qemu/util/uri.c
<<
>>
Prefs
   1/**
   2 * uri.c: set of generic URI related routines
   3 *
   4 * Reference: RFCs 3986, 2732 and 2373
   5 *
   6 * Copyright (C) 1998-2003 Daniel Veillard.  All Rights Reserved.
   7 *
   8 * Permission is hereby granted, free of charge, to any person obtaining a copy
   9 * of this software and associated documentation files (the "Software"), to deal
  10 * in the Software without restriction, including without limitation the rights
  11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
  12 * copies of the Software, and to permit persons to whom the Software is
  13 * furnished to do so, subject to the following conditions:
  14 *
  15 * The above copyright notice and this permission notice shall be included in
  16 * all copies or substantial portions of the Software.
  17 *
  18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
  19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL THE
  21 * DANIEL VEILLARD BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
  22 * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
  23 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
  24 *
  25 * Except as contained in this notice, the name of Daniel Veillard shall not
  26 * be used in advertising or otherwise to promote the sale, use or other
  27 * dealings in this Software without prior written authorization from him.
  28 *
  29 * daniel@veillard.com
  30 *
  31 **
  32 *
  33 * Copyright (C) 2007, 2009-2010 Red Hat, Inc.
  34 *
  35 * This library is free software; you can redistribute it and/or
  36 * modify it under the terms of the GNU Lesser General Public
  37 * License as published by the Free Software Foundation; either
  38 * version 2.1 of the License, or (at your option) any later version.
  39 *
  40 * This library is distributed in the hope that it will be useful,
  41 * but WITHOUT ANY WARRANTY; without even the implied warranty of
  42 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  43 * Lesser General Public License for more details.
  44 *
  45 * You should have received a copy of the GNU Lesser General Public
  46 * License along with this library; if not, write to the Free Software
  47 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307  USA
  48 *
  49 * Authors:
  50 *    Richard W.M. Jones <rjones@redhat.com>
  51 *
  52 */
  53
  54#include "qemu/osdep.h"
  55#include "qemu/cutils.h"
  56
  57#include "qemu/uri.h"
  58
  59static void uri_clean(URI *uri);
  60
  61/*
  62 * Old rule from 2396 used in legacy handling code
  63 * alpha    = lowalpha | upalpha
  64 */
  65#define IS_ALPHA(x) (IS_LOWALPHA(x) || IS_UPALPHA(x))
  66
  67/*
  68 * lowalpha = "a" | "b" | "c" | "d" | "e" | "f" | "g" | "h" | "i" | "j" |
  69 *            "k" | "l" | "m" | "n" | "o" | "p" | "q" | "r" | "s" | "t" |
  70 *            "u" | "v" | "w" | "x" | "y" | "z"
  71 */
  72
  73#define IS_LOWALPHA(x) (((x) >= 'a') && ((x) <= 'z'))
  74
  75/*
  76 * upalpha = "A" | "B" | "C" | "D" | "E" | "F" | "G" | "H" | "I" | "J" |
  77 *           "K" | "L" | "M" | "N" | "O" | "P" | "Q" | "R" | "S" | "T" |
  78 *           "U" | "V" | "W" | "X" | "Y" | "Z"
  79 */
  80#define IS_UPALPHA(x) (((x) >= 'A') && ((x) <= 'Z'))
  81
  82#ifdef IS_DIGIT
  83#undef IS_DIGIT
  84#endif
  85/*
  86 * digit = "0" | "1" | "2" | "3" | "4" | "5" | "6" | "7" | "8" | "9"
  87 */
  88#define IS_DIGIT(x) (((x) >= '0') && ((x) <= '9'))
  89
  90/*
  91 * alphanum = alpha | digit
  92 */
  93
  94#define IS_ALPHANUM(x) (IS_ALPHA(x) || IS_DIGIT(x))
  95
  96/*
  97 * mark = "-" | "_" | "." | "!" | "~" | "*" | "'" | "(" | ")"
  98 */
  99
 100#define IS_MARK(x) (((x) == '-') || ((x) == '_') || ((x) == '.') ||            \
 101    ((x) == '!') || ((x) == '~') || ((x) == '*') || ((x) == '\'') ||           \
 102    ((x) == '(') || ((x) == ')'))
 103
 104/*
 105 * unwise = "{" | "}" | "|" | "\" | "^" | "`"
 106 */
 107
 108#define IS_UNWISE(p)                                                           \
 109    (((*(p) == '{')) || ((*(p) == '}')) || ((*(p) == '|')) ||                  \
 110     ((*(p) == '\\')) || ((*(p) == '^')) || ((*(p) == '[')) ||                 \
 111     ((*(p) == ']')) || ((*(p) == '`')))
 112/*
 113 * reserved = ";" | "/" | "?" | ":" | "@" | "&" | "=" | "+" | "$" | "," |
 114 *            "[" | "]"
 115 */
 116
 117#define IS_RESERVED(x) (((x) == ';') || ((x) == '/') || ((x) == '?') ||        \
 118    ((x) == ':') || ((x) == '@') || ((x) == '&') || ((x) == '=') ||            \
 119    ((x) == '+') || ((x) == '$') || ((x) == ',') || ((x) == '[') ||            \
 120    ((x) == ']'))
 121
 122/*
 123 * unreserved = alphanum | mark
 124 */
 125
 126#define IS_UNRESERVED(x) (IS_ALPHANUM(x) || IS_MARK(x))
 127
 128/*
 129 * Skip to next pointer char, handle escaped sequences
 130 */
 131
 132#define NEXT(p) ((*p == '%') ? p += 3 : p++)
 133
 134/*
 135 * Productions from the spec.
 136 *
 137 *    authority     = server | reg_name
 138 *    reg_name      = 1*( unreserved | escaped | "$" | "," |
 139 *                        ";" | ":" | "@" | "&" | "=" | "+" )
 140 *
 141 * path          = [ abs_path | opaque_part ]
 142 */
 143
 144/************************************************************************
 145 *                                                                      *
 146 *                         RFC 3986 parser                              *
 147 *                                                                      *
 148 ************************************************************************/
 149
 150#define ISA_DIGIT(p) ((*(p) >= '0') && (*(p) <= '9'))
 151#define ISA_ALPHA(p) (((*(p) >= 'a') && (*(p) <= 'z')) ||                      \
 152                      ((*(p) >= 'A') && (*(p) <= 'Z')))
 153#define ISA_HEXDIG(p)                                                          \
 154    (ISA_DIGIT(p) || ((*(p) >= 'a') && (*(p) <= 'f')) ||                       \
 155     ((*(p) >= 'A') && (*(p) <= 'F')))
 156
 157/*
 158 *    sub-delims    = "!" / "$" / "&" / "'" / "(" / ")"
 159 *                     / "*" / "+" / "," / ";" / "="
 160 */
 161#define ISA_SUB_DELIM(p)                                                       \
 162    (((*(p) == '!')) || ((*(p) == '$')) || ((*(p) == '&')) ||                  \
 163     ((*(p) == '(')) || ((*(p) == ')')) || ((*(p) == '*')) ||                  \
 164     ((*(p) == '+')) || ((*(p) == ',')) || ((*(p) == ';')) ||                  \
 165     ((*(p) == '=')) || ((*(p) == '\'')))
 166
 167/*
 168 *    gen-delims    = ":" / "/" / "?" / "#" / "[" / "]" / "@"
 169 */
 170#define ISA_GEN_DELIM(p)                                                       \
 171    (((*(p) == ':')) || ((*(p) == '/')) || ((*(p) == '?')) ||                  \
 172     ((*(p) == '#')) || ((*(p) == '[')) || ((*(p) == ']')) ||                  \
 173     ((*(p) == '@')))
 174
 175/*
 176 *    reserved      = gen-delims / sub-delims
 177 */
 178#define ISA_RESERVED(p) (ISA_GEN_DELIM(p) || (ISA_SUB_DELIM(p)))
 179
 180/*
 181 *    unreserved    = ALPHA / DIGIT / "-" / "." / "_" / "~"
 182 */
 183#define ISA_UNRESERVED(p)                                                      \
 184    ((ISA_ALPHA(p)) || (ISA_DIGIT(p)) || ((*(p) == '-')) ||                    \
 185     ((*(p) == '.')) || ((*(p) == '_')) || ((*(p) == '~')))
 186
 187/*
 188 *    pct-encoded   = "%" HEXDIG HEXDIG
 189 */
 190#define ISA_PCT_ENCODED(p)                                                     \
 191    ((*(p) == '%') && (ISA_HEXDIG(p + 1)) && (ISA_HEXDIG(p + 2)))
 192
 193/*
 194 *    pchar         = unreserved / pct-encoded / sub-delims / ":" / "@"
 195 */
 196#define ISA_PCHAR(p)                                                           \
 197    (ISA_UNRESERVED(p) || ISA_PCT_ENCODED(p) || ISA_SUB_DELIM(p) ||            \
 198     ((*(p) == ':')) || ((*(p) == '@')))
 199
 200/**
 201 * rfc3986_parse_scheme:
 202 * @uri:  pointer to an URI structure
 203 * @str:  pointer to the string to analyze
 204 *
 205 * Parse an URI scheme
 206 *
 207 * ALPHA *( ALPHA / DIGIT / "+" / "-" / "." )
 208 *
 209 * Returns 0 or the error code
 210 */
 211static int rfc3986_parse_scheme(URI *uri, const char **str)
 212{
 213    const char *cur;
 214
 215    if (str == NULL) {
 216        return -1;
 217    }
 218
 219    cur = *str;
 220    if (!ISA_ALPHA(cur)) {
 221        return 2;
 222    }
 223    cur++;
 224    while (ISA_ALPHA(cur) || ISA_DIGIT(cur) || (*cur == '+') || (*cur == '-') ||
 225           (*cur == '.')) {
 226        cur++;
 227    }
 228    if (uri != NULL) {
 229        g_free(uri->scheme);
 230        uri->scheme = g_strndup(*str, cur - *str);
 231    }
 232    *str = cur;
 233    return 0;
 234}
 235
 236/**
 237 * rfc3986_parse_fragment:
 238 * @uri:  pointer to an URI structure
 239 * @str:  pointer to the string to analyze
 240 *
 241 * Parse the query part of an URI
 242 *
 243 * fragment      = *( pchar / "/" / "?" )
 244 * NOTE: the strict syntax as defined by 3986 does not allow '[' and ']'
 245 *       in the fragment identifier but this is used very broadly for
 246 *       xpointer scheme selection, so we are allowing it here to not break
 247 *       for example all the DocBook processing chains.
