bool
net_IsValidHostName(const nsCSubstring &host)
{
const char *end = host.EndReading();
// Use explicit whitelists to select which characters we are
// willing to send to lower-level DNS logic. This is more
// self-documenting, and can also be slightly faster than the
// blacklist approach, since DNS names are the common case, and
// the commonest characters will tend to be near the start of
// the list.
// Whitelist for DNS names (RFC 1035) with extra characters added
// for pragmatic reasons "$+_"
// see https://bugzilla.mozilla.org/show_bug.cgi?id=355181#c2
if (net_FindCharNotInSet(host.BeginReading(), end,
"abcdefghijklmnopqrstuvwxyz"
".-0123456789"
"ABCDEFGHIJKLMNOPQRSTUVWXYZ$+_") == end)
return true;
// Might be a valid IPv6 link-local address containing a percent sign
nsCAutoString strhost(host);
PRNetAddr addr;
return PR_StringToNetAddr(strhost.get(), &addr) == PR_SUCCESS;
}
bool
nsHttpNegotiateAuth::MatchesBaseURI(const nsCSubstring &matchScheme,
const nsCSubstring &matchHost,
PRInt32 matchPort,
const char *baseStart,
const char *baseEnd)
{
// check if scheme://host:port matches baseURI
// parse the base URI
const char *hostStart, *schemeEnd = strstr(baseStart, "://");
if (schemeEnd) {
// the given scheme must match the parsed scheme exactly
if (!matchScheme.Equals(Substring(baseStart, schemeEnd)))
return false;
hostStart = schemeEnd + 3;
}
else
hostStart = baseStart;
// XXX this does not work for IPv6-literals
const char *hostEnd = strchr(hostStart, ':');
if (hostEnd && hostEnd < baseEnd) {
// the given port must match the parsed port exactly
int port = atoi(hostEnd + 1);
if (matchPort != (PRInt32) port)
return false;
}
else
hostEnd = baseEnd;
// if we didn't parse out a host, then assume we got a match.
if (hostStart == hostEnd)
return true;
PRUint32 hostLen = hostEnd - hostStart;
// matchHost must either equal host or be a subdomain of host
if (matchHost.Length() < hostLen)
return false;
const char *end = matchHost.EndReading();
if (PL_strncasecmp(end - hostLen, hostStart, hostLen) == 0) {
// if matchHost ends with host from the base URI, then make sure it is
// either an exact match, or prefixed with a dot. we don't want
// "foobar.com" to match "bar.com"
if (matchHost.Length() == hostLen ||
*(end - hostLen) == '.' ||
*(end - hostLen - 1) == '.')
return true;
}
return false;
}
void ReverseString(const nsCSubstring& source, nsCSubstring& result)
{
nsACString::const_iterator sourceBegin, sourceEnd;
source.BeginReading(sourceBegin);
source.EndReading(sourceEnd);
result.SetLength(source.Length());
nsACString::iterator destEnd;
result.EndWriting(destEnd);
while (sourceBegin != sourceEnd) {
*(--destEnd) = *sourceBegin;
++sourceBegin;
}
}
PRBool
IsValidHTTPToken(const nsCSubstring& aToken)
{
if (aToken.IsEmpty()) {
return PR_FALSE;
}
nsCSubstring::const_char_iterator iter, end;
aToken.BeginReading(iter);
aToken.EndReading(end);
while (iter != end) {
if (*iter <= 32 ||
*iter >= 127 ||
*iter == '(' ||
*iter == ')' ||
*iter == '<' ||
*iter == '>' ||
*iter == '@' ||
*iter == ',' ||
*iter == ';' ||
*iter == ':' ||
*iter == '\\' ||
*iter == '\"' ||
*iter == '/' ||
*iter == '[' ||
*iter == ']' ||
*iter == '?' ||
*iter == '=' ||
*iter == '{' ||
*iter == '}') {
return PR_FALSE;
}
++iter;
}
return PR_TRUE;
}