icu::UnicodeSet *>(
289 ulocdata_getExemplarSet(uld, NULL, 0,
290 ULOCDATA_ES_STANDARD, &status));
291 // If |lang| is compatible with ASCII Latin letters, add them.
292 if (IsCompatibleWithASCIILetters(lang))
293 lang_set->addAll(kASCIILetters);
295 lang_set = new icu::UnicodeSet(1, 0);
298 SetExemplarSetForLang(lang, lang_set);
302 return !lang_set->isEmpty() && lang_set->containsAll(component_characters);
305 // Returns true if the given Unicode host component is safe to display to the
307 bool IsIDNComponentSafe(const base::char16* str,
309 const std::string& languages) {
310 // Most common cases (non-IDN) do not reach here so that we don't
311 // need a fast return path.
312 // TODO(jungshik) : Check if there's any character inappropriate
313 // (although allowed) for domain names.
314 // See http://www.unicode.org/reports/tr39/#IDN_Security_Profiles and
315 // http://www.unicode.org/reports/tr39/data/xidmodifications.txt
316 // For now, we borrow the list from Mozilla and tweaked it slightly.
317 // (e.g. Characters like U+00A0, U+3000, U+3002 are omitted because
318 // they're gonna be canonicalized to U+0020 and full stop before
320 // The original list is available at
321 // http://kb.mozillazine.org/Network.IDN.blacklist_chars and
322 // at http://mxr.mozilla.org/seamonkey/source/modules/libpref/src/init/all.js#703
324 UErrorCode status = U_ZERO_ERROR;
325 #ifdef U_WCHAR_IS_UTF16
326 icu::UnicodeSet dangerous_characters(icu::UnicodeString(
327 L"[[\\ \u00ad\u00bc\u00bd\u01c3\u0337\u0338"
328 L"\u05c3\u05f4\u06d4\u0702\u115f\u1160][\u2000-\u200b]"
329 L"[\u2024\u2027\u2028\u2029\u2039\u203a\u2044\u205f]"
330 L"[\u2154-\u2156][\u2159-\u215b][\u215f\u2215\u23ae"
331 L"\u29f6\u29f8\u2afb\u2afd][\u2ff0-\u2ffb][\u3014"
332 L"\u3015\u3033\u3164\u321d\u321e\u33ae\u33af\u33c6\u33df\ufe14"
333 L"\ufe15\ufe3f\ufe5d\ufe5e\ufeff\uff0e\uff06\uff61\uffa0\ufff9]"
334 L"[\ufffa-\ufffd]]"), status);
335 DCHECK(U_SUCCESS(status));
336 icu::RegexMatcher dangerous_patterns(icu::UnicodeString(
337 // Lone katakana no, so, or n
338 L"[^\\p{Katakana}][\u30ce\u30f3\u30bd][^\\p{Katakana}]"
339 // Repeating Japanese accent characters
340 L"|[\u3099\u309a\u309b\u309c][\u3099\u309a\u309b\u309c]"),
343 icu::UnicodeSet dangerous_characters(icu::UnicodeString(
344 "[[\\u0020\\u00ad\\u00bc\\u00bd\\u01c3\\u0337\\u0338"
345 "\\u05c3\\u05f4\\u06d4\\u0702\\u115f\\u1160][\\u2000-\\u200b]"
346 "[\\u2024\\u2027\\u2028\\u2029\\u2039\\u203a\\u2044\\u205f]"
347 "[\\u2154-\\u2156][\\u2159-\\u215b][\\u215f\\u2215\\u23ae"
348 "\\u29f6\\u29f8\\u2afb\\u2afd][\\u2ff0-\\u2ffb][\\u3014"
349 "\\u3015\\u3033\\u3164\\u321d\\u321e\\u33ae\\u33af\\u33c6\\u33df\\ufe14"
350 "\\ufe15\\ufe3f\\ufe5d\\ufe5e\\ufeff\\uff0e\\uff06\\uff61\\uffa0\\ufff9]"
351 "[\\ufffa-\\ufffd]]", -1, US_INV), status);
352 DCHECK(U_SUCCESS(status));
353 icu::RegexMatcher dangerous_patterns(icu::UnicodeString(
354 // Lone katakana no, so, or n
355 "[^\\p{Katakana}][\\u30ce\\u30f3\u30bd][^\\p{Katakana}]"
356 // Repeating Japanese accent characters
357 "|[\\u3099\\u309a\\u309b\\u309c][\\u3099\\u309a\\u309b\\u309c]"),
360 DCHECK(U_SUCCESS(status));
361 icu::UnicodeSet component_characters;
362 icu::UnicodeString component_string(str, str_len);
363 component_characters.addAll(component_string);
364 if (dangerous_characters.containsSome(component_characters))
367 DCHECK(U_SUCCESS(status));
368 dangerous_patterns.reset(component_string);
369 if (dangerous_patterns.find())
372 // If the language list is empty, the result is completely determined
373 // by whether a component is a single script or not. This will block
374 // even "safe" script mixing cases like <Chinese, Latin-ASCII> that are
375 // allowed with |languages| (while it blocks Chinese + Latin letters with
376 // an accent as should be the case), but we want to err on the safe side
377 // when |languages| is empty.
378 if (languages.empty())
379 return IsIDNComponentInSingleScript(str, str_len);
381 // |common_characters| is made up of ASCII numbers, hyphen, plus and
382 // underscore that are used across scripts and allowed in domain names.
383 // (sync'd with characters allowed in url_canon_host with square
384 // brackets excluded.) See kHostCharLookup[] array in url_canon_host.cc.
385 icu::UnicodeSet common_characters(UNICODE_STRING_SIMPLE("[[0-9]\\-_+\\ ]"),
387 DCHECK(U_SUCCESS(status));
388 // Subtract common characters because they're always allowed so that
389 // we just have to check if a language-specific set contains
391 component_characters.removeAll(common_characters);
393 base::StringTokenizer t(languages, ",");
394 while (t.GetNext()) {
395 if (IsComponentCoveredByLang(component_characters, t.token()))
401 // A wrapper to use LazyInstance<>::Leaky with ICU's UIDNA, a C pointer to
402 // a UTS46/IDNA 2008 handling object opened with uidna_openUTS46().
404 // We use UTS46 with BiDiCheck to migrate from IDNA 2003 to IDNA 2008 with
405 // the backward compatibility in mind. What it does:
407 // 1. Use the up-to-date Unicode data.
408 // 2. Define a case folding/mapping with the up-to-date Unicode data as
410 // 3. Use transitional mechanism for 4 deviation characters (sharp-s,
411 // final sigma, ZWJ and ZWNJ) for now.
412 // 4. Continue to allow symbols and punctuations.
413 // 5. Apply new BiDi check rules more permissive than the IDNA 2003 BiDI rules.
414 // 6. Do not apply STD3 rules
415 // 7. Do not allow unassigned code points.
417 // It also closely matches what IE 10 does except for the BiDi check (
418 // http://goo.gl/3XBhqw ).
419 // See http://http://unicode.org/reports/tr46/ and references therein
421 struct UIDNAWrapper {
423 UErrorCode err = U_ZERO_ERROR;
424 // TODO(jungshik): Change options as different parties (browsers,
425 // registrars, search engines) converge toward a consensus.
426 value = uidna_openUTS46(UIDNA_CHECK_BIDI, &err);
434 static base::LazyInstance<UIDNAWrapper>::Leaky
435 g_uidna = LAZY_INSTANCE_INITIALIZER;
437 // Converts one component of a host (between dots) to IDN if safe. The result
438 // will be APPENDED to the given output string and will be the same as the input
439 // if it is not IDN or the IDN is unsafe to display. Returns whether any
440 // conversion was performed.
441 bool IDNToUnicodeOneComponent(const base::char16* comp,
443 const std::string& languages,
444 base::string16* out) {
449 // Only transform if the input can be an IDN component.
450 static const base::char16 kIdnPrefix[] = {'x', 'n', '-', '-'};
451 if ((comp_len > arraysize(kIdnPrefix)) &&
452 !memcmp(comp, kIdnPrefix, arraysize(kIdnPrefix) * sizeof(base::char16))) {
453 UIDNA* uidna = g_uidna.Get().value;
454 DCHECK(uidna != NULL);
455 size_t original_length = out->length();
456 int output_length = 64;
457 UIDNAInfo info = UIDNA_INFO_INITIALIZER;
460 out->resize(original_length + output_length);
461 status = U_ZERO_ERROR;
462 // This returns the actual length required. If this is more than 64
463 // code units, |status| will be U_BUFFER_OVERFLOW_ERROR and we'll try
464 // the conversion again, but with a sufficiently large buffer.
465 output_length = uidna_labelToUnicode(
466 uidna, comp, static_cast<int32_t>(comp_len), &(*out)[original_length],
467 output_length, &info, &status);
468 } while ((status == U_BUFFER_OVERFLOW_ERROR && info.errors == 0));
470 if (U_SUCCESS(status) && info.errors == 0) {
471 // Converted successfully. Ensure that the converted component
472 // can be safely displayed to the user.
473 out->resize(original_length + output_length);
474 if (IsIDNComponentSafe(out->data() + original_length, output_length,
479 // Something went wrong. Revert to original string.
