xref: /freebsd/contrib/ntp/sntp/libevent/sample/hostcheck.c (revision 4543ef516683042d46f3bd3bb8a4f3f746e00499)
1 /***************************************************************************
2  *                                  _   _ ____  _
3  *  Project                     ___| | | |  _ \| |
4  *                             / __| | | | |_) | |
5  *                            | (__| |_| |  _ <| |___
6  *                             \___|\___/|_| \_\_____|
7  *
8  * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
9  *
10  * This software is licensed as described in the file COPYING, which
11  * you should have received as part of this distribution. The terms
12  * are also available at http://curl.haxx.se/docs/copyright.html.
13  *
14  * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15  * copies of the Software, and permit persons to whom the Software is
16  * furnished to do so, under the terms of the COPYING file.
17  *
18  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19  * KIND, either express or implied.
20  *
21  ***************************************************************************/
22 
23 /* This file is an amalgamation of hostcheck.c and most of rawstr.c
24    from cURL.  The contents of the COPYING file mentioned above are:
25 
26 COPYRIGHT AND PERMISSION NOTICE
27 
28 Copyright (c) 1996 - 2013, Daniel Stenberg, <daniel@haxx.se>.
29 
30 All rights reserved.
31 
32 Permission to use, copy, modify, and distribute this software for any purpose
33 with or without fee is hereby granted, provided that the above copyright
34 notice and this permission notice appear in all copies.
35 
36 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
37 IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
38 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. IN
39 NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
40 DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
41 OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE
42 OR OTHER DEALINGS IN THE SOFTWARE.
43 
44 Except as contained in this notice, the name of a copyright holder shall not
45 be used in advertising or otherwise to promote the sale, use or other dealings
46 in this Software without prior written authorization of the copyright holder.
47 */
48 
49 #include "hostcheck.h"
50 #include <string.h>
51 
52 /* Portable, consistent toupper (remember EBCDIC). Do not use toupper() because
53    its behavior is altered by the current locale. */
54 static char Curl_raw_toupper(char in)
55 {
56   switch (in) {
57   case 'a':
58     return 'A';
59   case 'b':
60     return 'B';
61   case 'c':
62     return 'C';
63   case 'd':
64     return 'D';
65   case 'e':
66     return 'E';
67   case 'f':
68     return 'F';
69   case 'g':
70     return 'G';
71   case 'h':
72     return 'H';
73   case 'i':
74     return 'I';
75   case 'j':
76     return 'J';
77   case 'k':
78     return 'K';
79   case 'l':
80     return 'L';
81   case 'm':
82     return 'M';
83   case 'n':
84     return 'N';
85   case 'o':
86     return 'O';
87   case 'p':
88     return 'P';
89   case 'q':
90     return 'Q';
91   case 'r':
92     return 'R';
93   case 's':
94     return 'S';
95   case 't':
96     return 'T';
97   case 'u':
98     return 'U';
99   case 'v':
100     return 'V';
101   case 'w':
102     return 'W';
103   case 'x':
104     return 'X';
105   case 'y':
106     return 'Y';
107   case 'z':
108     return 'Z';
109   }
110   return in;
111 }
112 
113 /*
114  * Curl_raw_equal() is for doing "raw" case insensitive strings. This is meant
115  * to be locale independent and only compare strings we know are safe for
116  * this.  See http://daniel.haxx.se/blog/2008/10/15/strcasecmp-in-turkish/ for
117  * some further explanation to why this function is necessary.
118  *
119  * The function is capable of comparing a-z case insensitively even for
120  * non-ascii.
121  */
122 
123 static int Curl_raw_equal(const char *first, const char *second)
124 {
125   while(*first && *second) {
126     if(Curl_raw_toupper(*first) != Curl_raw_toupper(*second))
127       /* get out of the loop as soon as they don't match */
128       break;
129     first++;
130     second++;
131   }
132   /* we do the comparison here (possibly again), just to make sure that if the
133      loop above is skipped because one of the strings reached zero, we must not
134      return this as a successful match */
135   return (Curl_raw_toupper(*first) == Curl_raw_toupper(*second));
136 }
137 
138 static int Curl_raw_nequal(const char *first, const char *second, size_t max)
139 {
140   while(*first && *second && max) {
141     if(Curl_raw_toupper(*first) != Curl_raw_toupper(*second)) {
142       break;
143     }
144     max--;
145     first++;
146     second++;
147   }
148   if(0 == max)
149     return 1; /* they are equal this far */
150 
151   return Curl_raw_toupper(*first) == Curl_raw_toupper(*second);
152 }
153 
154 /*
155  * Match a hostname against a wildcard pattern.
156  * E.g.
157  *  "foo.host.com" matches "*.host.com".
158  *
159  * We use the matching rule described in RFC6125, section 6.4.3.
160  * http://tools.ietf.org/html/rfc6125#section-6.4.3
161  */
162 
163 static int hostmatch(const char *hostname, const char *pattern)
164 {
165   const char *pattern_label_end, *pattern_wildcard, *hostname_label_end;
166   int wildcard_enabled;
167   size_t prefixlen, suffixlen;
168   pattern_wildcard = strchr(pattern, '*');
169   if(pattern_wildcard == NULL)
170     return Curl_raw_equal(pattern, hostname) ?
171       CURL_HOST_MATCH : CURL_HOST_NOMATCH;
172 
173   /* We require at least 2 dots in pattern to avoid too wide wildcard
174      match. */
175   wildcard_enabled = 1;
176   pattern_label_end = strchr(pattern, '.');
177   if(pattern_label_end == NULL || strchr(pattern_label_end+1, '.') == NULL ||
178      pattern_wildcard > pattern_label_end ||
179      Curl_raw_nequal(pattern, "xn--", 4)) {
180     wildcard_enabled = 0;
181   }
182   if(!wildcard_enabled)
183     return Curl_raw_equal(pattern, hostname) ?
184       CURL_HOST_MATCH : CURL_HOST_NOMATCH;
185 
186   hostname_label_end = strchr(hostname, '.');
187   if(hostname_label_end == NULL ||
188      !Curl_raw_equal(pattern_label_end, hostname_label_end))
189     return CURL_HOST_NOMATCH;
190 
191   /* The wildcard must match at least one character, so the left-most
192      label of the hostname is at least as large as the left-most label
193      of the pattern. */
194   if(hostname_label_end - hostname < pattern_label_end - pattern)
195     return CURL_HOST_NOMATCH;
196 
197   prefixlen = pattern_wildcard - pattern;
198   suffixlen = pattern_label_end - (pattern_wildcard+1);
199   return Curl_raw_nequal(pattern, hostname, prefixlen) &&
200     Curl_raw_nequal(pattern_wildcard+1, hostname_label_end - suffixlen,
201                     suffixlen) ?
202     CURL_HOST_MATCH : CURL_HOST_NOMATCH;
203 }
204 
205 int Curl_cert_hostcheck(const char *match_pattern, const char *hostname)
206 {
207   if(!match_pattern || !*match_pattern ||
208       !hostname || !*hostname) /* sanity check */
209     return 0;
210 
211   if(Curl_raw_equal(hostname, match_pattern)) /* trivial case */
212     return 1;
213 
214   if(hostmatch(hostname,match_pattern) == CURL_HOST_MATCH)
215     return 1;
216   return 0;
217 }
218