/src/openssl35/crypto/http/http_lib.c

Source
/*
 * Copyright 2001-2025 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <stdio.h> /* for sscanf() */
#include <string.h>
#include <openssl/http.h>
#include <openssl/httperr.h>
#include <openssl/bio.h> /* for BIO_snprintf() */
#include <openssl/err.h>
#include "internal/cryptlib.h" /* for ossl_assert() */
#ifndef OPENSSL_NO_SOCK
#include "internal/bio_addr.h" /* for NI_MAXHOST */
#endif
#ifndef NI_MAXHOST
#define NI_MAXHOST 255
#endif
#include "crypto/ctype.h" /* for ossl_isspace() */

static void init_pstring(char **pstr)
{
    if (pstr != NULL) {
        *pstr = NULL;
    }
}

static void init_pint(int *pint)
{
    if (pint != NULL) {
        *pint = 0;
    }
}

static int copy_substring(char **dest, const char *start, const char *end)
{
    return dest == NULL
        || (*dest = OPENSSL_strndup(start, end - start)) != NULL;
}

static void free_pstring(char **pstr)
{
    if (pstr != NULL) {
        OPENSSL_free(*pstr);
        *pstr = NULL;
    }
}

int OSSL_parse_url(const char *url, char **pscheme, char **puser, char **phost,
    char **pport, int *pport_num,
    char **ppath, char **pquery, char **pfrag)
{
    const char *p, *tmp;
    const char *authority_end;
    const char *scheme, *scheme_end;
    const char *user, *user_end;
    const char *host, *host_end;
    const char *port, *port_end;
    unsigned int portnum = 0;
    const char *path, *path_end;
    const char *query, *query_end;
    const char *frag, *frag_end;

    init_pstring(pscheme);
    init_pstring(puser);
    init_pstring(phost);
    init_pstring(pport);
    init_pint(pport_num);
    init_pstring(ppath);
    init_pstring(pfrag);
    init_pstring(pquery);

    if (url == NULL) {
        ERR_raise(ERR_LIB_HTTP, ERR_R_PASSED_NULL_PARAMETER);
        return 0;
    }

    /* check for optional prefix "<scheme>://" */
    scheme = scheme_end = url;
    p = strstr(url, "://");
    if (p == NULL) {
        p = url;
    } else {
        scheme_end = p;
        if (scheme_end == scheme)
            goto parse_err;
        p += strlen("://");
    }

    /* parse optional "userinfo@" */
    user = user_end = host = p;
    authority_end = strpbrk(p, "/?#");
    if (authority_end == NULL)
        authority_end = p + strlen(p);
    host = memchr(p, '@', authority_end - p);
    if (host != NULL)
        user_end = host++;
    else
        host = p;

    /* parse hostname/address as far as needed here */
    if (host[0] == '[') {
        /* IPv6 literal, which may include ':' */
        host_end = strchr(host + 1, ']');
        if (host_end == NULL)
            goto parse_err;
        p = ++host_end;
    } else {
        /* look for start of optional port, path, query, or fragment */
        host_end = strpbrk(host, ":/?#");
        if (host_end == NULL) /* the remaining string is just the hostname */
            host_end = host + strlen(host);
        p = host_end;
    }

    /* parse optional port specification starting with ':' */
    port = "0"; /* default */
    if (*p == ':')
        port = ++p;
    /* remaining port spec handling is also done for the default values */
    /* make sure a decimal port number is given */
    if (sscanf(port, "%u", &portnum) <= 0 || portnum > 65535) {
        ERR_raise_data(ERR_LIB_HTTP, HTTP_R_INVALID_PORT_NUMBER, "%s", port);
        goto err;
    }
    for (port_end = port; '0' <= *port_end && *port_end <= '9'; port_end++)
        ;
    if (port == p) /* port was given explicitly */
        p += port_end - port;

    /* check for optional path starting with '/' or '?'. Else must start '#' */
    path = p;
    if (*path != '\0' && *path != '/' && *path != '?' && *path != '#') {
        ERR_raise(ERR_LIB_HTTP, HTTP_R_INVALID_URL_PATH);
        goto parse_err;
    }
    path_end = query = query_end = frag = frag_end = path + strlen(path);

    /* parse optional "?query" */
    tmp = strchr(p, '?');
    if (tmp != NULL) {
        p = tmp;
        if (pquery != NULL) {
            path_end = p;
            query = p + 1;
        }
    }

