1berry/nodejs
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

inspector: do not allow host names

Browse Source 
PR-URL: https://github.com/nodejs-private/node-private/pull/102/
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com>
This commit is contained in:
Eugene Ostroukhov 2018-03-26 11:55:35 -07:00 committed by Myles Borins
parent bb0aabf3a5
commit bc690e9ef5
No known key found for this signature in database
GPG Key ID: 933B01F40B5CA946
1 changed files with 3 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
src/inspector_socket.cc
View File

@ -141,8 +141,6 @@ static void remove_from_beginning(std::vector<char>* buffer, size_t count) {
buffer->erase(buffer->begin(), buffer->begin() + count);
}
// Cleanup
static const char CLOSE_FRAME[] = {'\x88', '\x00'};
enum ws_decode_result {
@ -160,15 +158,6 @@ static void generate_accept_string(const std::string& client_key,
node::base64_encode(hash, sizeof(hash), *buffer, sizeof(*buffer));
}
static bool IsOneOf(const std::string& host,
const std::vector<std::string>& hosts) {
for (const std::string& candidate : hosts) {
if (node::StringEqualNoCase(host.data(), candidate.data()))
return true;
}
return false;
}
static std::string TrimPort(const std::string& host) {
size_t last_colon_pos = host.rfind(":");
if (last_colon_pos == std::string::npos)
@ -192,16 +181,6 @@ static bool IsIPAddress(const std::string& host) {
return quads == 3;
}
// This is a value coming from the interface, it can only be IPv4 or IPv6
// address string.
static bool IsIPv4Localhost(const std::string& host) {
std::string v6_tunnel_prefix = "::ffff:";
if (host.substr(0, v6_tunnel_prefix.length()) == v6_tunnel_prefix)
return IsIPv4Localhost(host.substr(v6_tunnel_prefix.length()));
std::string localhost_net = "127.";
return host.substr(0, localhost_net.length()) == localhost_net;
}
// Constants for hybi-10 frame format.
typedef int OpCode;
@ -600,17 +579,9 @@ class HttpHandler : public ProtocolHandler {
bool IsAllowedHost(const std::string& host_with_port) const {
std::string host = TrimPort(host_with_port);
if (host.empty())
return false;
if (IsIPAddress(host))
return true;
std::string socket_host = GetHost();
if (IsIPv4Localhost(socket_host)) {
return IsOneOf(host, { "localhost" });
} else if (socket_host == "::1") {
return IsOneOf(host, { "localhost", "localhost6" });
}
return true;
return host.empty() || IsIPAddress(host)
|| node::StringEqualNoCase(host.data(), "localhost")
|| node::StringEqualNoCase(host.data(), "localhost6");
}
bool parsing_value_;