Mirrors/servo
1
0
Fork 0
mirror of https://github.com/servo/servo.git synced 2025-08-04 13:10:20 +01:00
Code Issues Projects Releases Packages Wiki Activity

Fix #7855 Implement port blocking

Browse source 
For WebSocket connection algorithm
This commit is contained in:
vectorijk 2015-10-06 07:05:01 -07:00
parent ad94ef5a96
commit 4e21b9fa83
2 changed files with 69 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

69
components/script/dom/websocket.rs
View file

@ -9,6 +9,7 @@ use dom::bindings::codegen::Bindings::WebSocketBinding::{BinaryType, WebSocketMe
use dom::bindings::codegen::InheritTypes::EventCast; use dom::bindings::codegen::InheritTypes::EventCast;
use dom::bindings::codegen::InheritTypes::EventTargetCast; use dom::bindings::codegen::InheritTypes::EventTargetCast;
use dom::bindings::conversions::ToJSValConvertible; use dom::bindings::conversions::ToJSValConvertible;
use dom::bindings::error::Error::{InvalidAccess, Syntax, Security};
use dom::bindings::error::{Error, Fallible}; use dom::bindings::error::{Error, Fallible};
use dom::bindings::global::{GlobalField, GlobalRef}; use dom::bindings::global::{GlobalField, GlobalRef};
use dom::bindings::js::Root; use dom::bindings::js::Root;
@ -133,7 +134,75 @@ impl WebSocket {
let net_url = try!(parse_url(&replace_hosts(&resource_url)).map_err(|_| Error::Syntax)); let net_url = try!(parse_url(&replace_hosts(&resource_url)).map_err(|_| Error::Syntax));
// Step 2: Disallow https -> ws connections. // Step 2: Disallow https -> ws connections.
// Step 3: Potentially block access to some ports. // Step 3: Potentially block access to some ports.
// list of blacklist ports according to
// http://mxr.mozilla.org/mozilla-central/source/netwerk/base/nsIOService.cpp#87
let blocked_ports_list = [
1, // tcpmux
7, // echo
9, // discard
11, // systat
13, // daytime
15, // netstat
17, // qotd
19, // chargen
20, // ftp-data
21, // ftp-cntl
22, // ssh
23, // telnet
25, // smtp
37, // time
42, // name
43, // nicname
53, // domain
77, // priv-rjs
79, // finger
87, // ttylink
95, // supdup
101, // hostriame
102, // iso-tsap
103, // gppitnp
104, // acr-nema
109, // pop2
110, // pop3
111, // sunrpc
113, // auth
115, // sftp
117, // uucp-path
119, // nntp
123, // NTP
135, // loc-srv / epmap
139, // netbios
143, // imap2
179, // BGP
389, // ldap
465, // smtp+ssl
512, // print / exec
513, // login
514, // shell
515, // printer
526, // tempo
530, // courier
531, // Chat
532, // netnews
540, // uucp
556, // remotefs
563, // nntp+ssl
587, //
601, //
636, // ldap+ssl
993, // imap+ssl
995, // pop3+ssl
2049, // nfs
4045, // lockd
6000, // x11
];
let port: u16 = resource_url.port_or_default().unwrap();
if blocked_ports_list.iter().any(|p| *p == port) {
return Err(Security);
}
// Step 4. // Step 4.
let protocols: &[DOMString] = protocols let protocols: &[DOMString] = protocols

5
tests/wpt/metadata/websockets/Create-Secure-blocked-port.htm.ini
View file

@ -1,5 +0,0 @@
[Create-Secure-blocked-port.htm]
type: testharness
[W3C WebSocket API - Create Secure WebSocket - Pass a URL with a blocked port - SECURITY_ERR should be thrown]
expected: FAIL