trafficserver-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From zw...@apache.org
Subject [trafficserver] 03/03: prevents connecting to INADDR_ANY hosts
Date Mon, 26 Mar 2018 20:59:47 GMT
This is an automated email from the ASF dual-hosted git repository.

zwoop pushed a commit to branch 7.1.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git

commit c09fbcb5fa0343382c677ed3f2761fb79c1b1adc
Author: Derek Dagit <derekd@oath.com>
AuthorDate: Mon Mar 26 17:33:28 2018 +0000

    prevents connecting to INADDR_ANY hosts
    
    (cherry picked from commit 582a6731f9701acdc2739ee60676180227050d51)
    
    omits test due to missing uDNS test dependency.
    changes two function calls to use older versions
---
 proxy/http/HttpTransact.cc | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/proxy/http/HttpTransact.cc b/proxy/http/HttpTransact.cc
index b91c06d..eaadead 100644
--- a/proxy/http/HttpTransact.cc
+++ b/proxy/http/HttpTransact.cc
@@ -1678,6 +1678,14 @@ HttpTransact::OSDNSLookup(State *s)
   DebugTxn("http_trans", "[HttpTransact::OSDNSLookup] This was attempt %d", s->dns_info.attempts);
   ++s->dns_info.attempts;
 
+  // It's never valid to connect *to* INADDR_ANY, so let's reject the request now.
+  if (ats_is_ip_any(s->host_db_info.ip())) {
+    DebugTxn("http_trans", "[OSDNSLookup] Invalid request IP: INADDR_ANY");
+    build_error_response(s, HTTP_STATUS_BAD_REQUEST, "Bad Destination Address", "request#syntax_error",
nullptr);
+    SET_VIA_STRING(VIA_DETAIL_TUNNEL, VIA_DETAIL_TUNNEL_NO_FORWARD);
+    TRANSACT_RETURN(SM_ACTION_SEND_ERROR_CACHE_NOOP, nullptr);
+  }
+
   // detect whether we are about to self loop. the client may have
   // specified the proxy as the origin server (badness).
   // Check if this procedure is already done - YTS Team, yamsat

-- 
To stop receiving notification emails like this one, please contact
zwoop@apache.org.

Mime
View raw message