xref: /netbsd-src/external/bsd/libevent/dist/sample/hostcheck.c (revision bdc22b2e01993381dcefeff2bc9b56ca75a4235c) 
1 /*	$NetBSD: hostcheck.c,v 1.1.1.1 2017/01/31 21:14:53 christos Exp $	*/
2 /***************************************************************************
3  *                                  _   _ ____  _
4  *  Project                     ___| | | |  _ \| |
5  *                             / __| | | | |_) | |
6  *                            | (__| |_| |  _ <| |___
7  *                             \___|\___/|_| \_\_____|
8  *
9  * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
10  *
11  * This software is licensed as described in the file COPYING, which
12  * you should have received as part of this distribution. The terms
13  * are also available at http://curl.haxx.se/docs/copyright.html.
14  *
15  * You may opt to use, copy, modify, merge, publish, distribute and/or sell
16  * copies of the Software, and permit persons to whom the Software is
17  * furnished to do so, under the terms of the COPYING file.
18  *
19  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
20  * KIND, either express or implied.
21  *
22  ***************************************************************************/
23 
24 /* This file is an amalgamation of hostcheck.c and most of rawstr.c
25    from cURL.  The contents of the COPYING file mentioned above are:
26 
27 COPYRIGHT AND PERMISSION NOTICE
28 
29 Copyright (c) 1996 - 2013, Daniel Stenberg, <daniel@haxx.se>.
30 
31 All rights reserved.
32 
33 Permission to use, copy, modify, and distribute this software for any purpose
34 with or without fee is hereby granted, provided that the above copyright
35 notice and this permission notice appear in all copies.
36 
37 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
38 IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
39 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. IN
40 NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
41 DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
42 OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE
43 OR OTHER DEALINGS IN THE SOFTWARE.
44 
45 Except as contained in this notice, the name of a copyright holder shall not
46 be used in advertising or otherwise to promote the sale, use or other dealings
47 in this Software without prior written authorization of the copyright holder.
48 */
49 
50 #include "hostcheck.h"
51 #include <string.h>
52 
53 /* Portable, consistent toupper (remember EBCDIC). Do not use toupper() because
54    its behavior is altered by the current locale. */
55 static char Curl_raw_toupper(char in)
56 {
57   switch (in) {
58   case 'a':
59     return 'A';
60   case 'b':
61     return 'B';
62   case 'c':
63     return 'C';
64   case 'd':
65     return 'D';
66   case 'e':
67     return 'E';
68   case 'f':
69     return 'F';
70   case 'g':
71     return 'G';
72   case 'h':
73     return 'H';
74   case 'i':
75     return 'I';
76   case 'j':
77     return 'J';
78   case 'k':
79     return 'K';
80   case 'l':
81     return 'L';
82   case 'm':
83     return 'M';
84   case 'n':
85     return 'N';
86   case 'o':
87     return 'O';
88   case 'p':
89     return 'P';
90   case 'q':
91     return 'Q';
92   case 'r':
93     return 'R';
94   case 's':
95     return 'S';
96   case 't':
97     return 'T';
98   case 'u':
99     return 'U';
100   case 'v':
101     return 'V';
102   case 'w':
103     return 'W';
104   case 'x':
105     return 'X';
106   case 'y':
107     return 'Y';
108   case 'z':
109     return 'Z';
110   }
111   return in;
112 }
113 
114 /*
115  * Curl_raw_equal() is for doing "raw" case insensitive strings. This is meant
116  * to be locale independent and only compare strings we know are safe for
117  * this.  See http://daniel.haxx.se/blog/2008/10/15/strcasecmp-in-turkish/ for
118  * some further explanation to why this function is necessary.
119  *
120  * The function is capable of comparing a-z case insensitively even for
121  * non-ascii.
122  */
123 
124 static int Curl_raw_equal(const char *first, const char *second)
125 {
126   while(*first && *second) {
127     if(Curl_raw_toupper(*first) != Curl_raw_toupper(*second))
128       /* get out of the loop as soon as they don't match */
129       break;
130     first++;
131     second++;
132   }
133   /* we do the comparison here (possibly again), just to make sure that if the
134      loop above is skipped because one of the strings reached zero, we must not
135      return this as a successful match */
136   return (Curl_raw_toupper(*first) == Curl_raw_toupper(*second));
137 }
138 
139 static int Curl_raw_nequal(const char *first, const char *second, size_t max)
140 {
141   while(*first && *second && max) {
142     if(Curl_raw_toupper(*first) != Curl_raw_toupper(*second)) {
143       break;
144     }
145     max--;
146     first++;
147     second++;
148   }
149   if(0 == max)
150     return 1; /* they are equal this far */
151 
152   return Curl_raw_toupper(*first) == Curl_raw_toupper(*second);
153 }
154 
155 /*
156  * Match a hostname against a wildcard pattern.
157  * E.g.
158  *  "foo.host.com" matches "*.host.com".
159  *
160  * We use the matching rule described in RFC6125, section 6.4.3.
161  * http://tools.ietf.org/html/rfc6125#section-6.4.3
162  */
163 
164 static int hostmatch(const char *hostname, const char *pattern)
165 {
166   const char *pattern_label_end, *pattern_wildcard, *hostname_label_end;
167   int wildcard_enabled;
168   size_t prefixlen, suffixlen;
169   pattern_wildcard = strchr(pattern, '*');
170   if(pattern_wildcard == NULL)
171     return Curl_raw_equal(pattern, hostname) ?
172       CURL_HOST_MATCH : CURL_HOST_NOMATCH;
173 
174   /* We require at least 2 dots in pattern to avoid too wide wildcard
175      match. */
176   wildcard_enabled = 1;
177   pattern_label_end = strchr(pattern, '.');
178   if(pattern_label_end == NULL || strchr(pattern_label_end+1, '.') == NULL ||
179      pattern_wildcard > pattern_label_end ||
180      Curl_raw_nequal(pattern, "xn--", 4)) {
181     wildcard_enabled = 0;
182   }
183   if(!wildcard_enabled)
184     return Curl_raw_equal(pattern, hostname) ?
185       CURL_HOST_MATCH : CURL_HOST_NOMATCH;
186 
187   hostname_label_end = strchr(hostname, '.');
188   if(hostname_label_end == NULL ||
189      !Curl_raw_equal(pattern_label_end, hostname_label_end))
190     return CURL_HOST_NOMATCH;
191 
192   /* The wildcard must match at least one character, so the left-most
193      label of the hostname is at least as large as the left-most label
194      of the pattern. */
195   if(hostname_label_end - hostname < pattern_label_end - pattern)
196     return CURL_HOST_NOMATCH;
197 
198   prefixlen = pattern_wildcard - pattern;
199   suffixlen = pattern_label_end - (pattern_wildcard+1);
200   return Curl_raw_nequal(pattern, hostname, prefixlen) &&
201     Curl_raw_nequal(pattern_wildcard+1, hostname_label_end - suffixlen,
202                     suffixlen) ?
203     CURL_HOST_MATCH : CURL_HOST_NOMATCH;
204 }
205 
206 int Curl_cert_hostcheck(const char *match_pattern, const char *hostname)
207 {
208   if(!match_pattern || !*match_pattern ||
209       !hostname || !*hostname) /* sanity check */
210     return 0;
211 
212   if(Curl_raw_equal(hostname, match_pattern)) /* trivial case */
213     return 1;
214 
215   if(hostmatch(hostname,match_pattern) == CURL_HOST_MATCH)
216     return 1;
217   return 0;
218 }
219