480 out->resize(original_length);
483 // We get here with no IDN or on error, in which case we just append the
485 out->append(comp, comp_len);
489 // Clamps the offsets in |offsets_for_adjustment| to the length of |str|.
490 void LimitOffsets(const base::string16& str, Offsets* offsets_for_adjustment) {
491 if (offsets_for_adjustment) {
492 std::for_each(offsets_for_adjustment->begin(),
493 offsets_for_adjustment->end(),
494 base::LimitOffset<base::string16>(str.length()));
498 // TODO(brettw) bug 734373: check the scripts for each host component and
499 // don't un-IDN-ize if there is more than one. Alternatively, only IDN for
500 // scripts that the user has installed. For now, just put the entire
501 // path through IDN. Maybe this feature can be implemented in ICU itself?
503 // We may want to skip this step in the case of file URLs to allow unicode
504 // UNC hostnames regardless of encodings.
505 base::string16 IDNToUnicodeWithOffsets(const std::string& host,
506 const std::string& languages,
507 Offsets* offsets_for_adjustment) {
508 // Convert the ASCII input to a base::string16 for ICU.
509 base::string16 input16;
510 input16.reserve(host.length());
511 input16.insert(input16.end(), host.begin(), host.end());
513 // Do each component of the host separately, since we enforce script matching
514 // on a per-component basis.
515 base::string16 out16;
517 base::OffsetAdjuster offset_adjuster(offsets_for_adjustment);
518 for (size_t component_start = 0, component_end;
519 component_start < input16.length();
520 component_start = component_end + 1) {
521 // Find the end of the component.
522 component_end = input16.find('.', component_start);
523 if (component_end == base::string16::npos)
524 component_end = input16.length(); // For getting the last component.
525 size_t component_length = component_end - component_start;
526 size_t new_component_start = out16.length();
527 bool converted_idn = false;
528 if (component_end > component_start) {
529 // Add the substring that we just found.
530 converted_idn = IDNToUnicodeOneComponent(
531 input16.data() + component_start, component_length, languages,
534 size_t new_component_length = out16.length() - new_component_start;
536 if (converted_idn && offsets_for_adjustment) {
537 offset_adjuster.Add(base::OffsetAdjuster::Adjustment(component_start,
538 component_length, new_component_length));
541 // Need to add the dot we just found (if we found one).
542 if (component_end < input16.length())
543 out16.push_back('.');
547 LimitOffsets(out16, offsets_for_adjustment);
551 // Called after transforming a component to set all affected elements in
552 // |offsets_for_adjustment| to the correct new values. |original_offsets|
553 // represents the offsets before the transform; |original_component_begin| and
554 // |original_component_end| represent the pre-transform boundaries of the
555 // affected component. |transformed_offsets| should be a vector created by
556 // adjusting |original_offsets| to be relative to the beginning of the component
557 // in question (via an OffsetAdjuster) and then transformed along with the
558 // component. Note that any elements in this vector which didn't originally
559 // point into the component may contain arbitrary values and should be ignored.
560 // |transformed_component_begin| and |transformed_component_end| are the
561 // endpoints of the transformed component and are used in combination with the
562 // two offset vectors to calculate the resulting absolute offsets, which are
563 // stored in |offsets_for_adjustment|.
564 void AdjustForComponentTransform(const Offsets& original_offsets,
565 size_t original_component_begin,
566 size_t original_component_end,
567 const Offsets& transformed_offsets,
568 size_t transformed_component_begin,
569 size_t transformed_component_end,
570 Offsets* offsets_for_adjustment) {
571 if (!offsets_for_adjustment)
572 return; // Nothing to do.
574 for (size_t i = 0; i < original_offsets.size(); ++i) {
575 size_t original_offset = original_offsets[i];
576 if ((original_offset >= original_component_begin) &&
577 (original_offset < original_component_end)) {
578 // This offset originally pointed into the transformed component.
579 // Adjust the transformed relative offset by the new beginning point of
580 // the transformed component.
581 size_t transformed_offset = transformed_offsets[i];
582 (*offsets_for_adjustment)[i] =
583 (transformed_offset == base::string16::npos) ?
584 base::string16::npos :
585 (transformed_offset + transformed_component_begin);
586 } else if ((original_offset >= original_component_end) &&
587 (original_offset != std::string::npos)) {
588 // This offset pointed after the transformed component. Adjust the
589 // original absolute offset by the difference between the new and old
590 // component lengths.
591 (*offsets_for_adjustment)[i] =
592 original_offset - original_component_end + transformed_component_end;
597 // If |component| is valid, its begin is incremented by |delta|.
598 void AdjustComponent(int delta, url_parse::Component* component) {
599 if (!component->is_valid())
602 DCHECK(delta >= 0 || component->begin >= -delta);
603 component->begin += delta;
606 // Adjusts all the components of |parsed| by |delta|, except for the scheme.
607 void AdjustAllComponentsButScheme(int delta, url_parse::Parsed* parsed) {
608 AdjustComponent(delta, &(parsed->username));
609 AdjustComponent(delta, &(parsed->password));
610 AdjustComponent(delta, &(parsed->host));
611 AdjustComponent(delta, &(parsed->port));
612 AdjustComponent(delta, &(parsed->path));
613 AdjustComponent(delta, &(parsed->query));
614 AdjustComponent(delta, &(parsed->ref));
617 // Helper for FormatUrlWithOffsets().
618 base::string16 FormatViewSourceUrl(const GURL& url,
619 const Offsets& original_offsets,
620 const std::string& languages,
621 FormatUrlTypes format_types,
622 UnescapeRule::Type unescape_rules,
623 url_parse::Parsed* new_parsed,
625 Offsets* offsets_for_adjustment) {
627 const char kViewSource[] = "view-source:";
628 const size_t kViewSourceLength = arraysize(kViewSource) - 1;
630 // Format the underlying URL and adjust offsets.
631 const std::string& url_str(url.possibly_invalid_spec());
632 Offsets offsets_into_underlying_url(original_offsets);
634 base::OffsetAdjuster adjuster(&offsets_into_underlying_url);
635 adjuster.Add(base::OffsetAdjuster::Adjustment(0, kViewSourceLength, 0));
637 base::string16 result(ASCIIToUTF16(kViewSource) +
638 FormatUrlWithOffsets(GURL(url_str.substr(kViewSourceLength)), languages,
639 format_types, unescape_rules, new_parsed, prefix_end,
640 &offsets_into_underlying_url));
641 AdjustForComponentTransform(original_offsets, kViewSourceLength,
642 url_str.length(), offsets_into_underlying_url,
643 kViewSourceLength, result.length(),
644 offsets_for_adjustment);
645 LimitOffsets(result, offsets_for_adjustment);
647 // Adjust positions of the parsed components.
648 if (new_parsed->scheme.is_nonempty()) {
649 // Assume "view-source:real-scheme" as a scheme.
650 new_parsed->scheme.len += kViewSourceLength;
652 new_parsed->scheme.begin = 0;
653 new_parsed->scheme.len = kViewSourceLength - 1;
655 AdjustAllComponentsButScheme(kViewSourceLength, new_parsed);
658 *prefix_end += kViewSourceLength;
663 class AppendComponentTransform {
665 AppendComponentTransform() {}
666 virtual ~AppendComponentTransform() {}
668 virtual base::string16 Execute(const std::string& component_text,
669 Offsets* offsets_into_component) const = 0;
671 // NOTE: No DISALLOW_COPY_AND_ASSIGN here, since gcc < 4.3.0 requires an
672 // accessible copy constructor in order to call AppendFormattedComponent()
673 // with an inline temporary (see http://gcc.gnu.org/bugs/#cxx%5Frvalbind ).
676 class HostComponentTransform : public AppendComponentTransform {
678 explicit HostComponentTransform(const std::string& languages)
679 : languages_(languages) {
683 virtual base::string16 Execute(
684 const std::string& component_text,
685 Offsets* offsets_into_component) const OVERRIDE {
686 return IDNToUnicodeWithOffsets(component_text, languages_,
687 offsets_into_component);
690 const std::string& languages_;
693 class NonHostComponentTransform : public AppendComponentTransform {
695 explicit NonHostComponentTransform(UnescapeRule::Type unescape_rules)
696 : unescape_rules_(unescape_rules) {
700 virtual base::string16 Execute(
701 const std::string& component_text,
702 Offsets* offsets_into_component) const OVERRIDE {
703 return (unescape_rules_ == UnescapeRule::NONE) ?
704 base::UTF8ToUTF16AndAdjustOffsets(component_text,
705 offsets_into_component) :
706 UnescapeAndDecodeUTF8URLComponentWithOffsets(component_text,
707 unescape_rules_, offsets_into_component);
710 const UnescapeRule::Type unescape_rules_;
713 // Transforms the portion of |spec| covered by |original_component| according to
714 // |transform|. Appends the result to |output|. If |output_component| is
715 // non-NULL, its start and length are set to the transformed component's new
716 // start and length. For each element in |original_offsets| which is at least
717 // as large as original_component.begin, the corresponding element of
718 // |offsets_for_adjustment| is transformed appropriately.