 248 *
 249 * Returns 0 or the error code
 250 */
 251static int rfc3986_parse_fragment(URI *uri, const char **str)
 252{
 253    const char *cur;
 254
 255    if (str == NULL) {
 256        return -1;
 257    }
 258
 259    cur = *str;
 260
 261    while ((ISA_PCHAR(cur)) || (*cur == '/') || (*cur == '?') ||
 262           (*cur == '[') || (*cur == ']') ||
 263           ((uri != NULL) && (uri->cleanup & 1) && (IS_UNWISE(cur)))) {
 264        NEXT(cur);
 265    }
 266    if (uri != NULL) {
 267        g_free(uri->fragment);
 268        if (uri->cleanup & 2) {
 269            uri->fragment = g_strndup(*str, cur - *str);
 270        } else {
 271            uri->fragment = uri_string_unescape(*str, cur - *str, NULL);
 272        }
 273    }
 274    *str = cur;
 275    return 0;
 276}
 277
 278/**
 279 * rfc3986_parse_query:
 280 * @uri:  pointer to an URI structure
 281 * @str:  pointer to the string to analyze
 282 *
 283 * Parse the query part of an URI
 284 *
 285 * query = *uric
 286 *
 287 * Returns 0 or the error code
 288 */
 289static int rfc3986_parse_query(URI *uri, const char **str)
 290{
 291    const char *cur;
 292
 293    if (str == NULL) {
 294        return -1;
 295    }
 296
 297    cur = *str;
 298
 299    while ((ISA_PCHAR(cur)) || (*cur == '/') || (*cur == '?') ||
 300           ((uri != NULL) && (uri->cleanup & 1) && (IS_UNWISE(cur)))) {
 301        NEXT(cur);
 302    }
 303    if (uri != NULL) {
 304        g_free(uri->query);
 305        uri->query = g_strndup(*str, cur - *str);
 306    }
 307    *str = cur;
 308    return 0;
 309}
 310
 311/**
 312 * rfc3986_parse_port:
 313 * @uri:  pointer to an URI structure
 314 * @str:  the string to analyze
 315 *
 316 * Parse a port  part and fills in the appropriate fields
 317 * of the @uri structure
 318 *
 319 * port          = *DIGIT
 320 *
 321 * Returns 0 or the error code
 322 */
 323static int rfc3986_parse_port(URI *uri, const char **str)
 324{
 325    const char *cur = *str;
 326    int port = 0;
 327
 328    if (ISA_DIGIT(cur)) {
 329        while (ISA_DIGIT(cur)) {
 330            port = port * 10 + (*cur - '0');
 331            if (port > 65535) {
 332                return 1;
 333            }
 334            cur++;
 335        }
 336        if (uri) {
 337            uri->port = port;
 338        }
 339        *str = cur;
 340        return 0;
 341    }
 342    return 1;
 343}
 344
 345/**
 346 * rfc3986_parse_user_info:
 347 * @uri:  pointer to an URI structure
 348 * @str:  the string to analyze
 349 *
 350 * Parse a user information part and fill in the appropriate fields
 351 * of the @uri structure
 352 *
 353 * userinfo      = *( unreserved / pct-encoded / sub-delims / ":" )
 354 *
 355 * Returns 0 or the error code
 356 */
 357static int rfc3986_parse_user_info(URI *uri, const char **str)
 358{
 359    const char *cur;
 360
 361    cur = *str;
 362    while (ISA_UNRESERVED(cur) || ISA_PCT_ENCODED(cur) || ISA_SUB_DELIM(cur) ||
 363           (*cur == ':')) {
 364        NEXT(cur);
 365    }
 366    if (*cur == '@') {
 367        if (uri != NULL) {
 368            g_free(uri->user);
 369            if (uri->cleanup & 2) {
 370                uri->user = g_strndup(*str, cur - *str);
 371            } else {
 372                uri->user = uri_string_unescape(*str, cur - *str, NULL);
 373            }
 374        }
 375        *str = cur;
 376        return 0;
 377    }
 378    return 1;
 379}
 380
 381/**
 382 * rfc3986_parse_dec_octet:
 383 * @str:  the string to analyze
 384 *
 385 *    dec-octet     = DIGIT                 ; 0-9
 386 *                  / %x31-39 DIGIT         ; 10-99
 387 *                  / "1" 2DIGIT            ; 100-199
 388 *                  / "2" %x30-34 DIGIT     ; 200-249
 389 *                  / "25" %x30-35          ; 250-255
 390 *
 391 * Skip a dec-octet.
 392 *
 393 * Returns 0 if found and skipped, 1 otherwise
 394 */
 395static int rfc3986_parse_dec_octet(const char **str)
 396{
 397    const char *cur = *str;
 398
 399    if (!(ISA_DIGIT(cur))) {
 400        return 1;
 401    }
 402    if (!ISA_DIGIT(cur + 1)) {
 403        cur++;
 404    } else if ((*cur != '0') && (ISA_DIGIT(cur + 1)) && (!ISA_DIGIT(cur + 2))) {
 405        cur += 2;
 406    } else if ((*cur == '1') && (ISA_DIGIT(cur + 1)) && (ISA_DIGIT(cur + 2))) {
 407        cur += 3;
 408    } else if ((*cur == '2') && (*(cur + 1) >= '0') && (*(cur + 1) <= '4') &&
 409             (ISA_DIGIT(cur + 2))) {
 410        cur += 3;
 411    } else if ((*cur == '2') && (*(cur + 1) == '5') && (*(cur + 2) >= '0') &&
 412             (*(cur + 1) <= '5')) {
 413        cur += 3;
 414    } else {
 415        return 1;
 416    }
 417    *str = cur;
 418    return 0;
 419}
 420/**
 421 * rfc3986_parse_host:
 422 * @uri:  pointer to an URI structure
 423 * @str:  the string to analyze
 424 *
 425 * Parse an host part and fills in the appropriate fields
 426 * of the @uri structure
 427 *
 428 * host          = IP-literal / IPv4address / reg-name
 429 * IP-literal    = "[" ( IPv6address / IPvFuture  ) "]"
 430 * IPv4address   = dec-octet "." dec-octet "." dec-octet "." dec-octet
 431 * reg-name      = *( unreserved / pct-encoded / sub-delims )
 432 *
 433 * Returns 0 or the error code
 434 */
 435static int rfc3986_parse_host(URI *uri, const char **str)
 436{
 437    const char *cur = *str;
 438    const char *host;
 439
 440    host = cur;
 441    /*
 442     * IPv6 and future addressing scheme are enclosed between brackets
 443     */
 444    if (*cur == '[') {
 445        cur++;
 446        while ((*cur != ']') && (*cur != 0)) {
 447            cur++;
 448        }
 449        if (*cur != ']') {
 450            return 1;
 451        }
 452        cur++;
 453        goto found;
 454    }
 455    /*
 456     * try to parse an IPv4
 457     */
 458    if (ISA_DIGIT(cur)) {
 459        if (rfc3986_parse_dec_octet(&cur) != 0) {
 460            goto not_ipv4;
 461        }
 462        if (*cur != '.') {
 463            goto not_ipv4;
 464        }
 465        cur++;
 466        if (rfc3986_parse_dec_octet(&cur) != 0) {
 467            goto not_ipv4;
 468        }
 469        if (*cur != '.') {
 470            goto not_ipv4;
 471        }
 472        if (rfc3986_parse_dec_octet(&cur) != 0) {
 473            goto not_ipv4;
 474        }
 475        if (*cur != '.') {
 476            goto not_ipv4;
 477        }
 478        if (rfc3986_parse_dec_octet(&cur) != 0) {
 479            goto not_ipv4;
 480        }
 481        goto found;
 482    not_ipv4:
 483        cur = *str;
 484    }
 485    /*
 486     * then this should be a hostname which can be empty
 487     */
 488    while (ISA_UNRESERVED(cur) || ISA_PCT_ENCODED(cur) || ISA_SUB_DELIM(cur)) {
 489        NEXT(cur);
 490    }
 491found:
 492    if (uri != NULL) {
 493        g_free(uri->authority);
 494        uri->authority = NULL;
 495        g_free(uri->server);
 496        if (cur != host) {
 497            if (uri->cleanup & 2) {
 498                uri->server = g_strndup(host, cur - host);
 499            } else {
 500                uri->server = uri_string_unescape(host, cur - host, NULL);
 501            }
 502        } else {
 503            uri->server = NULL;
 504        }
 505    }
 506    *str = cur;
 507    return 0;
 508}
 509
 510/**
 511 * rfc3986_parse_authority:
 512 * @uri:  pointer to an URI structure
 513 * @str:  the string to analyze
 514 *
 515 * Parse an authority part and fills in the appropriate fields
 516 * of the @uri structure
 517 *
 518 * authority     = [ userinfo "@" ] host [ ":" port ]
 519 *
 520 * Returns 0 or the error code
 521 */
 522static int rfc3986_parse_authority(URI *uri, const char **str)
 523{
 524    const char *cur;
 525    int ret;
 526
 527    cur = *str;
 528    /*
 529     * try to parse a userinfo and check for the trailing @
 530     */
 531    ret = rfc3986_parse_user_info(uri, &cur);
 532    if ((ret != 0) || (*cur != '@')) {
 533        cur = *str;
 534    } else {
 535        cur++;
 536    }
 537    ret = rfc3986_parse_host(uri, &cur);
 538    if (ret != 0) {
 539        return ret;
 540    }
 541    if (*cur == ':') {
 542        cur++;
 543        ret = rfc3986_parse_port(uri, &cur);
 544        if (ret != 0) {
 545            return ret;
 546        }
 547    }
 548    *str = cur;
 549    return 0;
 550}
 551
 552/**
 553 * rfc3986_parse_segment:
 554 * @str:  the string to analyze
 555 * @forbid: an optional forbidden character
 556 * @empty: allow an empty segment
 557 *
 558 * Parse a segment and fills in the appropriate fields
 559 * of the @uri structure
 560 *
 561 * segment       = *pchar
 562 * segment-nz    = 1*pchar
 563 * segment-nz-nc = 1*( unreserved / pct-encoded / sub-delims / "@" )
 564 *               ; non-zero-length segment without any colon ":"
 565 *
 566 * Returns 0 or the error code
 567 */
 568static int rfc3986_parse_segment(const char **str, char forbid, int empty)
 569{
 570    const char *cur;
 571
 572    cur = *str;
 573    if (!ISA_PCHAR(cur)) {
 574        if (empty) {
 575            return 0;
 576        }
 577        return 1;
 578    }
 579    while (ISA_PCHAR(cur) && (*cur != forbid)) {
 580        NEXT(cur);
