The Tor Browser / file comparison

comparison: netwerk/dns/nsIDNService.cpp

netwerk/dns/nsIDNService.cpp

changeset 1
ca08bd8f51b2
equal deleted inserted replaced
-1:000000000000 0:c08d181b5a90
1 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* This Source Code Form is subject to the terms of the Mozilla Public
3 * License, v. 2.0. If a copy of the MPL was not distributed with this
4 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
5
6 #include "nsIDNService.h"
7 #include "nsReadableUtils.h"
8 #include "nsCRT.h"
9 #include "nsUnicharUtils.h"
10 #include "nsUnicodeProperties.h"
11 #include "nsUnicodeScriptCodes.h"
12 #include "harfbuzz/hb.h"
13 #include "nsIServiceManager.h"
14 #include "nsIPrefService.h"
15 #include "nsIPrefBranch.h"
16 #include "nsIObserverService.h"
17 #include "nsISupportsPrimitives.h"
18 #include "punycode.h"
19
20
21 using namespace mozilla::unicode;
22
23 //-----------------------------------------------------------------------------
24 // RFC 1034 - 3.1. Name space specifications and terminology
25 static const uint32_t kMaxDNSNodeLen = 63;
26
27 //-----------------------------------------------------------------------------
28
29 #define NS_NET_PREF_IDNTESTBED "network.IDN_testbed"
30 #define NS_NET_PREF_IDNPREFIX "network.IDN_prefix"
31 #define NS_NET_PREF_IDNBLACKLIST "network.IDN.blacklist_chars"
32 #define NS_NET_PREF_SHOWPUNYCODE "network.IDN_show_punycode"
33 #define NS_NET_PREF_IDNWHITELIST "network.IDN.whitelist."
34 #define NS_NET_PREF_IDNUSEWHITELIST "network.IDN.use_whitelist"
35 #define NS_NET_PREF_IDNRESTRICTION "network.IDN.restriction_profile"
36
37 inline bool isOnlySafeChars(const nsAFlatString& in,
38 const nsAFlatString& blacklist)
39 {
40 return (blacklist.IsEmpty() ||
41 in.FindCharInSet(blacklist) == kNotFound);
42 }
43
44 //-----------------------------------------------------------------------------
45 // nsIDNService
46 //-----------------------------------------------------------------------------
47
48 /* Implementation file */
49 NS_IMPL_ISUPPORTS(nsIDNService,
50 nsIIDNService,
51 nsIObserver,
52 nsISupportsWeakReference)
53
54 nsresult nsIDNService::Init()
55 {
56 nsCOMPtr<nsIPrefService> prefs(do_GetService(NS_PREFSERVICE_CONTRACTID));
57 if (prefs)
58 prefs->GetBranch(NS_NET_PREF_IDNWHITELIST, getter_AddRefs(mIDNWhitelistPrefBranch));
59
60 nsCOMPtr<nsIPrefBranch> prefInternal(do_QueryInterface(prefs));
61 if (prefInternal) {
62 prefInternal->AddObserver(NS_NET_PREF_IDNTESTBED, this, true);
63 prefInternal->AddObserver(NS_NET_PREF_IDNPREFIX, this, true);
64 prefInternal->AddObserver(NS_NET_PREF_IDNBLACKLIST, this, true);
65 prefInternal->AddObserver(NS_NET_PREF_SHOWPUNYCODE, this, true);
66 prefInternal->AddObserver(NS_NET_PREF_IDNRESTRICTION, this, true);
67 prefInternal->AddObserver(NS_NET_PREF_IDNUSEWHITELIST, this, true);
68 prefsChanged(prefInternal, nullptr);
69 }
70
71 return NS_OK;
72 }
73
74 NS_IMETHODIMP nsIDNService::Observe(nsISupports *aSubject,
75 const char *aTopic,
76 const char16_t *aData)
77 {
78 if (!strcmp(aTopic, NS_PREFBRANCH_PREFCHANGE_TOPIC_ID)) {
79 nsCOMPtr<nsIPrefBranch> prefBranch( do_QueryInterface(aSubject) );
80 if (prefBranch)
