Coverage Report

Created: 2025-06-09 07:07

/src/gdal/curl/lib/urlapi.c
Line
Count
Source (jump to first uncovered line)
1
/***************************************************************************
2
 *                                  _   _ ____  _
3
 *  Project                     ___| | | |  _ \| |
4
 *                             / __| | | | |_) | |
5
 *                            | (__| |_| |  _ <| |___
6
 *                             \___|\___/|_| \_\_____|
7
 *
8
 * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
9
 *
10
 * This software is licensed as described in the file COPYING, which
11
 * you should have received as part of this distribution. The terms
12
 * are also available at https://curl.se/docs/copyright.html.
13
 *
14
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15
 * copies of the Software, and permit persons to whom the Software is
16
 * furnished to do so, under the terms of the COPYING file.
17
 *
18
 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19
 * KIND, either express or implied.
20
 *
21
 * SPDX-License-Identifier: curl
22
 *
23
 ***************************************************************************/
24
25
#include "curl_setup.h"
26
27
#include "urldata.h"
28
#include "urlapi-int.h"
29
#include "strcase.h"
30
#include "url.h"
31
#include "escape.h"
32
#include "curl_ctype.h"
33
#include "curlx/inet_pton.h"
34
#include "inet_ntop.h"
35
#include "strdup.h"
36
#include "idn.h"
37
#include "curlx/strparse.h"
38
#include "curl_memrchr.h"
39
40
/* The last 3 #include files should be in this order */
41
#include "curl_printf.h"
42
#include "curl_memory.h"
43
#include "memdebug.h"
44
45
  /* MS-DOS/Windows style drive prefix, eg c: in c:foo */
46
#define STARTS_WITH_DRIVE_PREFIX(str) \
47
  ((('a' <= str[0] && str[0] <= 'z') || \
48
    ('A' <= str[0] && str[0] <= 'Z')) && \
49
   (str[1] == ':'))
50
51
  /* MS-DOS/Windows style drive prefix, optionally with
52
   * a '|' instead of ':', followed by a slash or NUL */
53
#define STARTS_WITH_URL_DRIVE_PREFIX(str) \
54
0
  ((('a' <= (str)[0] && (str)[0] <= 'z') || \
55
0
    ('A' <= (str)[0] && (str)[0] <= 'Z')) && \
56
0
   ((str)[1] == ':' || (str)[1] == '|') && \
57
0
   ((str)[2] == '/' || (str)[2] == '\\' || (str)[2] == 0))
58
59
/* scheme is not URL encoded, the longest libcurl supported ones are... */
60
17.9k
#define MAX_SCHEME_LEN 40
61
62
/*
63
 * If USE_IPV6 is disabled, we still want to parse IPv6 addresses, so make
64
 * sure we have _some_ value for AF_INET6 without polluting our fake value
65
 * everywhere.
66
 */
67
#if !defined(USE_IPV6) && !defined(AF_INET6)
68
#define AF_INET6 (AF_INET + 1)
69
#endif
70
71
/* Internal representation of CURLU. Point to URL-encoded strings. */
72
struct Curl_URL {
73
  char *scheme;
74
  char *user;
75
  char *password;
76
  char *options; /* IMAP only? */
77
  char *host;
78
  char *zoneid; /* for numerical IPv6 addresses */
79
  char *port;
80
  char *path;
81
  char *query;
82
  char *fragment;
83
  unsigned short portnum; /* the numerical version (if 'port' is set) */
84
  BIT(query_present);    /* to support blank */
85
  BIT(fragment_present); /* to support blank */
86
  BIT(guessed_scheme);   /* when a URL without scheme is parsed */
87
};
88
89
0
#define DEFAULT_SCHEME "https"
90
91
static CURLUcode parseurl_and_replace(const char *url, CURLU *u,
92
                                      unsigned int flags);
93
94
static void free_urlhandle(struct Curl_URL *u)
95
3.69k
{
96
3.69k
  free(u->scheme);
97
3.69k
  free(u->user);
98
3.69k
  free(u->password);
99
3.69k
  free(u->options);
100
3.69k
  free(u->host);
101
3.69k
  free(u->zoneid);
102
3.69k
  free(u->port);
103
3.69k
  free(u->path);
104
3.69k
  free(u->query);
105
3.69k
  free(u->fragment);
106
3.69k
}
107
108
/*
109
 * Find the separator at the end of the hostname, or the '?' in cases like
110
 * http://www.example.com?id=2380
111
 */
112
static const char *find_host_sep(const char *url)
113
0
{
114
  /* Find the start of the hostname */
115
0
  const char *sep = strstr(url, "//");
116
0
  if(!sep)
117
0
    sep = url;
118
0
  else
119
0
    sep += 2;
120
121
  /* Find first / or ? */
122
0
  while(*sep && *sep != '/' && *sep != '?')
123
0
    sep++;
124
125
0
  return sep;
126
0
}
127
128
/* convert CURLcode to CURLUcode */
129
0
#define cc2cu(x) ((x) == CURLE_TOO_LARGE ? CURLUE_TOO_LARGE :   \
130
0
                  CURLUE_OUT_OF_MEMORY)
131
132
/* urlencode_str() writes data into an output dynbuf and URL-encodes the
133
 * spaces in the source URL accordingly.
134
 *
135
 * URL encoding should be skipped for hostnames, otherwise IDN resolution
136
 * will fail.
137
 */
138
static CURLUcode urlencode_str(struct dynbuf *o, const char *url,
139
                               size_t len, bool relative,
140
                               bool query)
141
1.44k
{
142
  /* we must add this with whitespace-replacing */
143
1.44k
  bool left = !query;
144
1.44k
  const unsigned char *iptr;
145
1.44k
  const unsigned char *host_sep = (const unsigned char *) url;
146
1.44k
  CURLcode result = CURLE_OK;
147
148
1.44k
  if(!relative) {
149
0
    size_t n;
150
0
    host_sep = (const unsigned char *) find_host_sep(url);
151
152
    /* output the first piece as-is */
153
0
    n = (const char *)host_sep - url;
154
0
    result = curlx_dyn_addn(o, url, n);
155
0
    len -= n;
156
0
  }
157
158
39.8k
  for(iptr = host_sep; len && !result; iptr++, len--) {
159
38.3k
    if(*iptr == ' ') {
160
0
      if(left)
161
0
        result = curlx_dyn_addn(o, "%20", 3);
162
0
      else
163
0
        result = curlx_dyn_addn(o, "+", 1);
164
0
    }
165
38.3k
    else if((*iptr < ' ') || (*iptr >= 0x7f)) {
166
5.66k
      unsigned char out[3]={'%'};
167
5.66k
      Curl_hexbyte(&out[1], *iptr, TRUE);
168
5.66k
      result = curlx_dyn_addn(o, out, 3);
169
5.66k
    }
170
32.7k
    else {
171
32.7k
      result = curlx_dyn_addn(o, iptr, 1);
172
32.7k
      if(*iptr == '?')
173
0
        left = FALSE;
174
32.7k
    }
175
38.3k
  }
176
177
1.44k
  if(result)
178
0
    return cc2cu(result);
179
1.44k
  return CURLUE_OK;
180
1.44k
}
181
182
/*
183
 * Returns the length of the scheme if the given URL is absolute (as opposed
184
 * to relative). Stores the scheme in the buffer if TRUE and 'buf' is
185
 * non-NULL. The buflen must be larger than MAX_SCHEME_LEN if buf is set.
186
 *
187
 * If 'guess_scheme' is TRUE, it means the URL might be provided without
188
 * scheme.
189
 */
190
size_t Curl_is_absolute_url(const char *url, char *buf, size_t buflen,
191
                            bool guess_scheme)
192
3.62k
{
193
3.62k
  size_t i = 0;
194
3.62k
  DEBUGASSERT(!buf || (buflen > MAX_SCHEME_LEN));
195
3.62k
  (void)buflen; /* only used in debug-builds */
196
3.62k
  if(buf)
197
1.77k
    buf[0] = 0; /* always leave a defined value in buf */
198
#ifdef _WIN32
199
  if(guess_scheme && STARTS_WITH_DRIVE_PREFIX(url))
200
    return 0;
201
#endif
202
3.62k
  if(ISALPHA(url[0]))
203
17.9k
    for(i = 1; i < MAX_SCHEME_LEN; ++i) {
204
17.9k
      char s = url[i];
205
17.9k
      if(s && (ISALNUM(s) || (s == '+') || (s == '-') || (s == '.') )) {
206
        /* RFC 3986 3.1 explains:
207
           scheme      = ALPHA *( ALPHA / DIGIT / "+" / "-" / "." )
208
        */
209
14.4k
      }
210
3.53k
      else {
211
3.53k
        break;
212
3.53k
      }
213
17.9k
    }
214
3.62k
  if(i && (url[i] == ':') && ((url[i + 1] == '/') || !guess_scheme)) {
215
    /* If this does not guess scheme, the scheme always ends with the colon so
216
       that this also detects data: URLs etc. In guessing mode, data: could
217
       be the hostname "data" with a specified port number. */
218
219
    /* the length of the scheme is the name part only */
220
3.48k
    size_t len = i;
221
3.48k
    if(buf) {
222
1.74k
      Curl_strntolower(buf, url, i);
223
1.74k
      buf[i] = 0;
224
1.74k
    }
225
3.48k
    return len;
226
3.48k
  }
227
140
  return 0;
228
3.62k
}
229
230
/*
231
 * Concatenate a relative URL onto a base URL making it absolute.