719 void AppendFormattedComponent(const std::string& spec,
720 const url_parse::Component& original_component,
721 const Offsets& original_offsets,
722 const AppendComponentTransform& transform,
723 base::string16* output,
724 url_parse::Component* output_component,
725 Offsets* offsets_for_adjustment) {
727 if (original_component.is_nonempty()) {
728 size_t original_component_begin =
729 static_cast<size_t>(original_component.begin);
730 size_t output_component_begin = output->length();
731 std::string component_str(spec, original_component_begin,
732 static_cast<size_t>(original_component.len));
734 // Transform |component_str| and adjust the offsets accordingly.
735 Offsets offsets_into_component(original_offsets);
737 base::OffsetAdjuster adjuster(&offsets_into_component);
738 adjuster.Add(base::OffsetAdjuster::Adjustment(0, original_component_begin,
741 output->append(transform.Execute(component_str, &offsets_into_component));
742 AdjustForComponentTransform(original_offsets, original_component_begin,
743 static_cast<size_t>(original_component.end()),
744 offsets_into_component, output_component_begin,
745 output->length(), offsets_for_adjustment);
747 // Set positions of the parsed component.
748 if (output_component) {
749 output_component->begin = static_cast<int>(output_component_begin);
750 output_component->len =
751 static_cast<int>(output->length() - output_component_begin);
753 } else if (output_component) {
754 output_component->reset();
758 void SanitizeGeneratedFileName(base::FilePath::StringType* filename,
759 bool replace_trailing) {
760 const base::FilePath::CharType kReplace[] = FILE_PATH_LITERAL("-");
761 if (filename->empty())
763 if (replace_trailing) {
764 // Handle CreateFile() stripping trailing dots and spaces on filenames
765 // http://support.microsoft.com/kb/115827
766 size_t length = filename->size();
767 size_t pos = filename->find_last_not_of(FILE_PATH_LITERAL(" ."));
768 filename->resize((pos == std::string::npos) ? 0 : (pos + 1));
769 TrimWhitespace(*filename, TRIM_TRAILING, filename);
770 if (filename->empty())
772 size_t trimmed = length - filename->size();
774 filename->insert(filename->end(), trimmed, kReplace[0]);
776 TrimString(*filename, FILE_PATH_LITERAL("."), filename);
777 if (filename->empty())
779 // Replace any path information by changing path separators.
780 ReplaceSubstringsAfterOffset(filename, 0, FILE_PATH_LITERAL("/"), kReplace);
781 ReplaceSubstringsAfterOffset(filename, 0, FILE_PATH_LITERAL("\\"), kReplace);
784 // Returns the filename determined from the last component of the path portion
785 // of the URL. Returns an empty string if the URL doesn't have a path or is
786 // invalid. If the generated filename is not reliable,
787 // |should_overwrite_extension| will be set to true, in which case a better
788 // extension should be determined based on the content type.
789 std::string GetFileNameFromURL(const GURL& url,
790 const std::string& referrer_charset,
791 bool* should_overwrite_extension) {
792 // about: and data: URLs don't have file names, but esp. data: URLs may
793 // contain parts that look like ones (i.e., contain a slash). Therefore we
794 // don't attempt to divine a file name out of them.
795 if (!url.is_valid() || url.SchemeIs("about") || url.SchemeIs("data"))
796 return std::string();
798 const std::string unescaped_url_filename = UnescapeURLComponent(
799 url.ExtractFileName(),
800 UnescapeRule::SPACES | UnescapeRule::URL_SPECIAL_CHARS);
802 // The URL's path should be escaped UTF-8, but may not be.
803 std::string decoded_filename = unescaped_url_filename;
804 if (!IsStringUTF8(decoded_filename)) {
805 // TODO(jshin): this is probably not robust enough. To be sure, we need
806 // encoding detection.
807 base::string16 utf16_output;
808 if (!referrer_charset.empty() &&
809 base::CodepageToUTF16(unescaped_url_filename,
810 referrer_charset.c_str(),
811 base::OnStringConversionError::FAIL,
813 decoded_filename = UTF16ToUTF8(utf16_output);
815 decoded_filename = WideToUTF8(
816 base::SysNativeMBToWide(unescaped_url_filename));
819 // If the URL contains a (possibly empty) query, assume it is a generator, and
820 // allow the determined extension to be overwritten.
821 *should_overwrite_extension = !decoded_filename.empty() && url.has_query();
823 return decoded_filename;
826 // Returns whether the specified extension is automatically integrated into the
828 bool IsShellIntegratedExtension(const base::FilePath::StringType& extension) {
829 base::FilePath::StringType extension_lower = StringToLowerASCII(extension);
831 // http://msdn.microsoft.com/en-us/library/ms811694.aspx
832 // Right-clicking on shortcuts can be magical.
833 if ((extension_lower == FILE_PATH_LITERAL("local")) ||
834 (extension_lower == FILE_PATH_LITERAL("lnk")))
837 // http://www.juniper.net/security/auto/vulnerabilities/vuln2612.html
838 // Files become magical if they end in a CLSID, so block such extensions.
839 if (!extension_lower.empty() &&
840 (extension_lower[0] == FILE_PATH_LITERAL('{')) &&
841 (extension_lower[extension_lower.length() - 1] == FILE_PATH_LITERAL('}')))
846 // Returns whether the specified file name is a reserved name on windows.
847 // This includes names like "com2.zip" (which correspond to devices) and
848 // desktop.ini and thumbs.db which have special meaning to the windows shell.
849 bool IsReservedName(const base::FilePath::StringType& filename) {
850 // This list is taken from the MSDN article "Naming a file"
851 // http://msdn2.microsoft.com/en-us/library/aa365247(VS.85).aspx
852 // I also added clock$ because GetSaveFileName seems to consider it as a
853 // reserved name too.
854 static const char* const known_devices[] = {
855 "con", "prn", "aux", "nul", "com1", "com2", "com3", "com4", "com5",
856 "com6", "com7", "com8", "com9", "lpt1", "lpt2", "lpt3", "lpt4",
857 "lpt5", "lpt6", "lpt7", "lpt8", "lpt9", "clock$"
860 std::string filename_lower = StringToLowerASCII(WideToUTF8(filename));
861 #elif defined(OS_POSIX)
862 std::string filename_lower = StringToLowerASCII(filename);
865 for (size_t i = 0; i < arraysize(known_devices); ++i) {
867 if (filename_lower == known_devices[i])
869 // Starts with "DEVICE.".
870 if (filename_lower.find(std::string(known_devices[i]) + ".") == 0)
874 static const char* const magic_names[] = {
875 // These file names are used by the "Customize folder" feature of the shell.
880 for (size_t i = 0; i < arraysize(magic_names); ++i) {
881 if (filename_lower == magic_names[i])
888 // Examines the current extension in |file_name| and modifies it if necessary in
889 // order to ensure the filename is safe. If |file_name| doesn't contain an
890 // extension or if |ignore_extension| is true, then a new extension will be
891 // constructed based on the |mime_type|.
893 // We're addressing two things here:
895 // 1) Usability. If there is no reliable file extension, we want to guess a
896 // reasonable file extension based on the content type.
898 // 2) Shell integration. Some file extensions automatically integrate with the
899 // shell. We block these extensions to prevent a malicious web site from
900 // integrating with the user's shell.
901 void EnsureSafeExtension(const std::string& mime_type,
902 bool ignore_extension,
903 base::FilePath* file_name) {
904 // See if our file name already contains an extension.
905 base::FilePath::StringType extension = file_name->Extension();
906 if (!extension.empty())
907 extension.erase(extension.begin()); // Erase preceding '.'.
909 if ((ignore_extension || extension.empty()) && !mime_type.empty()) {
910 base::FilePath::StringType preferred_mime_extension;
911 std::vector<base::FilePath::StringType> all_mime_extensions;
912 // The GetPreferredExtensionForMimeType call will end up going to disk. Do
913 // this on another thread to avoid slowing the IO thread.
914 // http://crbug.com/61827
915 // TODO(asanka): Remove this ScopedAllowIO once all callers have switched
916 // over to IO safe threads.
917 base::ThreadRestrictions::ScopedAllowIO allow_io;
918 net::GetPreferredExtensionForMimeType(mime_type, &preferred_mime_extension);
919 net::GetExtensionsForMimeType(mime_type, &all_mime_extensions);
920 // If the existing extension is in the list of valid extensions for the
921 // given type, use it. This avoids doing things like pointlessly renaming
922 // "foo.jpg" to "foo.jpeg".
923 if (std::find(all_mime_extensions.begin(),
924 all_mime_extensions.end(),
925 extension) != all_mime_extensions.end()) {
926 // leave |extension| alone
927 } else if (!preferred_mime_extension.empty()) {
928 extension = preferred_mime_extension;
933 static const base::FilePath::CharType default_extension[] =
934 FILE_PATH_LITERAL("download");
936 // Rename shell-integrated extensions.
937 // TODO(asanka): Consider stripping out the bad extension and replacing it
938 // with the preferred extension for the MIME type if one is available.
939 if (IsShellIntegratedExtension(extension))
940 extension.assign(default_extension);
943 *file_name = file_name->ReplaceExtension(extension);
946 bool FilePathToString16(const base::FilePath& path, base::string16* converted) {
948 return WideToUTF16(path.value().c_str(), path.value().size(), converted);
949 #elif defined(OS_POSIX)
950 std::string component8 = path.AsUTF8Unsafe();
951 return !component8.empty() &&
952 UTF8ToUTF16(component8.c_str(), component8.size(), converted);
956 bool IPNumberPrefixCheck(const IPAddressNumber& ip_number,
957 const unsigned char* ip_prefix,
958 size_t prefix_length_in_bits) {
959 // Compare all the bytes that fall entirely within the prefix.