81 prefsChanged(prefBranch, aData);
82 }
83 return NS_OK;
84 }
85
86 void nsIDNService::prefsChanged(nsIPrefBranch *prefBranch, const char16_t *pref)
87 {
88 if (!pref || NS_LITERAL_STRING(NS_NET_PREF_IDNTESTBED).Equals(pref)) {
89 bool val;
90 if (NS_SUCCEEDED(prefBranch->GetBoolPref(NS_NET_PREF_IDNTESTBED, &val)))
91 mMultilingualTestBed = val;
92 }
93 if (!pref || NS_LITERAL_STRING(NS_NET_PREF_IDNPREFIX).Equals(pref)) {
94 nsXPIDLCString prefix;
95 nsresult rv = prefBranch->GetCharPref(NS_NET_PREF_IDNPREFIX, getter_Copies(prefix));
96 if (NS_SUCCEEDED(rv) && prefix.Length() <= kACEPrefixLen)
97 PL_strncpyz(nsIDNService::mACEPrefix, prefix.get(), kACEPrefixLen + 1);
98 }
99 if (!pref || NS_LITERAL_STRING(NS_NET_PREF_IDNBLACKLIST).Equals(pref)) {
100 nsCOMPtr<nsISupportsString> blacklist;
101 nsresult rv = prefBranch->GetComplexValue(NS_NET_PREF_IDNBLACKLIST,
102 NS_GET_IID(nsISupportsString),
103 getter_AddRefs(blacklist));
104 if (NS_SUCCEEDED(rv))
105 blacklist->ToString(getter_Copies(mIDNBlacklist));
106 else
107 mIDNBlacklist.Truncate();
108 }
109 if (!pref || NS_LITERAL_STRING(NS_NET_PREF_SHOWPUNYCODE).Equals(pref)) {
110 bool val;
111 if (NS_SUCCEEDED(prefBranch->GetBoolPref(NS_NET_PREF_SHOWPUNYCODE, &val)))
112 mShowPunycode = val;
113 }
114 if (!pref || NS_LITERAL_STRING(NS_NET_PREF_IDNUSEWHITELIST).Equals(pref)) {
115 bool val;
116 if (NS_SUCCEEDED(prefBranch->GetBoolPref(NS_NET_PREF_IDNUSEWHITELIST,
117 &val)))
118 mIDNUseWhitelist = val;
119 }
120 if (!pref || NS_LITERAL_STRING(NS_NET_PREF_IDNRESTRICTION).Equals(pref)) {
121 nsXPIDLCString profile;
122 if (NS_FAILED(prefBranch->GetCharPref(NS_NET_PREF_IDNRESTRICTION,
123 getter_Copies(profile)))) {
124 profile.Truncate();
125 }
126 if (profile.Equals(NS_LITERAL_CSTRING("moderate"))) {
127 mRestrictionProfile = eModeratelyRestrictiveProfile;
128 } else if (profile.Equals(NS_LITERAL_CSTRING("high"))) {
129 mRestrictionProfile = eHighlyRestrictiveProfile;
130 } else {
131 mRestrictionProfile = eASCIIOnlyProfile;
132 }
133 }
134 }
135
136 nsIDNService::nsIDNService()
137 {
138 // initialize to the official prefix (RFC 3490 "5. ACE prefix")
139 const char kIDNSPrefix[] = "xn--";
140 strcpy(mACEPrefix, kIDNSPrefix);
141
142 mMultilingualTestBed = false;
143
144 if (idn_success != idn_nameprep_create(nullptr, &mNamePrepHandle))
145 mNamePrepHandle = nullptr;
146
147 mNormalizer = do_GetService(NS_UNICODE_NORMALIZER_CONTRACTID);
148 /* member initializers and constructor code */
149 }
150
151 nsIDNService::~nsIDNService()
152 {
153 idn_nameprep_destroy(mNamePrepHandle);
154 }
155
156 /* ACString ConvertUTF8toACE (in AUTF8String input); */
157 NS_IMETHODIMP nsIDNService::ConvertUTF8toACE(const nsACString & input, nsACString & ace)
158 {
159 return UTF8toACE(input, ace, true, true);
160 }
161
162 nsresult nsIDNService::SelectiveUTF8toACE(const nsACString& input, nsACString& ace)
163 {
164 return UTF8toACE(input, ace, true, false);
165 }
166
167 nsresult nsIDNService::UTF8toACE(const nsACString & input, nsACString & ace, bool allowUnassigned, bool convertAllLabels)
168 {
169 nsresult rv;
170 NS_ConvertUTF8toUTF16 ustr(input);
171
172 // map ideographic period to ASCII period etc.
