// Copyright (c) 2012 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. // NB: Modelled after Mozilla's code (originally written by Pamela Greene, // later modified by others), but almost entirely rewritten for Chrome. // (netwerk/dns/src/nsEffectiveTLDService.cpp) /* ***** BEGIN LICENSE BLOCK ***** * Version: MPL 1.1/GPL 2.0/LGPL 2.1 * * The contents of this file are subject to the Mozilla Public License Version * 1.1 (the "License"); you may not use this file except in compliance with * the License. You may obtain a copy of the License at * http://www.mozilla.org/MPL/ * * Software distributed under the License is distributed on an "AS IS" basis, * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License * for the specific language governing rights and limitations under the * License. * * The Original Code is Mozilla Effective-TLD Service * * The Initial Developer of the Original Code is * Google Inc. * Portions created by the Initial Developer are Copyright (C) 2006 * the Initial Developer. All Rights Reserved. * * Contributor(s): * Pamela Greene (original author) * Daniel Witte * * Alternatively, the contents of this file may be used under the terms of * either the GNU General Public License Version 2 or later (the "GPL"), or * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), * in which case the provisions of the GPL or the LGPL are applicable instead * of those above. If you wish to allow use of your version of this file only * under the terms of either the GPL or the LGPL, and not to allow others to * use your version of this file under the terms of the MPL, indicate your * decision by deleting the provisions above and replace them with the notice * and other provisions required by the GPL or the LGPL. If you do not delete * the provisions above, a recipient may use your version of this file under * the terms of any one of the MPL, the GPL or the LGPL. * * ***** END LICENSE BLOCK ***** */ #include "net/base/registry_controlled_domains/registry_controlled_domain.h" #include "base/logging.h" #include "base/strings/string_util.h" #include "base/strings/utf_string_conversions.h" #include "net/base/net_module.h" #include "net/base/net_util.h" #include "url/gurl.h" #include "url/url_parse.h" namespace net { namespace registry_controlled_domains { namespace { #include "net/base/registry_controlled_domains/effective_tld_names-inc.cc" // See make_dafsa.py for documentation of the generated dafsa byte array. const unsigned char* g_graph = kDafsa; size_t g_graph_length = sizeof(kDafsa); const int kNotFound = -1; const int kExceptionRule = 1; const int kWildcardRule = 2; const int kPrivateRule = 4; // Read next offset from pos. // Returns true if an offset could be read, false otherwise. bool GetNextOffset(const unsigned char** pos, const unsigned char* end, const unsigned char** offset) { if (*pos == end) return false; // When reading an offset the byte array must always contain at least // three more bytes to consume. First the offset to read, then a node // to skip over and finally a destination node. No object can be smaller // than one byte. CHECK_LT(*pos + 2, end); size_t bytes_consumed; switch (**pos & 0x60) { case 0x60: // Read three byte offset *offset += (((*pos)[0] & 0x1F) << 16) | ((*pos)[1] << 8) | (*pos)[2]; bytes_consumed = 3; break; case 0x40: // Read two byte offset *offset += (((*pos)[0] & 0x1F) << 8) | (*pos)[1]; bytes_consumed = 2; break; default: *offset += (*pos)[0] & 0x3F; bytes_consumed = 1; } if ((**pos & 0x80) != 0) { *pos = end; } else { *pos += bytes_consumed; } return true; } // Check if byte at offset is last in label. bool IsEOL(const unsigned char* offset, const unsigned char* end) { CHECK_LT(offset, end); return (*offset & 0x80) != 0; } // Check if byte at offset matches first character in key. // This version matches characters not last in label. bool IsMatch(const unsigned char* offset, const unsigned char* end, const char* key) { CHECK_LT(offset, end); return *offset == *key; } // Check if byte at offset matches first character in key. // This version matches characters last in label. bool IsEndCharMatch(const unsigned char* offset, const unsigned char* end, const char* key) { CHECK_LT(offset, end); return *offset == (*key | 0x80); } // Read return value at offset. // Returns true if a return value could be read, false otherwise. bool GetReturnValue(const unsigned char* offset, const unsigned char* end, int* return_value) { CHECK_LT(offset, end); if ((*offset & 0xE0) == 0x80) { *return_value = *offset & 0x0F; return true; } return false; } // Lookup a domain key in a byte array generated by make_dafsa.py. // The rule type is returned if key is found, otherwise kNotFound is returned. int LookupString(const unsigned char* graph, size_t length, const char* key, size_t key_length) { const unsigned char* pos = graph; const unsigned char* end = graph + length; const unsigned char* offset = pos; const char* key_end = key + key_length; while (GetNextOffset(&pos, end, &offset)) { // char + end_char offsets // char + return value // char end_char offsets // char return value // end_char offsets // return_value bool did_consume = false; if (key != key_end && !IsEOL(offset, end)) { // Leading is not a match. Don't dive into this child if (!IsMatch(offset, end, key)) continue; did_consume = true; ++offset; ++key; // Possible matches at this point: // + end_char offsets // + return value // end_char offsets // return value // Remove all remaining nodes possible while (!IsEOL(offset, end) && key != key_end) { if (!IsMatch(offset, end, key)) return kNotFound; ++key; ++offset; } } // Possible matches at this point: // end_char offsets // return_value // If one or more elements were consumed, a failure // to match is terminal. Otherwise, try the next node. if (key == key_end) { int return_value; if (GetReturnValue(offset, end, &return_value)) return return_value; // The DAFSA guarantees that if the first char is a match, all // remaining char elements MUST match if the key is truly present. if (did_consume) return kNotFound; continue; } if (!IsEndCharMatch(offset, end, key)) { if (did_consume) return kNotFound; // Unexpected continue; } ++key; pos = ++offset; // Dive into child } return kNotFound; // No match } size_t GetRegistryLengthImpl( const std::string& host, UnknownRegistryFilter unknown_filter, PrivateRegistryFilter private_filter) { DCHECK(!host.empty()); // Skip leading dots. const size_t host_check_begin = host.find_first_not_of('.'); if (host_check_begin == std::string::npos) return 0; // Host is only dots. // A single trailing dot isn't relevant in this determination, but does need // to be included in the final returned length. size_t host_check_len = host.length(); if (host[host_check_len - 1] == '.') { --host_check_len; DCHECK(host_check_len > 0); // If this weren't true, the host would be ".", // and we'd have already returned above. if (host[host_check_len - 1] == '.') return 0; // Multiple trailing dots. } // Walk up the domain tree, most specific to least specific, // looking for matches at each level. size_t prev_start = std::string::npos; size_t curr_start = host_check_begin; size_t next_dot = host.find('.', curr_start); if (next_dot >= host_check_len) // Catches std::string::npos as well. return 0; // This can't have a registry + domain. while (1) { const char* domain_str = host.data() + curr_start; size_t domain_length = host_check_len - curr_start; int type = LookupString(g_graph, g_graph_length, domain_str, domain_length); bool do_check = type != kNotFound && (!(type & kPrivateRule) || private_filter == INCLUDE_PRIVATE_REGISTRIES); // If the apparent match is a private registry and we're not including // those, it can't be an actual match. if (do_check) { // Exception rules override wildcard rules when the domain is an exact // match, but wildcards take precedence when there's a subdomain. if (type & kWildcardRule && (prev_start != std::string::npos)) { // If prev_start == host_check_begin, then the host is the registry // itself, so return 0. return (prev_start == host_check_begin) ? 0 : (host.length() - prev_start); } if (type & kExceptionRule) { if (next_dot == std::string::npos) { // If we get here, we had an exception rule with no dots (e.g. // "!foo"). This would only be valid if we had a corresponding // wildcard rule, which would have to be "*". But we explicitly // disallow that case, so this kind of rule is invalid. NOTREACHED() << "Invalid exception rule"; return 0; } return host.length() - next_dot - 1; } // If curr_start == host_check_begin, then the host is the registry // itself, so return 0. return (curr_start == host_check_begin) ? 