Support IPv6 addresses in URLs

URLs didn't distinguish between IPv6 addresses and domain names, so a
bracketed IPv6 address was treated as a syntax error.  Fix this by
parsing them properly.  The parser also handles percent-encoded zone IDs
and properly percent-decodes them.

Full regression tests are included.

Author: DemiMarie

misc.c

@@ -866,6 +866,95 @@ cleanhostname(char *host)
 		return host;
 }
 
+static int
+valid_ipv6(const char *address)
+{
+	int leading_colon, trailing_colon;
+	int seen_double_colon = 0;
+	size_t seen_colons = 0, xdigits = 0;
+	size_t len, max_colons, i;
+	const char *percent = strchr(address, '%');
+
+	if (percent != NULL) {
+		if (percent[1] != '2' || percent[2] != '5')
+			return 0;
+		len = (size_t)(percent - address);
+		percent += 3;
+	} else {
+		len = strlen(address);
+	}
+
+	if (len < 2)
+		return 0;
+
+	leading_colon = address[0] == ':';
+	trailing_colon = address[len - 1] == ':';
+
+	if ((leading_colon && address[1] != ':') ||
+	    (trailing_colon && address[len - 2] != ':'))
+		return 0;
+
+	/*
+	 * Loop counts the number of colons.
+	 * There can be 8 colons if the first or last character is a colon.
+	 */
+	max_colons = 7 + leading_colon + trailing_colon;
+
+	/*
+	 * Count the number of colons.  Check if there is a "::".
+	 * Ensure that everything that is not a colon is a hex digit.
+	 * Ensure there are no more than 4 hex digits in a row.
+	 * address[len] is '\0' or '%' and in-bounds.
+	 */
+	for (i = 0; i < len; i++) {
+		if (address[i] == ':') {
+			xdigits = 0;
+			if (address[i + 1] == ':') {
+				/* Only one :: is allowed. */
+				if (seen_double_colon)
+					return 0;
+				seen_double_colon = 1;
+			}
+			seen_colons++;
+			continue;
+		}
+		if (isxdigit((unsigned char)address[i])) {
+			xdigits++;
+			if (xdigits > 4)
+				return 0;
+			continue;
+		}
+		return 0;
+	}
+
+	/*
+	 * Check that there are the exact number of components if there
+	 * is no ::, or not too many components if there is a ::.
+	 */
+	if (seen_double_colon ? max_colons < seen_colons : seen_colons != 7)
+		return 0;
+
+	/* See if there is a zone ID to check. */
+	if (percent == NULL)
+		return 1;
+
+	/*
+	 * RFC6874 says that non-unreserved characters MUST be percent-encoded.
+	 * Validate that here.  urldecode() will check for bad characters after
+	 * the '%', as well as for %00.
+	 */
+	for (; *percent != '\0'; percent++) {
+		if (!(isalnum((unsigned char)*percent) ||
+		      *percent == '-' ||
+		      *percent == '.' ||
+		      *percent == '_' ||
+		      *percent == '~' ||
+		      *percent == '%'))
+			return 0;
+	}
+	return 1;
+}
+
 char *
 colon(char *cp)
 {
@@ -1098,7 +1187,7 @@ int
 parse_uri(const char *scheme, const char *uri, char **userp, char **hostp,
     int *portp, char **pathp)
 {
-	char *uridup, *cp, *tmp, ch;
+	char *uridup, *cp, *tmp_host, *tmp, ch;
 	char *user = NULL, *host = NULL, *path = NULL;
 	int port = -1, ret = -1;
 	size_t len;
@@ -1141,9 +1230,18 @@ parse_uri(const char *scheme, const char *uri, char **userp, char **hostp,
 	/* Extract mandatory hostname */
 	if ((cp = hpdelim2(&tmp, &ch)) == NULL || *cp == '\0')
 		goto out;
-	host = xstrdup(cleanhostname(cp));
-	if (!valid_domain(host, 0, NULL))
-		goto out;
+	tmp_host = cleanhostname(cp);
+	if (strchr(tmp_host, ':') != NULL) {
+		if (!valid_ipv6(tmp_host))
+			goto out;
+		/* Must URL-decode the zone ID */
+		if ((host = urldecode(tmp_host)) == NULL)
+			goto out;
+	} else {
+		if (!valid_domain(tmp_host, 0, NULL))
+			goto out;
+		host = xstrdup(tmp_host);
+	}
 