 581    }
 582    *str = cur;
 583    return 0;
 584}
 585
 586/**
 587 * rfc3986_parse_path_ab_empty:
 588 * @uri:  pointer to an URI structure
 589 * @str:  the string to analyze
 590 *
 591 * Parse an path absolute or empty and fills in the appropriate fields
 592 * of the @uri structure
 593 *
 594 * path-abempty  = *( "/" segment )
 595 *
 596 * Returns 0 or the error code
 597 */
 598static int rfc3986_parse_path_ab_empty(URI *uri, const char **str)
 599{
 600    const char *cur;
 601    int ret;
 602
 603    cur = *str;
 604
 605    while (*cur == '/') {
 606        cur++;
 607        ret = rfc3986_parse_segment(&cur, 0, 1);
 608        if (ret != 0) {
 609            return ret;
 610        }
 611    }
 612    if (uri != NULL) {
 613        g_free(uri->path);
 614        if (*str != cur) {
 615            if (uri->cleanup & 2) {
 616                uri->path = g_strndup(*str, cur - *str);
 617            } else {
 618                uri->path = uri_string_unescape(*str, cur - *str, NULL);
 619            }
 620        } else {
 621            uri->path = NULL;
 622        }
 623    }
 624    *str = cur;
 625    return 0;
 626}
 627
 628/**
 629 * rfc3986_parse_path_absolute:
 630 * @uri:  pointer to an URI structure
 631 * @str:  the string to analyze
 632 *
 633 * Parse an path absolute and fills in the appropriate fields
 634 * of the @uri structure
 635 *
 636 * path-absolute = "/" [ segment-nz *( "/" segment ) ]
 637 *
 638 * Returns 0 or the error code
 639 */
 640static int rfc3986_parse_path_absolute(URI *uri, const char **str)
 641{
 642    const char *cur;
 643    int ret;
 644
 645    cur = *str;
 646
 647    if (*cur != '/') {
 648        return 1;
 649    }
 650    cur++;
 651    ret = rfc3986_parse_segment(&cur, 0, 0);
 652    if (ret == 0) {
 653        while (*cur == '/') {
 654            cur++;
 655            ret = rfc3986_parse_segment(&cur, 0, 1);
 656            if (ret != 0) {
 657                return ret;
 658            }
 659        }
 660    }
 661    if (uri != NULL) {
 662        g_free(uri->path);
 663        if (cur != *str) {
 664            if (uri->cleanup & 2) {
 665                uri->path = g_strndup(*str, cur - *str);
 666            } else {
 667                uri->path = uri_string_unescape(*str, cur - *str, NULL);
 668            }
 669        } else {
 670            uri->path = NULL;
 671        }
 672    }
 673    *str = cur;
 674    return 0;
 675}
 676
 677/**
 678 * rfc3986_parse_path_rootless:
 679 * @uri:  pointer to an URI structure
 680 * @str:  the string to analyze
 681 *
 682 * Parse an path without root and fills in the appropriate fields
 683 * of the @uri structure
 684 *
 685 * path-rootless = segment-nz *( "/" segment )
 686 *
 687 * Returns 0 or the error code
 688 */
 689static int rfc3986_parse_path_rootless(URI *uri, const char **str)
 690{
 691    const char *cur;
 692    int ret;
 693
 694    cur = *str;
 695
 696    ret = rfc3986_parse_segment(&cur, 0, 0);
 697    if (ret != 0) {
 698        return ret;
 699    }
 700    while (*cur == '/') {
 701        cur++;
 702        ret = rfc3986_parse_segment(&cur, 0, 1);
 703        if (ret != 0) {
 704            return ret;
 705        }
 706    }
 707    if (uri != NULL) {
 708        g_free(uri->path);
 709        if (cur != *str) {
 710            if (uri->cleanup & 2) {
 711                uri->path = g_strndup(*str, cur - *str);
 712            } else {
 713                uri->path = uri_string_unescape(*str, cur - *str, NULL);
 714            }
 715        } else {
 716            uri->path = NULL;
 717        }
 718    }
 719    *str = cur;
 720    return 0;
 721}
 722
 723/**
 724 * rfc3986_parse_path_no_scheme:
 725 * @uri:  pointer to an URI structure
 726 * @str:  the string to analyze
 727 *
 728 * Parse an path which is not a scheme and fills in the appropriate fields
 729 * of the @uri structure
 730 *
 731 * path-noscheme = segment-nz-nc *( "/" segment )
 732 *
 733 * Returns 0 or the error code
 734 */
 735static int rfc3986_parse_path_no_scheme(URI *uri, const char **str)
 736{
 737    const char *cur;
 738    int ret;
 739
 740    cur = *str;
 741
 742    ret = rfc3986_parse_segment(&cur, ':', 0);
 743    if (ret != 0) {
 744        return ret;
 745    }
 746    while (*cur == '/') {
 747        cur++;
 748        ret = rfc3986_parse_segment(&cur, 0, 1);
 749        if (ret != 0) {
 750            return ret;
 751        }
 752    }
 753    if (uri != NULL) {
 754        g_free(uri->path);
 755        if (cur != *str) {
 756            if (uri->cleanup & 2) {
 757                uri->path = g_strndup(*str, cur - *str);
 758            } else {
 759                uri->path = uri_string_unescape(*str, cur - *str, NULL);
 760            }
 761        } else {
 762            uri->path = NULL;
 763        }
 764    }
 765    *str = cur;
 766    return 0;
 767}
 768
 769/**
 770 * rfc3986_parse_hier_part:
 771 * @uri:  pointer to an URI structure
 772 * @str:  the string to analyze
 773 *
 774 * Parse an hierarchical part and fills in the appropriate fields
 775 * of the @uri structure
 776 *
 777 * hier-part     = "//" authority path-abempty
 778 *                / path-absolute
 779 *                / path-rootless
 780 *                / path-empty
 781 *
 782 * Returns 0 or the error code
 783 */
 784static int rfc3986_parse_hier_part(URI *uri, const char **str)
 785{
 786    const char *cur;
 787    int ret;
 788
 789    cur = *str;
 790
 791    if ((*cur == '/') && (*(cur + 1) == '/')) {
 792        cur += 2;
 793        ret = rfc3986_parse_authority(uri, &cur);
 794        if (ret != 0) {
 795            return ret;
 796        }
 797        ret = rfc3986_parse_path_ab_empty(uri, &cur);
 798        if (ret != 0) {
 799            return ret;
 800        }
 801        *str = cur;
 802        return 0;
 803    } else if (*cur == '/') {
 804        ret = rfc3986_parse_path_absolute(uri, &cur);
 805        if (ret != 0) {
 806            return ret;
 807        }
 808    } else if (ISA_PCHAR(cur)) {
 809        ret = rfc3986_parse_path_rootless(uri, &cur);
 810        if (ret != 0) {
 811            return ret;
 812        }
 813    } else {
 814        /* path-empty is effectively empty */
 815        if (uri != NULL) {
 816            g_free(uri->path);
 817            uri->path = NULL;
 818        }
 819    }
 820    *str = cur;
 821    return 0;
 822}
 823
 824/**
 825 * rfc3986_parse_relative_ref:
 826 * @uri:  pointer to an URI structure
 827 * @str:  the string to analyze
 828 *
 829 * Parse an URI string and fills in the appropriate fields
 830 * of the @uri structure
 831 *
 832 * relative-ref  = relative-part [ "?" query ] [ "#" fragment ]
 833 * relative-part = "//" authority path-abempty
 834 *               / path-absolute
 835 *               / path-noscheme
 836 *               / path-empty
 837 *
 838 * Returns 0 or the error code
 839 */
 840static int rfc3986_parse_relative_ref(URI *uri, const char *str)
 841{
 842    int ret;
 843
 844    if ((*str == '/') && (*(str + 1) == '/')) {
 845        str += 2;
 846        ret = rfc3986_parse_authority(uri, &str);
 847        if (ret != 0) {
 848            return ret;
 849        }
 850        ret = rfc3986_parse_path_ab_empty(uri, &str);
 851        if (ret != 0) {
 852            return ret;
 853        }
 854    } else if (*str == '/') {
 855        ret = rfc3986_parse_path_absolute(uri, &str);
 856        if (ret != 0) {
 857            return ret;
 858        }
 859    } else if (ISA_PCHAR(str)) {
 860        ret = rfc3986_parse_path_no_scheme(uri, &str);
 861        if (ret != 0) {
 862            return ret;
 863        }
 864    } else {
 865        /* path-empty is effectively empty */
 866        if (uri != NULL) {
 867            g_free(uri->path);
 868            uri->path = NULL;
 869        }
 870    }
 871
 872    if (*str == '?') {
 873        str++;
 874        ret = rfc3986_parse_query(uri, &str);
 875        if (ret != 0) {
 876            return ret;
 877        }
 878    }
 879    if (*str == '#') {
 880        str++;
 881        ret = rfc3986_parse_fragment(uri, &str);
 882        if (ret != 0) {
 883            return ret;
 884        }
 885    }
 886    if (*str != 0) {
 887        uri_clean(uri);
 888        return 1;
 889    }
 890    return 0;
 891}
 892
 893/**
 894 * rfc3986_parse:
 895 * @uri:  pointer to an URI structure
 896 * @str:  the string to analyze
 897 *
 898 * Parse an URI string and fills in the appropriate fields
 899 * of the @uri structure
 900 *
 901 * scheme ":" hier-part [ "?" query ] [ "#" fragment ]
 902 *
 903 * Returns 0 or the error code
 904 */
 905static int rfc3986_parse(URI *uri, const char *str)
 906{
 907    int ret;
 908
 909    ret = rfc3986_parse_scheme(uri, &str);
 910    if (ret != 0) {
 911        return ret;
 912    }
 913    if (*str != ':') {
 914        return 1;
 915    }
 916    str++;
 917    ret = rfc3986_parse_hier_part(uri, &str);
 918    if (ret != 0) {
 919        return ret;
 920    }
 921    if (*str == '?') {
 922        str++;
 923        ret = rfc3986_parse_query(uri, &str);
 924        if (ret != 0) {
 925            return ret;
 926        }
