diff options
| author | Eugene Ostroukhov <eostroukhov@google.com> | 2018-03-26 11:55:35 -0700 |
|---|---|---|
| committer | Myles Borins <mylesborins@google.com> | 2018-03-28 12:24:48 -0400 |
| commit | bc690e9ef52bebc34cad7ddb40e74472bcb272ca (patch) | |
| tree | 5341f22864aec1d6095a51cee5d9b7eebe6dc350 /src/inspector_socket.cc | |
| parent | bb0aabf3a5a2c37175aeb76e3aad9e0d0ecba4a1 (diff) | |
| download | android-node-v8-bc690e9ef52bebc34cad7ddb40e74472bcb272ca.tar.gz android-node-v8-bc690e9ef52bebc34cad7ddb40e74472bcb272ca.tar.bz2 android-node-v8-bc690e9ef52bebc34cad7ddb40e74472bcb272ca.zip | |
inspector: do not allow host names
PR-URL: https://github.com/nodejs-private/node-private/pull/102/
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com>
Diffstat (limited to 'src/inspector_socket.cc')
| -rw-r--r-- | src/inspector_socket.cc | 35 |
1 files changed, 3 insertions, 32 deletions
diff --git a/src/inspector_socket.cc b/src/inspector_socket.cc index 191ed5b0e5..b3a810d99c 100644 --- a/src/inspector_socket.cc +++ b/src/inspector_socket.cc @@ -141,8 +141,6 @@ static void remove_from_beginning(std::vector<char>* buffer, size_t count) { buffer->erase(buffer->begin(), buffer->begin() + count); } -// Cleanup - static const char CLOSE_FRAME[] = {'\x88', '\x00'}; enum ws_decode_result { @@ -160,15 +158,6 @@ static void generate_accept_string(const std::string& client_key, node::base64_encode(hash, sizeof(hash), *buffer, sizeof(*buffer)); } -static bool IsOneOf(const std::string& host, - const std::vector<std::string>& hosts) { - for (const std::string& candidate : hosts) { - if (node::StringEqualNoCase(host.data(), candidate.data())) - return true; - } - return false; -} - static std::string TrimPort(const std::string& host) { size_t last_colon_pos = host.rfind(":"); if (last_colon_pos == std::string::npos) @@ -192,16 +181,6 @@ static bool IsIPAddress(const std::string& host) { return quads == 3; } -// This is a value coming from the interface, it can only be IPv4 or IPv6 -// address string. -static bool IsIPv4Localhost(const std::string& host) { - std::string v6_tunnel_prefix = "::ffff:"; - if (host.substr(0, v6_tunnel_prefix.length()) == v6_tunnel_prefix) - return IsIPv4Localhost(host.substr(v6_tunnel_prefix.length())); - std::string localhost_net = "127."; - return host.substr(0, localhost_net.length()) == localhost_net; -} - // Constants for hybi-10 frame format. typedef int OpCode; @@ -600,17 +579,9 @@ class HttpHandler : public ProtocolHandler { bool IsAllowedHost(const std::string& host_with_port) const { std::string host = TrimPort(host_with_port); - if (host.empty()) - return false; - if (IsIPAddress(host)) - return true; - std::string socket_host = GetHost(); - if (IsIPv4Localhost(socket_host)) { - return IsOneOf(host, { "localhost" }); - } else if (socket_host == "::1") { - return IsOneOf(host, { "localhost", "localhost6" }); - } - return true; + return host.empty() || IsIPAddress(host) + || node::StringEqualNoCase(host.data(), "localhost") + || node::StringEqualNoCase(host.data(), "localhost6"); } bool parsing_value_; |