mirror of
https://github.com/servo/servo.git
synced 2025-08-07 06:25:32 +01:00
Auto merge of #7889 - vectorijk:port-blocking-7855, r=jdm
Fix #7855 Implement port blocking For WebSocket connection algorithm <!-- Reviewable:start --> [<img src="https://reviewable.io/review_button.png" height=40 alt="Review on Reviewable"/>](https://reviewable.io/reviews/servo/servo/7889) <!-- Reviewable:end -->
This commit is contained in:
bors-servo
commit
e4b02cc981
2 changed files with 69 additions and 5 deletions
|
|
@ -62,6 +62,69 @@ enum MessageData {
|
||||||
Binary(Vec<u8>),
|
Binary(Vec<u8>),
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// list of blacklist ports according to
|
||||||
|
// http://mxr.mozilla.org/mozilla-central/source/netwerk/base/nsIOService.cpp#87
|
||||||
|
const BLOCKED_PORTS_LIST: &'static [u16] = &[
|
||||||
|
1, // tcpmux
|
||||||
|
7, // echo
|
||||||
|
9, // discard
|
||||||
|
11, // systat
|
||||||
|
13, // daytime
|
||||||
|
15, // netstat
|
||||||
|
17, // qotd
|
||||||
|
19, // chargen
|
||||||
|
20, // ftp-data
|
||||||
|
21, // ftp-cntl
|
||||||
|
22, // ssh
|
||||||
|
23, // telnet
|
||||||
|
25, // smtp
|
||||||
|
37, // time
|
||||||
|
42, // name
|
||||||
|
43, // nicname
|
||||||
|
53, // domain
|
||||||
|
77, // priv-rjs
|
||||||
|
79, // finger
|
||||||
|
87, // ttylink
|
||||||
|
95, // supdup
|
||||||
|
101, // hostriame
|
||||||
|
102, // iso-tsap
|
||||||
|
103, // gppitnp
|
||||||
|
104, // acr-nema
|
||||||
|
109, // pop2
|
||||||
|
110, // pop3
|
||||||
|
111, // sunrpc
|
||||||
|
113, // auth
|
||||||
|
115, // sftp
|
||||||
|
117, // uucp-path
|
||||||
|
119, // nntp
|
||||||
|
123, // NTP
|
||||||
|
135, // loc-srv / epmap
|
||||||
|
139, // netbios
|
||||||
|
143, // imap2
|
||||||
|
179, // BGP
|
||||||
|
389, // ldap
|
||||||
|
465, // smtp+ssl
|
||||||
|
512, // print / exec
|
||||||
|
513, // login
|
||||||
|
514, // shell
|
||||||
|
515, // printer
|
||||||
|
526, // tempo
|
||||||
|
530, // courier
|
||||||
|
531, // Chat
|
||||||
|
532, // netnews
|
||||||
|
540, // uucp
|
||||||
|
556, // remotefs
|
||||||
|
563, // nntp+ssl
|
||||||
|
587, //
|
||||||
|
601, //
|
||||||
|
636, // ldap+ssl
|
||||||
|
993, // imap+ssl
|
||||||
|
995, // pop3+ssl
|
||||||
|
2049, // nfs
|
||||||
|
4045, // lockd
|
||||||
|
6000, // x11
|
||||||
|
];
|
||||||
|
|
||||||
#[dom_struct]
|
#[dom_struct]
|
||||||
pub struct WebSocket {
|
pub struct WebSocket {
|
||||||
eventtarget: EventTarget,
|
eventtarget: EventTarget,
|
||||||
|
|
@ -133,7 +196,13 @@ impl WebSocket {
|
||||||
let net_url = try!(parse_url(&replace_hosts(&resource_url)).map_err(|_| Error::Syntax));
|
let net_url = try!(parse_url(&replace_hosts(&resource_url)).map_err(|_| Error::Syntax));
|
||||||
|
|
||||||
// Step 2: Disallow https -> ws connections.
|
// Step 2: Disallow https -> ws connections.
|
||||||
|
|
||||||
// Step 3: Potentially block access to some ports.
|
// Step 3: Potentially block access to some ports.
|
||||||
|
let port: u16 = resource_url.port_or_default().unwrap();
|
||||||
|
|
||||||
|
if BLOCKED_PORTS_LIST.iter().any(|&p| p == port) {
|
||||||
|
return Err(Error::Security);
|
||||||
|
}
|
||||||
|
|
||||||
// Step 4.
|
// Step 4.
|
||||||
let protocols: &[DOMString] = protocols
|
let protocols: &[DOMString] = protocols
|
||||||
|
|
|
||||||
|
|
@ -1,5 +0,0 @@
|
||||||
[Create-Secure-blocked-port.htm]
|
|
||||||
type: testharness
|
|
||||||
[W3C WebSocket API - Create Secure WebSocket - Pass a URL with a blocked port - SECURITY_ERR should be thrown]
|
|
||||||
expected: FAIL
|
|
||||||
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue