2 * Copyright (c) 2021 Matthias Schmidt <xhr@giessen.ccc.de>
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
24 char hex_to_int(char);
25 char* uridecode(const char *);
28 * The following two functions are from https://geekhideout.com/urlcode.shtml
29 * and provided without license restrictions
31 char hex_to_int(char ch) {
32 return isdigit(ch) ? ch - '0' : tolower(ch) - 'a' + 10;
36 uridecode(const char *request)
38 char *temp = xmalloc(strlen(request) + 1);
48 *pt++ = hex_to_int(p[1]) << 4 | hex_to_int(p[2]);
51 } else if (*p == '+') {
64 get_path_from_request(char *request, char *finalpath)
66 char hostname[MAXREQLEN];
67 char localpath[MAXREQLEN];
69 char *p, *decoded_request;
72 memset(hostname, 0, sizeof(hostname));
73 memset(localpath, 0, sizeof(localpath));
74 memset(temp, 0, sizeof(temp));
78 if ((p = strchr(request, '\r')) == NULL) {
79 log_info("\\r missing from request, abort processing");
83 *p = '\0'; /* Strip \r\n */
86 if (strncmp(p, "gemini://", 9) != 0) {
87 log_info("Gemini scheme missing, abort processing");
90 memmove(request, p + 9, strlen(request) + 1 - 9);
92 decoded_request = uridecode(request);
95 if ((p = strchr(decoded_request, '/')) != NULL)
96 snprintf(hostname, strlen(decoded_request) - strlen(p)+1, "%s",
99 snprintf(hostname, strlen(decoded_request)+1, "%s", decoded_request);
101 /* Strip possible port (e.g. :1965) from hostname */
102 if ((p = strrchr(hostname, ':')) != NULL) {
103 pos = strlen(hostname) - strlen(p);
104 if (pos < 0 || pos > _POSIX_HOST_NAME_MAX)
105 fatalx("pos while shorten hostname out of range");
106 hostname[pos] = '\0';
109 /* Remove ../ for security reasons */
110 while ((p = strstr(decoded_request, "/..")) != NULL) {
111 memmove(decoded_request, p + 3, strlen(p) + 1 - 3);
114 if ((p = strchr(decoded_request, '/')) != NULL) {
115 /* Save all after the first / in localpath */
116 snprintf(localpath, strlen(decoded_request), "%s", p+1);
117 if (strlen(localpath) == 0) {
119 * If the request is 'example.com/', localpart will be empty. In this case
120 * write the default to it.
122 sprintf(localpath, "index.gmi");
125 /* There is no slash in the request, so assume index.gmi */
126 sprintf(localpath, "index.gmi");
130 *We do not need to take the base dir aka /var/db/gemini into account
131 * since we already chroot() to _PATH_TWIND_CHROOT .
133 * Here, a string truncation could happen. This can be implemented
136 snprintf(finalpath, MAXREQLEN, "%s/%s", hostname, localpath);
138 /* Check if the wanted path exists and if it's a directory */
139 ret = check_gemini_file(finalpath);
141 log_debug("%s not found", finalpath);
142 free(decoded_request);
144 } else if (ret == 1) {
145 log_debug("%s is a directory", finalpath);
146 /* Auto append index.gmi if destination is a directory */
147 snprintf(temp, MAXREQLEN, "%s", finalpath);
148 snprintf(finalpath, MAXREQLEN, "%s/index.gmi", temp);
151 log_debug("Got request for %s on server %s -> %s",
152 localpath, hostname, finalpath);
154 /* decoded_request is no longer used, so it can be freed */
155 free(decoded_request);
