Instantly deny IPs of the form 0.0.0.0:0 (#275)

* Instantly deny IPs of the form 0.0.0.0:0 * Also put the change in websockets
2025-06-30 18:21:33 +00:00 · 2018-07-02 10:51:10 +02:00
parent a7a06aa5ab
commit 76f13ab5e5
3 changed files with 23 additions and 9 deletions
--- a/tcp-transport/src/lib.rs
+++ b/tcp-transport/src/lib.rs
@ -93,8 +93,6 @@ impl Transport for TcpConfig {
    type MultiaddrFuture = FutureResult<Multiaddr, IoError>;
    type Dial = Box<Future<Item = (TcpStream, Self::MultiaddrFuture), Error = IoError>>;

-    /// Listen on the given multi-addr.
-    /// Returns the address back if it isn't supported.
    fn listen_on(self, addr: Multiaddr) -> Result<(Self::Listener, Multiaddr), (Self, Multiaddr)> {
        if let Ok(socket_addr) = multiaddr_to_socketaddr(&addr) {
            let listener = TcpListener::bind(&socket_addr, &self.event_loop);
@ -131,14 +129,18 @@ impl Transport for TcpConfig {
        }
    }

-    /// Dial to the given multi-addr.
-    /// Returns either a future which may resolve to a connection,
-    /// or gives back the multiaddress.
    fn dial(self, addr: Multiaddr) -> Result<Self::Dial, (Self, Multiaddr)> {
        if let Ok(socket_addr) = multiaddr_to_socketaddr(&addr) {
+            // As an optimization, we check that the address is not of the form `0.0.0.0`.
+            // If so, we instantly refuse dialing instead of going through the kernel.
+            if socket_addr.port() != 0 && !socket_addr.ip().is_unspecified() {
                debug!("Dialing {}", addr);
                let fut = TcpStream::connect(&socket_addr, &self.event_loop).map(|t| (t, future::ok(addr)));
                Ok(Box::new(fut) as Box<_>)
+            } else {
+                debug!("Instantly refusing dialing {}, as it is invalid", addr);
+                Err((self, addr))
+            }
        } else {
            Err((self, addr))
        }
--- a/websocket/src/browser.rs
+++ b/websocket/src/browser.rs
@ -333,15 +333,27 @@ fn multiaddr_to_target(addr: &Multiaddr) -> Result<String, ()> {

    match (&protocols[0], &protocols[1], &protocols[2]) {
        (&AddrComponent::IP4(ref ip), &AddrComponent::TCP(port), &AddrComponent::WS) => {
+            if ip.is_unspecified() || port == 0 {
+                return Err(());
+            }
            Ok(format!("ws://{}:{}/", ip, port))
        }
        (&AddrComponent::IP6(ref ip), &AddrComponent::TCP(port), &AddrComponent::WS) => {
+            if ip.is_unspecified() || port == 0 {
+                return Err(());
+            }
            Ok(format!("ws://[{}]:{}/", ip, port))
        }
        (&AddrComponent::IP4(ref ip), &AddrComponent::TCP(port), &AddrComponent::WSS) => {
+            if ip.is_unspecified() || port == 0 {
+                return Err(());
+            }
            Ok(format!("wss://{}:{}/", ip, port))
        }
        (&AddrComponent::IP6(ref ip), &AddrComponent::TCP(port), &AddrComponent::WSS) => {
+            if ip.is_unspecified() || port == 0 {
+                return Err(());
+            }
            Ok(format!("wss://[{}]:{}/", ip, port))
        }
        (&AddrComponent::DNS4(ref ns), &AddrComponent::TCP(port), &AddrComponent::WS) => {
--- a/websocket/src/desktop.rs
+++ b/websocket/src/desktop.rs
@ -301,7 +301,7 @@ mod tests {

        let (listener, addr) = ws_config
            .clone()
-            .listen_on("/ip4/0.0.0.0/tcp/0/ws".parse().unwrap())
+            .listen_on("/ip4/127.0.0.1/tcp/0/ws".parse().unwrap())
            .unwrap();
        assert!(addr.to_string().ends_with("/ws"));
        assert!(!addr.to_string().ends_with("/0/ws"));