X-Git-Url: https://git.m6w6.name/?p=m6w6%2Fext-http;a=blobdiff_plain;f=php_http_url.c;h=81b2d958ddf2ddd6ce418a473c30c456f54868c3;hp=173bf475723daf1e729090b023354ee9ae94f9ab;hb=c05ef71b26a8d16bf5af2bd8275e08ba5ae02b52;hpb=42655467c664b1d0f1e8225b42bd7cd4bd5be032

diff --git a/php_http_url.c b/php_http_url.c
index 173bf47..81b2d95 100644
--- a/php_http_url.c
+++ b/php_http_url.c
@@ -12,7 +12,9 @@
 
 #include "php_http_api.h"
 
-#ifdef PHP_HTTP_HAVE_IDN
+#if PHP_HTTP_HAVE_IDN2
+#	include <idn2.h>
+#elif PHP_HTTP_HAVE_IDN
 #	include <idna.h>
 #endif
 
@@ -550,10 +552,10 @@ HashTable *php_http_url_to_struct(const php_http_url_t *url, zval *strct TSRMLS_
 	return Z_ARRVAL(arr);
 }
 
-STATUS php_http_url_encode_hash(HashTable *hash, const char *pre_encoded_str, size_t pre_encoded_len, char **encoded_str, size_t *encoded_len TSRMLS_DC)
+ZEND_RESULT_CODE php_http_url_encode_hash(HashTable *hash, const char *pre_encoded_str, size_t pre_encoded_len, char **encoded_str, size_t *encoded_len TSRMLS_DC)
 {
-	const char *arg_sep_str;
-	size_t arg_sep_len;
+	const char *arg_sep_str = "&";
+	size_t arg_sep_len = 1;
 	php_http_buffer_t *qstr = php_http_buffer_new();
 
 	php_http_url_argsep(&arg_sep_str, &arg_sep_len TSRMLS_CC);
@@ -569,7 +571,7 @@ STATUS php_http_url_encode_hash(HashTable *hash, const char *pre_encoded_str, si
 	return SUCCESS;
 }
 
-STATUS php_http_url_encode_hash_ex(HashTable *hash, php_http_buffer_t *qstr, const char *arg_sep_str, size_t arg_sep_len, const char *val_sep_str, size_t val_sep_len, const char *pre_encoded_str, size_t pre_encoded_len TSRMLS_DC)
+ZEND_RESULT_CODE php_http_url_encode_hash_ex(HashTable *hash, php_http_buffer_t *qstr, const char *arg_sep_str, size_t arg_sep_len, const char *val_sep_str, size_t val_sep_len, const char *pre_encoded_str, size_t pre_encoded_len TSRMLS_DC)
 {
 	if (pre_encoded_len && pre_encoded_str) {
 		php_http_buffer_append(qstr, pre_encoded_str, pre_encoded_len);
@@ -760,7 +762,7 @@ static size_t parse_mb(struct parse_state *state, parse_mb_what_t what, const ch
 	return 0;
 }
 
-static STATUS parse_userinfo(struct parse_state *state, const char *ptr)
+static ZEND_RESULT_CODE parse_userinfo(struct parse_state *state, const char *ptr)
 {
 	size_t mb;
 	const char *password = NULL, *end = state->ptr, *tmp = ptr;
@@ -827,7 +829,7 @@ static STATUS parse_userinfo(struct parse_state *state, const char *ptr)
 
 #if defined(PHP_WIN32) || defined(HAVE_UIDNA_IDNTOASCII)
 typedef size_t (*parse_mb_func)(unsigned *wc, const char *ptr, const char *end);
-static STATUS to_utf16(parse_mb_func fn, const char *u8, uint16_t **u16, size_t *len)
+static ZEND_RESULT_CODE to_utf16(parse_mb_func fn, const char *u8, uint16_t **u16, size_t *len TSRMLS_DC)
 {
 	size_t offset = 0, u8_len = strlen(u8);
 
@@ -870,11 +872,38 @@ static STATUS to_utf16(parse_mb_func fn, const char *u8, uint16_t **u16, size_t
 #	define MAXHOSTNAMELEN 256
 #endif
 