 927    }
 928    if (*str == '#') {
 929        str++;
 930        ret = rfc3986_parse_fragment(uri, &str);
 931        if (ret != 0) {
 932            return ret;
 933        }
 934    }
 935    if (*str != 0) {
 936        uri_clean(uri);
 937        return 1;
 938    }
 939    return 0;
 940}
 941
 942/**
 943 * rfc3986_parse_uri_reference:
 944 * @uri:  pointer to an URI structure
 945 * @str:  the string to analyze
 946 *
 947 * Parse an URI reference string and fills in the appropriate fields
 948 * of the @uri structure
 949 *
 950 * URI-reference = URI / relative-ref
 951 *
 952 * Returns 0 or the error code
 953 */
 954static int rfc3986_parse_uri_reference(URI *uri, const char *str)
 955{
 956    int ret;
 957
 958    if (str == NULL) {
 959        return -1;
 960    }
 961    uri_clean(uri);
 962
 963    /*
 964     * Try first to parse absolute refs, then fallback to relative if
 965     * it fails.
 966     */
 967    ret = rfc3986_parse(uri, str);
 968    if (ret != 0) {
 969        uri_clean(uri);
 970        ret = rfc3986_parse_relative_ref(uri, str);
 971        if (ret != 0) {
 972            uri_clean(uri);
 973            return ret;
 974        }
 975    }
 976    return 0;
 977}
 978
 979/**
 980 * uri_parse:
 981 * @str:  the URI string to analyze
 982 *
 983 * Parse an URI based on RFC 3986
 984 *
 985 * URI-reference = [ absoluteURI | relativeURI ] [ "#" fragment ]
 986 *
 987 * Returns a newly built URI or NULL in case of error
 988 */
 989URI *uri_parse(const char *str)
 990{
 991    URI *uri;
 992    int ret;
 993
 994    if (str == NULL) {
 995        return NULL;
 996    }
 997    uri = uri_new();
 998    ret = rfc3986_parse_uri_reference(uri, str);
 999    if (ret) {
1000        uri_free(uri);
1001        return NULL;
1002    }
1003    return uri;
1004}
1005
1006/**
1007 * uri_parse_into:
1008 * @uri:  pointer to an URI structure
1009 * @str:  the string to analyze
1010 *
1011 * Parse an URI reference string based on RFC 3986 and fills in the
1012 * appropriate fields of the @uri structure
1013 *
1014 * URI-reference = URI / relative-ref
1015 *
1016 * Returns 0 or the error code
1017 */
1018int uri_parse_into(URI *uri, const char *str)
1019{
1020    return rfc3986_parse_uri_reference(uri, str);
1021}
1022
1023/**
1024 * uri_parse_raw:
1025 * @str:  the URI string to analyze
1026 * @raw:  if 1 unescaping of URI pieces are disabled
1027 *
1028 * Parse an URI but allows to keep intact the original fragments.
1029 *
1030 * URI-reference = URI / relative-ref
1031 *
1032 * Returns a newly built URI or NULL in case of error
1033 */
1034URI *uri_parse_raw(const char *str, int raw)
1035{
1036    URI *uri;
1037    int ret;
1038
1039    if (str == NULL) {
1040        return NULL;
1041    }
1042    uri = uri_new();
1043    if (raw) {
1044        uri->cleanup |= 2;
1045    }
1046    ret = uri_parse_into(uri, str);
1047    if (ret) {
1048        uri_free(uri);
1049        return NULL;
1050    }
1051    return uri;
1052}
1053
1054/************************************************************************
1055 *                                                                      *
1056 *                    Generic URI structure functions                   *
1057 *                                                                      *
1058 ************************************************************************/
1059
1060/**
1061 * uri_new:
1062 *
1063 * Simply creates an empty URI
1064 *
1065 * Returns the new structure or NULL in case of error
1066 */
1067URI *uri_new(void)
1068{
1069    return g_new0(URI, 1);
1070}
1071
1072/**
1073 * realloc2n:
1074 *
1075 * Function to handle properly a reallocation when saving an URI
1076 * Also imposes some limit on the length of an URI string output
1077 */
1078static char *realloc2n(char *ret, int *max)
1079{
1080    char *temp;
1081    int tmp;
1082
1083    tmp = *max * 2;
1084    temp = g_realloc(ret, (tmp + 1));
1085    *max = tmp;
1086    return temp;
1087}
1088
1089/**
1090 * uri_to_string:
1091 * @uri:  pointer to an URI
1092 *
1093 * Save the URI as an escaped string
1094 *
1095 * Returns a new string (to be deallocated by caller)
1096 */
1097char *uri_to_string(URI *uri)
1098{
1099    char *ret = NULL;
1100    char *temp;
1101    const char *p;
1102    int len;
1103    int max;
1104
1105    if (uri == NULL) {
1106        return NULL;
1107    }
1108
1109    max = 80;
1110    ret = g_malloc(max + 1);
1111    len = 0;
1112
1113    if (uri->scheme != NULL) {
1114        p = uri->scheme;
1115        while (*p != 0) {
1116            if (len >= max) {
1117                temp = realloc2n(ret, &max);
1118                ret = temp;
1119            }
1120            ret[len++] = *p++;
1121        }
1122        if (len >= max) {
1123            temp = realloc2n(ret, &max);
1124            ret = temp;
1125        }
1126        ret[len++] = ':';
1127    }
1128    if (uri->opaque != NULL) {
1129        p = uri->opaque;
1130        while (*p != 0) {
1131            if (len + 3 >= max) {
1132                temp = realloc2n(ret, &max);
1133                ret = temp;
1134            }
1135            if (IS_RESERVED(*(p)) || IS_UNRESERVED(*(p))) {
1136                ret[len++] = *p++;
1137            } else {
1138                int val = *(unsigned char *)p++;
1139                int hi = val / 0x10, lo = val % 0x10;
1140                ret[len++] = '%';
1141                ret[len++] = hi + (hi > 9 ? 'A' - 10 : '0');
1142                ret[len++] = lo + (lo > 9 ? 'A' - 10 : '0');
1143            }
1144        }
1145    } else {
1146        if (uri->server != NULL) {
1147            if (len + 3 >= max) {
1148                temp = realloc2n(ret, &max);
1149                ret = temp;
1150            }
1151            ret[len++] = '/';
1152            ret[len++] = '/';
1153            if (uri->user != NULL) {
1154                p = uri->user;
1155                while (*p != 0) {
1156                    if (len + 3 >= max) {
1157                        temp = realloc2n(ret, &max);
1158                        ret = temp;
1159                    }
1160                    if ((IS_UNRESERVED(*(p))) || ((*(p) == ';')) ||
1161                        ((*(p) == ':')) || ((*(p) == '&')) || ((*(p) == '=')) ||
1162                        ((*(p) == '+')) || ((*(p) == '$')) || ((*(p) == ','))) {
1163                        ret[len++] = *p++;
1164                    } else {
1165                        int val = *(unsigned char *)p++;
1166                        int hi = val / 0x10, lo = val % 0x10;
1167                        ret[len++] = '%';
1168                        ret[len++] = hi + (hi > 9 ? 'A' - 10 : '0');
1169                        ret[len++] = lo + (lo > 9 ? 'A' - 10 : '0');
1170                    }
1171                }
1172                if (len + 3 >= max) {
1173                    temp = realloc2n(ret, &max);
1174                    ret = temp;
1175                }
1176                ret[len++] = '@';
1177            }
1178            p = uri->server;
1179            while (*p != 0) {
1180                if (len >= max) {
1181                    temp = realloc2n(ret, &max);
1182                    ret = temp;
1183                }
1184                ret[len++] = *p++;
1185            }
1186            if (uri->port > 0) {
1187                if (len + 10 >= max) {
1188                    temp = realloc2n(ret, &max);
1189                    ret = temp;
1190                }
1191                len += snprintf(&ret[len], max - len, ":%d", uri->port);
1192            }
1193        } else if (uri->authority != NULL) {
1194            if (len + 3 >= max) {
1195                temp = realloc2n(ret, &max);
1196                ret = temp;
1197            }
1198            ret[len++] = '/';
1199            ret[len++] = '/';
1200            p = uri->authority;
1201            while (*p != 0) {
1202                if (len + 3 >= max) {
1203                    temp = realloc2n(ret, &max);
1204                    ret = temp;
1205                }
1206                if ((IS_UNRESERVED(*(p))) || ((*(p) == '$')) ||
1207                    ((*(p) == ',')) || ((*(p) == ';')) || ((*(p) == ':')) ||
1208                    ((*(p) == '@')) || ((*(p) == '&')) || ((*(p) == '=')) ||
1209                    ((*(p) == '+'))) {
1210                    ret[len++] = *p++;
1211                } else {
1212                    int val = *(unsigned char *)p++;
1213                    int hi = val / 0x10, lo = val % 0x10;
1214                    ret[len++] = '%';
1215                    ret[len++] = hi + (hi > 9 ? 'A' - 10 : '0');
1216                    ret[len++] = lo + (lo > 9 ? 'A' - 10 : '0');
1217                }
1218            }
1219        } else if (uri->scheme != NULL) {
1220            if (len + 3 >= max) {
1221                temp = realloc2n(ret, &max);
1222                ret = temp;
1223            }
1224            ret[len++] = '/';
1225            ret[len++] = '/';
1226        }
1227        if (uri->path != NULL) {
1228            p = uri->path;
1229            /*
1230             * the colon in file:///d: should not be escaped or
1231             * Windows accesses fail later.