173 normalizeFullStops(ustr);
174
175
176 uint32_t len, offset;
177 len = 0;
178 offset = 0;
179 nsAutoCString encodedBuf;
180
181 nsAString::const_iterator start, end;
182 ustr.BeginReading(start);
183 ustr.EndReading(end);
184 ace.Truncate();
185
186 // encode nodes if non ASCII
187 while (start != end) {
188 len++;
189 if (*start++ == (char16_t)'.') {
190 rv = stringPrepAndACE(Substring(ustr, offset, len - 1), encodedBuf,
191 allowUnassigned, convertAllLabels);
192 NS_ENSURE_SUCCESS(rv, rv);
193
194 ace.Append(encodedBuf);
195 ace.Append('.');
196 offset += len;
197 len = 0;
198 }
199 }
200
201 // add extra node for multilingual test bed
202 if (mMultilingualTestBed)
203 ace.AppendLiteral("mltbd.");
204 // encode the last node if non ASCII
205 if (len) {
206 rv = stringPrepAndACE(Substring(ustr, offset, len), encodedBuf,
207 allowUnassigned, convertAllLabels);
208 NS_ENSURE_SUCCESS(rv, rv);
209
210 ace.Append(encodedBuf);
211 }
212
213 return NS_OK;
214 }
215
216 /* AUTF8String convertACEtoUTF8(in ACString input); */
217 NS_IMETHODIMP nsIDNService::ConvertACEtoUTF8(const nsACString & input, nsACString & _retval)
218 {
219 return ACEtoUTF8(input, _retval, true, true);
220 }
221
222 nsresult nsIDNService::SelectiveACEtoUTF8(const nsACString& input, nsACString& _retval)
223 {
224 return ACEtoUTF8(input, _retval, false, false);
225 }
226
227 nsresult nsIDNService::ACEtoUTF8(const nsACString & input, nsACString & _retval,
228 bool allowUnassigned, bool convertAllLabels)
229 {
230 // RFC 3490 - 4.2 ToUnicode
231 // ToUnicode never fails. If any step fails, then the original input
232 // sequence is returned immediately in that step.
233
234 uint32_t len = 0, offset = 0;
235 nsAutoCString decodedBuf;
236
237 nsACString::const_iterator start, end;
238 input.BeginReading(start);
239 input.EndReading(end);
240 _retval.Truncate();
241
242 // loop and decode nodes
243 while (start != end) {
244 len++;
245 if (*start++ == '.') {
246 if (NS_FAILED(decodeACE(Substring(input, offset, len - 1), decodedBuf,
247 allowUnassigned, convertAllLabels))) {
248 _retval.Assign(input);
249 return NS_OK;
250 }
251
252 _retval.Append(decodedBuf);
253 _retval.Append('.');
254 offset += len;
255 len = 0;
256 }
257 }
258 // decode the last node
259 if (len) {
260 if (NS_FAILED(decodeACE(Substring(input, offset, len), decodedBuf,
261 allowUnassigned, convertAllLabels)))
262 _retval.Assign(input);
263 else
264 _retval.Append(decodedBuf);
265 }
266
267 return NS_OK;
268 }
269
270 /* boolean isACE(in ACString input); */
271 NS_IMETHODIMP nsIDNService::IsACE(const nsACString & input, bool *_retval)
272 {
273 nsACString::const_iterator begin;
274 input.BeginReading(begin);
275
276 const char *data = begin.get();
277 uint32_t dataLen = begin.size_forward();
278
279 // look for the ACE prefix in the input string. it may occur
280 // at the beginning of any segment in the domain name. for
281 // example: "www.xn--ENCODED.com"
282
283 const char *p = PL_strncasestr(data, mACEPrefix, dataLen);
284
285 *_retval = p && (p == data || *(p - 1) == '.');
286 return NS_OK;
287 }
288
289 /* AUTF8String normalize(in AUTF8String input); */
290 NS_IMETHODIMP nsIDNService::Normalize(const nsACString & input, nsACString & output)
291 {
292 // protect against bogus input
293 NS_ENSURE_TRUE(IsUTF8(input), NS_ERROR_UNEXPECTED);
294
295 NS_ConvertUTF8toUTF16 inUTF16(input);
296 normalizeFullStops(inUTF16);
297
298 // pass the domain name to stringprep label by label
299 nsAutoString outUTF16, outLabel;
300
301 uint32_t len = 0, offset = 0;
302 nsresult rv;
303 nsAString::const_iterator start, end;
304 inUTF16.BeginReading(start);
305 inUTF16.EndReading(end);
306
307 while (start != end) {
308 len++;
309 if (*start++ == char16_t('.')) {
310 rv = stringPrep(Substring(inUTF16, offset, len - 1), outLabel, true);
311 NS_ENSURE_SUCCESS(rv, rv);
312
313 outUTF16.Append(outLabel);
314 outUTF16.Append(char16_t('.'));
315 offset += len;
316 len = 0;
317 }
318 }
319 if (len) {
320 rv = stringPrep(Substring(inUTF16, offset, len), outLabel, true);
321 NS_ENSURE_SUCCESS(rv, rv);
322
323 outUTF16.Append(outLabel);
324 }
325
326 CopyUTF16toUTF8(outUTF16, output);
327 if (!isOnlySafeChars(outUTF16, mIDNBlacklist))
328 return ConvertUTF8toACE(output, output);
329
330 return NS_OK;
331 }
332
333 NS_IMETHODIMP nsIDNService::ConvertToDisplayIDN(const nsACString & input, bool * _isASCII, nsACString & _retval)
334 {
335 // If host is ACE, then convert to UTF-8 if the host is in the IDN whitelist.