 	if (tmp != NULL && *tmp != '\0') {
 		if (ch == ':') {

regress/connect-uri.sh

@@ -21,6 +21,99 @@ if [ $? -ne 0 ]; then
 	fail "ssh connection failed"
 fi
 
+verbose "$tid: IPv6 address"
+${SSH} -F $OBJ/ssh_config "ssh://${USER}@[::1]:${PORT}/" true
+if [ $? -ne 0 ]; then
+	fail "ssh connection failed"
+fi
+
+verbose "$tid: IPv6 address 2"
+${SSH} -F $OBJ/ssh_config "ssh://${USER}@[::a:a:a:a:a:a]:${PORT}/" true
+if [ $? -ne 0 ]; then
+	fail "ssh connection failed"
+fi
+
+verbose "$tid: IPv6 address "
+${SSH} -F $OBJ/ssh_config "ssh://${USER}@[::a:a:a:a:a:a]:${PORT}/" true
+if [ $? -ne 0 ]; then
+	fail "ssh connection failed"
+fi
+
+verbose "$tid: IPv6 address with good zone ID"
+${SSH} -F $OBJ/ssh_config "ssh://${USER}@[::1%25abc]:${PORT}/" true
+if [ $? -ne 0 ]; then
+	fail "ssh connection failed"
+fi
+
+verbose "$tid: IPv6 address with good encoded zone ID"
+${SSH} -F $OBJ/ssh_config "ssh://${USER}@[::1%25ab%25]:${PORT}/" true
+if [ $? -ne 0 ]; then
+	fail "ssh connection failed"
+fi
+
+verbose "$tid: IPv6 address bad zone ID"
+${SSH} -F $OBJ/ssh_config "ssh://${USER}@[::1%2]:${PORT}/" true \
+    > /dev/null 2>&1
+if [ $? -eq 0 ]; then
+	fail "ssh connection succeeded, expected failure"
+fi
+
+verbose "$tid: IPv6 address bad zone ID: non-unreserved character"
+${SSH} -F $OBJ/ssh_config "ssh://${USER}@[::1%25/]:${PORT}/" true \
+    > /dev/null 2>&1
+if [ $? -eq 0 ]; then
+	fail "ssh connection succeeded, expected failure"
+fi
+
+verbose "$tid: IPv6 address bad zone ID: bad % encoding"
+${SSH} -F $OBJ/ssh_config "ssh://${USER}@[::1%25a%2]:${PORT}/" true \
+    > /dev/null 2>&1
+if [ $? -eq 0 ]; then
+	fail "ssh connection succeeded, expected failure"
+fi
+
+verbose "$tid: IPv6 address bad zone ID: NUL byte"
+${SSH} -F $OBJ/ssh_config "ssh://${USER}@[::1%25a%00]:${PORT}/" true \
+    > /dev/null 2>&1
+if [ $? -eq 0 ]; then
+	fail "ssh connection succeeded, expected failure"
+fi
+
+verbose "$tid: IPv6 address too many hex digits"
+${SSH} -F $OBJ/ssh_config "ssh://${USER}@[::aaaaa]:${PORT}/" true \
+    > /dev/null 2>&1
+if [ $? -eq 0 ]; then
+	fail "ssh connection succeeded, expected failure"
+fi
+
+verbose "$tid: IPv6 address single leading colon"
+${SSH} -F $OBJ/ssh_config "ssh://${USER}@[:0:0:0:0:0:0:0]:${PORT}/" true \
+    > /dev/null 2>&1
+if [ $? -eq 0 ]; then
+	fail "ssh connection succeeded, expected failure"
+fi
+
+verbose "$tid: IPv6 address single trailing colon"
+${SSH} -F $OBJ/ssh_config "ssh://${USER}@[0:0:0:0:0:0:0:]:${PORT}/" true \
+    > /dev/null 2>&1
+if [ $? -eq 0 ]; then
+	fail "ssh connection succeeded, expected failure"
+fi
+
+verbose "$tid: IPv6 address too many components"
+${SSH} -F $OBJ/ssh_config "ssh://${USER}@[0:0:0:0:0:0:0:0:0]:${PORT}/" true \
+    > /dev/null 2>&1
+if [ $? -eq 0 ]; then
+	fail "ssh connection succeeded, expected failure"
+fi
+
+verbose "$tid: IPv6 address leading and trailing double colon"
+${SSH} -F $OBJ/ssh_config "ssh://${USER}@[::0::]:${PORT}/" true \
+    > /dev/null 2>&1
+if [ $? -eq 0 ]; then
+	fail "ssh connection succeeded, expected failure"
+fi
+
 verbose "$tid: with path name"
 ${SSH} -F $OBJ/ssh_config "ssh://${USER}@somehost:${PORT}/${DATA}" true \
     > /dev/null 2>&1