mirror of
https://github.com/servo/servo.git
synced 2025-08-06 14:10:11 +01:00
Auto merge of #7889 - vectorijk:port-blocking-7855, r=jdm
Fix #7855 Implement port blocking For WebSocket connection algorithm <!-- Reviewable:start --> [<img src="https://reviewable.io/review_button.png" height=40 alt="Review on Reviewable"/>](https://reviewable.io/reviews/servo/servo/7889) <!-- Reviewable:end -->
This commit is contained in:
commit
e4b02cc981
2 changed files with 69 additions and 5 deletions
|
@ -62,6 +62,69 @@ enum MessageData {
|
|||
Binary(Vec<u8>),
|
||||
}
|
||||
|
||||
// list of blacklist ports according to
|
||||
// http://mxr.mozilla.org/mozilla-central/source/netwerk/base/nsIOService.cpp#87
|
||||
const BLOCKED_PORTS_LIST: &'static [u16] = &[
|
||||
1, // tcpmux
|
||||
7, // echo
|
||||
9, // discard
|
||||
11, // systat
|
||||
13, // daytime
|
||||
15, // netstat
|
||||
17, // qotd
|
||||
19, // chargen
|
||||
20, // ftp-data
|
||||
21, // ftp-cntl
|
||||
22, // ssh
|
||||
23, // telnet
|
||||
25, // smtp
|
||||
37, // time
|
||||
42, // name
|
||||
43, // nicname
|
||||
53, // domain
|
||||
77, // priv-rjs
|
||||
79, // finger
|
||||
87, // ttylink
|
||||
95, // supdup
|
||||
101, // hostriame
|
||||
102, // iso-tsap
|
||||
103, // gppitnp
|
||||
104, // acr-nema
|
||||
109, // pop2
|
||||
110, // pop3
|
||||
111, // sunrpc
|
||||
113, // auth
|
||||
115, // sftp
|
||||
117, // uucp-path
|
||||
119, // nntp
|
||||
123, // NTP
|
||||
135, // loc-srv / epmap
|
||||
139, // netbios
|
||||
143, // imap2
|
||||
179, // BGP
|
||||
389, // ldap
|
||||
465, // smtp+ssl
|
||||
512, // print / exec
|
||||
513, // login
|
||||
514, // shell
|
||||
515, // printer
|
||||
526, // tempo
|
||||
530, // courier
|
||||
531, // Chat
|
||||
532, // netnews
|
||||
540, // uucp
|
||||
556, // remotefs
|
||||
563, // nntp+ssl
|
||||
587, //
|
||||
601, //
|
||||
636, // ldap+ssl
|
||||
993, // imap+ssl
|
||||
995, // pop3+ssl
|
||||
2049, // nfs
|
||||
4045, // lockd
|
||||
6000, // x11
|
||||
];
|
||||
|
||||
#[dom_struct]
|
||||
pub struct WebSocket {
|
||||
eventtarget: EventTarget,
|
||||
|
@ -133,7 +196,13 @@ impl WebSocket {
|
|||
let net_url = try!(parse_url(&replace_hosts(&resource_url)).map_err(|_| Error::Syntax));
|
||||
|
||||
// Step 2: Disallow https -> ws connections.
|
||||
|
||||
// Step 3: Potentially block access to some ports.
|
||||
let port: u16 = resource_url.port_or_default().unwrap();
|
||||
|
||||
if BLOCKED_PORTS_LIST.iter().any(|&p| p == port) {
|
||||
return Err(Error::Security);
|
||||
}
|
||||
|
||||
// Step 4.
|
||||
let protocols: &[DOMString] = protocols
|
||||
|
|
|
@ -1,5 +0,0 @@
|
|||
[Create-Secure-blocked-port.htm]
|
||||
type: testharness
|
||||
[W3C WebSocket API - Create Secure WebSocket - Pass a URL with a blocked port - SECURITY_ERR should be thrown]
|
||||
expected: FAIL
|
||||
|
Loading…
Add table
Add a link
Reference in a new issue