960 int num_entire_bytes_in_prefix = prefix_length_in_bits / 8;
961 for (int i = 0; i < num_entire_bytes_in_prefix; ++i) {
962 if (ip_number[i] != ip_prefix[i])
966 // In case the prefix was not a multiple of 8, there will be 1 byte
967 // which is only partially masked.
968 int remaining_bits = prefix_length_in_bits % 8;
969 if (remaining_bits != 0) {
970 unsigned char mask = 0xFF << (8 - remaining_bits);
971 int i = num_entire_bytes_in_prefix;
972 if ((ip_number[i] & mask) != (ip_prefix[i] & mask))
980 const FormatUrlType kFormatUrlOmitNothing = 0;
981 const FormatUrlType kFormatUrlOmitUsernamePassword = 1 << 0;
982 const FormatUrlType kFormatUrlOmitHTTP = 1 << 1;
983 const FormatUrlType kFormatUrlOmitTrailingSlashOnBareHostname = 1 << 2;
984 const FormatUrlType kFormatUrlOmitAll = kFormatUrlOmitUsernamePassword |
985 kFormatUrlOmitHTTP | kFormatUrlOmitTrailingSlashOnBareHostname;
987 static base::LazyInstance<std::multiset<int> >::Leaky
988 g_explicitly_allowed_ports = LAZY_INSTANCE_INITIALIZER;
990 size_t GetCountOfExplicitlyAllowedPorts() {
991 return g_explicitly_allowed_ports.Get().size();
994 GURL FilePathToFileURL(const base::FilePath& path) {
995 // Produce a URL like "file:///C:/foo" for a regular file, or
996 // "file://///server/path" for UNC. The URL canonicalizer will fix up the
997 // latter case to be the canonical UNC form: "file://server/path"
998 base::FilePath::StringType url_string(kFileURLPrefix);
999 url_string.append(path.value());
1001 // Now do replacement of some characters. Since we assume the input is a
1002 // literal filename, anything the URL parser might consider special should
1005 // must be the first substitution since others will introduce percents as the
1007 ReplaceSubstringsAfterOffset(&url_string, 0,
1008 FILE_PATH_LITERAL("%"), FILE_PATH_LITERAL("%25"));
1010 // semicolon is supposed to be some kind of separator according to RFC 2396
1011 ReplaceSubstringsAfterOffset(&url_string, 0,
1012 FILE_PATH_LITERAL(";"), FILE_PATH_LITERAL("%3B"));
1014 ReplaceSubstringsAfterOffset(&url_string, 0,
1015 FILE_PATH_LITERAL("#"), FILE_PATH_LITERAL("%23"));
1017 ReplaceSubstringsAfterOffset(&url_string, 0,
1018 FILE_PATH_LITERAL("?"), FILE_PATH_LITERAL("%3F"));
1020 #if defined(OS_POSIX)
1021 ReplaceSubstringsAfterOffset(&url_string, 0,
1022 FILE_PATH_LITERAL("\\"), FILE_PATH_LITERAL("%5C"));
1025 return GURL(url_string);
1028 std::string GetSpecificHeader(const std::string& headers,
1029 const std::string& name) {
1030 // We want to grab the Value from the "Key: Value" pairs in the headers,
1031 // which should look like this (no leading spaces, \n-separated) (we format
1032 // them this way in url_request_inet.cc):
1033 // HTTP/1.1 200 OK\n
1034 // ETag: "6d0b8-947-24f35ec0"\n
1035 // Content-Length: 2375\n
1036 // Content-Type: text/html; charset=UTF-8\n
1037 // Last-Modified: Sun, 03 Sep 2006 04:34:43 GMT\n
1038 if (headers.empty())
1039 return std::string();
1041 std::string match('\n' + name + ':');
1043 std::string::const_iterator begin =
1044 std::search(headers.begin(), headers.end(), match.begin(), match.end(),
1045 base::CaseInsensitiveCompareASCII<char>());
1047 if (begin == headers.end())
1048 return std::string();
1050 begin += match.length();
1053 TrimWhitespace(std::string(begin, std::find(begin, headers.end(), '\n')),
1058 base::string16 IDNToUnicode(const std::string& host,
1059 const std::string& languages) {
1060 return IDNToUnicodeWithOffsets(host, languages, NULL);
1063 std::string CanonicalizeHost(const std::string& host,
1064 url_canon::CanonHostInfo* host_info) {
1065 // Try to canonicalize the host.
1066 const url_parse::Component raw_host_component(
1067 0, static_cast<int>(host.length()));
1068 std::string canon_host;
1069 url_canon::StdStringCanonOutput canon_host_output(&canon_host);
1070 url_canon::CanonicalizeHostVerbose(host.c_str(), raw_host_component,
1071 &canon_host_output, host_info);
1073 if (host_info->out_host.is_nonempty() &&
1074 host_info->family != url_canon::CanonHostInfo::BROKEN) {
1075 // Success! Assert that there's no extra garbage.
1076 canon_host_output.Complete();
1077 DCHECK_EQ(host_info->out_host.len, static_cast<int>(canon_host.length()));
1079 // Empty host, or canonicalization failed. We'll return empty.
1086 std::string GetDirectoryListingHeader(const base::string16& title) {
1087 static const base::StringPiece header(
1088 NetModule::GetResource(IDR_DIR_HEADER_HTML));
1089 // This can be null in unit tests.
1090 DLOG_IF(WARNING, header.empty()) <<
1091 "Missing resource: directory listing header";
1094 if (!header.empty())
1095 result.assign(header.data(), header.size());
1097 result.append("<script>start(");
1098 base::JsonDoubleQuote(title, true, &result);
1099 result.append(");</script>\n");
1104 inline bool IsHostCharAlphanumeric(char c) {
1105 // We can just check lowercase because uppercase characters have already been
1107 return ((c >= 'a') && (c <= 'z')) || ((c >= '0') && (c <= '9'));
1110 bool IsCanonicalizedHostCompliant(const std::string& host,
1111 const std::string& desired_tld) {
1115 bool in_component = false;
1116 bool most_recent_component_started_alphanumeric = false;
1117 bool last_char_was_underscore = false;
1119 for (std::string::const_iterator i(host.begin()); i != host.end(); ++i) {
1121 if (!in_component) {
1122 most_recent_component_started_alphanumeric = IsHostCharAlphanumeric(c);
1123 if (!most_recent_component_started_alphanumeric && (c != '-'))
1125 in_component = true;
1128 if (last_char_was_underscore)
1130 in_component = false;
1131 } else if (IsHostCharAlphanumeric(c) || (c == '-')) {
1132 last_char_was_underscore = false;
1133 } else if (c == '_') {
1134 last_char_was_underscore = true;
1141 return most_recent_component_started_alphanumeric ||
1142 (!desired_tld.empty() && IsHostCharAlphanumeric(desired_tld[0]));
1145 std::string GetDirectoryListingEntry(const base::string16& name,
1146 const std::string& raw_bytes,
1151 result.append("<script>addRow(");
1152 base::JsonDoubleQuote(name, true, &result);
1154 if (raw_bytes.empty()) {
1155 base::JsonDoubleQuote(EscapePath(UTF16ToUTF8(name)),
1158 base::JsonDoubleQuote(EscapePath(raw_bytes), true, &result);
1161 result.append(",1,");
1163 result.append(",0,");
1166 // Negative size means unknown or not applicable (e.g. directory).
1167 base::string16 size_string;
1169 size_string = FormatBytesUnlocalized(size);
1170 base::JsonDoubleQuote(size_string, true, &result);
1174 base::string16 modified_str;
1175 // |modified| can be NULL in FTP listings.
1176 if (!modified.is_null()) {
1177 modified_str = base::TimeFormatShortDateAndTime(modified);
1179 base::JsonDoubleQuote(modified_str, true, &result);
1181 result.append(");</script>\n");
1186 base::string16 StripWWW(const base::string16& text) {
1187 const base::string16 www(ASCIIToUTF16("www."));
1188 return StartsWith(text, www, true) ? text.substr(www.length()) : text;
1191 base::string16 StripWWWFromHost(const GURL& url) {
1192 DCHECK(url.is_valid());
1193 return StripWWW(ASCIIToUTF16(url.host()));
1196 bool IsSafePortablePathComponent(const base::FilePath& component) {
1197 base::string16 component16;
1198 base::FilePath::StringType sanitized = component.value();
1199 SanitizeGeneratedFileName(&sanitized, true);
1200 base::FilePath::StringType extension = component.Extension();
1201 if (!extension.empty())
1202 extension.erase(extension.begin()); // Erase preceding '.'.