336 // Else, if host is already UTF-8, then make sure it is normalized per IDN.
337
338 nsresult rv = NS_OK;
339
340 // Even if the hostname is not ASCII, individual labels may still be ACE, so
341 // test IsACE before testing IsASCII
342 bool isACE;
343 IsACE(input, &isACE);
344
345 if (IsASCII(input)) {
346 // first, canonicalize the host to lowercase, for whitelist lookup
347 _retval = input;
348 ToLowerCase(_retval);
349
350 if (isACE && !mShowPunycode) {
351 // ACEtoUTF8() can't fail, but might return the original ACE string
352 nsAutoCString temp(_retval);
353 if (isInWhitelist(temp)) {
354 // If the domain is in the whitelist, return the host in UTF-8
355 ACEtoUTF8(temp, _retval, false, true);
356 } else {
357 // Otherwise convert from ACE to UTF8 only those labels which are
358 // considered safe for display
359 SelectiveACEtoUTF8(temp, _retval);
360 }
361 *_isASCII = IsASCII(_retval);
362 } else {
363 *_isASCII = true;
364 }
365 } else {
366 // We have to normalize the hostname before testing against the domain
367 // whitelist (see bug 315411), and to ensure the entire string gets
368 // normalized.
369 //
370 // Normalization and the tests for safe display below, assume that the
371 // input is Unicode, so first convert any ACE labels to UTF8
372 if (isACE) {
373 nsAutoCString temp;
374 ACEtoUTF8(input, temp, false, true);
375 rv = Normalize(temp, _retval);
376 } else {
377 rv = Normalize(input, _retval);
378 }
379 if (NS_FAILED(rv)) return rv;
380
381 if (mShowPunycode && NS_SUCCEEDED(ConvertUTF8toACE(_retval, _retval))) {
382 *_isASCII = true;
383 return NS_OK;
384 }
385
386 // normalization could result in an ASCII-only hostname. alternatively, if
387 // the host is converted to ACE by the normalizer, then the host may contain
388 // unsafe characters, so leave it ACE encoded. see bug 283016, bug 301694, and bug 309311.
389 *_isASCII = IsASCII(_retval);
390 if (!*_isASCII && !isInWhitelist(_retval)) {
391 // SelectiveUTF8toACE may return a domain name where some labels are in UTF-8
392 // and some are in ACE, depending on whether they are considered safe for
393 // display
394 rv = SelectiveUTF8toACE(_retval, _retval);
395 *_isASCII = IsASCII(_retval);
396 return rv;
397 }
398 }
399
400 return NS_OK;
401 }
402
403 //-----------------------------------------------------------------------------
404
405 static nsresult utf16ToUcs4(const nsAString& in,
406 uint32_t *out,
407 uint32_t outBufLen,
408 uint32_t *outLen)
409 {
410 uint32_t i = 0;
411 nsAString::const_iterator start, end;
412 in.BeginReading(start);
413 in.EndReading(end);
414
415 while (start != end) {
416 char16_t curChar;
417
418 curChar= *start++;
419
420 if (start != end &&
421 NS_IS_HIGH_SURROGATE(curChar) &&
422 NS_IS_LOW_SURROGATE(*start)) {
423 out[i] = SURROGATE_TO_UCS4(curChar, *start);
424 ++start;
425 }
426 else
427 out[i] = curChar;
428
429 i++;
430 if (i >= outBufLen)
431 return NS_ERROR_FAILURE;
432 }
433 out[i] = (uint32_t)'\0';
434 *outLen = i;
435 return NS_OK;
436 }
437
438 static void ucs4toUtf16(const uint32_t *in, nsAString& out)
439 {
440 while (*in) {
441 if (!IS_IN_BMP(*in)) {
442 out.Append((char16_t) H_SURROGATE(*in));
443 out.Append((char16_t) L_SURROGATE(*in));
444 }
445 else
446 out.Append((char16_t) *in);
447 in++;
448 }
449 }
450
451 static nsresult punycode(const char* prefix, const nsAString& in, nsACString& out)
452 {
453 uint32_t ucs4Buf[kMaxDNSNodeLen + 1];
454 uint32_t ucs4Len;
455 nsresult rv = utf16ToUcs4(in, ucs4Buf, kMaxDNSNodeLen, &ucs4Len);