232
 */
233
static CURLUcode redirect_url(const char *base, const char *relurl,
234
                              CURLU *u, unsigned int flags)
235
0
{
236
0
  struct dynbuf urlbuf;
237
0
  bool host_changed = FALSE;
238
0
  const char *useurl = relurl;
239
0
  const char *cutoff = NULL;
240
0
  size_t prelen;
241
0
  CURLUcode uc;
242
243
  /* protsep points to the start of the hostname, after [scheme]:// */
244
0
  const char *protsep = base + strlen(u->scheme) + 3;
245
0
  DEBUGASSERT(base && relurl && u); /* all set here */
246
0
  if(!base)
247
0
    return CURLUE_MALFORMED_INPUT; /* should never happen */
248
249
  /* handle different relative URL types */
250
0
  switch(relurl[0]) {
251
0
  case '/':
252
0
    if(relurl[1] == '/') {
253
      /* protocol-relative URL: //example.com/path */
254
0
      cutoff = protsep;
255
0
      useurl = &relurl[2];
256
0
      host_changed = TRUE;
257
0
    }
258
0
    else
259
      /* absolute /path */
260
0
      cutoff = strchr(protsep, '/');
261
0
    break;
262
263
0
  case '#':
264
    /* fragment-only change */
265
0
    if(u->fragment)
266
0
      cutoff = strchr(protsep, '#');
267
0
    break;
268
269
0
  default:
270
    /* path or query-only change */
271
0
    if(u->query && u->query[0])
272
      /* remove existing query */
273
0
      cutoff = strchr(protsep, '?');
274
0
    else if(u->fragment && u->fragment[0])
275
      /* Remove existing fragment */
276
0
      cutoff = strchr(protsep, '#');
277
278
0
    if(relurl[0] != '?') {
279
      /* append a relative path after the last slash */
280
0
      cutoff = memrchr(protsep, '/',
281
0
                       cutoff ? (size_t)(cutoff - protsep) : strlen(protsep));
282
0
      if(cutoff)
283
0
        cutoff++; /* truncate after last slash */
284
0
    }
285
0
    break;
286
0
  }
287
288
0
  prelen = cutoff ? (size_t)(cutoff - base) : strlen(base);
289
290
  /* build new URL */
291
0
  curlx_dyn_init(&urlbuf, CURL_MAX_INPUT_LENGTH);
292
293
0
  if(!curlx_dyn_addn(&urlbuf, base, prelen) &&
294
0
     !urlencode_str(&urlbuf, useurl, strlen(useurl), !host_changed, FALSE)) {
295
0
    uc = parseurl_and_replace(curlx_dyn_ptr(&urlbuf), u,
296
0
                              flags & ~CURLU_PATH_AS_IS);
297
0
  }
298
0
  else
299
0
    uc = CURLUE_OUT_OF_MEMORY;
300
301
0
  curlx_dyn_free(&urlbuf);
302
0
  return uc;
303
0
}
304
305
/* scan for byte values <= 31, 127 and sometimes space */
306
CURLUcode Curl_junkscan(const char *url, size_t *urllen, bool allowspace)
307
1.84k
{
308
1.84k
  size_t n = strlen(url);
309
1.84k
  size_t i;
310
1.84k
  unsigned char control;
311
1.84k
  const unsigned char *p = (const unsigned char *)url;
312
1.84k
  if(n > CURL_MAX_INPUT_LENGTH)
313
0
    return CURLUE_MALFORMED_INPUT;
314
315
1.84k
  control = allowspace ? 0x1f : 0x20;
316
254k
  for(i = 0; i < n; i++) {
317
252k
    if(p[i] <= control || p[i] == 127)
318
75
      return CURLUE_MALFORMED_INPUT;
319
252k
  }
320
1.77k
  *urllen = n;
321
1.77k
  return CURLUE_OK;
322
1.84k
}
323
324
/*
325
 * parse_hostname_login()
326
 *
327
 * Parse the login details (username, password and options) from the URL and
328
 * strip them out of the hostname
329
 *
330
 */
331
static CURLUcode parse_hostname_login(struct Curl_URL *u,
332
                                      const char *login,
333
                                      size_t len,
334
                                      unsigned int flags,
335
                                      size_t *offset) /* to the hostname */
336
1.77k
{
337
1.77k
  CURLUcode result = CURLUE_OK;
338
1.77k
  CURLcode ccode;
339
1.77k
  char *userp = NULL;
340
1.77k
  char *passwdp = NULL;
341
1.77k
  char *optionsp = NULL;
342
1.77k
  const struct Curl_handler *h = NULL;
343
344
  /* At this point, we assume all the other special cases have been taken
345
   * care of, so the host is at most
346
   *
347
   *   [user[:password][;options]]@]hostname
348
   *
349
   * We need somewhere to put the embedded details, so do that first.
350
   */
351
1.77k
  char *ptr;
352
353
1.77k
  DEBUGASSERT(login);
354
355
1.77k
  *offset = 0;
356
1.77k
  ptr = memchr(login, '@', len);
357
1.77k
  if(!ptr)
358
293
    goto out;
359
360
  /* We will now try to extract the
361
   * possible login information in a string like:
362
   * ftp://user:password@ftp.site.example:8021/README */
363
1.48k
  ptr++;
364
365
  /* if this is a known scheme, get some details */
366
1.48k
  if(u->scheme)
367
1.47k
    h = Curl_get_scheme_handler(u->scheme);
368
369
  /* We could use the login information in the URL so extract it. Only parse
370
     options if the handler says we should. Note that 'h' might be NULL! */
371
1.48k
  ccode = Curl_parse_login_details(login, ptr - login - 1,
372
1.48k
                                   &userp, &passwdp,
373
1.48k
                                   (h && (h->flags & PROTOPT_URLOPTIONS)) ?
374
0
                                   &optionsp : NULL);
375
1.48k
  if(ccode) {
376
0
    result = CURLUE_BAD_LOGIN;
377
0
    goto out;
378
0
  }
379
380
1.48k
  if(userp) {
381
1.48k
    if(flags & CURLU_DISALLOW_USER) {
382
      /* Option DISALLOW_USER is set and URL contains username. */
383
0
      result = CURLUE_USER_NOT_ALLOWED;
384
0
      goto out;
385
0
    }
386
1.48k
    free(u->user);
387
1.48k
    u->user = userp;
388
1.48k
  }
389
390
1.48k
  if(passwdp) {
391
1.34k
    free(u->password);
392
1.34k
    u->password = passwdp;
393
1.34k
  }
394
395
1.48k
  if(optionsp) {
396
0
    free(u->options);
397
0
    u->options = optionsp;
398
0
  }
399
400
  /* the hostname starts at this offset */
401
1.48k
  *offset = ptr - login;
402
1.48k
  return CURLUE_OK;
403
404
293
out:
405
406
293
  free(userp);
407
293
  free(passwdp);
408
293
  free(optionsp);
409
293
  u->user = NULL;
410
293
  u->password = NULL;
411
293
  u->options = NULL;
412
413
293
  return result;
414
1.48k
}
415
416
UNITTEST CURLUcode Curl_parse_port(struct Curl_URL *u, struct dynbuf *host,
417
                                   bool has_scheme)
418
1.77k
{
419
1.77k
  const char *portptr;
420
1.77k
  char *hostname = curlx_dyn_ptr(host);
421
  /*
422
   * Find the end of an IPv6 address on the ']' ending bracket.
423
   */
424
1.77k
  if(hostname[0] == '[') {
425
0
    portptr = strchr(hostname, ']');
426
0
    if(!portptr)
427
0
      return CURLUE_BAD_IPV6;
428
0
    portptr++;
429
    /* this is a RFC2732-style specified IP-address */
430
0
    if(*portptr) {
431
0
      if(*portptr != ':')
432
0
        return CURLUE_BAD_PORT_NUMBER;
433
0
    }
434
0
    else
435
0
      portptr = NULL;
436
0
  }
437
1.77k
  else
438
1.77k
    portptr = strchr(hostname, ':');
439
440
1.77k
  if(portptr) {
441
22
    curl_off_t port;
442
22
    size_t keep = portptr - hostname;
443
444
    /* Browser behavior adaptation. If there is a colon with no digits after,
445
       just cut off the name there which makes us ignore the colon and just
446
       use the default port. Firefox, Chrome and Safari all do that.
447
448
       Do not do it if the URL has no scheme, to make something that looks like
449
       a scheme not work!
450
    */
451
22
    curlx_dyn_setlen(host, keep);
452
22
    portptr++;
453
22
    if(!*portptr)
454
6
      return has_scheme ? CURLUE_OK : CURLUE_BAD_PORT_NUMBER;
455
456
16
    if(curlx_str_number(&portptr, &port, 0xffff) || *portptr)
457
15
      return CURLUE_BAD_PORT_NUMBER;
458
459
1
    u->portnum = (unsigned short) port;
460
    /* generate a new port number string to get rid of leading zeroes etc */
461
1
    free(u->port);
462
1
    u->port = aprintf("%" CURL_FORMAT_CURL_OFF_T, port);
463
1
    if(!u->port)
464
0
      return CURLUE_OUT_OF_MEMORY;
465
1
  }
466
467
1.75k
  return CURLUE_OK;
468
1.77k
}
469
470
/* this assumes 'hostname' now starts with [ */
471
static CURLUcode ipv6_parse(struct Curl_URL *u, char *hostname,
472
                            size_t hlen) /* length of hostname */
473
0
{
474
0
  size_t len;
475
0
  DEBUGASSERT(*hostname == '[');
476
0
  if(hlen < 4) /* '[::]' is the shortest possible valid string */
477
0
    return CURLUE_BAD_IPV6;
478
0
  hostname++;
479
0
  hlen -= 2;
480
481
  /* only valid IPv6 letters are ok */
482
0
  len = strspn(hostname, "0123456789abcdefABCDEF:.");
483
484
0
  if(hlen != len) {
485
0
    hlen = len;
486
0
    if(hostname[len] == '%') {
487
      /* this could now be '%[zone id]' */
488
0
      char zoneid[16];
489
0
      int i = 0;
490
0
      char *h = &hostname[len + 1];
491
      /* pass '25' if present and is a URL encoded percent sign */
492
0
      if(!strncmp(h, "25", 2) && h[2] && (h[2] != ']'))
493
0
        h += 2;
494
0
      while(*h && (*h != ']') && (i < 15))
495
0
        zoneid[i++] = *h++;
496
0
      if(!i || (']' != *h))
497
0
        return CURLUE_BAD_IPV6;
498
0
      zoneid[i] = 0;
499
0
      u->zoneid = strdup(zoneid);
500
0
      if(!u->zoneid)
501
0
        return CURLUE_OUT_OF_MEMORY;
502
0
      hostname[len] = ']'; /* insert end bracket */
503
0
      hostname[len + 1] = 0; /* terminate the hostname */
504
0
    }
505
0
    else
506
0
      return CURLUE_BAD_IPV6;
507
    /* hostname is fine */
508
0
  }
509
510
  /* Normalize the IPv6 address */
511
0
  {
512
0
    char dest[16]; /* fits a binary IPv6 address */
513
0
    hostname[hlen] = 0; /* end the address there */
514
0
    if(1 != curlx_inet_pton(AF_INET6, hostname, dest))
515
0
      return CURLUE_BAD_IPV6;
516
0
    if(Curl_inet_ntop(AF_INET6, dest, hostname, hlen)) {
517
0
      hlen = strlen(hostname); /* might be shorter now */
518
0
      hostname[hlen + 1] = 0;
519
0
    }
520
0
    hostname[hlen] = ']'; /* restore ending bracket */
521
0
  }
522
0
  return CURLUE_OK;
523
0
}
524
525
static CURLUcode hostname_check(struct Curl_URL *u, char *hostname,
526
                                size_t hlen) /* length of hostname */
527
1.74k
{
528
1.74k
  size_t len;
529
1.74k
  DEBUGASSERT(hostname);
530
531
1.74k
  if(!hlen)
532
0
    return CURLUE_NO_HOST;
533
1.74k
  else if(hostname[0] == '[')
534
0
    return ipv6_parse(u, hostname, hlen);
535
1.74k
  else {
536
    /* letters from the second string are not ok */
537
1.74k
    len = strcspn(hostname, " \r\n\t/:#?!@{}[]\\$\'\"^`*<>=;,+&()%");
538
1.74k
    if(hlen != len)
539
      /* hostname with bad content */
540
10
      return CURLUE_BAD_HOSTNAME;
541
1.74k
  }
542
1.73k
  return CURLUE_OK;
543
1.74k
}
544
545
/*
546
 * Handle partial IPv4 numerical addresses and different bases, like
547
 * '16843009', '0x7f', '0x7f.1' '0177.1.1.1' etc.
