OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/base/net_util.h" | 5 #include "net/base/net_util.h" |
6 | 6 |
7 #include <errno.h> | 7 #include <errno.h> |
8 #include <string.h> | 8 #include <string.h> |
9 | 9 |
10 #include <algorithm> | 10 #include <algorithm> |
(...skipping 89 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
100 113, // auth | 100 113, // auth |
101 115, // sftp | 101 115, // sftp |
102 117, // uucp-path | 102 117, // uucp-path |
103 119, // nntp | 103 119, // nntp |
104 123, // NTP | 104 123, // NTP |
105 135, // loc-srv /epmap | 105 135, // loc-srv /epmap |
106 139, // netbios | 106 139, // netbios |
107 143, // imap2 | 107 143, // imap2 |
108 179, // BGP | 108 179, // BGP |
109 389, // ldap | 109 389, // ldap |
110 443, // https / wss (see https://crbug.com/436451) | |
110 465, // smtp+ssl | 111 465, // smtp+ssl |
111 512, // print / exec | 112 512, // print / exec |
112 513, // login | 113 513, // login |
113 514, // shell | 114 514, // shell |
114 515, // printer | 115 515, // printer |
115 526, // tempo | 116 526, // tempo |
116 530, // courier | 117 530, // courier |
117 531, // chat | 118 531, // chat |
118 532, // netnews | 119 532, // netnews |
119 540, // uucp | 120 540, // uucp |
120 556, // remotefs | 121 556, // remotefs |
121 563, // nntp+ssl | 122 563, // nntp+ssl |
122 587, // stmp? | 123 587, // stmp? |
123 601, // ?? | 124 601, // ?? |
124 636, // ldap+ssl | 125 636, // ldap+ssl |
125 993, // ldap+ssl | 126 993, // ldap+ssl |
126 995, // pop3+ssl | 127 995, // pop3+ssl |
mmenke
2014/12/05 21:44:40
Per discussion on the bug, wonder if we should be
davidben
2014/12/05 21:48:07
That would probably break stuff. I know of at leas
mmenke
2014/12/05 21:54:29
We could have a "This link is in direct violation
| |
127 2049, // nfs | 128 2049, // nfs |
128 3659, // apple-sasl / PasswordServer | 129 3659, // apple-sasl / PasswordServer |
129 4045, // lockd | 130 4045, // lockd |
130 6000, // X11 | 131 6000, // X11 |
131 6665, // Alternate IRC [Apple addition] | 132 6665, // Alternate IRC [Apple addition] |
132 6666, // Alternate IRC [Apple addition] | 133 6666, // Alternate IRC [Apple addition] |
133 6667, // Standard IRC [Apple addition] | 134 6667, // Standard IRC [Apple addition] |
134 6668, // Alternate IRC [Apple addition] | 135 6668, // Alternate IRC [Apple addition] |
135 6669, // Alternate IRC [Apple addition] | 136 6669, // Alternate IRC [Apple addition] |
136 0xFFFF, // Used to block all invalid port numbers (see | 137 0xFFFF, // Used to block all invalid port numbers (see |
137 // third_party/WebKit/Source/platform/weborigin/KURL.cpp, | 138 // third_party/WebKit/Source/platform/weborigin/KURL.cpp, |
138 // KURL::port()) | 139 // KURL::port()) |
139 }; | 140 }; |
140 | 141 |
141 // FTP overrides the following restricted ports. | 142 // FTP overrides the following restricted ports. |
142 static const int kAllowedFtpPorts[] = { | 143 static const int kAllowedFtpPorts[] = { |
143 21, // ftp data | 144 21, // ftp data |
144 22, // ssh | 145 22, // ssh |
145 }; | 146 }; |
146 | 147 |
148 // HTTPS and WSS override the following restricted port. | |
149 static const int kAllowedHttpsOrWssPorts[] = { | |
150 443, // https / wss | |
151 }; | |
152 | |
147 bool IPNumberPrefixCheck(const IPAddressNumber& ip_number, | 153 bool IPNumberPrefixCheck(const IPAddressNumber& ip_number, |
148 const unsigned char* ip_prefix, | 154 const unsigned char* ip_prefix, |