0 : (host.length() - curr_start); } if (next_dot >= host_check_len) // Catches std::string::npos as well. break; prev_start = curr_start; curr_start = next_dot + 1; next_dot = host.find('.', curr_start); } // No rule found in the registry. curr_start now points to the first // character of the last subcomponent of the host, so if we allow unknown // registries, return the length of this subcomponent. return unknown_filter == INCLUDE_UNKNOWN_REGISTRIES ? (host.length() - curr_start) : 0; } std::string GetDomainAndRegistryImpl( const std::string& host, PrivateRegistryFilter private_filter) { DCHECK(!host.empty()); // Find the length of the registry for this host. const size_t registry_length = GetRegistryLengthImpl(host, INCLUDE_UNKNOWN_REGISTRIES, private_filter); if ((registry_length == std::string::npos) || (registry_length == 0)) return std::string(); // No registry. // The "2" in this next line is 1 for the dot, plus a 1-char minimum preceding // subcomponent length. DCHECK(host.length() >= 2); if (registry_length > (host.length() - 2)) { NOTREACHED() << "Host does not have at least one subcomponent before registry!"; return std::string(); } // Move past the dot preceding the registry, and search for the next previous // dot. Return the host from after that dot, or the whole host when there is // no dot. const size_t dot = host.rfind('.', host.length() - registry_length - 2); if (dot == std::string::npos) return host; return host.substr(dot + 1); } } // namespace std::string GetDomainAndRegistry( const GURL& gurl, PrivateRegistryFilter filter) { const url::Component host = gurl.parsed_for_possibly_invalid_spec().host; if ((host.len <= 0) || gurl.HostIsIPAddress()) return std::string(); return GetDomainAndRegistryImpl(std::string( gurl.possibly_invalid_spec().data() + host.begin, host.len), filter); } std::string GetDomainAndRegistry( const std::string& host, PrivateRegistryFilter filter) { url::CanonHostInfo host_info; const std::string canon_host(CanonicalizeHost(host, &host_info)); if (canon_host.empty() || host_info.IsIPAddress()) return std::string(); return GetDomainAndRegistryImpl(canon_host, filter); } bool SameDomainOrHost( const GURL& gurl1, const GURL& gurl2, PrivateRegistryFilter filter) { // See if both URLs have a known domain + registry, and those values are the // same. const std::string domain1(GetDomainAndRegistry(gurl1, filter)); const std::string domain2(GetDomainAndRegistry(gurl2, filter)); if (!domain1.empty() || !domain2.empty()) return domain1 == domain2; // No domains. See if the hosts are identical. const url::Component host1 = gurl1.parsed_for_possibly_invalid_spec().host; const url::Component host2 = gurl2.parsed_for_possibly_invalid_spec().host; if ((host1.len <= 0) || (host1.len != host2.len)) return false; return !strncmp(gurl1.possibly_invalid_spec().data() + host1.begin, gurl2.possibly_invalid_spec().data() + host2.begin, host1.len); } size_t GetRegistryLength( const GURL& gurl, UnknownRegistryFilter unknown_filter, PrivateRegistryFilter private_filter) { const url::Component host = gurl.parsed_for_possibly_invalid_spec().host; if (host.len <= 0) return std::string::npos; if (gurl.HostIsIPAddress()) return 0; return GetRegistryLengthImpl( std::string(gurl.possibly_invalid_spec().data() + host.begin, host.len), unknown_filter, private_filter); } size_t GetRegistryLength( const std::string& host, UnknownRegistryFilter unknown_filter, PrivateRegistryFilter private_filter) { url::CanonHostInfo host_info; const std::string canon_host(CanonicalizeHost(host, &host_info)); if (canon_host.empty()) return std::string::npos; if (host_info.IsIPAddress()) return 0; return GetRegistryLengthImpl(canon_host, unknown_filter, private_filter); } void SetFindDomainGraph() { g_graph = kDafsa; g_graph_length = sizeof(kDafsa); } void SetFindDomainGraph(const unsigned char* domains, size_t length) { CHECK(domains); CHECK_NE(length, 0u); g_graph = domains; g_graph_length = length; } } // namespace registry_controlled_domains } // namespace net