-#ifdef PHP_HTTP_HAVE_IDN
-static STATUS parse_idn(struct parse_state *state)
+#if PHP_HTTP_HAVE_IDN2
+static ZEND_RESULT_CODE parse_idn2(struct parse_state *state, size_t prev_len)
 {
 	char *idn = NULL;
 	int rv = -1;
+	TSRMLS_FETCH_FROM_CTX(state->ts);
+
+	if (state->flags & PHP_HTTP_URL_PARSE_MBUTF8) {
+		rv = idn2_lookup_u8((const unsigned char *) state->url.host, (unsigned char **) &idn, IDN2_NFC_INPUT);
+	}
+#	ifdef PHP_HTTP_HAVE_WCHAR
+	else if (state->flags & PHP_HTTP_URL_PARSE_MBLOC) {
+		rv = idn2_lookup_ul(state->url.host, &idn, 0);
+	}
+#	endif
+	if (rv != IDN2_OK) {
+		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed to parse IDN; %s", idn2_strerror(rv));
+		return FAILURE;
+	} else {
+		size_t idnlen = strlen(idn);
+		memcpy(state->url.host, idn, idnlen + 1);
+		free(idn);
+		state->offset += idnlen - prev_len;
+		return SUCCESS;
+	}
+}
+#elif PHP_HTTP_HAVE_IDN
+static ZEND_RESULT_CODE parse_idn(struct parse_state *state, size_t prev_len)
+{
+	char *idn = NULL;
+	int rv = -1;
+	TSRMLS_FETCH_FROM_CTX(state->ts);
 
 	if (state->flags & PHP_HTTP_URL_PARSE_MBUTF8) {
 		rv = idna_to_ascii_8z(state->url.host, &idn, IDNA_ALLOW_UNASSIGNED|IDNA_USE_STD3_ASCII_RULES);
@@ -891,7 +920,7 @@ static STATUS parse_idn(struct parse_state *state)
 		size_t idnlen = strlen(idn);
 		memcpy(state->url.host, idn, idnlen + 1);
 		free(idn);
-		state->offset += idnlen - len;
+		state->offset += idnlen - prev_len;
 		return SUCCESS;
 	}
 }
@@ -905,20 +934,21 @@ typedef uint16_t UChar;
 typedef enum { U_ZERO_ERROR = 0 } UErrorCode;
 int32_t uidna_IDNToASCII(const UChar *src, int32_t srcLength, UChar *dest, int32_t destCapacity, int32_t options, void *parseError, UErrorCode *status);
 #	endif
-static STATUS parse_uidn(struct parse_state *state)
+static ZEND_RESULT_CODE parse_uidn(struct parse_state *state)
 {
 	char *host_ptr;
 	uint16_t *uhost_str, ahost_str[MAXHOSTNAMELEN], *ahost_ptr;
 	size_t uhost_len, ahost_len;
 	UErrorCode error = U_ZERO_ERROR;
+	TSRMLS_FETCH_FROM_CTX(state->ts);
 
 	if (state->flags & PHP_HTTP_URL_PARSE_MBUTF8) {
-		if (SUCCESS != to_utf16(parse_mb_utf8, state->url.host, &uhost_str, &uhost_len)) {
+		if (SUCCESS != to_utf16(parse_mb_utf8, state->url.host, &uhost_str, &uhost_len TSRMLS_CC)) {
 			return FAILURE;
 		}
 #ifdef PHP_HTTP_HAVE_WCHAR
 	} else if (state->flags & PHP_HTTP_URL_PARSE_MBLOC) {
-		if (SUCCESS != to_utf16(parse_mb_loc, state->url.host, &uhost_str, &uhost_len)) {
+		if (SUCCESS != to_utf16(parse_mb_loc, state->url.host, &uhost_str, &uhost_len TSRMLS_CC)) {
 			return FAILURE;
 		}
 #endif
@@ -947,11 +977,12 @@ static STATUS parse_uidn(struct parse_state *state)
 #endif
 
 #if 0 && defined(PHP_WIN32)
-static STATUS parse_widn(struct parse_state *state)
+static ZEND_RESULT_CODE parse_widn(struct parse_state *state)
 {
 	char *host_ptr;
 	uint16_t *uhost_str, ahost_str[MAXHOSTNAMELEN], *ahost_ptr;
 	size_t uhost_len;
+	TSRMLS_FETCH_FROM_CTX(state->ts);
 
 	if (state->flags & PHP_HTTP_URL_PARSE_MBUTF8) {
 		if (SUCCESS != to_utf16(parse_mb_utf8, state->url.host, &uhost_str, &uhost_len)) {
@@ -989,45 +1020,56 @@ static STATUS parse_widn(struct parse_state *state)
 }
 #endif
 
-static STATUS parse_hostinfo(struct parse_state *state, const char *ptr)
+#ifdef HAVE_INET_PTON
+static const char *parse_ip6(struct parse_state *state, const char *ptr)
 {
-	size_t mb, len;
-	const char *end = state->ptr, *tmp = ptr, *port = NULL;
+	const char *error = NULL, *end = state->ptr, *tmp = memchr(ptr, ']', end - ptr);
 	TSRMLS_FETCH_FROM_CTX(state->ts);
 