1203 return !component.empty() &&
1204 (component == component.BaseName()) &&
1205 (component == component.StripTrailingSeparators()) &&
1206 FilePathToString16(component, &component16) &&
1207 file_util::IsFilenameLegal(component16) &&
1208 !IsShellIntegratedExtension(extension) &&
1209 (sanitized == component.value()) &&
1210 !IsReservedName(component.value());
1213 bool IsSafePortableRelativePath(const base::FilePath& path) {
1214 if (path.empty() || path.IsAbsolute() || path.EndsWithSeparator())
1216 std::vector<base::FilePath::StringType> components;
1217 path.GetComponents(&components);
1218 if (components.empty())
1220 for (size_t i = 0; i < components.size() - 1; ++i) {
1221 if (!IsSafePortablePathComponent(base::FilePath(components[i])))
1224 return IsSafePortablePathComponent(path.BaseName());
1227 void GenerateSafeFileName(const std::string& mime_type,
1228 bool ignore_extension,
1229 base::FilePath* file_path) {
1230 // Make sure we get the right file extension
1231 EnsureSafeExtension(mime_type, ignore_extension, file_path);
1234 // Prepend "_" to the file name if it's a reserved name
1235 base::FilePath::StringType leaf_name = file_path->BaseName().value();
1236 DCHECK(!leaf_name.empty());
1237 if (IsReservedName(leaf_name)) {
1238 leaf_name = base::FilePath::StringType(FILE_PATH_LITERAL("_")) + leaf_name;
1239 *file_path = file_path->DirName();
1240 if (file_path->value() == base::FilePath::kCurrentDirectory) {
1241 *file_path = base::FilePath(leaf_name);
1243 *file_path = file_path->Append(leaf_name);
1249 base::string16 GetSuggestedFilename(const GURL& url,
1250 const std::string& content_disposition,
1251 const std::string& referrer_charset,
1252 const std::string& suggested_name,
1253 const std::string& mime_type,
1254 const std::string& default_name) {
1255 // TODO: this function to be updated to match the httpbis recommendations.
1256 // Talk to abarth for the latest news.
1258 // We don't translate this fallback string, "download". If localization is
1259 // needed, the caller should provide localized fallback in |default_name|.
1260 static const base::FilePath::CharType kFinalFallbackName[] =
1261 FILE_PATH_LITERAL("download");
1262 std::string filename; // In UTF-8
1263 bool overwrite_extension = false;
1265 // Try to extract a filename from content-disposition first.
1266 if (!content_disposition.empty()) {
1267 HttpContentDisposition header(content_disposition, referrer_charset);
1268 filename = header.filename();
1271 // Then try to use the suggested name.
1272 if (filename.empty() && !suggested_name.empty())
1273 filename = suggested_name;
1275 // Now try extracting the filename from the URL. GetFileNameFromURL() only
1276 // looks at the last component of the URL and doesn't return the hostname as a
1278 if (filename.empty())
1279 filename = GetFileNameFromURL(url, referrer_charset, &overwrite_extension);
1281 // Finally try the URL hostname, but only if there's no default specified in
1282 // |default_name|. Some schemes (e.g.: file:, about:, data:) do not have a
1284 if (filename.empty() &&
1285 default_name.empty() &&
1287 !url.host().empty()) {
1288 // TODO(jungshik) : Decode a 'punycoded' IDN hostname. (bug 1264451)
1289 filename = url.host();
1292 bool replace_trailing = false;
1293 base::FilePath::StringType result_str, default_name_str;
1295 replace_trailing = true;
1296 result_str = UTF8ToUTF16(filename);
1297 default_name_str = UTF8ToUTF16(default_name);
1299 result_str = filename;
1300 default_name_str = default_name;
1302 SanitizeGeneratedFileName(&result_str, replace_trailing);
1303 if (result_str.find_last_not_of(FILE_PATH_LITERAL("-_")) ==
1304 base::FilePath::StringType::npos) {
1305 result_str = !default_name_str.empty() ? default_name_str :
1306 base::FilePath::StringType(kFinalFallbackName);
1307 overwrite_extension = false;
1309 file_util::ReplaceIllegalCharactersInPath(&result_str, '-');
1310 base::FilePath result(result_str);
1311 GenerateSafeFileName(mime_type, overwrite_extension, &result);
1313 base::string16 result16;
1314 if (!FilePathToString16(result, &result16)) {
1315 result = base::FilePath(default_name_str);
1316 if (!FilePathToString16(result, &result16)) {
1317 result = base::FilePath(kFinalFallbackName);
1318 FilePathToString16(result, &result16);
1324 base::FilePath GenerateFileName(const GURL& url,
1325 const std::string& content_disposition,
1326 const std::string& referrer_charset,
1327 const std::string& suggested_name,
1328 const std::string& mime_type,
1329 const std::string& default_file_name) {
1330 base::string16 file_name = GetSuggestedFilename(url,
1331 content_disposition,
1338 base::FilePath generated_name(file_name);
1340 base::FilePath generated_name(
1341 base::SysWideToNativeMB(UTF16ToWide(file_name)));
1344 #if defined(OS_CHROMEOS)
1345 // When doing file manager operations on ChromeOS, the file paths get
1346 // normalized in WebKit layer, so let's ensure downloaded files have
1347 // normalized names. Otherwise, we won't be able to handle files with NFD
1348 // utf8 encoded characters in name.
1349 file_util::NormalizeFileNameEncoding(&generated_name);
1352 DCHECK(!generated_name.empty());
1354 return generated_name;
1357 bool IsPortAllowedByDefault(int port) {
1358 int array_size = arraysize(kRestrictedPorts);
1359 for (int i = 0; i < array_size; i++) {
1360 if (kRestrictedPorts[i] == port) {
1367 bool IsPortAllowedByFtp(int port) {
1368 int array_size = arraysize(kAllowedFtpPorts);
1369 for (int i = 0; i < array_size; i++) {
1370 if (kAllowedFtpPorts[i] == port) {
1374 // Port not explicitly allowed by FTP, so return the default restrictions.
1375 return IsPortAllowedByDefault(port);
1378 bool IsPortAllowedByOverride(int port) {
1379 if (g_explicitly_allowed_ports.Get().empty())
1382 return g_explicitly_allowed_ports.Get().count(port) > 0;
1385 int SetNonBlocking(int fd) {
1387 unsigned long no_block = 1;
1388 return ioctlsocket(fd, FIONBIO, &no_block);
1389 #elif defined(OS_POSIX)
1390 int flags = fcntl(fd, F_GETFL, 0);
1393 return fcntl(fd, F_SETFL, flags | O_NONBLOCK);
1397 bool ParseHostAndPort(std::string::const_iterator host_and_port_begin,
1398 std::string::const_iterator host_and_port_end,
1401 if (host_and_port_begin >= host_and_port_end)
1404 // When using url_parse, we use char*.
1405 const char* auth_begin = &(*host_and_port_begin);
1406 int auth_len = host_and_port_end - host_and_port_begin;
1408 url_parse::Component auth_component(0, auth_len);
1409 url_parse::Component username_component;
1410 url_parse::Component password_component;
1411 url_parse::Component hostname_component;
1412 url_parse::Component port_component;
1414 url_parse::ParseAuthority(auth_begin, auth_component, &username_component,
1415 &password_component, &hostname_component, &port_component);
1417 // There shouldn't be a username/password.
1418 if (username_component.is_valid() || password_component.is_valid())
1421 if (!hostname_component.is_nonempty())
1422 return false; // Failed parsing.
1424 int parsed_port_number = -1;
1425 if (port_component.is_nonempty()) {
1426 parsed_port_number = url_parse::ParsePort(auth_begin, port_component);
1428 // If parsing failed, port_number will be either PORT_INVALID or
1429 // PORT_UNSPECIFIED, both of which are negative.
1430 if (parsed_port_number < 0)
1431 return false; // Failed parsing the port number.
1434 if (port_component.len == 0)
1435 return false; // Reject inputs like "foo:"
1437 // Pass results back to caller.
1438 host->assign(auth_begin + hostname_component.begin, hostname_component.len);
1439 *port = parsed_port_number;
1441 return true; // Success.
1444 bool ParseHostAndPort(const std::string& host_and_port,
1447 return ParseHostAndPort(
1448 host_and_port.begin(), host_and_port.end(), host, port);
1451 std::string GetHostAndPort(const GURL& url) {
1452 // For IPv6 literals, GURL::host() already includes the brackets so it is
1453 // safe to just append a colon.
1454 return base::StringPrintf("%s:%d", url.host().c_str(),
1455 url.EffectiveIntPort());
1458 std::string GetHostAndOptionalPort(const GURL& url) {
1459 // For IPv6 literals, GURL::host() already includes the brackets
1460 // so it is safe to just append a colon.
1462 return base::StringPrintf("%s:%s", url.host().c_str(), url.port().c_str());
1466 bool IsHostnameNonUnique(const std::string& hostname) {
1467 // CanonicalizeHost requires surrounding brackets to parse an IPv6 address.
1468 const std::string host_or_ip = hostname.find(':') != std::string::npos ?
1469 "[" + hostname + "]" : hostname;
1470 url_canon::CanonHostInfo host_info;
1471 std::string canonical_name = CanonicalizeHost(host_or_ip, &host_info);
1473 // If canonicalization fails, then the input is truly malformed. However,
1474 // to avoid mis-reporting bad inputs as "non-unique", treat them as unique.