    /* parse optional "#fragment" */
    tmp = strchr(p, '#');
    if (tmp != NULL) {
        if (query == path_end) /* we did not record a query component */
            path_end = tmp;
        query_end = tmp;
        frag = tmp + 1;
    }

    if (!copy_substring(pscheme, scheme, scheme_end)
        || !copy_substring(phost, host, host_end)
        || !copy_substring(pport, port, port_end)
        || !copy_substring(puser, user, user_end)
        || !copy_substring(pquery, query, query_end)
        || !copy_substring(pfrag, frag, frag_end))
        goto err;
    if (pport_num != NULL)
        *pport_num = (int)portnum;
    if (*path == '/') {
        if (!copy_substring(ppath, path, path_end))
            goto err;
    } else if (ppath != NULL) { /* must prepend '/' */
        size_t buflen = 1 + path_end - path + 1;

        if ((*ppath = OPENSSL_malloc(buflen)) == NULL)
            goto err;
        BIO_snprintf(*ppath, buflen, "/%s", path);
    }
    return 1;

parse_err:
    ERR_raise(ERR_LIB_HTTP, HTTP_R_ERROR_PARSING_URL);

err:
    free_pstring(pscheme);
    free_pstring(puser);
    free_pstring(phost);
    free_pstring(pport);
    free_pstring(ppath);
    free_pstring(pquery);
    free_pstring(pfrag);
    return 0;
}

#ifndef OPENSSL_NO_HTTP

int OSSL_HTTP_parse_url(const char *url, int *pssl, char **puser, char **phost,
    char **pport, int *pport_num,
    char **ppath, char **pquery, char **pfrag)
{
    char *scheme, *port;
    int ssl = 0, portnum;

    init_pstring(pport);
    if (pssl != NULL)
        *pssl = 0;
    if (!OSSL_parse_url(url, &scheme, puser, phost, &port, pport_num,
            ppath, pquery, pfrag))
        return 0;

    /* check for optional HTTP scheme "http[s]" */
    if (strcmp(scheme, OSSL_HTTPS_NAME) == 0) {
        ssl = 1;
        if (pssl != NULL)
            *pssl = ssl;
    } else if (*scheme != '\0' && strcmp(scheme, OSSL_HTTP_NAME) != 0) {
        ERR_raise(ERR_LIB_HTTP, HTTP_R_INVALID_URL_SCHEME);
        OPENSSL_free(scheme);
        OPENSSL_free(port);
        goto err;
    }
    OPENSSL_free(scheme);

    if (strcmp(port, "0") == 0) {
        /* set default port */
        OPENSSL_free(port);
        port = ssl ? OSSL_HTTPS_PORT : OSSL_HTTP_PORT;
        if (!ossl_assert(sscanf(port, "%d", &portnum) == 1))
            goto err;
        if (pport_num != NULL)
            *pport_num = portnum;
        if (pport != NULL) {
            *pport = OPENSSL_strdup(port);
            if (*pport == NULL)
                goto err;
        }
    } else {
        if (pport != NULL)
            *pport = port;
        else
            OPENSSL_free(port);
    }
    return 1;

err:
    free_pstring(puser);
    free_pstring(phost);
    free_pstring(ppath);
    free_pstring(pquery);
    free_pstring(pfrag);
    return 0;
}

/* Respect no_proxy, taking default value from environment variable(s) */
static int use_proxy(const char *no_proxy, const char *server)
{
    size_t sl;
    const char *found = NULL;
    char host[NI_MAXHOST];

    if (!ossl_assert(server != NULL))
        return 0;
    sl = strlen(server);
    if (sl >= 2 && sl < sizeof(host) + 2 && server[0] == '[' && server[sl - 1] == ']') {
        /* strip leading '[' and trailing ']' from escaped IPv6 address */
        sl -= 2;
        strncpy(host, server + 1, sl);
        host[sl] = '\0';
        server = host;
    }

    /*
     * using environment variable names, both lowercase and uppercase variants,
     * compatible with other HTTP client implementations like wget, curl and git
     */
    if (no_proxy == NULL)
        no_proxy = ossl_safe_getenv("no_proxy");
    if (no_proxy == NULL)
        no_proxy = ossl_safe_getenv(OPENSSL_NO_PROXY);

    if (no_proxy != NULL)
        found = strstr(no_proxy, server);
    while (found != NULL
        && ((found != no_proxy && !ossl_isspace(found[-1]) && found[-1] != ',')
            || (found[sl] != '\0' && !ossl_isspace(found[sl]) && found[sl] != ',')))
        found = strstr(found + 1, server);
    return found == NULL;
}

