Instantly deny IPs of the form 0.0.0.0:0 (#275)

* Instantly deny IPs of the form 0.0.0.0:0

* Also put the change in websockets

tcp-transport/src/lib.rs

@@ -93,8 +93,6 @@ impl Transport for TcpConfig {
     type MultiaddrFuture = FutureResult<Multiaddr, IoError>;
     type Dial = Box<Future<Item = (TcpStream, Self::MultiaddrFuture), Error = IoError>>;
 
-    /// Listen on the given multi-addr.
-    /// Returns the address back if it isn't supported.
     fn listen_on(self, addr: Multiaddr) -> Result<(Self::Listener, Multiaddr), (Self, Multiaddr)> {
         if let Ok(socket_addr) = multiaddr_to_socketaddr(&addr) {
             let listener = TcpListener::bind(&socket_addr, &self.event_loop);
@@ -131,14 +129,18 @@ impl Transport for TcpConfig {
         }
     }
 
-    /// Dial to the given multi-addr.
-    /// Returns either a future which may resolve to a connection,
-    /// or gives back the multiaddress.
     fn dial(self, addr: Multiaddr) -> Result<Self::Dial, (Self, Multiaddr)> {
         if let Ok(socket_addr) = multiaddr_to_socketaddr(&addr) {
-            debug!("Dialing {}", addr);
+            // As an optimization, we check that the address is not of the form `0.0.0.0`.
-            let fut = TcpStream::connect(&socket_addr, &self.event_loop).map(|t| (t, future::ok(addr)));
+            // If so, we instantly refuse dialing instead of going through the kernel.
-            Ok(Box::new(fut) as Box<_>)
+            if socket_addr.port() != 0 && !socket_addr.ip().is_unspecified() {
+                debug!("Dialing {}", addr);
+                let fut = TcpStream::connect(&socket_addr, &self.event_loop).map(|t| (t, future::ok(addr)));
+                Ok(Box::new(fut) as Box<_>)
+            } else {
+                debug!("Instantly refusing dialing {}, as it is invalid", addr);
+                Err((self, addr))
+            }
         } else {
             Err((self, addr))
         }

websocket/src/browser.rs

@@ -333,15 +333,27 @@ fn multiaddr_to_target(addr: &Multiaddr) -> Result<String, ()> {
 
     match (&protocols[0], &protocols[1], &protocols[2]) {
         (&AddrComponent::IP4(ref ip), &AddrComponent::TCP(port), &AddrComponent::WS) => {
+            if ip.is_unspecified() || port == 0 {
+                return Err(());
+            }
             Ok(format!("ws://{}:{}/", ip, port))
         }
         (&AddrComponent::IP6(ref ip), &AddrComponent::TCP(port), &AddrComponent::WS) => {
+            if ip.is_unspecified() || port == 0 {
+                return Err(());
+            }
             Ok(format!("ws://[{}]:{}/", ip, port))
         }
         (&AddrComponent::IP4(ref ip), &AddrComponent::TCP(port), &AddrComponent::WSS) => {
+            if ip.is_unspecified() || port == 0 {
+                return Err(());
+            }
             Ok(format!("wss://{}:{}/", ip, port))
         }
         (&AddrComponent::IP6(ref ip), &AddrComponent::TCP(port), &AddrComponent::WSS) => {
+            if ip.is_unspecified() || port == 0 {
+                return Err(());
+            }
             Ok(format!("wss://[{}]:{}/", ip, port))
         }
         (&AddrComponent::DNS4(ref ns), &AddrComponent::TCP(port), &AddrComponent::WS) => {

websocket/src/desktop.rs

@@ -301,7 +301,7 @@ mod tests {
 
         let (listener, addr) = ws_config
             .clone()
-            .listen_on("/ip4/0.0.0.0/tcp/0/ws".parse().unwrap())
+            .listen_on("/ip4/127.0.0.1/tcp/0/ws".parse().unwrap())
             .unwrap();
         assert!(addr.to_string().ends_with("/ws"));
         assert!(!addr.to_string().ends_with("/0/ws"));