1475 if (canonical_name.empty())
1478 // If |hostname| is an IP address, check to see if it's in an IANA-reserved
1480 if (host_info.IsIPAddress()) {
1481 IPAddressNumber host_addr;
1482 if (!ParseIPLiteralToNumber(hostname.substr(host_info.out_host.begin,
1483 host_info.out_host.len),
1487 switch (host_info.family) {
1488 case url_canon::CanonHostInfo::IPV4:
1489 case url_canon::CanonHostInfo::IPV6:
1490 return IsIPAddressReserved(host_addr);
1491 case url_canon::CanonHostInfo::NEUTRAL:
1492 case url_canon::CanonHostInfo::BROKEN:
1497 // Check for a registry controlled portion of |hostname|, ignoring private
1498 // registries, as they already chain to ICANN-administered registries,
1499 // and explicitly ignoring unknown registries.
1501 // Note: This means that as new gTLDs are introduced on the Internet, they
1502 // will be treated as non-unique until the registry controlled domain list
1503 // is updated. However, because gTLDs are expected to provide significant
1504 // advance notice to deprecate older versions of this code, this an
1505 // acceptable tradeoff.
1506 return 0 == registry_controlled_domains::GetRegistryLength(
1508 registry_controlled_domains::EXCLUDE_UNKNOWN_REGISTRIES,
1509 registry_controlled_domains::EXCLUDE_PRIVATE_REGISTRIES);
1512 // Don't compare IPv4 and IPv6 addresses (they have different range
1513 // reservations). Keep separate reservation arrays for each IP type, and
1514 // consolidate adjacent reserved ranges within a reservation array when
1516 // Sources for info:
1517 // www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xhtml
1518 // www.iana.org/assignments/ipv6-address-space/ipv6-address-space.xhtml
1519 // They're formatted here with the prefix as the last element. For example:
1520 // 10.0.0.0/8 becomes 10,0,0,0,8 and fec0::/10 becomes 0xfe,0xc0,0,0,0...,10.
1521 bool IsIPAddressReserved(const IPAddressNumber& host_addr) {
1522 static const unsigned char kReservedIPv4[][5] = {
1523 { 0,0,0,0,8 }, { 10,0,0,0,8 }, { 100,64,0,0,10 }, { 127,0,0,0,8 },
1524 { 169,254,0,0,16 }, { 172,16,0,0,12 }, { 192,0,2,0,24 },
1525 { 192,88,99,0,24 }, { 192,168,0,0,16 }, { 198,18,0,0,15 },
1526 { 198,51,100,0,24 }, { 203,0,113,0,24 }, { 224,0,0,0,3 }
1528 static const unsigned char kReservedIPv6[][17] = {
1529 { 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8 },
1530 { 0x40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2 },
1531 { 0x80,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2 },
1532 { 0xc0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3 },
1533 { 0xe0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4 },
1534 { 0xf0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5 },
1535 { 0xf8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6 },
1536 { 0xfc,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7 },
1537 { 0xfe,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9 },
1538 { 0xfe,0x80,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10 },
1539 { 0xfe,0xc0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10 },
1541 size_t array_size = 0;
1542 const unsigned char* array = NULL;
1543 switch (host_addr.size()) {
1544 case kIPv4AddressSize:
1545 array_size = arraysize(kReservedIPv4);
1546 array = kReservedIPv4[0];
1548 case kIPv6AddressSize:
1549 array_size = arraysize(kReservedIPv6);
1550 array = kReservedIPv6[0];
1555 size_t width = host_addr.size() + 1;
1556 for (size_t i = 0; i < array_size; ++i, array += width) {
1557 if (IPNumberPrefixCheck(host_addr, array, array[width-1]))
1563 // Extracts the address and port portions of a sockaddr.
1564 bool GetIPAddressFromSockAddr(const struct sockaddr* sock_addr,
1565 socklen_t sock_addr_len,
1566 const uint8** address,
1567 size_t* address_len,
1569 if (sock_addr->sa_family == AF_INET) {
1570 if (sock_addr_len < static_cast<socklen_t>(sizeof(struct sockaddr_in)))
1572 const struct sockaddr_in* addr =
1573 reinterpret_cast<const struct sockaddr_in*>(sock_addr);
1574 *address = reinterpret_cast<const uint8*>(&addr->sin_addr);
1575 *address_len = kIPv4AddressSize;
1577 *port = base::NetToHost16(addr->sin_port);
1581 if (sock_addr->sa_family == AF_INET6) {
1582 if (sock_addr_len < static_cast<socklen_t>(sizeof(struct sockaddr_in6)))
1584 const struct sockaddr_in6* addr =
1585 reinterpret_cast<const struct sockaddr_in6*>(sock_addr);
1586 *address = reinterpret_cast<const unsigned char*>(&addr->sin6_addr);
1587 *address_len = kIPv6AddressSize;
1589 *port = base::NetToHost16(addr->sin6_port);
1593 return false; // Unrecognized |sa_family|.
1596 std::string IPAddressToString(const uint8* address,
1597 size_t address_len) {
1599 url_canon::StdStringCanonOutput output(&str);
1601 if (address_len == kIPv4AddressSize) {
1602 url_canon::AppendIPv4Address(address, &output);
1603 } else if (address_len == kIPv6AddressSize) {
1604 url_canon::AppendIPv6Address(address, &output);
1606 CHECK(false) << "Invalid IP address with length: " << address_len;
1613 std::string IPAddressToStringWithPort(const uint8* address,
1616 std::string address_str = IPAddressToString(address, address_len);
1618 if (address_len == kIPv6AddressSize) {
1619 // Need to bracket IPv6 addresses since they contain colons.
1620 return base::StringPrintf("[%s]:%d", address_str.c_str(), port);
1622 return base::StringPrintf("%s:%d", address_str.c_str(), port);
1625 std::string NetAddressToString(const struct sockaddr* sa,
1626 socklen_t sock_addr_len) {
1627 const uint8* address;
1629 if (!GetIPAddressFromSockAddr(sa, sock_addr_len, &address,
1630 &address_len, NULL)) {
1632 return std::string();
1634 return IPAddressToString(address, address_len);
1637 std::string NetAddressToStringWithPort(const struct sockaddr* sa,
1638 socklen_t sock_addr_len) {
1639 const uint8* address;
1642 if (!GetIPAddressFromSockAddr(sa, sock_addr_len, &address,
1643 &address_len, &port)) {
1645 return std::string();
1647 return IPAddressToStringWithPort(address, address_len, port);
1650 std::string IPAddressToString(const IPAddressNumber& addr) {
1651 return IPAddressToString(&addr.front(), addr.size());
1654 std::string IPAddressToStringWithPort(const IPAddressNumber& addr,
1656 return IPAddressToStringWithPort(&addr.front(), addr.size(), port);
1659 std::string IPAddressToPackedString(const IPAddressNumber& addr) {
1660 return std::string(reinterpret_cast<const char *>(&addr.front()),
1664 std::string GetHostName() {
1666 EnsureWinsockInit();
1669 // Host names are limited to 255 bytes.
1671 int result = gethostname(buffer, sizeof(buffer));
1673 DVLOG(1) << "gethostname() failed with " << result;
1676 return std::string(buffer);
1679 void GetIdentityFromURL(const GURL& url,
1680 base::string16* username,
1681 base::string16* password) {
1682 UnescapeRule::Type flags =
1683 UnescapeRule::SPACES | UnescapeRule::URL_SPECIAL_CHARS;
1684 *username = UnescapeAndDecodeUTF8URLComponent(url.username(), flags, NULL);
1685 *password = UnescapeAndDecodeUTF8URLComponent(url.password(), flags, NULL);
1688 std::string GetHostOrSpecFromURL(const GURL& url) {
1689 return url.has_host() ? TrimEndingDot(url.host()) : url.spec();
1692 void AppendFormattedHost(const GURL& url,
1693 const std::string& languages,
1694 base::string16* output) {
1696 AppendFormattedComponent(url.possibly_invalid_spec(),
1697 url.parsed_for_possibly_invalid_spec().host, offsets,
1698 HostComponentTransform(languages), output, NULL, NULL);
1701 base::string16 FormatUrlWithOffsets(
1703 const std::string& languages,
1704 FormatUrlTypes format_types,
1705 UnescapeRule::Type unescape_rules,
1706 url_parse::Parsed* new_parsed,
1708 Offsets* offsets_for_adjustment) {
1709 url_parse::Parsed parsed_temp;
1711 new_parsed = &parsed_temp;
1713 *new_parsed = url_parse::Parsed();
1714 Offsets original_offsets;
1715 if (offsets_for_adjustment)
1716 original_offsets = *offsets_for_adjustment;
1718 // Special handling for view-source:. Don't use content::kViewSourceScheme
1719 // because this library shouldn't depend on chrome.
1720 const char* const kViewSource = "view-source";
1721 // Reject "view-source:view-source:..." to avoid deep recursion.
1722 const char* const kViewSourceTwice = "view-source:view-source:";
1723 if (url.SchemeIs(kViewSource) &&
1724 !StartsWithASCII(url.possibly_invalid_spec(), kViewSourceTwice, false)) {
1725 return FormatViewSourceUrl(url, original_offsets, languages, format_types,
1726 unescape_rules, new_parsed, prefix_end,
1727 offsets_for_adjustment);
1730 // We handle both valid and invalid URLs (this will give us the spec
1731 // regardless of validity).
1732 const std::string& spec = url.possibly_invalid_spec();
1733 const url_parse::Parsed& parsed = url.parsed_for_possibly_invalid_spec();
1735 // Scheme & separators. These are ASCII.