548
 *
549
 * If the given input string is syntactically wrong IPv4 or any part for
550
 * example is too big, this function returns HOST_NAME.
551
 *
552
 * Output the "normalized" version of that input string in plain quad decimal
553
 * integers.
554
 *
555
 * Returns the host type.
556
 */
557
558
0
#define HOST_ERROR   -1 /* out of memory */
559
560
3.49k
#define HOST_NAME    1
561
10
#define HOST_IPV4    2
562
0
#define HOST_IPV6    3
563
564
static int ipv4_normalize(struct dynbuf *host)
565
1.75k
{
566
1.75k
  bool done = FALSE;
567
1.75k
  int n = 0;
568
1.75k
  const char *c = curlx_dyn_ptr(host);
569
1.75k
  unsigned int parts[4] = {0, 0, 0, 0};
570
1.75k
  CURLcode result = CURLE_OK;
571
572
1.75k
  if(*c == '[')
573
0
    return HOST_IPV6;
574
575
1.75k
  while(!done) {
576
1.75k
    int rc;
577
1.75k
    curl_off_t l;
578
1.75k
    if(*c == '0') {
579
3
      if(c[1] == 'x') {
580
0
        c += 2; /* skip the prefix */
581
0
        rc = curlx_str_hex(&c, &l, UINT_MAX);
582
0
      }
583
3
      else
584
3
        rc = curlx_str_octal(&c, &l, UINT_MAX);
585
3
    }
586
1.74k
    else
587
1.74k
      rc = curlx_str_number(&c, &l, UINT_MAX);
588
589
1.75k
    if(rc)
590
1.68k
      return HOST_NAME;
591
592
68
    parts[n] = (unsigned int)l;
593
594
68
    switch(*c) {
595
0
    case '.':
596
0
      if(n == 3)
597
0
        return HOST_NAME;
598
0
      n++;
599
0
      c++;
600
0
      break;
601
602
5
    case '\0':
603
5
      done = TRUE;
604
5
      break;
605
606
63
    default:
607
63
      return HOST_NAME;
608
68
    }
609
68
  }
610
611
5
  switch(n) {
612
5
  case 0: /* a -- 32 bits */
613
5
    curlx_dyn_reset(host);
614
615
5
    result = curlx_dyn_addf(host, "%u.%u.%u.%u",
616
5
                            (parts[0] >> 24),
617
5
                            ((parts[0] >> 16) & 0xff),
618
5
                            ((parts[0] >> 8) & 0xff),
619
5
                            (parts[0] & 0xff));
620
5
    break;
621
0
  case 1: /* a.b -- 8.24 bits */
622
0
    if((parts[0] > 0xff) || (parts[1] > 0xffffff))
623
0
      return HOST_NAME;
624
0
    curlx_dyn_reset(host);
625
0
    result = curlx_dyn_addf(host, "%u.%u.%u.%u",
626
0
                            (parts[0]),
627
0
                            ((parts[1] >> 16) & 0xff),
628
0
                            ((parts[1] >> 8) & 0xff),
629
0
                            (parts[1] & 0xff));
630
0
    break;
631
0
  case 2: /* a.b.c -- 8.8.16 bits */
632
0
    if((parts[0] > 0xff) || (parts[1] > 0xff) || (parts[2] > 0xffff))
633
0
      return HOST_NAME;
634
0
    curlx_dyn_reset(host);
635
0
    result = curlx_dyn_addf(host, "%u.%u.%u.%u",
636
0
                            (parts[0]),
637
0
                            (parts[1]),
638
0
                            ((parts[2] >> 8) & 0xff),
639
0
                            (parts[2] & 0xff));
640
0
    break;
641
0
  case 3: /* a.b.c.d -- 8.8.8.8 bits */
642
0
    if((parts[0] > 0xff) || (parts[1] > 0xff) || (parts[2] > 0xff) ||
643
0
       (parts[3] > 0xff))
644
0
      return HOST_NAME;
645
0
    curlx_dyn_reset(host);
646
0
    result = curlx_dyn_addf(host, "%u.%u.%u.%u",
647
0
                            (parts[0]),
648
0
                            (parts[1]),
649
0
                            (parts[2]),
650
0
                            (parts[3]));
651
0
    break;
652
5
  }
653
5
  if(result)
654
0
    return HOST_ERROR;
655
5
  return HOST_IPV4;
656
5
}
657
658
/* if necessary, replace the host content with a URL decoded version */
659
static CURLUcode urldecode_host(struct dynbuf *host)
660
1.74k
{
661
1.74k
  char *per = NULL;
662
1.74k
  const char *hostname = curlx_dyn_ptr(host);
663
1.74k
  per = strchr(hostname, '%');
664
1.74k
  if(!per)
665
    /* nothing to decode */
666
1.74k
    return CURLUE_OK;
667
4
  else {
668
    /* encoded */
669
4
    size_t dlen;
670
4
    char *decoded;
671
4
    CURLcode result = Curl_urldecode(hostname, 0, &decoded, &dlen,
672
4
                                     REJECT_CTRL);
673
4
    if(result)
674
0
      return CURLUE_BAD_HOSTNAME;
675
4
    curlx_dyn_reset(host);
676
4
    result = curlx_dyn_addn(host, decoded, dlen);
677
4
    free(decoded);
678
4
    if(result)
679
0
      return cc2cu(result);
680
4
  }
681
682
4
  return CURLUE_OK;
683
1.74k
}
684
685
static CURLUcode parse_authority(struct Curl_URL *u,
686
                                 const char *auth, size_t authlen,
687
                                 unsigned int flags,
688
                                 struct dynbuf *host,
689
                                 bool has_scheme)
690
1.77k
{
691
1.77k
  size_t offset;
692
1.77k
  CURLUcode uc;
693
1.77k
  CURLcode result;
694
695
  /*
696
   * Parse the login details and strip them out of the hostname.
697
   */
698
1.77k
  uc = parse_hostname_login(u, auth, authlen, flags, &offset);
699
1.77k
  if(uc)
700
0
    goto out;
701
702
1.77k
  result = curlx_dyn_addn(host, auth + offset, authlen - offset);
703
1.77k
  if(result) {
704
0
    uc = cc2cu(result);
705
0
    goto out;
706
0
  }
707
708
1.77k
  uc = Curl_parse_port(u, host, has_scheme);
709
1.77k
  if(uc)
710
21
    goto out;
711
712
1.75k
  if(!curlx_dyn_len(host))
713
2
    return CURLUE_NO_HOST;
714
715
1.75k
  switch(ipv4_normalize(host)) {
716
5
  case HOST_IPV4:
717
5
    break;
718
0
  case HOST_IPV6:
719
0
    uc = ipv6_parse(u, curlx_dyn_ptr(host), curlx_dyn_len(host));
720
0
    break;
721
1.74k
  case HOST_NAME:
722
1.74k
    uc = urldecode_host(host);
723
1.74k
    if(!uc)
724
1.74k
      uc = hostname_check(u, curlx_dyn_ptr(host), curlx_dyn_len(host));
725
1.74k
    break;
726
0
  case HOST_ERROR:
727
0
    uc = CURLUE_OUT_OF_MEMORY;
728
0
    break;
729
0
  default:
730
0
    uc = CURLUE_BAD_HOSTNAME; /* Bad IPv4 address even */
731
0
    break;
732
1.75k
  }
733
734
1.77k
out:
735
1.77k
  return uc;
736
1.75k
}
737
738
/* used for HTTP/2 server push */
739
CURLUcode Curl_url_set_authority(CURLU *u, const char *authority)
740
0
{
741
0
  CURLUcode result;
742
0
  struct dynbuf host;
743
744
0
  DEBUGASSERT(authority);
745
0
  curlx_dyn_init(&host, CURL_MAX_INPUT_LENGTH);
746
747
0
  result = parse_authority(u, authority, strlen(authority),
748
0
                           CURLU_DISALLOW_USER, &host, !!u->scheme);
749
0
  if(result)
750
0
    curlx_dyn_free(&host);
751
0
  else {
752
0
    free(u->host);
753
0
    u->host = curlx_dyn_ptr(&host);
754
0
  }
755
0
  return result;
756
0
}
757
758
/*
759
 * "Remove Dot Segments"
760
 * https://datatracker.ietf.org/doc/html/rfc3986#section-5.2.4
761
 */
762
763
static bool is_dot(const char **str, size_t *clen)
764
3.52k
{
765
3.52k
  const char *p = *str;
766
3.52k
  if(*p == '.') {
767
155
    (*str)++;
768
155
    (*clen)--;
769
155
    return TRUE;
770
155
  }
771
3.36k
  else if((*clen >= 3) &&
772
3.36k
          (p[0] == '%') && (p[1] == '2') && ((p[2] | 0x20) == 'e')) {
773
0
    *str += 3;
774
0
    *clen -= 3;
775
0
    return TRUE;
776
0
  }
777
3.36k
  return FALSE;
778
3.52k
}
779
780
45.0k
#define ISSLASH(x) ((x) == '/')
781
782
/*
783
 * dedotdotify()
784
 * @unittest: 1395
785
 *
786
 * This function gets a null-terminated path with dot and dotdot sequences
787
 * passed in and strips them off according to the rules in RFC 3986 section
788
 * 5.2.4.