1232             */
1233            if ((uri->scheme != NULL) && (p[0] == '/') &&
1234                (((p[1] >= 'a') && (p[1] <= 'z')) ||
1235                 ((p[1] >= 'A') && (p[1] <= 'Z'))) &&
1236                (p[2] == ':') && (!strcmp(uri->scheme, "file"))) {
1237                if (len + 3 >= max) {
1238                    temp = realloc2n(ret, &max);
1239                    ret = temp;
1240                }
1241                ret[len++] = *p++;
1242                ret[len++] = *p++;
1243                ret[len++] = *p++;
1244            }
1245            while (*p != 0) {
1246                if (len + 3 >= max) {
1247                    temp = realloc2n(ret, &max);
1248                    ret = temp;
1249                }
1250                if ((IS_UNRESERVED(*(p))) || ((*(p) == '/')) ||
1251                    ((*(p) == ';')) || ((*(p) == '@')) || ((*(p) == '&')) ||
1252                    ((*(p) == '=')) || ((*(p) == '+')) || ((*(p) == '$')) ||
1253                    ((*(p) == ','))) {
1254                    ret[len++] = *p++;
1255                } else {
1256                    int val = *(unsigned char *)p++;
1257                    int hi = val / 0x10, lo = val % 0x10;
1258                    ret[len++] = '%';
1259                    ret[len++] = hi + (hi > 9 ? 'A' - 10 : '0');
1260                    ret[len++] = lo + (lo > 9 ? 'A' - 10 : '0');
1261                }
1262            }
1263        }
1264        if (uri->query != NULL) {
1265            if (len + 1 >= max) {
1266                temp = realloc2n(ret, &max);
1267                ret = temp;
1268            }
1269            ret[len++] = '?';
1270            p = uri->query;
1271            while (*p != 0) {
1272                if (len + 1 >= max) {
1273                    temp = realloc2n(ret, &max);
1274                    ret = temp;
1275                }
1276                ret[len++] = *p++;
1277            }
1278        }
1279    }
1280    if (uri->fragment != NULL) {
1281        if (len + 3 >= max) {
1282            temp = realloc2n(ret, &max);
1283            ret = temp;
1284        }
1285        ret[len++] = '#';
1286        p = uri->fragment;
1287        while (*p != 0) {
1288            if (len + 3 >= max) {
1289                temp = realloc2n(ret, &max);
1290                ret = temp;
1291            }
1292            if ((IS_UNRESERVED(*(p))) || (IS_RESERVED(*(p)))) {
1293                ret[len++] = *p++;
1294            } else {
1295                int val = *(unsigned char *)p++;
1296                int hi = val / 0x10, lo = val % 0x10;
1297                ret[len++] = '%';
1298                ret[len++] = hi + (hi > 9 ? 'A' - 10 : '0');
1299                ret[len++] = lo + (lo > 9 ? 'A' - 10 : '0');
1300            }
1301        }
1302    }
1303    if (len >= max) {
1304        temp = realloc2n(ret, &max);
1305        ret = temp;
1306    }
1307    ret[len] = 0;
1308    return ret;
1309}
1310
1311/**
1312 * uri_clean:
1313 * @uri:  pointer to an URI
1314 *
1315 * Make sure the URI struct is free of content
1316 */
1317static void uri_clean(URI *uri)
1318{
1319    if (uri == NULL) {
1320        return;
1321    }
1322
1323    g_free(uri->scheme);
1324    uri->scheme = NULL;
1325    g_free(uri->server);
1326    uri->server = NULL;
1327    g_free(uri->user);
1328    uri->user = NULL;
1329    g_free(uri->path);
1330    uri->path = NULL;
1331    g_free(uri->fragment);
1332    uri->fragment = NULL;
1333    g_free(uri->opaque);
1334    uri->opaque = NULL;
1335    g_free(uri->authority);
1336    uri->authority = NULL;
1337    g_free(uri->query);
1338    uri->query = NULL;
1339}
1340
1341/**
1342 * uri_free:
1343 * @uri:  pointer to an URI
1344 *
1345 * Free up the URI struct
1346 */
1347void uri_free(URI *uri)
1348{
1349    uri_clean(uri);
1350    g_free(uri);
1351}
1352
1353/************************************************************************
1354 *                                                                      *
1355 *                           Helper functions                           *
1356 *                                                                      *
1357 ************************************************************************/
1358
1359/**
1360 * normalize_uri_path:
1361 * @path:  pointer to the path string
1362 *
1363 * Applies the 5 normalization steps to a path string--that is, RFC 2396
1364 * Section 5.2, steps 6.c through 6.g.
1365 *
1366 * Normalization occurs directly on the string, no new allocation is done
1367 *
1368 * Returns 0 or an error code
1369 */
1370static int normalize_uri_path(char *path)
1371{
1372    char *cur, *out;
1373
1374    if (path == NULL) {
1375        return -1;
1376    }
1377
1378    /* Skip all initial "/" chars.  We want to get to the beginning of the
1379     * first non-empty segment.
1380     */
1381    cur = path;
1382    while (cur[0] == '/') {
1383        ++cur;
1384    }
1385    if (cur[0] == '\0') {
1386        return 0;
1387    }
1388
1389    /* Keep everything we've seen so far.  */
1390    out = cur;
1391
1392    /*
1393     * Analyze each segment in sequence for cases (c) and (d).
1394     */
1395    while (cur[0] != '\0') {
1396        /*
1397         * c) All occurrences of "./", where "." is a complete path segment,
1398         *    are removed from the buffer string.
1399         */
1400        if ((cur[0] == '.') && (cur[1] == '/')) {
1401            cur += 2;
1402            /* '//' normalization should be done at this point too */
1403            while (cur[0] == '/') {
1404                cur++;
1405            }
1406            continue;
1407        }
1408
1409        /*
1410         * d) If the buffer string ends with "." as a complete path segment,
1411         *    that "." is removed.
1412         */
1413        if ((cur[0] == '.') && (cur[1] == '\0')) {
1414            break;
1415        }
1416
1417        /* Otherwise keep the segment.  */
1418        while (cur[0] != '/') {
1419            if (cur[0] == '\0') {
1420                goto done_cd;
1421            }
1422            (out++)[0] = (cur++)[0];
1423        }
1424        /* nomalize // */
1425        while ((cur[0] == '/') && (cur[1] == '/')) {
1426            cur++;
1427        }
1428
1429        (out++)[0] = (cur++)[0];
1430    }
1431done_cd:
1432    out[0] = '\0';
1433
1434    /* Reset to the beginning of the first segment for the next sequence.  */
1435    cur = path;
1436    while (cur[0] == '/') {
1437        ++cur;
1438    }
1439    if (cur[0] == '\0') {
1440        return 0;
1441    }
1442
1443    /*
1444     * Analyze each segment in sequence for cases (e) and (f).