-#ifdef HAVE_INET_PTON
-	if (*ptr == '[') {
-		char *error = NULL, *tmp = memchr(ptr, ']', end - ptr);
-
-		if (tmp) {
-			size_t addrlen = tmp - ptr + 1;
-			char buf[16], *addr = estrndup(ptr + 1, addrlen - 2);
-			int rv = inet_pton(AF_INET6, addr, buf);
-
-			efree(addr);
-			if (rv == 1) {
-				state->buffer[state->offset] = '[';
-				state->url.host = &state->buffer[state->offset];
-				inet_ntop(AF_INET6, buf, state->url.host + 1, state->maxlen - state->offset);
-				state->offset += strlen(state->url.host);
-				state->buffer[state->offset++] = ']';
-				state->buffer[state->offset++] = 0;
-				ptr = tmp + 1;
-			} else if (rv == -1) {
-				error = strerror(errno);
-			} else {
-				error = "unexpected '['";
-			}
+	if (tmp) {
+		size_t addrlen = tmp - ptr + 1;
+		char buf[16], *addr = estrndup(ptr + 1, addrlen - 2);
+		int rv = inet_pton(AF_INET6, addr, buf);
+
+		if (rv == 1) {
+			state->buffer[state->offset] = '[';
+			state->url.host = &state->buffer[state->offset];
+			inet_ntop(AF_INET6, buf, state->url.host + 1, state->maxlen - state->offset);
+			state->offset += strlen(state->url.host);
+			state->buffer[state->offset++] = ']';
+			state->buffer[state->offset++] = 0;
+			ptr = tmp + 1;
+		} else if (rv == -1) {
+			error = strerror(errno);
 		} else {
-			error = "expected ']'";
+			error = "unexpected '['";
 		}
+		efree(addr);
+	} else {
+		error = "expected ']'";
+	}
 
-		if (error) {
-			php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed to parse hostinfo; %s", error);
-			return FAILURE;
-		}
+	if (error) {
+		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed to parse hostinfo; %s", error);
+		return NULL;
 	}
+
+	return ptr;
+}
 #endif
+
+static ZEND_RESULT_CODE parse_hostinfo(struct parse_state *state, const char *ptr)
+{
+	size_t mb, len;
+	const char *end = state->ptr, *tmp = ptr, *port = NULL, *label = NULL;
+	TSRMLS_FETCH_FROM_CTX(state->ts);
+
+#ifdef HAVE_INET_PTON
+	if (*ptr == '[' && !(ptr = parse_ip6(state, ptr))) {
+		return FAILURE;
+	}
+#endif
+
 	if (ptr != end) do {
 		switch (*ptr) {
 		case ':':
@@ -1055,6 +1097,20 @@ static STATUS parse_hostinfo(struct parse_state *state, const char *ptr)
 		case '!': case '$': case '&': case '\'': case '(': case ')': case '*':
 		case '+': case ',': case ';': case '=': /* sub-delims */
 		case '-': case '.': case '_': case '~': /* unreserved */
+			if (port || !label) {
+				/* sort of a compromise, just ensure we don't end up
+				 * with a dot at the beginning or two consecutive dots
+				 */
+				php_error_docref(NULL TSRMLS_CC, E_WARNING,
+						"Failed to parse %s; unexpected '%c' at pos %u in '%s'",
+						port ? "port" : "host",
+						(unsigned char) *ptr, (unsigned) (ptr - tmp), tmp);
+				return FAILURE;
+			}
+			state->buffer[state->offset++] = *ptr;
+			label = NULL;
+			break;
+
 		case 'A': case 'B': case 'C': case 'D': case 'E': case 'F': case 'G':
 		case 'H': case 'I': case 'J': case 'K': case 'L': case 'M': case 'N':
 		case 'O': case 'P': case 'Q': case 'R': case 'S': case 'T': case 'U':
@@ -1077,6 +1133,7 @@ static STATUS parse_hostinfo(struct parse_state *state, const char *ptr)
 				state->url.port *= 10;
 				state->url.port += *ptr - '0';
 			} else {
+				label = ptr;
 				state->buffer[state->offset++] = *ptr;
 			}
 			break;
@@ -1092,6 +1149,7 @@ static STATUS parse_hostinfo(struct parse_state *state, const char *ptr)
 			} else if (!(mb = parse_mb(state, PARSE_HOSTINFO, ptr, end, tmp, 0))) {
 				return FAILURE;
 			}
+			label = ptr;
 			ptr += mb - 1;
 		}
 	} while (++ptr != end);
@@ -1103,11 +1161,16 @@ static STATUS parse_hostinfo(struct parse_state *state, const char *ptr)
 	}
 
 	if (state->flags & PHP_HTTP_URL_PARSE_TOIDN) {
-#ifdef PHP_HTTP_HAVE_IDN
-		return parse_idn(state);
+#if PHP_HTTP_HAVE_IDN2
+		return parse_idn2(state, len);
+#elif PHP_HTTP_HAVE_IDN
+		return parse_idn(state, len);
 #endif
 #ifdef HAVE_UIDNA_IDNTOASCII
 		return parse_uidn(state);
+#endif
+#if 0 && defined(PHP_WIN32)
+		return parse_widn(state);
 #endif
 	}
 