789
 *
790
 * The function handles a path. It should not contain the query nor fragment.
791
 *
792
 * RETURNS
793
 *
794
 * Zero for success and 'out' set to an allocated dedotdotified string.
795
 */
796
UNITTEST int dedotdotify(const char *input, size_t clen, char **outp);
797
UNITTEST int dedotdotify(const char *input, size_t clen, char **outp)
798
1.57k
{
799
1.57k
  struct dynbuf out;
800
1.57k
  CURLcode result = CURLE_OK;
801
802
1.57k
  *outp = NULL;
803
  /* the path always starts with a slash, and a slash has not dot */
804
1.57k
  if(clen < 2)
805
0
    return 0;
806
807
1.57k
  curlx_dyn_init(&out, clen + 1);
808
809
  /*  A. If the input buffer begins with a prefix of "../" or "./", then
810
      remove that prefix from the input buffer; otherwise, */
811
1.57k
  if(is_dot(&input, &clen)) {
812
0
    const char *p = input;
813
0
    size_t blen = clen;
814
815
0
    if(!clen)
816
      /* . [end] */
817
0
      goto end;
818
0
    else if(ISSLASH(*p)) {
819
      /* one dot followed by a slash */
820
0
      input = p + 1;
821
0
      clen--;
822
0
    }
823
824
    /*  D. if the input buffer consists only of "." or "..", then remove
825
        that from the input buffer; otherwise, */
826
0
    else if(is_dot(&p, &blen)) {
827
0
      if(!blen)
828
        /* .. [end] */
829
0
        goto end;
830
0
      else if(ISSLASH(*p)) {
831
        /* ../ */
832
0
        input = p + 1;
833
0
        clen = blen - 1;
834
0
      }
835
0
    }
836
0
  }
837
838
46.4k
  while(clen && !result) { /* until end of path content */
839
44.8k
    if(ISSLASH(*input)) {
840
1.79k
      const char *p = &input[1];
841
1.79k
      size_t blen = clen - 1;
842
      /*  B. if the input buffer begins with a prefix of "/./" or "/.", where
843
          "."  is a complete path segment, then replace that prefix with "/" in
844
          the input buffer; otherwise, */
845
1.79k
      if(is_dot(&p, &blen)) {
846
155
        if(!blen) { /* /. */
847
1
          result = curlx_dyn_addn(&out, "/", 1);
848
1
          break;
849
1
        }
850
154
        else if(ISSLASH(*p)) { /* /./ */
851
0
          input = p;
852
0
          clen = blen;
853
0
          continue;
854
0
        }
855
856
        /*  C. if the input buffer begins with a prefix of "/../" or "/..",
857
            where ".." is a complete path segment, then replace that prefix
858
            with "/" in the input buffer and remove the last segment and its
859
            preceding "/" (if any) from the output buffer; otherwise, */
860
154
        else if(is_dot(&p, &blen) && (ISSLASH(*p) || !blen)) {
861
          /* remove the last segment from the output buffer */
862
0
          size_t len = curlx_dyn_len(&out);
863
0
          if(len) {
864
0
            char *ptr = curlx_dyn_ptr(&out);
865
0
            char *last = memrchr(ptr, '/', len);
866
0
            if(last)
867
              /* trim the output at the slash */
868
0
              curlx_dyn_setlen(&out, last - ptr);
869
0
          }
870
871
0
          if(blen) { /* /../ */
872
0
            input = p;
873
0
            clen = blen;
874
0
            continue;
875
0
          }
876
0
          result = curlx_dyn_addn(&out, "/", 1);
877
0
          break;
878
0
        }
879
155
      }
880
1.79k
    }
881
882
    /*  E. move the first path segment in the input buffer to the end of
883
        the output buffer, including the initial "/" character (if any) and
884
        any subsequent characters up to, but not including, the next "/"
885
        character or the end of the input buffer. */
886
887
44.8k
    result = curlx_dyn_addn(&out, input, 1);
888
44.8k
    input++;
889
44.8k
    clen--;
890
44.8k
  }
891
1.57k
end:
892
1.57k
  if(!result) {
893
1.57k
    if(curlx_dyn_len(&out))
894
1.57k
      *outp = curlx_dyn_ptr(&out);
895
0
    else {
896
0
      *outp = strdup("");
897
0
      if(!*outp)
898
0
        return 1;
899
0
    }
900
1.57k
  }
901
1.57k
  return result ? 1 : 0; /* success */
902
1.57k
}
903
904
static CURLUcode parseurl(const char *url, CURLU *u, unsigned int flags)
905
1.84k
{
906
1.84k
  const char *path;
907
1.84k
  size_t pathlen;
908
1.84k
  char *query = NULL;
909
1.84k
  char *fragment = NULL;
910
1.84k
  char schemebuf[MAX_SCHEME_LEN + 1];
911
1.84k
  size_t schemelen = 0;
912
1.84k
  size_t urllen;
913
1.84k
  CURLUcode result = CURLUE_OK;
914
1.84k
  size_t fraglen = 0;
915
1.84k
  struct dynbuf host;
916
917
1.84k
  DEBUGASSERT(url);
918
919
1.84k
  curlx_dyn_init(&host, CURL_MAX_INPUT_LENGTH);
920
921
1.84k
  result = Curl_junkscan(url, &urllen, !!(flags & CURLU_ALLOW_SPACE));
922
1.84k
  if(result)
923
75
    goto fail;
924
925
1.77k
  schemelen = Curl_is_absolute_url(url, schemebuf, sizeof(schemebuf),
926
1.77k
                                   flags & (CURLU_GUESS_SCHEME|
927
1.77k
                                            CURLU_DEFAULT_SCHEME));
928
929
  /* handle the file: scheme */
930
1.77k
  if(schemelen && !strcmp(schemebuf, "file")) {
931
0
    bool uncpath = FALSE;
932
0
    if(urllen <= 6) {
933
      /* file:/ is not enough to actually be a complete file: URL */
934
0
      result = CURLUE_BAD_FILE_URL;
935
0
      goto fail;
936
0
    }
937
938
    /* path has been allocated large enough to hold this */
939
0
    path = &url[5];
940
0
    pathlen = urllen - 5;
941
942
0
    u->scheme = strdup("file");
943
0
    if(!u->scheme) {
944
0
      result = CURLUE_OUT_OF_MEMORY;
945
0
      goto fail;
946
0
    }
947
948
    /* Extra handling URLs with an authority component (i.e. that start with
949
     * "file://")
950
     *
951
     * We allow omitted hostname (e.g. file:/<path>) -- valid according to
952
     * RFC 8089, but not the (current) WHAT-WG URL spec.
953
     */
954
0
    if(path[0] == '/' && path[1] == '/') {
955
      /* swallow the two slashes */
956
0
      const char *ptr = &path[2];
957
958
      /*
959
       * According to RFC 8089, a file: URL can be reliably dereferenced if:
960
       *
961
       *  o it has no/blank hostname, or
962
       *
963
       *  o the hostname matches "localhost" (case-insensitively), or
964
       *
965
       *  o the hostname is a FQDN that resolves to this machine, or
966
       *
967
       *  o it is an UNC String transformed to an URI (Windows only, RFC 8089
968
       *    Appendix E.3).
969
       *
970
       * For brevity, we only consider URLs with empty, "localhost", or
971
       * "127.0.0.1" hostnames as local, otherwise as an UNC String.
972
       *
973
       * Additionally, there is an exception for URLs with a Windows drive
974
       * letter in the authority (which was accidentally omitted from RFC 8089
975
       * Appendix E, but believe me, it was meant to be there. --MK)
976
       */
977
0
      if(ptr[0] != '/' && !STARTS_WITH_URL_DRIVE_PREFIX(ptr)) {
978
        /* the URL includes a hostname, it must match "localhost" or
979
           "127.0.0.1" to be valid */
980
0
        if(checkprefix("localhost/", ptr) ||
981
0
           checkprefix("127.0.0.1/", ptr)) {
982
0
          ptr += 9; /* now points to the slash after the host */
983
0
        }
984
0
        else {
985
#ifdef _WIN32
986
          size_t len;
987
988
          /* the hostname, NetBIOS computer name, can not contain disallowed
989
             chars, and the delimiting slash character must be appended to the
990
             hostname */
991
          path = strpbrk(ptr, "/\\:*?\"<>|");
992
          if(!path || *path != '/') {
993
            result = CURLUE_BAD_FILE_URL;
994
            goto fail;
995
          }
996
997
          len = path - ptr;
998
          if(len) {
999
            CURLcode code = curlx_dyn_addn(&host, ptr, len);
1000
            if(code) {
1001
              result = cc2cu(code);
1002
              goto fail;
1003
            }
1004
            uncpath = TRUE;
1005
          }
1006
1007
          ptr -= 2; /* now points to the // before the host in UNC */
1008
#else
1009
          /* Invalid file://hostname/, expected localhost or 127.0.0.1 or
1010
             none */
1011
0
          result = CURLUE_BAD_FILE_URL;
1012
0
          goto fail;
1013
0
#endif
1014
0
        }
1015
0
      }
1016
1017
0
      path = ptr;
1018
0
      pathlen = urllen - (ptr - url);
1019
0
    }
1020
1021
0
    if(!uncpath)
1022
      /* no host for file: URLs by default */
1023
0
      curlx_dyn_reset(&host);
1024
1025
0
#if !defined(_WIN32) && !defined(MSDOS) && !defined(__CYGWIN__)
1026
    /* Do not allow Windows drive letters when not in Windows.
