Auto merge of #7889 - vectorijk:port-blocking-7855, r=jdm

Fix #7855 Implement port blocking For WebSocket connection algorithm



<!-- Reviewable:start -->
[<img src="https://reviewable.io/review_button.png" height=40 alt="Review on Reviewable"/>](https://reviewable.io/reviews/servo/servo/7889)
<!-- Reviewable:end -->

components/script/dom/websocket.rs

@@ -62,6 +62,69 @@ enum MessageData {
     Binary(Vec<u8>),
 }
 
+// list of blacklist ports according to
+// http://mxr.mozilla.org/mozilla-central/source/netwerk/base/nsIOService.cpp#87
+const BLOCKED_PORTS_LIST: &'static [u16] = &[
+    1,    // tcpmux
+    7,    // echo
+    9,    // discard
+    11,   // systat
+    13,   // daytime
+    15,   // netstat
+    17,   // qotd
+    19,   // chargen
+    20,   // ftp-data
+    21,   // ftp-cntl
+    22,   // ssh
+    23,   // telnet
+    25,   // smtp
+    37,   // time
+    42,   // name
+    43,   // nicname
+    53,   // domain
+    77,   // priv-rjs
+    79,   // finger
+    87,   // ttylink
+    95,   // supdup
+    101,  // hostriame
+    102,  // iso-tsap
+    103,  // gppitnp
+    104,  // acr-nema
+    109,  // pop2
+    110,  // pop3
+    111,  // sunrpc
+    113,  // auth
+    115,  // sftp
+    117,  // uucp-path
+    119,  // nntp
+    123,  // NTP
+    135,  // loc-srv / epmap
+    139,  // netbios
+    143,  // imap2
+    179,  // BGP
+    389,  // ldap
+    465,  // smtp+ssl
+    512,  // print / exec
+    513,  // login
+    514,  // shell
+    515,  // printer
+    526,  // tempo
+    530,  // courier
+    531,  // Chat
+    532,  // netnews
+    540,  // uucp
+    556,  // remotefs
+    563,  // nntp+ssl
+    587,  //
+    601,  //
+    636,  // ldap+ssl
+    993,  // imap+ssl
+    995,  // pop3+ssl
+    2049, // nfs
+    4045, // lockd
+    6000, // x11
+];
+
 #[dom_struct]
 pub struct WebSocket {
     eventtarget: EventTarget,
@@ -133,7 +196,13 @@ impl WebSocket {
         let net_url = try!(parse_url(&replace_hosts(&resource_url)).map_err(|_| Error::Syntax));
 
         // Step 2: Disallow https -> ws connections.
+
         // Step 3: Potentially block access to some ports.
+        let port: u16 = resource_url.port_or_default().unwrap();
+
+        if BLOCKED_PORTS_LIST.iter().any(|&p| p == port) {
+            return Err(Error::Security);
+        }
 
         // Step 4.
         let protocols: &[DOMString] = protocols

tests/wpt/metadata/websockets/Create-Secure-blocked-port.htm.ini

@@ -1,5 +0,0 @@
-[Create-Secure-blocked-port.htm]
-  type: testharness
-  [W3C WebSocket API - Create Secure WebSocket - Pass a URL with a blocked port - SECURITY_ERR should be thrown]
-    expected: FAIL
-