@@ -1235,7 +1298,7 @@ static const char *parse_query(struct parse_state *state)
 	tmp = ++state->ptr;
 	state->url.query = &state->buffer[state->offset];
 
-	do {
+	while (state->ptr < state->end) {
 		switch (*state->ptr) {
 		case '#':
 			goto done;
@@ -1252,8 +1315,11 @@ static const char *parse_query(struct parse_state *state)
 			state->buffer[state->offset++] = *state->ptr;
 			break;
 
-		case ']':
-		case '[':
+		/* RFC1738 unsafe */
+		case '{': case '}':
+		case '<': case '>':
+		case '[': case ']':
+		case '|': case '\\': case '^': case '`': case '"': case ' ':
 			if (state->flags & PHP_HTTP_URL_PARSE_TOPCT) {
 				state->buffer[state->offset++] = '%';
 				state->buffer[state->offset++] = parse_xdigits[((unsigned char) *state->ptr) >> 4];
@@ -1287,7 +1353,9 @@ static const char *parse_query(struct parse_state *state)
 			}
 			state->ptr += mb - 1;
 		}
-	} while (++state->ptr < state->end);
+
+		++state->ptr;
+	}
 
 	done:
 	state->buffer[state->offset++] = 0;
@@ -1323,6 +1391,19 @@ static const char *parse_fragment(struct parse_state *state)
 			state->buffer[state->offset++] = *state->ptr;
 			break;
 
+		/* RFC1738 unsafe */
+		case '{': case '}':
+		case '<': case '>':
+		case '[': case ']':
+		case '|': case '\\': case '^': case '`': case '"': case ' ':
+			if (state->flags & PHP_HTTP_URL_PARSE_TOPCT) {
+				state->buffer[state->offset++] = '%';
+				state->buffer[state->offset++] = parse_xdigits[((unsigned char) *state->ptr) >> 4];
+				state->buffer[state->offset++] = parse_xdigits[((unsigned char) *state->ptr) & 0xf];
+				break;
+			}
+			/* no break */
+
 		case '?': case '/':
 		case '!': case '$': case '&': case '\'': case '(': case ')': case '*':
 		case '+': case ',': case ';': case '=': /* sub-delims */
@@ -1533,7 +1614,7 @@ ZEND_END_ARG_INFO();
 PHP_METHOD(HttpUrl, mod)
 {
 	zval *new_url = NULL;
-	long flags = PHP_HTTP_URL_JOIN_PATH | PHP_HTTP_URL_JOIN_QUERY;
+	long flags = PHP_HTTP_URL_JOIN_PATH | PHP_HTTP_URL_JOIN_QUERY | PHP_HTTP_URL_SANITIZE_PATH;
 	zend_error_handling zeh;
 
 	php_http_expect(SUCCESS == zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "z!|l", &new_url, &flags), invalid_arg, return);
@@ -1648,7 +1729,7 @@ PHP_MINIT_FUNCTION(http_url)
 	zend_declare_class_constant_long(php_http_url_class_entry, ZEND_STRL("PARSE_MBLOC"), PHP_HTTP_URL_PARSE_MBLOC TSRMLS_CC);
 #endif
 	zend_declare_class_constant_long(php_http_url_class_entry, ZEND_STRL("PARSE_MBUTF8"), PHP_HTTP_URL_PARSE_MBUTF8 TSRMLS_CC);
-#if defined(PHP_HTTP_HAVE_IDN) || defined(HAVE_UIDNA_IDNTOASCII)
+#if defined(PHP_HTTP_HAVE_IDN2) || defined(PHP_HTTP_HAVE_IDN) || defined(HAVE_UIDNA_IDNTOASCII)
 	zend_declare_class_constant_long(php_http_url_class_entry, ZEND_STRL("PARSE_TOIDN"), PHP_HTTP_URL_PARSE_TOIDN TSRMLS_CC);
 #endif
 	zend_declare_class_constant_long(php_http_url_class_entry, ZEND_STRL("PARSE_TOPCT"), PHP_HTTP_URL_PARSE_TOPCT TSRMLS_CC);