1736 base::string16 url_string;
1737 url_string.insert(url_string.end(), spec.begin(),
1738 spec.begin() + parsed.CountCharactersBefore(url_parse::Parsed::USERNAME,
1740 const char kHTTP[] = "http://";
1741 const char kFTP[] = "ftp.";
1742 // URLFixerUpper::FixupURL() treats "ftp.foo.com" as ftp://ftp.foo.com. This
1743 // means that if we trim "http://" off a URL whose host starts with "ftp." and
1744 // the user inputs this into any field subject to fixup (which is basically
1745 // all input fields), the meaning would be changed. (In fact, often the
1746 // formatted URL is directly pre-filled into an input field.) For this reason
1747 // we avoid stripping "http://" in this case.
1748 bool omit_http = (format_types & kFormatUrlOmitHTTP) &&
1749 EqualsASCII(url_string, kHTTP) &&
1750 !StartsWithASCII(url.host(), kFTP, true);
1751 new_parsed->scheme = parsed.scheme;
1753 // Username & password.
1754 if ((format_types & kFormatUrlOmitUsernamePassword) != 0) {
1755 // Remove the username and password fields. We don't want to display those
1756 // to the user since they can be used for attacks,
1757 // e.g. "http://google.com:search@evil.ru/"
1758 new_parsed->username.reset();
1759 new_parsed->password.reset();
1760 // Update the offsets based on removed username and/or password.
1761 if (offsets_for_adjustment && !offsets_for_adjustment->empty() &&
1762 (parsed.username.is_nonempty() || parsed.password.is_nonempty())) {
1763 base::OffsetAdjuster offset_adjuster(offsets_for_adjustment);
1764 if (parsed.username.is_nonempty() && parsed.password.is_nonempty()) {
1765 // The seeming off-by-one and off-by-two in these first two lines are to
1766 // account for the ':' after the username and '@' after the password.
1767 offset_adjuster.Add(base::OffsetAdjuster::Adjustment(
1768 static_cast<size_t>(parsed.username.begin),
1769 static_cast<size_t>(parsed.username.len + parsed.password.len + 2),
1772 const url_parse::Component* nonempty_component =
1773 parsed.username.is_nonempty() ? &parsed.username : &parsed.password;
1774 // The seeming off-by-one in below is to account for the '@' after the
1775 // username/password.
1776 offset_adjuster.Add(base::OffsetAdjuster::Adjustment(
1777 static_cast<size_t>(nonempty_component->begin),
1778 static_cast<size_t>(nonempty_component->len + 1), 0));
1782 AppendFormattedComponent(spec, parsed.username, original_offsets,
1783 NonHostComponentTransform(unescape_rules), &url_string,
1784 &new_parsed->username, offsets_for_adjustment);
1785 if (parsed.password.is_valid())
1786 url_string.push_back(':');
1787 AppendFormattedComponent(spec, parsed.password, original_offsets,
1788 NonHostComponentTransform(unescape_rules), &url_string,
1789 &new_parsed->password, offsets_for_adjustment);
1790 if (parsed.username.is_valid() || parsed.password.is_valid())
1791 url_string.push_back('@');
1794 *prefix_end = static_cast<size_t>(url_string.length());
1797 AppendFormattedComponent(spec, parsed.host, original_offsets,
1798 HostComponentTransform(languages), &url_string, &new_parsed->host,
1799 offsets_for_adjustment);
1802 if (parsed.port.is_nonempty()) {
1803 url_string.push_back(':');
1804 new_parsed->port.begin = url_string.length();
1805 url_string.insert(url_string.end(),
1806 spec.begin() + parsed.port.begin,
1807 spec.begin() + parsed.port.end());
1808 new_parsed->port.len = url_string.length() - new_parsed->port.begin;
1810 new_parsed->port.reset();
1813 // Path & query. Both get the same general unescape & convert treatment.
1814 if (!(format_types & kFormatUrlOmitTrailingSlashOnBareHostname) ||
1815 !CanStripTrailingSlash(url)) {
1816 AppendFormattedComponent(spec, parsed.path, original_offsets,
1817 NonHostComponentTransform(unescape_rules), &url_string,
1818 &new_parsed->path, offsets_for_adjustment);
1820 base::OffsetAdjuster offset_adjuster(offsets_for_adjustment);
1821 offset_adjuster.Add(base::OffsetAdjuster::Adjustment(
1822 url_string.length(), parsed.path.len, 0));
1824 if (parsed.query.is_valid())
1825 url_string.push_back('?');
1826 AppendFormattedComponent(spec, parsed.query, original_offsets,
1827 NonHostComponentTransform(unescape_rules), &url_string,
1828 &new_parsed->query, offsets_for_adjustment);
1830 // Ref. This is valid, unescaped UTF-8, so we can just convert.
1831 if (parsed.ref.is_valid())
1832 url_string.push_back('#');
1833 AppendFormattedComponent(spec, parsed.ref, original_offsets,
1834 NonHostComponentTransform(UnescapeRule::NONE), &url_string,
1835 &new_parsed->ref, offsets_for_adjustment);
1837 // If we need to strip out http do it after the fact. This way we don't need
1838 // to worry about how offset_for_adjustment is interpreted.
1839 if (omit_http && StartsWith(url_string, ASCIIToUTF16(kHTTP), true)) {
1840 const size_t kHTTPSize = arraysize(kHTTP) - 1;
1841 url_string = url_string.substr(kHTTPSize);
1842 if (offsets_for_adjustment && !offsets_for_adjustment->empty()) {
1843 base::OffsetAdjuster offset_adjuster(offsets_for_adjustment);
1844 offset_adjuster.Add(base::OffsetAdjuster::Adjustment(0, kHTTPSize, 0));
1847 *prefix_end -= kHTTPSize;
1849 // Adjust new_parsed.
1850 DCHECK(new_parsed->scheme.is_valid());
1851 int delta = -(new_parsed->scheme.len + 3); // +3 for ://.
1852 new_parsed->scheme.reset();
1853 AdjustAllComponentsButScheme(delta, new_parsed);
1856 LimitOffsets(url_string, offsets_for_adjustment);
1860 base::string16 FormatUrl(const GURL& url,
1861 const std::string& languages,
1862 FormatUrlTypes format_types,
1863 UnescapeRule::Type unescape_rules,
1864 url_parse::Parsed* new_parsed,
1866 size_t* offset_for_adjustment) {
1868 if (offset_for_adjustment)
1869 offsets.push_back(*offset_for_adjustment);
1870 base::string16 result = FormatUrlWithOffsets(url, languages, format_types,
1871 unescape_rules, new_parsed, prefix_end, &offsets);
1872 if (offset_for_adjustment)
1873 *offset_for_adjustment = offsets[0];
1877 bool CanStripTrailingSlash(const GURL& url) {
1878 // Omit the path only for standard, non-file URLs with nothing but "/" after
1880 return url.IsStandard() && !url.SchemeIsFile() &&
1881 !url.SchemeIsFileSystem() && !url.has_query() && !url.has_ref()
1882 && url.path() == "/";
1885 GURL SimplifyUrlForRequest(const GURL& url) {
1886 DCHECK(url.is_valid());
1887 GURL::Replacements replacements;
1888 replacements.ClearUsername();
1889 replacements.ClearPassword();
1890 replacements.ClearRef();
1891 return url.ReplaceComponents(replacements);
1894 // Specifies a comma separated list of port numbers that should be accepted
1895 // despite bans. If the string is invalid no allowed ports are stored.
1896 void SetExplicitlyAllowedPorts(const std::string& allowed_ports) {
1897 if (allowed_ports.empty())
1900 std::multiset<int> ports;
1902 size_t size = allowed_ports.size();
1903 // The comma delimiter.
1904 const std::string::value_type kComma = ',';
1906 // Overflow is still possible for evil user inputs.
1907 for (size_t i = 0; i <= size; ++i) {
1908 // The string should be composed of only digits and commas.
1909 if (i != size && !IsAsciiDigit(allowed_ports[i]) &&
1910 (allowed_ports[i] != kComma))
1912 if (i == size || allowed_ports[i] == kComma) {
1915 base::StringToInt(base::StringPiece(allowed_ports.begin() + last,
1916 allowed_ports.begin() + i),
1923 g_explicitly_allowed_ports.Get() = ports;
1926 ScopedPortException::ScopedPortException(int port) : port_(port) {
1927 g_explicitly_allowed_ports.Get().insert(port);
1930 ScopedPortException::~ScopedPortException() {
1931 std::multiset<int>::iterator it =
1932 g_explicitly_allowed_ports.Get().find(port_);
1933 if (it != g_explicitly_allowed_ports.Get().end())
1934 g_explicitly_allowed_ports.Get().erase(it);
1939 bool HaveOnlyLoopbackAddresses() {
1940 #if defined(OS_ANDROID)
1941 return android::HaveOnlyLoopbackAddresses();
1942 #elif defined(OS_POSIX)
1943 struct ifaddrs* interface_addr = NULL;
1944 int rv = getifaddrs(&interface_addr);
1946 DVLOG(1) << "getifaddrs() failed with errno = " << errno;
1951 for (struct ifaddrs* interface = interface_addr;
1953 interface = interface->ifa_next) {
1954 if (!(IFF_UP & interface->ifa_flags))
1956 if (IFF_LOOPBACK & interface->ifa_flags)
1958 const struct sockaddr* addr = interface->ifa_addr;
1961 if (addr->sa_family == AF_INET6) {
1962 // Safe cast since this is AF_INET6.