/* Take default value from environment variable(s), respect no_proxy */
const char *OSSL_HTTP_adapt_proxy(const char *proxy, const char *no_proxy,
    const char *server, int use_ssl)
{
    /*
     * using environment variable names, both lowercase and uppercase variants,
     * compatible with other HTTP client implementations like wget, curl and git
     */
    if (proxy == NULL)
        proxy = ossl_safe_getenv(use_ssl ? "https_proxy" : "http_proxy");
    if (proxy == NULL)
        proxy = ossl_safe_getenv(use_ssl ? OPENSSL_HTTPS_PROXY : OPENSSL_HTTP_PROXY);

    if (proxy == NULL || *proxy == '\0' || !use_proxy(no_proxy, server))
        return NULL;
    return proxy;
}

#endif /* !defined(OPENSSL_NO_HTTP) */

Coverage Report

Created: 2026-04-01 06:39

Line	Count	Source
1		/*
2		* Copyright 2001-2025 The OpenSSL Project Authors. All Rights Reserved.
3		*
4		* Licensed under the Apache License 2.0 (the "License"). You may not use
5		* this file except in compliance with the License. You can obtain a copy
6		* in the file LICENSE in the source distribution or at
7		* https://www.openssl.org/source/license.html
8		*/
9
10		#include <stdio.h> /* for sscanf() */
11		#include <string.h>
12		#include <openssl/http.h>
13		#include <openssl/httperr.h>
14		#include <openssl/bio.h> /* for BIO_snprintf() */
15		#include <openssl/err.h>
16		#include "internal/cryptlib.h" /* for ossl_assert() */
17		#ifndef OPENSSL_NO_SOCK
18		#include "internal/bio_addr.h" /* for NI_MAXHOST */
19		#endif
20		#ifndef NI_MAXHOST
21		#define NI_MAXHOST 255
22		#endif
23		#include "crypto/ctype.h" /* for ossl_isspace() */
24
25		static void init_pstring(char **pstr)
26	0	{
27	0	if (pstr != NULL) {
28	0	*pstr = NULL;
29	0	}
30	0	}
31
32		static void init_pint(int *pint)
33	0	{
34	0	if (pint != NULL) {
35	0	*pint = 0;
36	0	}
37	0	}
38
39		static int copy_substring(char *dest, const char start, const char *end)
40	0	{
41	0	return dest == NULL
42	0	\|\| (*dest = OPENSSL_strndup(start, end - start)) != NULL;
43	0	}
44
45		static void free_pstring(char **pstr)
46	0	{
47	0	if (pstr != NULL) {
48	0	OPENSSL_free(*pstr);
49	0	*pstr = NULL;
50	0	}
51	0	}
52
53		int OSSL_parse_url(const char url, char pscheme, char puser, char *phost,
54		char *pport, int pport_num,
55		char ppath, char pquery, char **pfrag)
56	0	{
57	0	const char p, tmp;
58	0	const char *authority_end;
59	0	const char scheme, scheme_end;
60	0	const char user, user_end;
61	0	const char host, host_end;
62	0	const char port, port_end;
63	0	unsigned int portnum = 0;
64	0	const char path, path_end;
65	0	const char query, query_end;
66	0	const char frag, frag_end;
67
68	0	init_pstring(pscheme);
69	0	init_pstring(puser);
70	0	init_pstring(phost);
71	0	init_pstring(pport);
72	0	init_pint(pport_num);
73	0	init_pstring(ppath);
74	0	init_pstring(pfrag);
75	0	init_pstring(pquery);
76
77	0	if (url == NULL) {
78	0	ERR_raise(ERR_LIB_HTTP, ERR_R_PASSED_NULL_PARAMETER);
79	0	return 0;
80	0	}
81
82		/* check for optional prefix "<scheme>://" */
83	0	scheme = scheme_end = url;
84	0	p = strstr(url, "://");
85	0	if (p == NULL) {
86	0	p = url;
87	0	} else {
88	0	scheme_end = p;
89	0	if (scheme_end == scheme)
90	0	goto parse_err;
91	0	p += strlen("://");
92	0	}
93
94		/* parse optional "userinfo@" */
95	0	user = user_end = host = p;
96	0	authority_end = strpbrk(p, "/?#");