1027
     * This catches both "file:/c:" and "file:c:" */
1028
0
    if(('/' == path[0] && STARTS_WITH_URL_DRIVE_PREFIX(&path[1])) ||
1029
0
       STARTS_WITH_URL_DRIVE_PREFIX(path)) {
1030
      /* File drive letters are only accepted in MS-DOS/Windows */
1031
0
      result = CURLUE_BAD_FILE_URL;
1032
0
      goto fail;
1033
0
    }
1034
#else
1035
    /* If the path starts with a slash and a drive letter, ditch the slash */
1036
    if('/' == path[0] && STARTS_WITH_URL_DRIVE_PREFIX(&path[1])) {
1037
      /* This cannot be done with strcpy, as the memory chunks overlap! */
1038
      path++;
1039
      pathlen--;
1040
    }
1041
#endif
1042
1043
0
  }
1044
1.77k
  else {
1045
    /* clear path */
1046
1.77k
    const char *schemep = NULL;
1047
1.77k
    const char *hostp;
1048
1.77k
    size_t hostlen;
1049
1050
1.77k
    if(schemelen) {
1051
1.74k
      int i = 0;
1052
1.74k
      const char *p = &url[schemelen + 1];
1053
5.21k
      while((*p == '/') && (i < 4)) {
1054
3.47k
        p++;
1055
3.47k
        i++;
1056
3.47k
      }
1057
1058
1.74k
      schemep = schemebuf;
1059
1.74k
      if(!Curl_get_scheme_handler(schemep) &&
1060
1.74k
         !(flags & CURLU_NON_SUPPORT_SCHEME)) {
1061
0
        result = CURLUE_UNSUPPORTED_SCHEME;
1062
0
        goto fail;
1063
0
      }
1064
1065
1.74k
      if((i < 1) || (i > 3)) {
1066
        /* less than one or more than three slashes */
1067
0
        result = CURLUE_BAD_SLASHES;
1068
0
        goto fail;
1069
0
      }
1070
1.74k
      hostp = p; /* hostname starts here */
1071
1.74k
    }
1072
34
    else {
1073
      /* no scheme! */
1074
1075
34
      if(!(flags & (CURLU_DEFAULT_SCHEME|CURLU_GUESS_SCHEME))) {
1076
0
        result = CURLUE_BAD_SCHEME;
1077
0
        goto fail;
1078
0
      }
1079
34
      if(flags & CURLU_DEFAULT_SCHEME)
1080
0
        schemep = DEFAULT_SCHEME;
1081
1082
      /*
1083
       * The URL was badly formatted, let's try without scheme specified.
1084
       */
1085
34
      hostp = url;
1086
34
    }
1087
1088
1.77k
    if(schemep) {
1089
1.74k
      u->scheme = strdup(schemep);
1090
1.74k
      if(!u->scheme) {
1091
0
        result = CURLUE_OUT_OF_MEMORY;
1092
0
        goto fail;
1093
0
      }
1094
1.74k
    }
1095
1096
    /* find the end of the hostname + port number */
1097
1.77k
    hostlen = strcspn(hostp, "/?#");
1098
1.77k
    path = &hostp[hostlen];
1099
1100
    /* this pathlen also contains the query and the fragment */
1101
1.77k
    pathlen = urllen - (path - url);
1102
1.77k
    if(hostlen) {
1103
1104
1.77k
      result = parse_authority(u, hostp, hostlen, flags, &host, schemelen);
1105
1.77k
      if(result)
1106
33
        goto fail;
1107
1108
1.74k
      if((flags & CURLU_GUESS_SCHEME) && !schemep) {
1109
23
        const char *hostname = curlx_dyn_ptr(&host);
1110
        /* legacy curl-style guess based on hostname */
1111
23
        if(checkprefix("ftp.", hostname))
1112
0
          schemep = "ftp";
1113
23
        else if(checkprefix("dict.", hostname))
1114
0
          schemep = "dict";
1115
23
        else if(checkprefix("ldap.", hostname))
1116
0
          schemep = "ldap";
1117
23
        else if(checkprefix("imap.", hostname))
1118
0
          schemep = "imap";
1119
23
        else if(checkprefix("smtp.", hostname))
1120
0
          schemep = "smtp";
1121
23
        else if(checkprefix("pop3.", hostname))
1122
0
          schemep = "pop3";
1123
23
        else
1124
23
          schemep = "http";
1125
1126
23
        u->scheme = strdup(schemep);
1127
23
        if(!u->scheme) {
1128
0
          result = CURLUE_OUT_OF_MEMORY;
1129
0
          goto fail;
1130
0
        }
1131
23
        u->guessed_scheme = TRUE;
1132
23
      }
1133
1.74k
    }
1134
0
    else if(flags & CURLU_NO_AUTHORITY) {
1135
      /* allowed to be empty. */
1136
0
      if(curlx_dyn_add(&host, "")) {
1137
0
        result = CURLUE_OUT_OF_MEMORY;
1138
0
        goto fail;
1139
0
      }
1140
0
    }
1141
0
    else {
1142
0
      result = CURLUE_NO_HOST;
1143
0
      goto fail;
1144
0
    }
1145
1.77k
  }
1146
1147
1.74k
  fragment = strchr(path, '#');
1148
1.74k
  if(fragment) {
1149
5
    fraglen = pathlen - (fragment - path);
1150
5
    u->fragment_present = TRUE;
1151
5
    if(fraglen > 1) {
1152
      /* skip the leading '#' in the copy but include the terminating null */
1153
4
      if(flags & CURLU_URLENCODE) {
1154
0
        struct dynbuf enc;
1155
0
        curlx_dyn_init(&enc, CURL_MAX_INPUT_LENGTH);
1156
0
        result = urlencode_str(&enc, fragment + 1, fraglen - 1, TRUE, FALSE);
1157
0
        if(result)
1158
0
          goto fail;
1159
0
        u->fragment = curlx_dyn_ptr(&enc);
1160
0
      }
1161
4
      else {
1162
4
        u->fragment = Curl_memdup0(fragment + 1, fraglen - 1);
1163
4
        if(!u->fragment) {
1164
0
          result = CURLUE_OUT_OF_MEMORY;
1165
0
          goto fail;
1166
0
        }
1167
4
      }
1168
4
    }
1169
    /* after this, pathlen still contains the query */
1170
5
    pathlen -= fraglen;
1171
5
  }
1172
1173
1.74k
  query = memchr(path, '?', pathlen);
1174
1.74k
  if(query) {
1175
25
    size_t qlen = fragment ? (size_t)(fragment - query) :
1176
25
      pathlen - (query - path);
1177
25
    pathlen -= qlen;
1178
25
    u->query_present = TRUE;
1179
25
    if(qlen > 1) {
1180
25
      if(flags & CURLU_URLENCODE) {
1181
0
        struct dynbuf enc;
1182
0
        curlx_dyn_init(&enc, CURL_MAX_INPUT_LENGTH);
1183
        /* skip the leading question mark */
1184
0
        result = urlencode_str(&enc, query + 1, qlen - 1, TRUE, TRUE);
1185
0
        if(result)
1186
0
          goto fail;
1187
0
        u->query = curlx_dyn_ptr(&enc);
1188
0
      }
1189
25
      else {
1190
25
        u->query = Curl_memdup0(query + 1, qlen - 1);
1191
25
        if(!u->query) {
1192
0
          result = CURLUE_OUT_OF_MEMORY;
1193
0
          goto fail;
1194
0
        }
1195
25
      }
1196
25
    }
1197
0
    else {
1198
      /* single byte query */
1199
0
      u->query = strdup("");
1200
0
      if(!u->query) {
1201
0
        result = CURLUE_OUT_OF_MEMORY;
1202
0
        goto fail;
1203
0
      }
1204
0
    }
1205
25
  }
1206
1207
1.74k
  if(pathlen && (flags & CURLU_URLENCODE)) {
1208
0
    struct dynbuf enc;
1209
0
    curlx_dyn_init(&enc, CURL_MAX_INPUT_LENGTH);
1210
0
    result = urlencode_str(&enc, path, pathlen, TRUE, FALSE);
1211
0
    if(result)
1212
0
      goto fail;
1213
0
    pathlen = curlx_dyn_len(&enc);
1214
0
    path = u->path = curlx_dyn_ptr(&enc);
1215
0
  }
1216
1217
1.74k
  if(pathlen <= 1) {
1218
    /* there is no path left or just the slash, unset */
1219
166
    path = NULL;
1220
166
  }
1221
1.57k
  else {
1222
1.57k
    if(!u->path) {
1223
1.57k
      u->path = Curl_memdup0(path, pathlen);
1224
1.57k
      if(!u->path) {
1225
0
        result = CURLUE_OUT_OF_MEMORY;
1226
0
        goto fail;
1227
0
      }
1228
1.57k
      path = u->path;
1229
1.57k
    }
1230
0
    else if(flags & CURLU_URLENCODE)
1231
      /* it might have encoded more than just the path so cut it */
1232
0
      u->path[pathlen] = 0;
1233
1234
1.57k
    if(!(flags & CURLU_PATH_AS_IS)) {
1235
      /* remove ../ and ./ sequences according to RFC3986 */
1236
1.57k
      char *dedot;
1237
1.57k
      int err = dedotdotify(path, pathlen, &dedot);
1238
1.57k
      if(err) {
1239
0
        result = CURLUE_OUT_OF_MEMORY;
1240
0
        goto fail;
1241
0
      }
1242
1.57k
      if(dedot) {
1243
1.57k
        free(u->path);
1244
1.57k
        u->path = dedot;
1245
1.57k
      }
1246
1.57k
    }
1247
1.57k
  }
1248
1249
1.74k
  u->host = curlx_dyn_ptr(&host);
1250
1251
1.74k
  return result;
1252
108
fail:
1253
108
  curlx_dyn_free(&host);
1254
108
  free_urlhandle(u);
1255
108
  return result;
1256
1.74k
}
1257
1258
/*
1259
 * Parse the URL and, if successful, replace everything in the Curl_URL struct.