1963 const struct sockaddr_in6* addr_in6 =
1964 reinterpret_cast<const struct sockaddr_in6*>(addr);
1965 const struct in6_addr* sin6_addr = &addr_in6->sin6_addr;
1966 if (IN6_IS_ADDR_LOOPBACK(sin6_addr) || IN6_IS_ADDR_LINKLOCAL(sin6_addr))
1969 if (addr->sa_family != AF_INET6 && addr->sa_family != AF_INET)
1975 freeifaddrs(interface_addr);
1977 #elif defined(OS_WIN)
1978 // TODO(wtc): implement with the GetAdaptersAddresses function.
1984 #endif // defined(various platforms)
1987 AddressFamily GetAddressFamily(const IPAddressNumber& address) {
1988 switch (address.size()) {
1989 case kIPv4AddressSize:
1990 return ADDRESS_FAMILY_IPV4;
1991 case kIPv6AddressSize:
1992 return ADDRESS_FAMILY_IPV6;
1994 return ADDRESS_FAMILY_UNSPECIFIED;
1998 int ConvertAddressFamily(AddressFamily address_family) {
1999 switch (address_family) {
2000 case ADDRESS_FAMILY_UNSPECIFIED:
2002 case ADDRESS_FAMILY_IPV4:
2004 case ADDRESS_FAMILY_IPV6:
2011 bool ParseIPLiteralToNumber(const std::string& ip_literal,
2012 IPAddressNumber* ip_number) {
2013 // |ip_literal| could be either a IPv4 or an IPv6 literal. If it contains
2014 // a colon however, it must be an IPv6 address.
2015 if (ip_literal.find(':') != std::string::npos) {
2016 // GURL expects IPv6 hostnames to be surrounded with brackets.
2017 std::string host_brackets = "[" + ip_literal + "]";
2018 url_parse::Component host_comp(0, host_brackets.size());
2020 // Try parsing the hostname as an IPv6 literal.
2021 ip_number->resize(16); // 128 bits.
2022 return url_canon::IPv6AddressToNumber(host_brackets.data(),
2027 // Otherwise the string is an IPv4 address.
2028 ip_number->resize(4); // 32 bits.
2029 url_parse::Component host_comp(0, ip_literal.size());
2031 url_canon::CanonHostInfo::Family family = url_canon::IPv4AddressToNumber(
2032 ip_literal.data(), host_comp, &(*ip_number)[0], &num_components);
2033 return family == url_canon::CanonHostInfo::IPV4;
2038 const unsigned char kIPv4MappedPrefix[] =
2039 { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF };
2042 IPAddressNumber ConvertIPv4NumberToIPv6Number(
2043 const IPAddressNumber& ipv4_number) {
2044 DCHECK(ipv4_number.size() == 4);
2046 // IPv4-mapped addresses are formed by:
2047 // <80 bits of zeros> + <16 bits of ones> + <32-bit IPv4 address>.
2048 IPAddressNumber ipv6_number;
2049 ipv6_number.reserve(16);
2050 ipv6_number.insert(ipv6_number.end(),
2052 kIPv4MappedPrefix + arraysize(kIPv4MappedPrefix));
2053 ipv6_number.insert(ipv6_number.end(), ipv4_number.begin(), ipv4_number.end());
2057 bool IsIPv4Mapped(const IPAddressNumber& address) {
2058 if (address.size() != kIPv6AddressSize)
2060 return std::equal(address.begin(),
2061 address.begin() + arraysize(kIPv4MappedPrefix),
2065 IPAddressNumber ConvertIPv4MappedToIPv4(const IPAddressNumber& address) {
2066 DCHECK(IsIPv4Mapped(address));
2067 return IPAddressNumber(address.begin() + arraysize(kIPv4MappedPrefix),
2071 bool ParseCIDRBlock(const std::string& cidr_literal,
2072 IPAddressNumber* ip_number,
2073 size_t* prefix_length_in_bits) {
2074 // We expect CIDR notation to match one of these two templates:
2075 // <IPv4-literal> "/" <number of bits>
2076 // <IPv6-literal> "/" <number of bits>
2078 std::vector<std::string> parts;
2079 base::SplitString(cidr_literal, '/', &parts);
2080 if (parts.size() != 2)
2083 // Parse the IP address.
2084 if (!ParseIPLiteralToNumber(parts[0], ip_number))
2087 // Parse the prefix length.
2088 int number_of_bits = -1;
2089 if (!base::StringToInt(parts[1], &number_of_bits))
2092 // Make sure the prefix length is in a valid range.
2093 if (number_of_bits < 0 ||
2094 number_of_bits > static_cast<int>(ip_number->size() * 8))
2097 *prefix_length_in_bits = static_cast<size_t>(number_of_bits);
2101 bool IPNumberMatchesPrefix(const IPAddressNumber& ip_number,
2102 const IPAddressNumber& ip_prefix,
2103 size_t prefix_length_in_bits) {
2104 // Both the input IP address and the prefix IP address should be
2105 // either IPv4 or IPv6.
2106 DCHECK(ip_number.size() == 4 || ip_number.size() == 16);
2107 DCHECK(ip_prefix.size() == 4 || ip_prefix.size() == 16);
2109 DCHECK_LE(prefix_length_in_bits, ip_prefix.size() * 8);
2111 // In case we have an IPv6 / IPv4 mismatch, convert the IPv4 addresses to
2112 // IPv6 addresses in order to do the comparison.
2113 if (ip_number.size() != ip_prefix.size()) {
2114 if (ip_number.size() == 4) {
2115 return IPNumberMatchesPrefix(ConvertIPv4NumberToIPv6Number(ip_number),
2116 ip_prefix, prefix_length_in_bits);
2118 return IPNumberMatchesPrefix(ip_number,
2119 ConvertIPv4NumberToIPv6Number(ip_prefix),
2120 96 + prefix_length_in_bits);
2123 return IPNumberPrefixCheck(ip_number, &ip_prefix[0], prefix_length_in_bits);
2126 const uint16* GetPortFieldFromSockaddr(const struct sockaddr* address,
2127 socklen_t address_len) {
2128 if (address->sa_family == AF_INET) {
2129 DCHECK_LE(sizeof(sockaddr_in), static_cast<size_t>(address_len));
2130 const struct sockaddr_in* sockaddr =
2131 reinterpret_cast<const struct sockaddr_in*>(address);
2132 return &sockaddr->sin_port;
2133 } else if (address->sa_family == AF_INET6) {
2134 DCHECK_LE(sizeof(sockaddr_in6), static_cast<size_t>(address_len));
2135 const struct sockaddr_in6* sockaddr =
2136 reinterpret_cast<const struct sockaddr_in6*>(address);
2137 return &sockaddr->sin6_port;
2144 int GetPortFromSockaddr(const struct sockaddr* address, socklen_t address_len) {
2145 const uint16* port_field = GetPortFieldFromSockaddr(address, address_len);
2148 return base::NetToHost16(*port_field);
2151 bool IsLocalhost(const std::string& host) {
2152 if (host == "localhost" ||
2153 host == "localhost.localdomain" ||
2154 host == "localhost6" ||
2155 host == "localhost6.localdomain6")
2158 IPAddressNumber ip_number;
2159 if (ParseIPLiteralToNumber(host, &ip_number)) {
2160 size_t size = ip_number.size();
2162 case kIPv4AddressSize: {
2163 IPAddressNumber localhost_prefix;
2164 localhost_prefix.push_back(127);
2165 for (int i = 0; i < 3; ++i) {
2166 localhost_prefix.push_back(0);
2168 return IPNumberMatchesPrefix(ip_number, localhost_prefix, 8);
2171 case kIPv6AddressSize: {
2172 struct in6_addr sin6_addr;
2173 memcpy(&sin6_addr, &ip_number[0], kIPv6AddressSize);
2174 return !!IN6_IS_ADDR_LOOPBACK(&sin6_addr);
2185 NetworkInterface::NetworkInterface() : network_prefix(0) {
2188 NetworkInterface::NetworkInterface(const std::string& name,
2189 const IPAddressNumber& address,
2190 size_t network_prefix)
2191 : name(name), address(address), network_prefix(network_prefix) {
2194 NetworkInterface::~NetworkInterface() {
2197 unsigned CommonPrefixLength(const IPAddressNumber& a1,
2198 const IPAddressNumber& a2) {
2199 DCHECK_EQ(a1.size(), a2.size());
2200 for (size_t i = 0; i < a1.size(); ++i) {
2201 unsigned diff = a1[i] ^ a2[i];
2204 for (unsigned j = 0; j < CHAR_BIT; ++j) {
2205 if (diff & (1 << (CHAR_BIT - 1)))
2206 return i * CHAR_BIT + j;
2211 return a1.size() * CHAR_BIT;
2214 unsigned MaskPrefixLength(const IPAddressNumber& mask) {
2215 IPAddressNumber all_ones(mask.size(), 0xFF);
2216 return CommonPrefixLength(mask, all_ones);