2
0

noproxy.c 6.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248
  1. /***************************************************************************
  2. * _ _ ____ _
  3. * Project ___| | | | _ \| |
  4. * / __| | | | |_) | |
  5. * | (__| |_| | _ <| |___
  6. * \___|\___/|_| \_\_____|
  7. *
  8. * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
  9. *
  10. * This software is licensed as described in the file COPYING, which
  11. * you should have received as part of this distribution. The terms
  12. * are also available at https://curl.se/docs/copyright.html.
  13. *
  14. * You may opt to use, copy, modify, merge, publish, distribute and/or sell
  15. * copies of the Software, and permit persons to whom the Software is
  16. * furnished to do so, under the terms of the COPYING file.
  17. *
  18. * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  19. * KIND, either express or implied.
  20. *
  21. * SPDX-License-Identifier: curl
  22. *
  23. ***************************************************************************/
  24. #include "curl_setup.h"
  25. #ifndef CURL_DISABLE_PROXY
  26. #include "inet_pton.h"
  27. #include "strcase.h"
  28. #include "noproxy.h"
  29. #ifdef HAVE_NETINET_IN_H
  30. #include <netinet/in.h>
  31. #endif
  32. #ifdef HAVE_ARPA_INET_H
  33. #include <arpa/inet.h>
  34. #endif
  35. /*
  36. * Curl_cidr4_match() returns TRUE if the given IPv4 address is within the
  37. * specified CIDR address range.
  38. */
  39. UNITTEST bool Curl_cidr4_match(const char *ipv4, /* 1.2.3.4 address */
  40. const char *network, /* 1.2.3.4 address */
  41. unsigned int bits)
  42. {
  43. unsigned int address = 0;
  44. unsigned int check = 0;
  45. if(bits > 32)
  46. /* strange input */
  47. return FALSE;
  48. if(1 != Curl_inet_pton(AF_INET, ipv4, &address))
  49. return FALSE;
  50. if(1 != Curl_inet_pton(AF_INET, network, &check))
  51. return FALSE;
  52. if(bits && (bits != 32)) {
  53. unsigned int mask = 0xffffffff << (32 - bits);
  54. unsigned int haddr = htonl(address);
  55. unsigned int hcheck = htonl(check);
  56. #if 0
  57. fprintf(stderr, "Host %s (%x) network %s (%x) bits %u mask %x => %x\n",
  58. ipv4, haddr, network, hcheck, bits, mask,
  59. (haddr ^ hcheck) & mask);
  60. #endif
  61. if((haddr ^ hcheck) & mask)
  62. return FALSE;
  63. return TRUE;
  64. }
  65. return (address == check);
  66. }
  67. UNITTEST bool Curl_cidr6_match(const char *ipv6,
  68. const char *network,
  69. unsigned int bits)
  70. {
  71. #ifdef ENABLE_IPV6
  72. int bytes;
  73. int rest;
  74. unsigned char address[16];
  75. unsigned char check[16];
  76. if(!bits)
  77. bits = 128;
  78. bytes = bits/8;
  79. rest = bits & 0x07;
  80. if(1 != Curl_inet_pton(AF_INET6, ipv6, address))
  81. return FALSE;
  82. if(1 != Curl_inet_pton(AF_INET6, network, check))
  83. return FALSE;
  84. if((bytes > 16) || ((bytes == 16) && rest))
  85. return FALSE;
  86. if(bytes && memcmp(address, check, bytes))
  87. return FALSE;
  88. if(rest && !((address[bytes] ^ check[bytes]) & (0xff << (8 - rest))))
  89. return FALSE;
  90. return TRUE;
  91. #else
  92. (void)ipv6;
  93. (void)network;
  94. (void)bits;
  95. return FALSE;
  96. #endif
  97. }
  98. enum nametype {
  99. TYPE_HOST,
  100. TYPE_IPV4,
  101. TYPE_IPV6
  102. };
  103. /****************************************************************
  104. * Checks if the host is in the noproxy list. returns TRUE if it matches and
  105. * therefore the proxy should NOT be used.