1260
 */
1261
static CURLUcode parseurl_and_replace(const char *url, CURLU *u,
1262
                                      unsigned int flags)
1263
1.84k
{
1264
1.84k
  CURLUcode result;
1265
1.84k
  CURLU tmpurl;
1266
1.84k
  memset(&tmpurl, 0, sizeof(tmpurl));
1267
1.84k
  result = parseurl(url, &tmpurl, flags);
1268
1.84k
  if(!result) {
1269
1.74k
    free_urlhandle(u);
1270
1.74k
    *u = tmpurl;
1271
1.74k
  }
1272
1.84k
  return result;
1273
1.84k
}
1274
1275
/*
1276
 */
1277
CURLU *curl_url(void)
1278
1.85k
{
1279
1.85k
  return calloc(1, sizeof(struct Curl_URL));
1280
1.85k
}
1281
1282
void curl_url_cleanup(CURLU *u)
1283
3.76k
{
1284
3.76k
  if(u) {
1285
1.85k
    free_urlhandle(u);
1286
1.85k
    free(u);
1287
1.85k
  }
1288
3.76k
}
1289
1290
#define DUP(dest, src, name)                    \
1291
0
  do {                                          \
1292
0
    if(src->name) {                             \
1293
0
      dest->name = strdup(src->name);           \
1294
0
      if(!dest->name)                           \
1295
0
        goto fail;                              \
1296
0
    }                                           \
1297
0
  } while(0)
1298
1299
CURLU *curl_url_dup(const CURLU *in)
1300
0
{
1301
0
  struct Curl_URL *u = calloc(1, sizeof(struct Curl_URL));
1302
0
  if(u) {
1303
0
    DUP(u, in, scheme);
1304
0
    DUP(u, in, user);
1305
0
    DUP(u, in, password);
1306
0
    DUP(u, in, options);
1307
0
    DUP(u, in, host);
1308
0
    DUP(u, in, port);
1309
0
    DUP(u, in, path);
1310
0
    DUP(u, in, query);
1311
0
    DUP(u, in, fragment);
1312
0
    DUP(u, in, zoneid);
1313
0
    u->portnum = in->portnum;
1314
0
    u->fragment_present = in->fragment_present;
1315
0
    u->query_present = in->query_present;
1316
0
  }
1317
0
  return u;
1318
0
fail:
1319
0
  curl_url_cleanup(u);
1320
0
  return NULL;
1321
0
}
1322
1323
CURLUcode curl_url_get(const CURLU *u, CURLUPart what,
1324
                       char **part, unsigned int flags)
1325
14.0k
{
1326
14.0k
  const char *ptr;
1327
14.0k
  CURLUcode ifmissing = CURLUE_UNKNOWN_PART;
1328
14.0k
  char portbuf[7];
1329
14.0k
  bool urldecode = (flags & CURLU_URLDECODE) ? 1 : 0;
1330
14.0k
  bool urlencode = (flags & CURLU_URLENCODE) ? 1 : 0;
1331
14.0k
  bool punycode = FALSE;
1332
14.0k
  bool depunyfy = FALSE;
1333
14.0k
  bool plusdecode = FALSE;
1334
14.0k
  (void)flags;
1335
14.0k
  if(!u)
1336
0
    return CURLUE_BAD_HANDLE;
1337
14.0k
  if(!part)
1338
0
    return CURLUE_BAD_PARTPOINTER;
1339
14.0k
  *part = NULL;
1340
1341
14.0k
  switch(what) {
1342
1.74k
  case CURLUPART_SCHEME:
1343
1.74k
    ptr = u->scheme;
1344
1.74k
    ifmissing = CURLUE_NO_SCHEME;
1345
1.74k
    urldecode = FALSE; /* never for schemes */
1346
1.74k
    if((flags & CURLU_NO_GUESS_SCHEME) && u->guessed_scheme)
1347
0
      return CURLUE_NO_SCHEME;
1348
1.74k
    break;
1349
1.74k
  case CURLUPART_USER:
1350
1.44k
    ptr = u->user;
1351
1.44k
    ifmissing = CURLUE_NO_USER;
1352
1.44k
    break;
1353
1.44k
  case CURLUPART_PASSWORD:
1354
1.44k
    ptr = u->password;
1355
1.44k
    ifmissing = CURLUE_NO_PASSWORD;
1356
1.44k
    break;
1357
1.44k
  case CURLUPART_OPTIONS:
1358
1.44k
    ptr = u->options;
1359
1.44k
    ifmissing = CURLUE_NO_OPTIONS;
1360
1.44k
    break;
1361
1.74k
  case CURLUPART_HOST:
1362
1.74k
    ptr = u->host;
1363
1.74k
    ifmissing = CURLUE_NO_HOST;
1364
1.74k
    punycode = (flags & CURLU_PUNYCODE) ? 1 : 0;
1365
1.74k
    depunyfy = (flags & CURLU_PUNY2IDN) ? 1 : 0;
1366
1.74k
    break;
1367
0
  case CURLUPART_ZONEID:
1368
0
    ptr = u->zoneid;
1369
0
    ifmissing = CURLUE_NO_ZONEID;
1370
0
    break;
1371
1.44k
  case CURLUPART_PORT:
1372
1.44k
    ptr = u->port;
1373
1.44k
    ifmissing = CURLUE_NO_PORT;
1374
1.44k
    urldecode = FALSE; /* never for port */
1375
1.44k
    if(!ptr && (flags & CURLU_DEFAULT_PORT) && u->scheme) {
1376
      /* there is no stored port number, but asked to deliver
1377
         a default one for the scheme */
1378
1.44k
      const struct Curl_handler *h = Curl_get_scheme_handler(u->scheme);
1379
1.44k
      if(h) {
1380
1.44k
        msnprintf(portbuf, sizeof(portbuf), "%u", h->defport);
1381
1.44k
        ptr = portbuf;
1382
1.44k
      }
1383
1.44k
    }
1384
1
    else if(ptr && u->scheme) {
1385
      /* there is a stored port number, but ask to inhibit if
1386
         it matches the default one for the scheme */
1387
1
      const struct Curl_handler *h = Curl_get_scheme_handler(u->scheme);
1388
1
      if(h && (h->defport == u->portnum) &&
1389
1
         (flags & CURLU_NO_DEFAULT_PORT))
1390
0
        ptr = NULL;
1391
1
    }
1392
1.44k
    break;
1393
1.44k
  case CURLUPART_PATH:
1394
1.44k
    ptr = u->path;
1395
1.44k
    if(!ptr)
1396
149
      ptr = "/";
1397
1.44k
    break;
1398
1.44k
  case CURLUPART_QUERY:
1399
1.44k
    ptr = u->query;
1400
1.44k
    ifmissing = CURLUE_NO_QUERY;
1401
1.44k
    plusdecode = urldecode;
1402
1.44k
    if(ptr && !ptr[0] && !(flags & CURLU_GET_EMPTY))
1403
      /* there was a blank query and the user do not ask for it */
1404
0
      ptr = NULL;
1405
1.44k
    break;
1406
0
  case CURLUPART_FRAGMENT:
1407
0
    ptr = u->fragment;
1408
0
    ifmissing = CURLUE_NO_FRAGMENT;
1409
0
    if(!ptr && u->fragment_present && flags & CURLU_GET_EMPTY)
1410
      /* there was a blank fragment and the user asks for it */
1411
0
      ptr = "";
1412
0
    break;
1413
1.84k
  case CURLUPART_URL: {
1414
1.84k
    char *url;
1415
1.84k
    const char *scheme;
1416
1.84k
    char *options = u->options;
1417
1.84k
    char *port = u->port;
1418
1.84k
    char *allochost = NULL;
1419
1.84k
    bool show_fragment =
1420
1.84k
      u->fragment || (u->fragment_present && flags & CURLU_GET_EMPTY);
1421
1.84k
    bool show_query =
1422
1.84k
      (u->query && u->query[0]) ||
1423
1.84k
      (u->query_present && flags & CURLU_GET_EMPTY);
1424
1.84k
    punycode = (flags & CURLU_PUNYCODE) ? 1 : 0;
1425
1.84k
    depunyfy = (flags & CURLU_PUNY2IDN) ? 1 : 0;
1426
1.84k
    if(u->scheme && strcasecompare("file", u->scheme)) {
1427
0
      url = aprintf("file://%s%s%s%s%s",
1428
0
                    u->path,
1429
0
                    show_query ? "?": "",
1430
0
                    u->query ? u->query : "",
1431
0
                    show_fragment ? "#": "",
1432
0
                    u->fragment ? u->fragment : "");
1433
0
    }
1434
1.84k
    else if(!u->host)
1435
107
      return CURLUE_NO_HOST;
1436
1.74k
    else {
1437
1.74k
      const struct Curl_handler *h = NULL;
1438
1.74k
      char schemebuf[MAX_SCHEME_LEN + 5];
1439
1.74k
      if(u->scheme)
1440
1.74k
        scheme = u->scheme;
1441
0
      else if(flags & CURLU_DEFAULT_SCHEME)
1442
0
        scheme = DEFAULT_SCHEME;
1443
0
      else
1444
0
        return CURLUE_NO_SCHEME;
1445
1446
1.74k
      h = Curl_get_scheme_handler(scheme);
1447
1.74k
      if(!port && (flags & CURLU_DEFAULT_PORT)) {
1448
        /* there is no stored port number, but asked to deliver
1449
           a default one for the scheme */
1450
0
        if(h) {
1451
0
          msnprintf(portbuf, sizeof(portbuf), "%u", h->defport);
1452
0
          port = portbuf;
1453
0
        }
1454
0
      }
1455
1.74k
      else if(port) {
1456
        /* there is a stored port number, but asked to inhibit if it matches
1457
           the default one for the scheme */
1458
1
        if(h && (h->defport == u->portnum) &&
1459
1
           (flags & CURLU_NO_DEFAULT_PORT))
1460
0
          port = NULL;
1461
1
      }
1462
1463
1.74k
      if(h && !(h->flags & PROTOPT_URLOPTIONS))
1464
1.44k
        options = NULL;
1465
1466
1.74k
      if(u->host[0] == '[') {
1467
0
        if(u->zoneid) {
1468
          /* make it '[ host %25 zoneid ]' */
1469
0
          struct dynbuf enc;
1470
0
          size_t hostlen = strlen(u->host);
1471
0
          curlx_dyn_init(&enc, CURL_MAX_INPUT_LENGTH);
1472
0
          if(curlx_dyn_addf(&enc, "%.*s%%25%s]", (int)hostlen - 1, u->host,
1473
0
                            u->zoneid))
1474
0
            return CURLUE_OUT_OF_MEMORY;
1475
0
          allochost = curlx_dyn_ptr(&enc);
1476
0
        }
1477
0
      }
1478
1.74k
      else if(urlencode) {
1479
0
        allochost = curl_easy_escape(NULL, u->host, 0);
1480
0
        if(!allochost)
1481
0
          return CURLUE_OUT_OF_MEMORY;
1482
0
      }
1483
1.74k
      else if(punycode) {
1484
0
        if(!Curl_is_ASCII_name(u->host)) {
1485
0
#ifndef USE_IDN
1486
0
          return CURLUE_LACKS_IDN;
1487
#else
1488
          CURLcode result = Curl_idn_decode(u->host, &allochost);
1489
          if(result)
1490
            return (result == CURLE_OUT_OF_MEMORY) ?