456 NS_ENSURE_SUCCESS(rv, rv);
457
458 // need maximum 20 bits to encode 16 bit Unicode character
459 // (include null terminator)
460 const uint32_t kEncodedBufSize = kMaxDNSNodeLen * 20 / 8 + 1 + 1;
461 char encodedBuf[kEncodedBufSize];
462 punycode_uint encodedLength = kEncodedBufSize;
463
464 enum punycode_status status = punycode_encode(ucs4Len,
465 ucs4Buf,
466 nullptr,
467 &encodedLength,
468 encodedBuf);
469
470 if (punycode_success != status ||
471 encodedLength >= kEncodedBufSize)
472 return NS_ERROR_FAILURE;
473
474 encodedBuf[encodedLength] = '\0';
475 out.Assign(nsDependentCString(prefix) + nsDependentCString(encodedBuf));
476
477 return rv;
478 }
479
480 static nsresult encodeToRACE(const char* prefix, const nsAString& in, nsACString& out)
481 {
482 // need maximum 20 bits to encode 16 bit Unicode character
483 // (include null terminator)
484 const uint32_t kEncodedBufSize = kMaxDNSNodeLen * 20 / 8 + 1 + 1;
485
486 // set up a work buffer for RACE encoder
487 char16_t temp[kMaxDNSNodeLen + 2];
488 temp[0] = 0xFFFF; // set a place holder (to be filled by get_compress_mode)
489 temp[in.Length() + 1] = (char16_t)'\0';
490
491 nsAString::const_iterator start, end;
492 in.BeginReading(start);
493 in.EndReading(end);
494
495 for (uint32_t i = 1; start != end; i++)
496 temp[i] = *start++;
497
498 // encode nodes if non ASCII
499
500 char encodedBuf[kEncodedBufSize];
501 idn_result_t result = race_compress_encode((const unsigned short *) temp,
502 get_compress_mode((unsigned short *) temp + 1),
503 encodedBuf, kEncodedBufSize);
504 if (idn_success != result)
505 return NS_ERROR_FAILURE;
506
507 out.Assign(prefix);
508 out.Append(encodedBuf);
509
510 return NS_OK;
511 }
512
513 // RFC 3454
514 //
515 // 1) Map -- For each character in the input, check if it has a mapping
516 // and, if so, replace it with its mapping. This is described in section 3.
517 //
518 // 2) Normalize -- Possibly normalize the result of step 1 using Unicode
519 // normalization. This is described in section 4.
520 //
521 // 3) Prohibit -- Check for any characters that are not allowed in the
522 // output. If any are found, return an error. This is described in section
523 // 5.
524 //
525 // 4) Check bidi -- Possibly check for right-to-left characters, and if any
526 // are found, make sure that the whole string satisfies the requirements
527 // for bidirectional strings. If the string does not satisfy the requirements
528 // for bidirectional strings, return an error. This is described in section 6.
529 //
530 // 5) Check unassigned code points -- If allowUnassigned is false, check for
531 // any unassigned Unicode points and if any are found return an error.
532 // This is described in section 7.
533 //
534 nsresult nsIDNService::stringPrep(const nsAString& in, nsAString& out,
535 bool allowUnassigned)
536 {
537 if (!mNamePrepHandle || !mNormalizer)
538 return NS_ERROR_FAILURE;
539
540 uint32_t ucs4Buf[kMaxDNSNodeLen + 1];
541 uint32_t ucs4Len;
542 nsresult rv = utf16ToUcs4(in, ucs4Buf, kMaxDNSNodeLen, &ucs4Len);
543 NS_ENSURE_SUCCESS(rv, rv);
544
545 // map
546 idn_result_t idn_err;
547
548 uint32_t namePrepBuf[kMaxDNSNodeLen * 3]; // map up to three characters
549 idn_err = idn_nameprep_map(mNamePrepHandle, (const uint32_t *) ucs4Buf,
550 (uint32_t *) namePrepBuf, kMaxDNSNodeLen * 3);
551 NS_ENSURE_TRUE(idn_err == idn_success, NS_ERROR_FAILURE);
552
553 nsAutoString namePrepStr;
554 ucs4toUtf16(namePrepBuf, namePrepStr);
555 if (namePrepStr.Length() >= kMaxDNSNodeLen)
556 return NS_ERROR_FAILURE;
557