1445     *
1446     * e) All occurrences of "<segment>/../", where <segment> is a
1447     *    complete path segment not equal to "..", are removed from the
1448     *    buffer string.  Removal of these path segments is performed
1449     *    iteratively, removing the leftmost matching pattern on each
1450     *    iteration, until no matching pattern remains.
1451     *
1452     * f) If the buffer string ends with "<segment>/..", where <segment>
1453     *    is a complete path segment not equal to "..", that
1454     *    "<segment>/.." is removed.
1455     *
1456     * To satisfy the "iterative" clause in (e), we need to collapse the
1457     * string every time we find something that needs to be removed.  Thus,
1458     * we don't need to keep two pointers into the string: we only need a
1459     * "current position" pointer.
1460     */
1461    while (1) {
1462        char *segp, *tmp;
1463
1464        /* At the beginning of each iteration of this loop, "cur" points to
1465         * the first character of the segment we want to examine.
1466         */
1467
1468        /* Find the end of the current segment.  */
1469        segp = cur;
1470        while ((segp[0] != '/') && (segp[0] != '\0')) {
1471            ++segp;
1472        }
1473
1474        /* If this is the last segment, we're done (we need at least two
1475         * segments to meet the criteria for the (e) and (f) cases).
1476         */
1477        if (segp[0] == '\0') {
1478            break;
1479        }
1480
1481        /* If the first segment is "..", or if the next segment _isn't_ "..",
1482         * keep this segment and try the next one.
1483         */
1484        ++segp;
1485        if (((cur[0] == '.') && (cur[1] == '.') && (segp == cur + 3)) ||
1486            ((segp[0] != '.') || (segp[1] != '.') ||
1487             ((segp[2] != '/') && (segp[2] != '\0')))) {
1488            cur = segp;
1489            continue;
1490        }
1491
1492        /* If we get here, remove this segment and the next one and back up
1493         * to the previous segment (if there is one), to implement the
1494         * "iteratively" clause.  It's pretty much impossible to back up
1495         * while maintaining two pointers into the buffer, so just compact
1496         * the whole buffer now.
1497         */
1498
1499        /* If this is the end of the buffer, we're done.  */
1500        if (segp[2] == '\0') {
1501            cur[0] = '\0';
1502            break;
1503        }
1504        /* Valgrind complained, strcpy(cur, segp + 3); */
1505        /* string will overlap, do not use strcpy */
1506        tmp = cur;
1507        segp += 3;
1508        while ((*tmp++ = *segp++) != 0) {
1509            /* No further work */
1510        }
1511
1512        /* If there are no previous segments, then keep going from here.  */
1513        segp = cur;
1514        while ((segp > path) && ((--segp)[0] == '/')) {
1515            /* No further work */
1516        }
1517        if (segp == path) {
1518            continue;
1519        }
1520
1521        /* "segp" is pointing to the end of a previous segment; find it's
1522         * start.  We need to back up to the previous segment and start
1523         * over with that to handle things like "foo/bar/../..".  If we
1524         * don't do this, then on the first pass we'll remove the "bar/..",
1525         * but be pointing at the second ".." so we won't realize we can also
1526         * remove the "foo/..".
1527         */
1528        cur = segp;
1529        while ((cur > path) && (cur[-1] != '/')) {
1530            --cur;
1531        }
1532    }
1533    out[0] = '\0';
1534
1535    /*
1536     * g) If the resulting buffer string still begins with one or more
1537     *    complete path segments of "..", then the reference is
1538     *    considered to be in error. Implementations may handle this
1539     *    error by retaining these components in the resolved path (i.e.,
1540     *    treating them as part of the final URI), by removing them from
1541     *    the resolved path (i.e., discarding relative levels above the
1542     *    root), or by avoiding traversal of the reference.
1543     *
1544     * We discard them from the final path.
1545     */
1546    if (path[0] == '/') {
1547        cur = path;
1548        while ((cur[0] == '/') && (cur[1] == '.') && (cur[2] == '.') &&
1549               ((cur[3] == '/') || (cur[3] == '\0'))) {
1550            cur += 3;
1551        }
1552
1553        if (cur != path) {
1554            out = path;
1555            while (cur[0] != '\0') {
1556                (out++)[0] = (cur++)[0];
1557            }
1558            out[0] = 0;
1559        }
1560    }
1561
1562    return 0;
1563}
1564
1565static int is_hex(char c)
1566{
1567    if (((c >= '0') && (c <= '9')) || ((c >= 'a') && (c <= 'f')) ||
1568        ((c >= 'A') && (c <= 'F'))) {
1569        return 1;
1570    }
1571    return 0;
1572}
1573
1574/**
1575 * uri_string_unescape:
1576 * @str:  the string to unescape
1577 * @len:   the length in bytes to unescape (or <= 0 to indicate full string)
1578 * @target:  optional destination buffer
1579 *
1580 * Unescaping routine, but does not check that the string is an URI. The
1581 * output is a direct unsigned char translation of %XX values (no encoding)
1582 * Note that the length of the result can only be smaller or same size as
1583 * the input string.
1584 *
1585 * Returns a copy of the string, but unescaped, will return NULL only in case
1586 * of error
1587 */
1588char *uri_string_unescape(const char *str, int len, char *target)
1589{
1590    char *ret, *out;
1591    const char *in;
1592
1593    if (str == NULL) {
1594        return NULL;
1595    }
1596    if (len <= 0) {
1597        len = strlen(str);
1598    }
1599    if (len < 0) {
1600        return NULL;
1601    }
1602
1603    if (target == NULL) {
1604        ret = g_malloc(len + 1);
1605    } else {
1606        ret = target;
1607    }
1608    in = str;
1609    out = ret;
1610    while (len > 0) {
1611        if ((len > 2) && (*in == '%') && (is_hex(in[1])) && (is_hex(in[2]))) {
1612            in++;
1613            if ((*in >= '0') && (*in <= '9')) {
1614                *out = (*in - '0');
1615            } else if ((*in >= 'a') && (*in <= 'f')) {
1616                *out = (*in - 'a') + 10;
1617            } else if ((*in >= 'A') && (*in <= 'F')) {
1618                *out = (*in - 'A') + 10;
1619            }
1620            in++;
1621            if ((*in >= '0') && (*in <= '9')) {
1622                *out = *out * 16 + (*in - '0');
1623            } else if ((*in >= 'a') && (*in <= 'f')) {
1624                *out = *out * 16 + (*in - 'a') + 10;
1625            } else if ((*in >= 'A') && (*in <= 'F')) {
1626                *out = *out * 16 + (*in - 'A') + 10;
1627            }
1628            in++;
1629            len -= 3;
1630            out++;
1631        } else {
1632            *out++ = *in++;
1633            len--;
1634        }
1635    }
1636    *out = 0;
1637    return ret;
1638}
1639
1640/**
1641 * uri_string_escape:
1642 * @str:  string to escape
1643 * @list: exception list string of chars not to escape
1644 *
1645 * This routine escapes a string to hex, ignoring reserved characters (a-z)
1646 * and the characters in the exception list.
1647 *
1648 * Returns a new escaped string or NULL in case of error.
1649 */
1650char *uri_string_escape(const char *str, const char *list)
1651{
1652    char *ret, ch;
1653    char *temp;
1654    const char *in;
1655    int len, out;
1656
1657    if (str == NULL) {
1658        return NULL;
1659    }
1660    if (str[0] == 0) {
1661        return g_strdup(str);
1662    }
1663    len = strlen(str);
1664    if (!(len > 0)) {
1665        return NULL;
1666    }
1667
1668    len += 20;
1669    ret = g_malloc(len);
1670    in = str;
1671    out = 0;
1672    while (*in != 0) {
1673        if (len - out <= 3) {
1674            temp = realloc2n(ret, &len);
1675            ret = temp;
1676        }
1677
1678        ch = *in;
1679
1680        if ((ch != '@') && (!IS_UNRESERVED(ch)) && (!strchr(list, ch))) {
1681            unsigned char val;
1682            ret[out++] = '%';
1683            val = ch >> 4;
1684            if (val <= 9) {
1685                ret[out++] = '0' + val;
1686            } else {
1687                ret[out++] = 'A' + val - 0xA;
1688            }
1689            val = ch & 0xF;
1690            if (val <= 9) {
1691                ret[out++] = '0' + val;
1692            } else {
1693                ret[out++] = 'A' + val - 0xA;
1694            }
1695            in++;
1696        } else {
1697            ret[out++] = *in++;
1698        }
1699    }
1700    ret[out] = 0;
1701    return ret;
1702}
1703
1704/************************************************************************
1705 *                                                                      *
1706 *                           Public functions                           *
1707 *                                                                      *
1708 ************************************************************************/
1709
1710/**
1711 * uri_resolve:
1712 * @URI:  the URI instance found in the document
1713 * @base:  the base value
1714 *
1715 * Computes he final URI of the reference done by checking that
1716 * the given URI is valid, and building the final URI using the
1717 * base URI. This is processed according to section 5.2 of the
1718 * RFC 2396
1719 *
1720 * 5.2. Resolving Relative References to Absolute Form
1721 *
1722 * Returns a new URI string (to be freed by the caller) or NULL in case
1723 *         of error.
1724 */
1725char *uri_resolve(const char *uri, const char *base)
1726{
1727    char *val = NULL;
1728    int ret, len, indx, cur, out;
1729    URI *ref = NULL;
1730    URI *bas = NULL;
1731    URI *res = NULL;
1732
1733    /*
1734     * 1) The URI reference is parsed into the potential four components and
1735     *    fragment identifier, as described in Section 4.3.