1491
              CURLUE_OUT_OF_MEMORY : CURLUE_BAD_HOSTNAME;
1492
#endif
1493
0
        }
1494
0
      }
1495
1.74k
      else if(depunyfy) {
1496
0
        if(Curl_is_ASCII_name(u->host)) {
1497
0
#ifndef USE_IDN
1498
0
          return CURLUE_LACKS_IDN;
1499
#else
1500
          CURLcode result = Curl_idn_encode(u->host, &allochost);
1501
          if(result)
1502
            /* this is the most likely error */
1503
            return (result == CURLE_OUT_OF_MEMORY) ?
1504
              CURLUE_OUT_OF_MEMORY : CURLUE_BAD_HOSTNAME;
1505
#endif
1506
0
        }
1507
0
      }
1508
1509
1.74k
      if(!(flags & CURLU_NO_GUESS_SCHEME) || !u->guessed_scheme)
1510
1.74k
        msnprintf(schemebuf, sizeof(schemebuf), "%s://", scheme);
1511
0
      else
1512
0
        schemebuf[0] = 0;
1513
1514
1.74k
      url = aprintf("%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s",
1515
1.74k
                    schemebuf,
1516
1.74k
                    u->user ? u->user : "",
1517
1.74k
                    u->password ? ":": "",
1518
1.74k
                    u->password ? u->password : "",
1519
1.74k
                    options ? ";" : "",
1520
1.74k
                    options ? options : "",
1521
1.74k
                    (u->user || u->password || options) ? "@": "",
1522
1.74k
                    allochost ? allochost : u->host,
1523
1.74k
                    port ? ":": "",
1524
1.74k
                    port ? port : "",
1525
1.74k
                    u->path ? u->path : "/",
1526
1.74k
                    show_query ? "?": "",
1527
1.74k
                    u->query ? u->query : "",
1528
1.74k
                    show_fragment ? "#": "",
1529
1.74k
                    u->fragment ? u->fragment : "");
1530
1.74k
      free(allochost);
1531
1.74k
    }
1532
1.74k
    if(!url)
1533
0
      return CURLUE_OUT_OF_MEMORY;
1534
1.74k
    *part = url;
1535
1.74k
    return CURLUE_OK;
1536
1.74k
  }
1537
0
  default:
1538
0
    ptr = NULL;
1539
0
    break;
1540
14.0k
  }
1541
12.1k
  if(ptr) {
1542
8.81k
    size_t partlen = strlen(ptr);
1543
8.81k
    size_t i = 0;
1544
8.81k
    *part = Curl_memdup0(ptr, partlen);
1545
8.81k
    if(!*part)
1546
0
      return CURLUE_OUT_OF_MEMORY;
1547
8.81k
    if(plusdecode) {
1548
      /* convert + to space */
1549
0
      char *plus = *part;
1550
0
      for(i = 0; i < partlen; ++plus, i++) {
1551
0
        if(*plus == '+')
1552
0
          *plus = ' ';
1553
0
      }
1554
0
    }
1555
8.81k
    if(urldecode) {
1556
0
      char *decoded;
1557
0
      size_t dlen;
1558
      /* this unconditional rejection of control bytes is documented
1559
         API behavior */
1560
0
      CURLcode res = Curl_urldecode(*part, 0, &decoded, &dlen, REJECT_CTRL);
1561
0
      free(*part);
1562
0
      if(res) {
1563
0
        *part = NULL;
1564
0
        return CURLUE_URLDECODE;
1565
0
      }
1566
0
      *part = decoded;
1567
0
      partlen = dlen;
1568
0
    }
1569
8.81k
    if(urlencode) {
1570
1.44k
      struct dynbuf enc;
1571
1.44k
      CURLUcode uc;
1572
1.44k
      curlx_dyn_init(&enc, CURL_MAX_INPUT_LENGTH);
1573
1.44k
      uc = urlencode_str(&enc, *part, partlen, TRUE, what == CURLUPART_QUERY);
1574
1.44k
      if(uc)
1575
0
        return uc;
1576
1.44k
      free(*part);
1577
1.44k
      *part = curlx_dyn_ptr(&enc);
1578
1.44k
    }
1579
7.37k
    else if(punycode) {
1580
0
      if(!Curl_is_ASCII_name(u->host)) {
1581
0
#ifndef USE_IDN
1582
0
        return CURLUE_LACKS_IDN;
1583
#else
1584
        char *allochost;
1585
        CURLcode result = Curl_idn_decode(*part, &allochost);
1586
        if(result)
1587
          return (result == CURLE_OUT_OF_MEMORY) ?
1588
            CURLUE_OUT_OF_MEMORY : CURLUE_BAD_HOSTNAME;
1589
        free(*part);
1590
        *part = allochost;
1591
#endif
1592
0
      }
1593
0
    }
1594
7.37k
    else if(depunyfy) {
1595
0
      if(Curl_is_ASCII_name(u->host)) {
1596
0
#ifndef USE_IDN
1597
0
        return CURLUE_LACKS_IDN;
1598
#else
1599
        char *allochost;
1600
        CURLcode result = Curl_idn_encode(*part, &allochost);
1601
        if(result)
1602
          return (result == CURLE_OUT_OF_MEMORY) ?
1603
            CURLUE_OUT_OF_MEMORY : CURLUE_BAD_HOSTNAME;
1604
        free(*part);
1605
        *part = allochost;
1606
#endif
1607
0
      }
1608
0
    }
1609
1610
8.81k
    return CURLUE_OK;
1611
8.81k
  }
1612
3.33k
  else
1613
3.33k
    return ifmissing;
1614
12.1k
}
1615
1616
static CURLUcode set_url_scheme(CURLU *u, const char *scheme,
1617
        unsigned int flags)
1618
0
{
1619
0
    size_t plen = strlen(scheme);
1620
0
    const char *s = scheme;
1621
0
    if((plen > MAX_SCHEME_LEN) || (plen < 1))
1622
      /* too long or too short */
1623
0
      return CURLUE_BAD_SCHEME;
1624
   /* verify that it is a fine scheme */
1625
0
    if(!(flags & CURLU_NON_SUPPORT_SCHEME) && !Curl_get_scheme_handler(scheme))
1626
0
      return CURLUE_UNSUPPORTED_SCHEME;
1627
0
    if(ISALPHA(*s)) {
1628
      /* ALPHA *( ALPHA / DIGIT / "+" / "-" / "." ) */
1629
0
      while(--plen) {
1630
0
        if(ISALNUM(*s) || (*s == '+') || (*s == '-') || (*s == '.'))
1631
0
          s++; /* fine */
1632
0
        else
1633
0
          return CURLUE_BAD_SCHEME;
1634
0
      }
1635
0
    }
1636
0
    else
1637
0
      return CURLUE_BAD_SCHEME;
1638
0
    u->guessed_scheme = FALSE;
1639
0
    return CURLUE_OK;
1640
0
}
1641
1642
static CURLUcode set_url_port(CURLU *u, const char *provided_port)
1643
0
{
1644
0
  char *tmp;
1645
0
  curl_off_t port;
1646
0
  if(!ISDIGIT(provided_port[0]))
1647
    /* not a number */
1648
0
    return CURLUE_BAD_PORT_NUMBER;
1649
0
  if(curlx_str_number(&provided_port, &port, 0xffff) || *provided_port)
1650
    /* weirdly provided number, not good! */
1651
0
    return CURLUE_BAD_PORT_NUMBER;
1652
0
  tmp = aprintf("%" CURL_FORMAT_CURL_OFF_T, port);
1653
0
  if(!tmp)
1654
0
    return CURLUE_OUT_OF_MEMORY;
1655
0
  free(u->port);
1656
0
  u->port = tmp;
1657
0
  u->portnum = (unsigned short)port;
1658
0
  return CURLUE_OK;
1659
0
}
1660
1661
static CURLUcode set_url(CURLU *u, const char *url, size_t part_size,
1662
        unsigned int flags)
1663
1.85k
{
1664
  /*
1665
   * Allow a new URL to replace the existing (if any) contents.
1666
   *
1667
   * If the existing contents is enough for a URL, allow a relative URL to
1668
   * replace it.
1669
   */
1670
1.85k
  CURLUcode uc;
1671
1.85k
  char *oldurl = NULL;
1672
1673
1.85k
  if(!part_size) {
1674
    /* a blank URL is not a valid URL unless we already have a complete one
1675
       and this is a redirect */
1676
1
    if(!curl_url_get(u, CURLUPART_URL, &oldurl, flags)) {
1677
      /* success, meaning the "" is a fine relative URL, but nothing
1678
         changes */
1679
0
      free(oldurl);
1680
0
      return CURLUE_OK;
1681
0
    }
1682
1
    return CURLUE_MALFORMED_INPUT;
1683
1
  }
1684
1685
  /* if the new thing is absolute or the old one is not (we could not get an
1686
   * absolute URL in 'oldurl'), then replace the existing with the new. */
1687
1.84k
  if(Curl_is_absolute_url(url, NULL, 0,
1688
1.84k
                          flags & (CURLU_GUESS_SCHEME|CURLU_DEFAULT_SCHEME))
1689
1.84k
     || curl_url_get(u, CURLUPART_URL, &oldurl, flags)) {
1690
1.84k
    return parseurl_and_replace(url, u, flags);
1691
1.84k
  }
1692
0
  DEBUGASSERT(oldurl); /* it is set here */
1693
  /* apply the relative part to create a new URL */
1694
0
  uc = redirect_url(oldurl, url, u, flags);
1695
0
  free(oldurl);
1696
0
  return uc;
1697
1.84k
}
1698
1699
CURLUcode curl_url_set(CURLU *u, CURLUPart what,
1700
                       const char *part, unsigned int flags)
1701
4.27k
{
1702
4.27k
  char **storep = NULL;
1703
4.27k
  bool urlencode = (flags & CURLU_URLENCODE) ? 1 : 0;
1704
4.27k
  bool plusencode = FALSE;
1705
4.27k
  bool urlskipslash = FALSE;
1706
4.27k
  bool leadingslash = FALSE;
1707
4.27k
  bool appendquery = FALSE;
1708
4.27k
  bool equalsencode = FALSE;
1709
4.27k
  size_t nalloc;
1710
1711
4.27k
  if(!u)
1712
0
    return CURLUE_BAD_HANDLE;
1713
4.27k
  if(!part) {
1714
    /* setting a part to NULL clears it */
1715
0
    switch(what) {
1716
0
    case CURLUPART_URL:
1717
0
      break;
1718
0
    case CURLUPART_SCHEME:
1719
0
      storep = &u->scheme;
1720
0
      u->guessed_scheme = FALSE;
1721
0
      break;
1722
0
    case CURLUPART_USER:
1723
0
      storep = &u->user;
1724
0
      break;
1725
0
    case CURLUPART_PASSWORD:
1726
0
      storep = &u->password;
1727
0
      break;
1728
0
    case CURLUPART_OPTIONS:
1729
0
      storep = &u->options;
1730
0
      break;
1731
0
    case CURLUPART_HOST:
1732
0
      storep = &u->host;
1733
0
      break;
1734
0
    case CURLUPART_ZONEID:
1735
0
      storep = &u->zoneid;
1736
0
      break;
1737
0
    case CURLUPART_PORT:
1738
0
      u->portnum = 0;
1739
0
      storep = &u->port;
1740
0
      break;
1741
0
    case CURLUPART_PATH:
1742
0
      storep = &u->path;
1743
0
      break;
1744
0
    case CURLUPART_QUERY:
1745
0
      storep = &u->query;
1746
0
      u->query_present = FALSE;
1747
0
      break;
1748
0
    case CURLUPART_FRAGMENT:
1749
0
      storep = &u->fragment;
1750
0
      u->fragment_present = FALSE;
1751
0
      break;
1752
0
    default:
1753
0
      return CURLUE_UNKNOWN_PART;
1754
0
    }
1755
0
    if(storep && *storep) {
1756
0
      Curl_safefree(*storep);
1757
0
    }
1758
0
    else if(!storep) {
1759
0
      free_urlhandle(u);
1760
0
      memset(u, 0, sizeof(struct Curl_URL));
1761
0
    }
1762
0
    return CURLUE_OK;
1763
0
  }
1764
1765
4.27k
  nalloc = strlen(part);
1766
4.27k
  if(nalloc > CURL_MAX_INPUT_LENGTH)
1767
    /* excessive input length */
1768
0
    return CURLUE_MALFORMED_INPUT;
1769
1770
4.27k
  switch(what) {
1771
0
  case CURLUPART_SCHEME: {
1772
0
    CURLUcode status = set_url_scheme(u, part, flags);
1773
0
    if(status)
1774
0
      return status;
1775
0
    storep = &u->scheme;
1776
0
    urlencode = FALSE; /* never */
1777
0
    break;
1778
0
  }
1779
1.24k
  case CURLUPART_USER:
1780
1.24k
    storep = &u->user;
1781
1.24k
    break;
1782
1.17k
  case CURLUPART_PASSWORD:
1783
1.17k
    storep = &u->password;
1784
1.17k
    break;
1785
0
  case CURLUPART_OPTIONS:
1786
0
    storep = &u->options;
1787
0
    break;
1788
0
  case CURLUPART_HOST:
1789
0
    storep = &u->host;
1790
0
    Curl_safefree(u->zoneid);
1791
0
    break;
1792
0
  case CURLUPART_ZONEID:
1793
0
    storep = &u->zoneid;
1794
0
    break;
1795
0
  case CURLUPART_PORT:
1796
0
    return set_url_port(u, part);
1797
0
  case CURLUPART_PATH:
1798
0
    urlskipslash = TRUE;
1799
0
    leadingslash = TRUE; /* enforce */
1800
0
    storep = &u->path;
1801
0
    break;
1802
0
  case CURLUPART_QUERY:
1803
0
    plusencode = urlencode;
1804
0
    appendquery = (flags & CURLU_APPENDQUERY) ? 1 : 0;
1805
0
    equalsencode = appendquery;
1806
0
    storep = &u->query;
1807
0
    u->query_present = TRUE;
1808
0
    break;
1809
0
  case CURLUPART_FRAGMENT:
1810
0
    storep = &u->fragment;
1811
0
    u->fragment_present = TRUE;
1812
0
    break;
1813
1.85k
  case CURLUPART_URL: {
1814
1.85k
    return set_url(u, part, nalloc, flags);
1815
0
  }
1816
0
  default:
1817
0
    return CURLUE_UNKNOWN_PART;
1818
4.27k
  }
1819
2.42k
  DEBUGASSERT(storep);
1820
2.42k
  {
1821
2.42k
    const char *newp;
1822
2.42k
    struct dynbuf enc;
1823
2.42k
    curlx_dyn_init(&enc, nalloc * 3 + 1 + leadingslash);
1824
1825
2.42k
    if(leadingslash && (part[0] != '/')) {
1826
0
      CURLcode result = curlx_dyn_addn(&enc, "/", 1);
1827
0
      if(result)
1828
0
        return cc2cu(result);
1829
0
    }
1830
2.42k
    if(urlencode) {
1831
2.42k
      const unsigned char *i;
1832
1833
150k
      for(i = (const unsigned char *)part; *i; i++) {
1834
148k
        CURLcode result;
1835
148k
        if((*i == ' ') && plusencode) {
1836
0
          result = curlx_dyn_addn(&enc, "+", 1);
1837
0
          if(result)
1838
0
            return CURLUE_OUT_OF_MEMORY;
1839
0
        }
1840
148k
        else if(ISUNRESERVED(*i) ||
1841
148k
                ((*i == '/') && urlskipslash) ||
1842
148k
                ((*i == '=') && equalsencode)) {
1843
82.4k
          if((*i == '=') && equalsencode)
1844
            /* only skip the first equals sign */
1845
0
            equalsencode = FALSE;
1846
82.4k
          result = curlx_dyn_addn(&enc, i, 1);
1847
82.4k
          if(result)
1848
0
            return cc2cu(result);
1849
82.4k
        }
1850
65.8k
        else {
1851
65.8k
          unsigned char out[3]={'%'};
1852
65.8k
          Curl_hexbyte(&out[1], *i, TRUE);
1853
65.8k
          result = curlx_dyn_addn(&enc, out, 3);
1854
65.8k
          if(result)
1855
0
            return cc2cu(result);
1856
65.8k
        }
1857
148k
      }
1858
2.42k
    }
1859
0
    else {
1860
0
      char *p;
1861
0
      CURLcode result = curlx_dyn_add(&enc, part);
1862
0
      if(result)
1863
0
        return cc2cu(result);
1864
0
      p = curlx_dyn_ptr(&enc);
1865
0
      while(*p) {
1866
        /* make sure percent encoded are lower case */
1867
0
        if((*p == '%') && ISXDIGIT(p[1]) && ISXDIGIT(p[2]) &&
1868
0
           (ISUPPER(p[1]) || ISUPPER(p[2]))) {
1869
0
          p[1] = Curl_raw_tolower(p[1]);
1870
0
          p[2] = Curl_raw_tolower(p[2]);
1871
0
          p += 3;
1872
0
        }
1873
0
        else
1874
0
          p++;
1875
0
      }
1876
0
    }
1877
2.42k
    newp = curlx_dyn_ptr(&enc);
1878
1879
2.42k
    if(appendquery && newp) {
1880
      /* Append the 'newp' string onto the old query. Add a '&' separator if
1881
         none is present at the end of the existing query already */
1882
1883
0
      size_t querylen = u->query ? strlen(u->query) : 0;
1884
0
      bool addamperand = querylen && (u->query[querylen -1] != '&');
1885
0
      if(querylen) {
1886
0
        struct dynbuf qbuf;
1887
0
        curlx_dyn_init(&qbuf, CURL_MAX_INPUT_LENGTH);
1888
1889
0
        if(curlx_dyn_addn(&qbuf, u->query, querylen)) /* add original query */
1890
0
          goto nomem;
1891
1892
0
        if(addamperand) {
1893
0
          if(curlx_dyn_addn(&qbuf, "&", 1))
1894
0
            goto nomem;
1895
0
        }
1896
0
        if(curlx_dyn_add(&qbuf, newp))
1897
0
          goto nomem;
1898
0
        curlx_dyn_free(&enc);
1899
0
        free(*storep);
1900
0
        *storep = curlx_dyn_ptr(&qbuf);
1901
0
        return CURLUE_OK;
1902
0
nomem:
1903
0
        curlx_dyn_free(&enc);
1904
0
        return CURLUE_OUT_OF_MEMORY;
1905
0
      }
1906
0
    }
1907
1908
2.42k
    else if(what == CURLUPART_HOST) {
1909
0
      size_t n = curlx_dyn_len(&enc);
1910
0
      if(!n && (flags & CURLU_NO_AUTHORITY)) {
1911
        /* Skip hostname check, it is allowed to be empty. */
1912
0
      }
1913
0
      else {
1914
0
        bool bad = FALSE;
1915
0
        if(!n)
1916
0
          bad = TRUE; /* empty hostname is not okay */
1917
0
        else if(!urlencode) {
1918
          /* if the host name part was not URL encoded here, it was set ready
1919
             URL encoded so we need to decode it to check */
1920
0
          size_t dlen;
1921
0
          char *decoded = NULL;
1922
0
          CURLcode result =
1923
0
            Curl_urldecode(newp, n, &decoded, &dlen, REJECT_CTRL);
1924
0
          if(result || hostname_check(u, decoded, dlen))
1925
0
            bad = TRUE;
1926
0
          free(decoded);
1927
0
        }
1928
0
        else if(hostname_check(u, (char *)CURL_UNCONST(newp), n))
1929
0
          bad = TRUE;
1930
0
        if(bad) {
1931
0
          curlx_dyn_free(&enc);
1932
0
          return CURLUE_BAD_HOSTNAME;
1933
0
        }
1934
0
      }
1935
0
    }
1936
1937
2.42k
    free(*storep);
1938
2.42k
    *storep = (char *)CURL_UNCONST(newp);
1939
2.42k
  }
1940
0
  return CURLUE_OK;
1941
2.42k
}