2 * Copyright (c) 2021 Matthias Schmidt <xhr@giessen.ccc.de>
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
24 char hex_to_int(char);
25 char* uridecode(const char *);
28 * The following two functions are from https://geekhideout.com/urlcode.shtml
29 * and provided without license restrictions
31 char hex_to_int(char ch) {
32 return isdigit(ch) ? ch - '0' : tolower(ch) - 'a' + 10;
36 uridecode(const char *request)
38 char *temp = xmalloc(strlen(request) + 1);
42 memset(temp, 0, strlen(request)+1);
50 *pt++ = hex_to_int(p[1]) << 4 | hex_to_int(p[2]);
53 } else if (*p == '+') {
66 get_path_from_request(char *request, char *finalpath)
68 char hostname[MAXREQLEN];
69 char localpath[MAXREQLEN];
71 char *p, *decoded_request;
74 memset(hostname, 0, sizeof(hostname));
75 memset(localpath, 0, sizeof(localpath));
76 memset(temp, 0, sizeof(temp));
80 if ((p = strchr(request, '\r')) == NULL) {
81 log_info("\\r missing from request, abort processing");
85 *p = '\0'; /* Strip \r\n */
88 if (strncmp(p, "gemini://", 9) != 0) {
89 log_info("Gemini scheme missing, abort processing");
92 memmove(request, p + 9, strlen(request) + 1 - 9);
94 decoded_request = uridecode(request);
97 if ((p = strchr(decoded_request, '/')) != NULL)
98 snprintf(hostname, strlen(decoded_request) - strlen(p)+1, "%s",
101 snprintf(hostname, strlen(decoded_request)+1, "%s", decoded_request);
103 /* Strip possible port (e.g. :1965) from hostname */
104 if ((p = strrchr(hostname, ':')) != NULL) {
105 pos = strlen(hostname) - strlen(p);
106 if (pos < 0 || pos > _POSIX_HOST_NAME_MAX)
107 fatalx("pos while shorten hostname out of range");
108 hostname[pos] = '\0';
111 /* Remove ../ for security reasons */
112 while ((p = strstr(decoded_request, "/..")) != NULL) {
113 memmove(decoded_request, p + 3, strlen(p) + 1 - 3);
116 if ((p = strchr(decoded_request, '/')) != NULL) {
117 /* Save all after the first / in localpath */
118 snprintf(localpath, strlen(decoded_request), "%s", p+1);
119 if (strlen(localpath) == 0) {
121 * If the request is 'example.com/', localpart will be empty. In this case
122 * write the default to it.
124 sprintf(localpath, "index.gmi");
127 /* There is no slash in the request, so assume index.gmi */
128 sprintf(localpath, "index.gmi");
132 *We do not need to take the base dir aka /var/db/gemini into account
133 * since we already chroot() to _PATH_TWIND_CHROOT .
135 * Here, a string truncation could happen. This can be implemented
138 snprintf(finalpath, MAXREQLEN, "%s/%s", hostname, localpath);
140 /* Check if the wanted path exists and if it's a directory */
141 ret = check_gemini_file(finalpath);
143 log_debug("%s not found", finalpath);
144 free(decoded_request);
146 } else if (ret == 1) {
147 log_debug("%s is a directory", finalpath);
148 /* Auto append index.gmi if destination is a directory */
149 snprintf(temp, MAXREQLEN, "%s", finalpath);
150 snprintf(finalpath, MAXREQLEN, "%s/index.gmi", temp);
153 log_debug("Got request for %s on server %s -> %s",
154 localpath, hostname, finalpath);
156 /* decoded_request is no longer used, so it can be freed */
157 free(decoded_request);