97	0	if (authority_end == NULL)
98	0	authority_end = p + strlen(p);
99	0	host = memchr(p, '@', authority_end - p);
100	0	if (host != NULL)
101	0	user_end = host++;
102	0	else
103	0	host = p;
104
105		/* parse hostname/address as far as needed here */
106	0	if (host[0] == '[') {
107		/* IPv6 literal, which may include ':' */
108	0	host_end = strchr(host + 1, ']');
109	0	if (host_end == NULL)
110	0	goto parse_err;
111	0	p = ++host_end;
112	0	} else {
113		/* look for start of optional port, path, query, or fragment */
114	0	host_end = strpbrk(host, ":/?#");
115	0	if (host_end == NULL) /* the remaining string is just the hostname */
116	0	host_end = host + strlen(host);
117	0	p = host_end;
118	0	}
119
120		/* parse optional port specification starting with ':' */
121	0	port = "0"; /* default */
122	0	if (*p == ':')
123	0	port = ++p;
124		/* remaining port spec handling is also done for the default values */
125		/* make sure a decimal port number is given */
126	0	if (sscanf(port, "%u", &portnum) <= 0 \|\| portnum > 65535) {
127	0	ERR_raise_data(ERR_LIB_HTTP, HTTP_R_INVALID_PORT_NUMBER, "%s", port);
128	0	goto err;
129	0	}
130	0	for (port_end = port; '0' <= port_end && port_end <= '9'; port_end++)
131	0	;
132	0	if (port == p) /* port was given explicitly */
133	0	p += port_end - port;
134
135		/* check for optional path starting with '/' or '?'. Else must start '#' */
136	0	path = p;
137	0	if (path != '\0' && path != '/' && path != '?' && path != '#') {
138	0	ERR_raise(ERR_LIB_HTTP, HTTP_R_INVALID_URL_PATH);
139	0	goto parse_err;
140	0	}
141	0	path_end = query = query_end = frag = frag_end = path + strlen(path);
142
143		/* parse optional "?query" */
144	0	tmp = strchr(p, '?');
145	0	if (tmp != NULL) {
146	0	p = tmp;
147	0	if (pquery != NULL) {
148	0	path_end = p;
149	0	query = p + 1;
150	0	}
151	0	}
152
153		/* parse optional "#fragment" */
154	0	tmp = strchr(p, '#');
155	0	if (tmp != NULL) {
156	0	if (query == path_end) /* we did not record a query component */
157	0	path_end = tmp;
158	0	query_end = tmp;
159	0	frag = tmp + 1;
160	0	}
161
162	0	if (!copy_substring(pscheme, scheme, scheme_end)
163	0	\|\| !copy_substring(phost, host, host_end)
164	0	\|\| !copy_substring(pport, port, port_end)
165	0	\|\| !copy_substring(puser, user, user_end)
166	0	\|\| !copy_substring(pquery, query, query_end)
167	0	\|\| !copy_substring(pfrag, frag, frag_end))
168	0	goto err;
169	0	if (pport_num != NULL)
170	0	*pport_num = (int)portnum;
171	0	if (*path == '/') {
172	0	if (!copy_substring(ppath, path, path_end))
173	0	goto err;
174	0	} else if (ppath != NULL) { /* must prepend '/' */
175	0	size_t buflen = 1 + path_end - path + 1;
176
177	0	if ((*ppath = OPENSSL_malloc(buflen)) == NULL)
178	0	goto err;
179	0	BIO_snprintf(*ppath, buflen, "/%s", path);
180	0	}
181	0	return 1;
182
183	0	parse_err:
184	0	ERR_raise(ERR_LIB_HTTP, HTTP_R_ERROR_PARSING_URL);
185
186	0	err:
187	0	free_pstring(pscheme);
188	0	free_pstring(puser);
189	0	free_pstring(phost);
190	0	free_pstring(pport);
191	0	free_pstring(ppath);
192	0	free_pstring(pquery);
193	0	free_pstring(pfrag);
194	0	return 0;
195	0	}
196
197		#ifndef OPENSSL_NO_HTTP
198
199		int OSSL_HTTP_parse_url(const char url, int pssl, char puser, char phost,
200		char *pport, int pport_num,
201		char ppath, char pquery, char **pfrag)
202	0	{
203	0	char scheme, port;
204	0	int ssl = 0, portnum;
205
206	0	init_pstring(pport);
207	0	if (pssl != NULL)
208	0	*pssl = 0;
209	0	if (!OSSL_parse_url(url, &scheme, puser, phost, &port, pport_num,
210	0	ppath, pquery, pfrag))
211	0	return 0;
212
213		/* check for optional HTTP scheme "http[s]" */
214	0	if (strcmp(scheme, OSSL_HTTPS_NAME) == 0) {
215	0	ssl = 1;
216	0	if (pssl != NULL)
217	0	*pssl = ssl;
218	0	} else if (*scheme != '\0' && strcmp(scheme, OSSL_HTTP_NAME) != 0) {
219	0	ERR_raise(ERR_LIB_HTTP, HTTP_R_INVALID_URL_SCHEME);
220	0	OPENSSL_free(scheme);
221	0	OPENSSL_free(port);
222	0	goto err;
223	0	}
224	0	OPENSSL_free(scheme);
225
226	0	if (strcmp(port, "0") == 0) {
227		/* set default port */
228	0	OPENSSL_free(port);
229	0	port = ssl ? OSSL_HTTPS_PORT : OSSL_HTTP_PORT;
230	0	if (!ossl_assert(sscanf(port, "%d", &portnum) == 1))
231	0	goto err;
232	0	if (pport_num != NULL)
233	0	*pport_num = portnum;
234	0	if (pport != NULL) {
235	0	*pport = OPENSSL_strdup(port);
236	0	if (*pport == NULL)
237	0	goto err;
238	0	}
239	0	} else {
240	0	if (pport != NULL)
241	0	*pport = port;
242	0	else
243	0	OPENSSL_free(port);
244	0	}
245	0	return 1;
246
247	0	err:
248	0	free_pstring(puser);
249	0	free_pstring(phost);
250	0	free_pstring(ppath);
251	0	free_pstring(pquery);
252	0	free_pstring(pfrag);
253	0	return 0;
254	0	}
255
256		/* Respect no_proxy, taking default value from environment variable(s) */
257		static int use_proxy(const char no_proxy, const char server)
258	0	{
259	0	size_t sl;
260	0	const char *found = NULL;
261	0	char host[NI_MAXHOST];
262
263	0	if (!ossl_assert(server != NULL))
264	0	return 0;
265	0	sl = strlen(server);
266	0	if (sl >= 2 && sl < sizeof(host) + 2 && server[0] == '[' && server[sl - 1] == ']') {
267		/* strip leading '[' and trailing ']' from escaped IPv6 address */
268	0	sl -= 2;
269	0	strncpy(host, server + 1, sl);
270	0	host[sl] = '\0';
271	0	server = host;
272	0	}
273
274		/*
275		* using environment variable names, both lowercase and uppercase variants,
276		* compatible with other HTTP client implementations like wget, curl and git
277		*/
278	0	if (no_proxy == NULL)
279	0	no_proxy = ossl_safe_getenv("no_proxy");
280	0	if (no_proxy == NULL)
281	0	no_proxy = ossl_safe_getenv(OPENSSL_NO_PROXY);
282
283	0	if (no_proxy != NULL)
284	0	found = strstr(no_proxy, server);
285	0	while (found != NULL
286	0	&& ((found != no_proxy && !ossl_isspace(found[-1]) && found[-1] != ',')
287	0	\|\| (found[sl] != '\0' && !ossl_isspace(found[sl]) && found[sl] != ',')))
288	0	found = strstr(found + 1, server);
289	0	return found == NULL;
290	0	}
291
292		/* Take default value from environment variable(s), respect no_proxy */
293		const char OSSL_HTTP_adapt_proxy(const char proxy, const char *no_proxy,
294		const char *server, int use_ssl)
295	0	{
296		/*
297		* using environment variable names, both lowercase and uppercase variants,
298		* compatible with other HTTP client implementations like wget, curl and git
299		*/
300	0	if (proxy == NULL)
301	0	proxy = ossl_safe_getenv(use_ssl ? "https_proxy" : "http_proxy");
302	0	if (proxy == NULL)
303	0	proxy = ossl_safe_getenv(use_ssl ? OPENSSL_HTTPS_PROXY : OPENSSL_HTTP_PROXY);
304
305	0	if (proxy == NULL \|\| *proxy == '\0' \|\| !use_proxy(no_proxy, server))
306	0	return NULL;
307	0	return proxy;
308	0	}
309
310		#endif /* !defined(OPENSSL_NO_HTTP) */