1736     *
1737     *    NOTE that a completely empty URI is treated by modern browsers
1738     *    as a reference to "." rather than as a synonym for the current
1739     *    URI.  Should we do that here?
1740     */
1741    if (uri == NULL) {
1742        ret = -1;
1743    } else {
1744        if (*uri) {
1745            ref = uri_new();
1746            ret = uri_parse_into(ref, uri);
1747        } else {
1748            ret = 0;
1749        }
1750    }
1751    if (ret != 0) {
1752        goto done;
1753    }
1754    if ((ref != NULL) && (ref->scheme != NULL)) {
1755        /*
1756         * The URI is absolute don't modify.
1757         */
1758        val = g_strdup(uri);
1759        goto done;
1760    }
1761    if (base == NULL) {
1762        ret = -1;
1763    } else {
1764        bas = uri_new();
1765        ret = uri_parse_into(bas, base);
1766    }
1767    if (ret != 0) {
1768        if (ref) {
1769            val = uri_to_string(ref);
1770        }
1771        goto done;
1772    }
1773    if (ref == NULL) {
1774        /*
1775         * the base fragment must be ignored
1776         */
1777        g_free(bas->fragment);
1778        bas->fragment = NULL;
1779        val = uri_to_string(bas);
1780        goto done;
1781    }
1782
1783    /*
1784     * 2) If the path component is empty and the scheme, authority, and
1785     *    query components are undefined, then it is a reference to the
1786     *    current document and we are done.  Otherwise, the reference URI's
1787     *    query and fragment components are defined as found (or not found)
1788     *    within the URI reference and not inherited from the base URI.
1789     *
1790     *    NOTE that in modern browsers, the parsing differs from the above
1791     *    in the following aspect:  the query component is allowed to be
1792     *    defined while still treating this as a reference to the current
1793     *    document.
1794     */
1795    res = uri_new();
1796    if ((ref->scheme == NULL) && (ref->path == NULL) &&
1797        ((ref->authority == NULL) && (ref->server == NULL))) {
1798        res->scheme = g_strdup(bas->scheme);
1799        if (bas->authority != NULL) {
1800            res->authority = g_strdup(bas->authority);
1801        } else if (bas->server != NULL) {
1802            res->server = g_strdup(bas->server);
1803            res->user = g_strdup(bas->user);
1804            res->port = bas->port;
1805        }
1806        res->path = g_strdup(bas->path);
1807        if (ref->query != NULL) {
1808            res->query = g_strdup(ref->query);
1809        } else {
1810            res->query = g_strdup(bas->query);
1811        }
1812        res->fragment = g_strdup(ref->fragment);
1813        goto step_7;
1814    }
1815
1816    /*
1817     * 3) If the scheme component is defined, indicating that the reference
1818     *    starts with a scheme name, then the reference is interpreted as an
1819     *    absolute URI and we are done.  Otherwise, the reference URI's
1820     *    scheme is inherited from the base URI's scheme component.
1821     */
1822    if (ref->scheme != NULL) {
1823        val = uri_to_string(ref);
1824        goto done;
1825    }
1826    res->scheme = g_strdup(bas->scheme);
1827
1828    res->query = g_strdup(ref->query);
1829    res->fragment = g_strdup(ref->fragment);
1830
1831    /*
1832     * 4) If the authority component is defined, then the reference is a
1833     *    network-path and we skip to step 7.  Otherwise, the reference
1834     *    URI's authority is inherited from the base URI's authority
1835     *    component, which will also be undefined if the URI scheme does not
1836     *    use an authority component.
1837     */
1838    if ((ref->authority != NULL) || (ref->server != NULL)) {
1839        if (ref->authority != NULL) {
1840            res->authority = g_strdup(ref->authority);
1841        } else {
1842            res->server = g_strdup(ref->server);
1843            res->user = g_strdup(ref->user);
1844            res->port = ref->port;
1845        }
1846        res->path = g_strdup(ref->path);
1847        goto step_7;
1848    }
1849    if (bas->authority != NULL) {
1850        res->authority = g_strdup(bas->authority);
1851    } else if (bas->server != NULL) {
1852        res->server = g_strdup(bas->server);
1853        res->user = g_strdup(bas->user);
1854        res->port = bas->port;
1855    }
1856
1857    /*
1858     * 5) If the path component begins with a slash character ("/"), then
1859     *    the reference is an absolute-path and we skip to step 7.
1860     */
1861    if ((ref->path != NULL) && (ref->path[0] == '/')) {
1862        res->path = g_strdup(ref->path);
1863        goto step_7;
1864    }
1865
1866    /*
1867     * 6) If this step is reached, then we are resolving a relative-path
1868     *    reference.  The relative path needs to be merged with the base
1869     *    URI's path.  Although there are many ways to do this, we will
1870     *    describe a simple method using a separate string buffer.
1871     *
1872     * Allocate a buffer large enough for the result string.
1873     */
1874    len = 2; /* extra / and 0 */
1875    if (ref->path != NULL) {
1876        len += strlen(ref->path);
1877    }
1878    if (bas->path != NULL) {
1879        len += strlen(bas->path);
1880    }
1881    res->path = g_malloc(len);
1882    res->path[0] = 0;
1883
1884    /*
1885     * a) All but the last segment of the base URI's path component is
1886     *    copied to the buffer.  In other words, any characters after the
1887     *    last (right-most) slash character, if any, are excluded.
1888     */
1889    cur = 0;
1890    out = 0;
1891    if (bas->path != NULL) {
1892        while (bas->path[cur] != 0) {
1893            while ((bas->path[cur] != 0) && (bas->path[cur] != '/')) {
1894                cur++;
1895            }
1896            if (bas->path[cur] == 0) {
1897                break;
1898            }
1899
1900            cur++;
1901            while (out < cur) {
1902                res->path[out] = bas->path[out];
1903                out++;
1904            }
1905        }
1906    }
1907    res->path[out] = 0;
1908
1909    /*
1910     * b) The reference's path component is appended to the buffer
1911     *    string.
1912     */
1913    if (ref->path != NULL && ref->path[0] != 0) {
1914        indx = 0;
1915        /*
1916         * Ensure the path includes a '/'
1917         */
1918        if ((out == 0) && (bas->server != NULL)) {
1919            res->path[out++] = '/';
1920        }
1921        while (ref->path[indx] != 0) {
1922            res->path[out++] = ref->path[indx++];
1923        }
1924    }
1925    res->path[out] = 0;
1926
1927    /*
1928     * Steps c) to h) are really path normalization steps
1929     */
1930    normalize_uri_path(res->path);
1931
1932step_7:
1933
1934    /*
1935     * 7) The resulting URI components, including any inherited from the
1936     *    base URI, are recombined to give the absolute form of the URI
1937     *    reference.
1938     */
1939    val = uri_to_string(res);
1940
1941done:
1942    if (ref != NULL) {
1943        uri_free(ref);
1944    }
1945    if (bas != NULL) {
1946        uri_free(bas);
1947    }
1948    if (res != NULL) {
1949        uri_free(res);
1950    }
1951    return val;
1952}
1953
1954/**
1955 * uri_resolve_relative:
1956 * @URI:  the URI reference under consideration
1957 * @base:  the base value
1958 *
1959 * Expresses the URI of the reference in terms relative to the
1960 * base.  Some examples of this operation include:
1961 *     base = "http://site1.com/docs/book1.html"
1962 *        URI input                        URI returned
1963 *     docs/pic1.gif                    pic1.gif
1964 *     docs/img/pic1.gif                img/pic1.gif
1965 *     img/pic1.gif                     ../img/pic1.gif
1966 *     http://site1.com/docs/pic1.gif   pic1.gif
1967 *     http://site2.com/docs/pic1.gif   http://site2.com/docs/pic1.gif
1968 *
1969 *     base = "docs/book1.html"
1970 *        URI input                        URI returned
1971 *     docs/pic1.gif                    pic1.gif
1972 *     docs/img/pic1.gif                img/pic1.gif
1973 *     img/pic1.gif                     ../img/pic1.gif
1974 *     http://site1.com/docs/pic1.gif   http://site1.com/docs/pic1.gif
1975 *
1976 *
1977 * Note: if the URI reference is really weird or complicated, it may be
1978 *       worthwhile to first convert it into a "nice" one by calling
1979 *       uri_resolve (using 'base') before calling this routine,
1980 *       since this routine (for reasonable efficiency) assumes URI has
1981 *       already been through some validation.
1982 *
1983 * Returns a new URI string (to be freed by the caller) or NULL in case
1984 * error.
