Prevent proxied ips of the wrong flavour to poison our clients

master
Dirk Engling 8 months ago
parent 5b98dcf3a3
commit aca3ee0ac8

@ -420,9 +420,17 @@ static ssize_t http_handle_announce( const int64 sock, struct ot_workstruct *ws,
if( accesslist_is_blessed( cookie->ip, OT_PERMISSION_MAY_PROXY ) ) { if( accesslist_is_blessed( cookie->ip, OT_PERMISSION_MAY_PROXY ) ) {
ot_ip6 proxied_ip; ot_ip6 proxied_ip;
char *fwd = http_header( ws->request, ws->header_size, "x-forwarded-for" ); char *fwd = http_header( ws->request, ws->header_size, "x-forwarded-for" );
if( fwd && scan_ip6( fwd, proxied_ip ) ) if( fwd && scan_ip6( fwd, proxied_ip ) ) {
/* If proxy reports an ipv6 address but we can only handle v4 (or vice versa), bail out */
#ifndef WANT_V6
if( !ip6_isv4mapped(proxied_ip) )
#else
if( ip6_isv4mapped(proxied_ip) )
#endif
HTTPERROR_400_PARAM;
OT_SETIP( &ws->peer, proxied_ip ); OT_SETIP( &ws->peer, proxied_ip );
else } else
OT_SETIP( &ws->peer, cookie->ip ); OT_SETIP( &ws->peer, cookie->ip );
} else } else
#endif #endif

Loading…
Cancel
Save