  106. ****************************************************************/
  107. bool Curl_check_noproxy(const char *name, const char *no_proxy)
  108. {
  109. /* no_proxy=domain1.dom,host.domain2.dom
  110. * (a comma-separated list of hosts which should
  111. * not be proxied, or an asterisk to override
  112. * all proxy variables)
  113. */
  114. if(no_proxy && no_proxy[0]) {
  115. const char *p = no_proxy;
  116. size_t namelen;
  117. enum nametype type = TYPE_HOST;
  118. char hostip[128];
  119. if(!strcmp("*", no_proxy))
  120. return TRUE;
  121. /* NO_PROXY was specified and it wasn't just an asterisk */
  122. if(name[0] == '[') {
  123. char *endptr;
  124. /* IPv6 numerical address */
  125. endptr = strchr(name, ']');
  126. if(!endptr)
  127. return FALSE;
  128. name++;
  129. namelen = endptr - name;
  130. if(namelen >= sizeof(hostip))
  131. return FALSE;
  132. memcpy(hostip, name, namelen);
  133. hostip[namelen] = 0;
  134. name = hostip;
  135. type = TYPE_IPV6;
  136. }
  137. else {
  138. unsigned int address;
  139. namelen = strlen(name);
  140. if(1 == Curl_inet_pton(AF_INET, name, &address))
  141. type = TYPE_IPV4;
  142. else {
  143. /* ignore trailing dots in the host name */
  144. if(name[namelen - 1] == '.')
  145. namelen--;
  146. }
  147. }
  148. while(*p) {
  149. const char *token;
  150. size_t tokenlen = 0;
  151. bool match = FALSE;
  152. /* pass blanks */
  153. while(*p && ISBLANK(*p))
  154. p++;
  155. token = p;
  156. /* pass over the pattern */
  157. while(*p && !ISBLANK(*p) && (*p != ',')) {
  158. p++;
  159. tokenlen++;
  160. }
  161. if(tokenlen) {
  162. switch(type) {
  163. case TYPE_HOST:
  164. /* ignore trailing dots in the token to check */
  165. if(token[tokenlen - 1] == '.')
  166. tokenlen--;
  167. if(tokenlen && (*token == '.')) {
  168. /* ignore leading token dot as well */
  169. token++;
  170. tokenlen--;
  171. }
  172. /* A: example.com matches 'example.com'
  173. B: www.example.com matches 'example.com'
  174. C: nonexample.com DOES NOT match 'example.com'
  175. */
  176. if(tokenlen == namelen)
  177. /* case A, exact match */
  178. match = strncasecompare(token, name, namelen);
  179. else if(tokenlen < namelen) {
  180. /* case B, tailmatch domain */
  181. match = (name[namelen - tokenlen - 1] == '.') &&
  182. strncasecompare(token, name + (namelen - tokenlen),
  183. tokenlen);
  184. }
  185. /* case C passes through, not a match */
  186. break;
  187. case TYPE_IPV4:
  188. /* FALLTHROUGH */
  189. case TYPE_IPV6: {
  190. const char *check = token;
  191. char *slash;
  192. unsigned int bits = 0;
  193. char checkip[128];
  194. if(tokenlen >= sizeof(checkip))
  195. /* this cannot match */
  196. break;
  197. /* copy the check name to a temp buffer */
  198. memcpy(checkip, check, tokenlen);
  199. checkip[tokenlen] = 0;
  200. check = checkip;
  201. slash = strchr(check, '/');
  202. /* if the slash is part of this token, use it */
  203. if(slash) {
  204. bits = atoi(slash + 1);
  205. *slash = 0; /* null terminate there */
  206. }
  207. if(type == TYPE_IPV6)
  208. match = Curl_cidr6_match(name, check, bits);
  209. else
  210. match = Curl_cidr4_match(name, check, bits);
  211. break;
  212. }
  213. }
  214. if(match)
  215. return TRUE;
  216. } /* if(tokenlen) */
  217. while(*p == ',')
  218. p++;
  219. } /* while(*p) */
  220. } /* NO_PROXY was specified and it wasn't just an asterisk */
  221. return FALSE;
  222. }
  223. #endif /* CURL_DISABLE_PROXY */