1985 */
1986char *uri_resolve_relative(const char *uri, const char *base)
1987{
1988    char *val = NULL;
1989    int ret;
1990    int ix;
1991    int pos = 0;
1992    int nbslash = 0;
1993    int len;
1994    URI *ref = NULL;
1995    URI *bas = NULL;
1996    char *bptr, *uptr, *vptr;
1997    int remove_path = 0;
1998
1999    if ((uri == NULL) || (*uri == 0)) {
2000        return NULL;
2001    }
2002
2003    /*
2004     * First parse URI into a standard form
2005     */
2006    ref = uri_new();
2007    /* If URI not already in "relative" form */
2008    if (uri[0] != '.') {
2009        ret = uri_parse_into(ref, uri);
2010        if (ret != 0) {
2011            goto done; /* Error in URI, return NULL */
2012        }
2013    } else {
2014        ref->path = g_strdup(uri);
2015    }
2016
2017    /*
2018     * Next parse base into the same standard form
2019     */
2020    if ((base == NULL) || (*base == 0)) {
2021        val = g_strdup(uri);
2022        goto done;
2023    }
2024    bas = uri_new();
2025    if (base[0] != '.') {
2026        ret = uri_parse_into(bas, base);
2027        if (ret != 0) {
2028            goto done; /* Error in base, return NULL */
2029        }
2030    } else {
2031        bas->path = g_strdup(base);
2032    }
2033
2034    /*
2035     * If the scheme / server on the URI differs from the base,
2036     * just return the URI
2037     */
2038    if ((ref->scheme != NULL) &&
2039        ((bas->scheme == NULL) || (strcmp(bas->scheme, ref->scheme)) ||
2040         (strcmp(bas->server, ref->server)))) {
2041        val = g_strdup(uri);
2042        goto done;
2043    }
2044    if (bas->path == ref->path ||
2045        (bas->path && ref->path && !strcmp(bas->path, ref->path))) {
2046        val = g_strdup("");
2047        goto done;
2048    }
2049    if (bas->path == NULL) {
2050        val = g_strdup(ref->path);
2051        goto done;
2052    }
2053    if (ref->path == NULL) {
2054        ref->path = (char *)"/";
2055        remove_path = 1;
2056    }
2057
2058    /*
2059     * At this point (at last!) we can compare the two paths
2060     *
2061     * First we take care of the special case where either of the
2062     * two path components may be missing (bug 316224)
2063     */
2064    if (bas->path == NULL) {
2065        if (ref->path != NULL) {
2066            uptr = ref->path;
2067            if (*uptr == '/') {
2068                uptr++;
2069            }
2070            /* exception characters from uri_to_string */
2071            val = uri_string_escape(uptr, "/;&=+$,");
2072        }
2073        goto done;
2074    }
2075    bptr = bas->path;
2076    if (ref->path == NULL) {
2077        for (ix = 0; bptr[ix] != 0; ix++) {
2078            if (bptr[ix] == '/') {
2079                nbslash++;
2080            }
2081        }
2082        uptr = NULL;
2083        len = 1; /* this is for a string terminator only */
2084    } else {
2085        /*
2086         * Next we compare the two strings and find where they first differ
2087         */
2088        if ((ref->path[pos] == '.') && (ref->path[pos + 1] == '/')) {
2089            pos += 2;
2090        }
2091        if ((*bptr == '.') && (bptr[1] == '/')) {
2092            bptr += 2;
2093        } else if ((*bptr == '/') && (ref->path[pos] != '/')) {
2094            bptr++;
2095        }
2096        while ((bptr[pos] == ref->path[pos]) && (bptr[pos] != 0)) {
2097            pos++;
2098        }
2099
2100        if (bptr[pos] == ref->path[pos]) {
2101            val = g_strdup("");
2102            goto done; /* (I can't imagine why anyone would do this) */
2103        }
2104
2105        /*
2106         * In URI, "back up" to the last '/' encountered.  This will be the
2107         * beginning of the "unique" suffix of URI
2108         */
2109        ix = pos;
2110        if ((ref->path[ix] == '/') && (ix > 0)) {
2111            ix--;
2112        } else if ((ref->path[ix] == 0) && (ix > 1)
2113                && (ref->path[ix - 1] == '/')) {
2114            ix -= 2;
2115        }
2116        for (; ix > 0; ix--) {
2117            if (ref->path[ix] == '/') {
2118                break;
2119            }
2120        }
2121        if (ix == 0) {
2122            uptr = ref->path;
2123        } else {
2124            ix++;
2125            uptr = &ref->path[ix];
2126        }
2127
2128        /*
2129         * In base, count the number of '/' from the differing point
2130         */
2131        if (bptr[pos] != ref->path[pos]) { /* check for trivial URI == base */
2132            for (; bptr[ix] != 0; ix++) {
2133                if (bptr[ix] == '/') {
2134                    nbslash++;
2135                }
2136            }
2137        }
2138        len = strlen(uptr) + 1;
2139    }
2140
2141    if (nbslash == 0) {
2142        if (uptr != NULL) {
2143            /* exception characters from uri_to_string */
2144            val = uri_string_escape(uptr, "/;&=+$,");
2145        }
2146        goto done;
2147    }
2148
2149    /*
2150     * Allocate just enough space for the returned string -
2151     * length of the remainder of the URI, plus enough space
2152     * for the "../" groups, plus one for the terminator
2153     */
2154    val = g_malloc(len + 3 * nbslash);
2155    vptr = val;
2156    /*
2157     * Put in as many "../" as needed
2158     */
2159    for (; nbslash > 0; nbslash--) {
2160        *vptr++ = '.';
2161        *vptr++ = '.';
2162        *vptr++ = '/';
2163    }
2164    /*
2165     * Finish up with the end of the URI
2166     */
2167    if (uptr != NULL) {
2168        if ((vptr > val) && (len > 0) && (uptr[0] == '/') &&
2169            (vptr[-1] == '/')) {
2170            memcpy(vptr, uptr + 1, len - 1);
2171            vptr[len - 2] = 0;
2172        } else {
2173            memcpy(vptr, uptr, len);
2174            vptr[len - 1] = 0;
2175        }
2176    } else {
2177        vptr[len - 1] = 0;
2178    }
2179
2180    /* escape the freshly-built path */
2181    vptr = val;
2182    /* exception characters from uri_to_string */
2183    val = uri_string_escape(vptr, "/;&=+$,");
2184    g_free(vptr);
2185
2186done:
2187    /*
2188     * Free the working variables
2189     */
2190    if (remove_path != 0) {
2191        ref->path = NULL;
2192    }
2193    if (ref != NULL) {
2194        uri_free(ref);
2195    }
2196    if (bas != NULL) {
2197        uri_free(bas);
2198    }
2199
2200    return val;
2201}
2202
2203/*
2204 * Utility functions to help parse and assemble query strings.
2205 */
2206
2207struct QueryParams *query_params_new(int init_alloc)
2208{
2209    struct QueryParams *ps;
2210
2211    if (init_alloc <= 0) {
2212        init_alloc = 1;
2213    }
2214
2215    ps = g_new(QueryParams, 1);
2216    ps->n = 0;
2217    ps->alloc = init_alloc;
2218    ps->p = g_new(QueryParam, ps->alloc);
2219
2220    return ps;
2221}
2222
2223/* Ensure there is space to store at least one more parameter
2224 * at the end of the set.
2225 */
2226static int query_params_append(struct QueryParams *ps, const char *name,
2227                               const char *value)
2228{
2229    if (ps->n >= ps->alloc) {
2230        ps->p = g_renew(QueryParam, ps->p, ps->alloc * 2);
2231        ps->alloc *= 2;
2232    }
2233
2234    ps->p[ps->n].name = g_strdup(name);
2235    ps->p[ps->n].value = g_strdup(value);
2236    ps->p[ps->n].ignore = 0;
2237    ps->n++;
2238
2239    return 0;
2240}
2241
2242void query_params_free(struct QueryParams *ps)
2243{
2244    int i;
2245
2246    for (i = 0; i < ps->n; ++i) {
2247        g_free(ps->p[i].name);
2248        g_free(ps->p[i].value);
2249    }
2250    g_free(ps->p);
2251    g_free(ps);
2252}
2253
2254struct QueryParams *query_params_parse(const char *query)
2255{
2256    struct QueryParams *ps;
2257    const char *end, *eq;
2258
2259    ps = query_params_new(0);
2260    if (!query || query[0] == '\0') {
2261        return ps;
2262    }
2263
2264    while (*query) {
2265        char *name = NULL, *value = NULL;
2266
2267        /* Find the next separator, or end of the string. */
2268        end = strchr(query, '&');
2269        if (!end) {
2270            end = qemu_strchrnul(query, ';');
2271        }
2272
2273        /* Find the first '=' character between here and end. */
2274        eq = strchr(query, '=');
2275        if (eq && eq >= end) {
2276            eq = NULL;
2277        }
2278
2279        /* Empty section (eg. "&&"). */
2280        if (end == query) {
2281            goto next;
2282        }
2283
2284        /* If there is no '=' character, then we have just "name"
2285         * and consistent with CGI.pm we assume value is "".
2286         */
2287        else if (!eq) {
2288            name = uri_string_unescape(query, end - query, NULL);
2289            value = NULL;
2290        }
2291        /* Or if we have "name=" here (works around annoying
2292         * problem when calling uri_string_unescape with len = 0).
2293         */
2294        else if (eq + 1 == end) {
2295            name = uri_string_unescape(query, eq - query, NULL);
2296            value = g_new0(char, 1);
2297        }
2298        /* If the '=' character is at the beginning then we have
2299         * "=value" and consistent with CGI.pm we _ignore_ this.
2300         */
2301        else if (query == eq) {
2302            goto next;
2303        }
2304
2305        /* Otherwise it's "name=value". */
2306        else {
2307            name = uri_string_unescape(query, eq - query, NULL);
2308            value = uri_string_unescape(eq + 1, end - (eq + 1), NULL);
2309        }
2310
2311        /* Append to the parameter set. */
2312        query_params_append(ps, name, value);
2313        g_free(name);
2314        g_free(value);
2315
2316    next:
2317        query = end;
2318        if (*query) {
2319            query++; /* skip '&' separator */
2320        }
2321    }
2322
2323    return ps;
2324}
2325