149 size_t prefix_length_in_bits) { | 155 size_t prefix_length_in_bits) { |
150 // Compare all the bytes that fall entirely within the prefix. | 156 // Compare all the bytes that fall entirely within the prefix. |
151 int num_entire_bytes_in_prefix = prefix_length_in_bits / 8; | 157 int num_entire_bytes_in_prefix = prefix_length_in_bits / 8; |
152 for (int i = 0; i < num_entire_bytes_in_prefix; ++i) { | 158 for (int i = 0; i < num_entire_bytes_in_prefix; ++i) { |
153 if (ip_number[i] != ip_prefix[i]) | 159 if (ip_number[i] != ip_prefix[i]) |
154 return false; | 160 return false; |
155 } | 161 } |
156 | 162 |
(...skipping 156 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
313 int array_size = arraysize(kAllowedFtpPorts); | 319 int array_size = arraysize(kAllowedFtpPorts); |
314 for (int i = 0; i < array_size; i++) { | 320 for (int i = 0; i < array_size; i++) { |
315 if (kAllowedFtpPorts[i] == port) { | 321 if (kAllowedFtpPorts[i] == port) { |
316 return true; | 322 return true; |
317 } | 323 } |
318 } | 324 } |
319 // Port not explicitly allowed by FTP, so return the default restrictions. | 325 // Port not explicitly allowed by FTP, so return the default restrictions. |
320 return IsPortAllowedByDefault(port); | 326 return IsPortAllowedByDefault(port); |
321 } | 327 } |
322 | 328 |
329 bool IsPortAllowedByHttpsOrWss(int port) { | |
330 int array_size = arraysize(kAllowedHttpsOrWssPorts); | |
PhistucK
2014/12/05 09:02:30
Just a drive by -
Should this (and similar cases)
| |
331 for (int i = 0; i < array_size; i++) { | |
332 if (kAllowedHttpsOrWssPorts[i] == port) { | |
333 return true; | |
mmenke
2014/12/05 21:44:40
Indent here is wrong.
| |
334 } | |
335 } | |
336 // Port not explicitly allowed by HTTPS or WSS, so return the default | |
337 // restrictions. | |
338 return IsPortAllowedByDefault(port); | |
339 } | |
340 | |
341 bool IsEffectivePortAllowedByScheme(const GURL& url) { | |
342 int port = url.EffectiveIntPort(); | |
343 if (url.SchemeIs("ftp")) { | |
344 return IsPortAllowedByFtp(port); | |
345 } else if (url.SchemeIs("https") || url.SchemeIs("wss")) { | |
346 return IsPortAllowedByHttpsOrWss(port); | |
347 } else { | |
348 return IsPortAllowedByDefault(port); | |
349 } | |
350 } | |
351 | |
323 bool IsPortAllowedByOverride(int port) { | 352 bool IsPortAllowedByOverride(int port) { |
324 if (g_explicitly_allowed_ports.Get().empty()) | 353 if (g_explicitly_allowed_ports.Get().empty()) |
325 return false; | 354 return false; |
326 | 355 |
327 return g_explicitly_allowed_ports.Get().count(port) > 0; | 356 return g_explicitly_allowed_ports.Get().count(port) > 0; |
328 } | 357 } |
329 | 358 |
330 int SetNonBlocking(int fd) { | 359 int SetNonBlocking(int fd) { |
331 #if defined(OS_WIN) | 360 #if defined(OS_WIN) |
332 unsigned long no_block = 1; | 361 unsigned long no_block = 1; |
(...skipping 723 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1056 | 1085 |
1057 unsigned MaskPrefixLength(const IPAddressNumber& mask) { | 1086 unsigned MaskPrefixLength(const IPAddressNumber& mask) { |
1058 IPAddressNumber all_ones(mask.size(), 0xFF); | 1087 IPAddressNumber all_ones(mask.size(), 0xFF); |
1059 return CommonPrefixLength(mask, all_ones); | 1088 return CommonPrefixLength(mask, all_ones); |
1060 } | 1089 } |
1061 | 1090 |
1062 ScopedWifiOptions::~ScopedWifiOptions() { | 1091 ScopedWifiOptions::~ScopedWifiOptions() { |
1063 } | 1092 } |
1064 | 1093 |
1065 } // namespace net | 1094 } // namespace net |
OLD | NEW |