558 // normalize
559 nsAutoString normlizedStr;
560 rv = mNormalizer->NormalizeUnicodeNFKC(namePrepStr, normlizedStr);
561 if (normlizedStr.Length() >= kMaxDNSNodeLen)
562 return NS_ERROR_FAILURE;
563
564 // prohibit
565 const uint32_t *found = nullptr;
566 idn_err = idn_nameprep_isprohibited(mNamePrepHandle,
567 (const uint32_t *) ucs4Buf, &found);
568 if (idn_err != idn_success || found)
569 return NS_ERROR_FAILURE;
570
571 // check bidi
572 idn_err = idn_nameprep_isvalidbidi(mNamePrepHandle,
573 (const uint32_t *) ucs4Buf, &found);
574 if (idn_err != idn_success || found)
575 return NS_ERROR_FAILURE;
576
577 if (!allowUnassigned) {
578 // check unassigned code points
579 idn_err = idn_nameprep_isunassigned(mNamePrepHandle,
580 (const uint32_t *) ucs4Buf, &found);
581 if (idn_err != idn_success || found)
582 return NS_ERROR_FAILURE;
583 }
584
585 // set the result string
586 out.Assign(normlizedStr);
587
588 return rv;
589 }
590
591 nsresult nsIDNService::encodeToACE(const nsAString& in, nsACString& out)
592 {
593 // RACE encode is supported for existing testing environment
594 if (!strcmp("bq--", mACEPrefix))
595 return encodeToRACE(mACEPrefix, in, out);
596
597 // use punycoce
598 return punycode(mACEPrefix, in, out);
599 }
600
601 nsresult nsIDNService::stringPrepAndACE(const nsAString& in, nsACString& out,
602 bool allowUnassigned,
603 bool convertAllLabels)
604 {
605 nsresult rv = NS_OK;
606
607 out.Truncate();
608
609 if (in.Length() > kMaxDNSNodeLen) {
610 NS_WARNING("IDN node too large");
611 return NS_ERROR_FAILURE;
612 }
613
614 if (IsASCII(in))
615 LossyCopyUTF16toASCII(in, out);
616 else if (!convertAllLabels && isLabelSafe(in))
617 CopyUTF16toUTF8(in, out);
618 else {
619 nsAutoString strPrep;
620 rv = stringPrep(in, strPrep, allowUnassigned);
621 if (NS_SUCCEEDED(rv)) {
622 if (IsASCII(strPrep))
623 LossyCopyUTF16toASCII(strPrep, out);
624 else
625 rv = encodeToACE(strPrep, out);
626 }
627 // Check that the encoded output isn't larger than the maximum length of an
628 // DNS node per RFC 1034.
629 // This test isn't necessary in the code paths above where the input is
630 // ASCII (since the output will be the same length as the input) or where
631 // we convert to UTF-8 (since the output is only used for display in the
632 // UI and not passed to DNS and can legitimately be longer than the limit).
633 if (out.Length() > kMaxDNSNodeLen) {
634 NS_WARNING("IDN node too large");
635 return NS_ERROR_FAILURE;
636 }
637 }
638
639 return rv;
640 }
641
642 // RFC 3490
643 // 1) Whenever dots are used as label separators, the following characters
644 // MUST be recognized as dots: U+002E (full stop), U+3002 (ideographic full
645 // stop), U+FF0E (fullwidth full stop), U+FF61 (halfwidth ideographic full
646 // stop).
647
648 void nsIDNService::normalizeFullStops(nsAString& s)
649 {
650 nsAString::const_iterator start, end;
651 s.BeginReading(start);
652 s.EndReading(end);
653 int32_t index = 0;
654
655 while (start != end) {
656 switch (*start) {
657 case 0x3002:
658 case 0xFF0E:
659 case 0xFF61:
660 s.Replace(index, 1, NS_LITERAL_STRING("."));
661 break;
662 default:
663 break;
664 }
665 start++;
666 index++;
667 }
668 }
669
670 nsresult nsIDNService::decodeACE(const nsACString& in, nsACString& out,
671 bool allowUnassigned, bool convertAllLabels)
672 {
673 bool isAce;
674 IsACE(in, &isAce);
675 if (!isAce) {
676 out.Assign(in);
677 return NS_OK;
678 }
679
680 // RFC 3490 - 4.2 ToUnicode
681 // The ToUnicode output never contains more code points than its input.
