d4708/opentracker
1
0
Fork 0
mirror of git://erdgeist.org/opentracker synced 2025-02-05 03:26:25 +00:00
Code Issues Projects Releases Wiki Activity

Prevent proxied ips of the wrong flavour to poison our clients

Browse Source
This commit is contained in:
Dirk Engling 2024-03-31 13:36:26 +02:00
parent 5b98dcf3a3
commit aca3ee0ac8
1 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
ot_http.c
View File

@ -420,9 +420,17 @@ static ssize_t http_handle_announce( const int64 sock, struct ot_workstruct *ws,
if( accesslist_is_blessed( cookie->ip, OT_PERMISSION_MAY_PROXY ) ) { if( accesslist_is_blessed( cookie->ip, OT_PERMISSION_MAY_PROXY ) ) {
ot_ip6 proxied_ip; ot_ip6 proxied_ip;
char *fwd = http_header( ws->request, ws->header_size, "x-forwarded-for" ); char *fwd = http_header( ws->request, ws->header_size, "x-forwarded-for" );
if( fwd && scan_ip6( fwd, proxied_ip ) ) if( fwd && scan_ip6( fwd, proxied_ip ) ) {
/* If proxy reports an ipv6 address but we can only handle v4 (or vice versa), bail out */
#ifndef WANT_V6
if( !ip6_isv4mapped(proxied_ip) )
#else
if( ip6_isv4mapped(proxied_ip) )
#endif
HTTPERROR_400_PARAM;
OT_SETIP( &ws->peer, proxied_ip ); OT_SETIP( &ws->peer, proxied_ip );
else } else
OT_SETIP( &ws->peer, cookie->ip ); OT_SETIP( &ws->peer, cookie->ip );
} else } else
#endif #endif