682 punycode_uint output_length = in.Length() - kACEPrefixLen + 1;
683 punycode_uint *output = new punycode_uint[output_length];
684 NS_ENSURE_TRUE(output, NS_ERROR_OUT_OF_MEMORY);
685
686 enum punycode_status status = punycode_decode(in.Length() - kACEPrefixLen,
687 PromiseFlatCString(in).get() + kACEPrefixLen,
688 &output_length,
689 output,
690 nullptr);
691 if (status != punycode_success) {
692 delete [] output;
693 return NS_ERROR_FAILURE;
694 }
695
696 // UCS4 -> UTF8
697 output[output_length] = 0;
698 nsAutoString utf16;
699 ucs4toUtf16(output, utf16);
700 delete [] output;
701 if (!convertAllLabels && !isLabelSafe(utf16)) {
702 out.Assign(in);
703 return NS_OK;
704 }
705 if (!isOnlySafeChars(utf16, mIDNBlacklist))
706 return NS_ERROR_FAILURE;
707 CopyUTF16toUTF8(utf16, out);
708
709 // Validation: encode back to ACE and compare the strings
710 nsAutoCString ace;
711 nsresult rv = UTF8toACE(out, ace, allowUnassigned, true);
712 NS_ENSURE_SUCCESS(rv, rv);
713
714 if (!ace.Equals(in, nsCaseInsensitiveCStringComparator()))
715 return NS_ERROR_FAILURE;
716
717 return NS_OK;
718 }
719
720 bool nsIDNService::isInWhitelist(const nsACString &host)
721 {
722 if (mIDNUseWhitelist && mIDNWhitelistPrefBranch) {
723 nsAutoCString tld(host);
724 // make sure the host is ACE for lookup and check that there are no
725 // unassigned codepoints
726 if (!IsASCII(tld) && NS_FAILED(UTF8toACE(tld, tld, false, true))) {
727 return false;
728 }
729
730 // truncate trailing dots first
731 tld.Trim(".");
732 int32_t pos = tld.RFind(".");
733 if (pos == kNotFound)
734 return false;
735
736 tld.Cut(0, pos + 1);
737
738 bool safe;
739 if (NS_SUCCEEDED(mIDNWhitelistPrefBranch->GetBoolPref(tld.get(), &safe)))
740 return safe;
741 }
742
743 return false;
744 }
745
746 bool nsIDNService::isLabelSafe(const nsAString &label)
747 {
748 // We should never get here if the label is ASCII
749 NS_ASSERTION(!IsASCII(label), "ASCII label in IDN checking");
750 if (mRestrictionProfile == eASCIIOnlyProfile) {
751 return false;
752 }
753
754 nsAString::const_iterator current, end;
755 label.BeginReading(current);
756 label.EndReading(end);
757
758 int32_t lastScript = MOZ_SCRIPT_INVALID;
759 uint32_t previousChar = 0;
760 uint32_t savedNumberingSystem = 0;
761 // Simplified/Traditional Chinese check temporarily disabled -- bug 857481
762 #if 0
763 HanVariantType savedHanVariant = HVT_NotHan;
764 #endif
765
766 int32_t savedScript = -1;
767
768 while (current != end) {
769 uint32_t ch = *current++;
770
771 if (NS_IS_HIGH_SURROGATE(ch) && current != end &&
772 NS_IS_LOW_SURROGATE(*current)) {
773 ch = SURROGATE_TO_UCS4(ch, *current++);
774 }
775
776 // Check for restricted characters; aspirational scripts are permitted
777 XidmodType xm = GetIdentifierModification(ch);
778 int32_t script = GetScriptCode(ch);
779 if (xm > XIDMOD_RECOMMENDED &&
780 !(xm == XIDMOD_LIMITED_USE &&
781 (script == MOZ_SCRIPT_CANADIAN_ABORIGINAL ||
782 script == MOZ_SCRIPT_MIAO ||
783 script == MOZ_SCRIPT_MONGOLIAN ||
784 script == MOZ_SCRIPT_TIFINAGH ||
785 script == MOZ_SCRIPT_YI))) {
786 return false;
787 }
788
789 // Check for mixed script
790 if (script != MOZ_SCRIPT_COMMON &&
791 script != MOZ_SCRIPT_INHERITED &&
792 script != lastScript) {
793 if (illegalScriptCombo(script, savedScript)) {
794 return false;
795 }
796 lastScript = script;
797 }
798
799 // Check for mixed numbering systems
800 if (GetGeneralCategory(ch) ==
801 HB_UNICODE_GENERAL_CATEGORY_DECIMAL_NUMBER) {
802 uint32_t zeroCharacter = ch - GetNumericValue(ch);
803 if (savedNumberingSystem == 0) {
804 // If we encounter a decimal number, save the zero character from that
805 // numbering system.
806 savedNumberingSystem = zeroCharacter;
807 } else if (zeroCharacter != savedNumberingSystem) {
808 return false;
809 }
810 }
811
812 // Check for consecutive non-spacing marks
813 if (previousChar != 0 &&
814 previousChar == ch &&
815 GetGeneralCategory(ch) == HB_UNICODE_GENERAL_CATEGORY_NON_SPACING_MARK) {
816 return false;
817 }
818
819 // Simplified/Traditional Chinese check temporarily disabled -- bug 857481
820 #if 0
821
822 // Check for both simplified-only and traditional-only Chinese characters
823 HanVariantType hanVariant = GetHanVariant(ch);
824 if (hanVariant == HVT_SimplifiedOnly || hanVariant == HVT_TraditionalOnly) {
825 if (savedHanVariant == HVT_NotHan) {
826 savedHanVariant = hanVariant;
827 } else if (hanVariant != savedHanVariant) {
828 return false;
829 }
830 }
831 #endif
832
833 previousChar = ch;
834 }
835 return true;
836 }
837
838 // Scripts that we care about in illegalScriptCombo
839 static const int32_t scriptTable[] = {
840 MOZ_SCRIPT_BOPOMOFO, MOZ_SCRIPT_CYRILLIC, MOZ_SCRIPT_GREEK,
841 MOZ_SCRIPT_HANGUL, MOZ_SCRIPT_HAN, MOZ_SCRIPT_HIRAGANA,
842 MOZ_SCRIPT_KATAKANA, MOZ_SCRIPT_LATIN };
843
844 #define BOPO 0
845 #define CYRL 1
846 #define GREK 2
847 #define HANG 3
848 #define HANI 4
849 #define HIRA 5
850 #define KATA 6
851 #define LATN 7
852 #define OTHR 8
853 #define JPAN 9 // Latin + Han + Hiragana + Katakana
854 #define CHNA 10 // Latin + Han + Bopomofo
855 #define KORE 11 // Latin + Han + Hangul
856 #define HNLT 12 // Latin + Han (could be any of the above combinations)
857 #define FAIL 13
858
859 static inline int32_t findScriptIndex(int32_t aScript)
860 {
861 int32_t tableLength = sizeof(scriptTable) / sizeof(int32_t);
862 for (int32_t index = 0; index < tableLength; ++index) {
863 if (aScript == scriptTable[index]) {
864 return index;
865 }
866 }
867 return OTHR;
868 }
869
870 static const int32_t scriptComboTable[13][9] = {
871 /* thisScript: BOPO CYRL GREK HANG HANI HIRA KATA LATN OTHR
872 * savedScript */
873 /* BOPO */ { BOPO, FAIL, FAIL, FAIL, CHNA, FAIL, FAIL, CHNA, FAIL },
874 /* CYRL */ { FAIL, CYRL, FAIL, FAIL, FAIL, FAIL, FAIL, FAIL, FAIL },
875 /* GREK */ { FAIL, FAIL, GREK, FAIL, FAIL, FAIL, FAIL, FAIL, FAIL },
876 /* HANG */ { FAIL, FAIL, FAIL, HANG, KORE, FAIL, FAIL, KORE, FAIL },
877 /* HANI */ { CHNA, FAIL, FAIL, KORE, HANI, JPAN, JPAN, HNLT, FAIL },
878 /* HIRA */ { FAIL, FAIL, FAIL, FAIL, JPAN, HIRA, JPAN, JPAN, FAIL },
879 /* KATA */ { FAIL, FAIL, FAIL, FAIL, JPAN, JPAN, KATA, JPAN, FAIL },
880 /* LATN */ { CHNA, FAIL, FAIL, KORE, HNLT, JPAN, JPAN, LATN, OTHR },
881 /* OTHR */ { FAIL, FAIL, FAIL, FAIL, FAIL, FAIL, FAIL, OTHR, FAIL },
882 /* JPAN */ { FAIL, FAIL, FAIL, FAIL, JPAN, JPAN, JPAN, JPAN, FAIL },
883 /* CHNA */ { CHNA, FAIL, FAIL, FAIL, CHNA, FAIL, FAIL, CHNA, FAIL },
884 /* KORE */ { FAIL, FAIL, FAIL, KORE, KORE, FAIL, FAIL, KORE, FAIL },
885 /* HNLT */ { CHNA, FAIL, FAIL, KORE, HNLT, JPAN, JPAN, HNLT, FAIL }
886 };
887
888 bool nsIDNService::illegalScriptCombo(int32_t script, int32_t& savedScript)
889 {
890 if (savedScript == -1) {
891 savedScript = findScriptIndex(script);
892 return false;
893 }
894
895 savedScript = scriptComboTable[savedScript] [findScriptIndex(script)];
896 /*
897 * Special case combinations that depend on which profile is in use
898 * In the Highly Restrictive profile Latin is not allowed with any
899 * other script
900 *
901 * In the Moderately Restrictive profile Latin mixed with any other
902 * single script is allowed.
903 */
904 return ((savedScript == OTHR &&
905 mRestrictionProfile == eHighlyRestrictiveProfile) ||
906 savedScript == FAIL);
907 }
908
909 #undef BOPO
910 #undef CYRL
911 #undef GREK
912 #undef HANG
913 #undef HANI
914 #undef HIRA
915 #undef KATA
916 #undef LATN
917 #undef OTHR
918 #undef JPAN
919 #undef CHNA
920 #undef KORE
921 #undef HNLT
922 #undef FAIL

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial