| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/base/net_util.h" | 5 #include "net/base/net_util.h" |
| 6 | 6 |
| 7 #include <errno.h> | 7 #include <errno.h> |
| 8 #include <string.h> | 8 #include <string.h> |
| 9 | 9 |
| 10 #include <algorithm> | 10 #include <algorithm> |
| (...skipping 89 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 100 113, // auth | 100 113, // auth |
| 101 115, // sftp | 101 115, // sftp |
| 102 117, // uucp-path | 102 117, // uucp-path |
| 103 119, // nntp | 103 119, // nntp |
| 104 123, // NTP | 104 123, // NTP |
| 105 135, // loc-srv /epmap | 105 135, // loc-srv /epmap |
| 106 139, // netbios | 106 139, // netbios |
| 107 143, // imap2 | 107 143, // imap2 |
| 108 179, // BGP | 108 179, // BGP |
| 109 389, // ldap | 109 389, // ldap |
| 110 443, // https / wss |
| 110 465, // smtp+ssl | 111 465, // smtp+ssl |
| 111 512, // print / exec | 112 512, // print / exec |
| 112 513, // login | 113 513, // login |
| 113 514, // shell | 114 514, // shell |
| 114 515, // printer | 115 515, // printer |
| 115 526, // tempo | 116 526, // tempo |
| 116 530, // courier | 117 530, // courier |
| 117 531, // chat | 118 531, // chat |
| 118 532, // netnews | 119 532, // netnews |
| 119 540, // uucp | 120 540, // uucp |
| (...skipping 17 matching lines...) Expand all Loading... |
| 137 // third_party/WebKit/Source/platform/weborigin/KURL.cpp, | 138 // third_party/WebKit/Source/platform/weborigin/KURL.cpp, |
| 138 // KURL::port()) | 139 // KURL::port()) |
| 139 }; | 140 }; |
| 140 | 141 |
| 141 // FTP overrides the following restricted ports. | 142 // FTP overrides the following restricted ports. |
| 142 static const int kAllowedFtpPorts[] = { | 143 static const int kAllowedFtpPorts[] = { |
| 143 21, // ftp data | 144 21, // ftp data |
| 144 22, // ssh | 145 22, // ssh |
| 145 }; | 146 }; |
| 146 | 147 |
| 148 // HTTPS and WSS override the following restricted port. |
| 149 static const int kAllowedHttpsOrWssPorts[] = { |
| 150 443, // https / wss |
| 151 }; |
| 152 |
| 147 bool IPNumberPrefixCheck(const IPAddressNumber& ip_number, | 153 bool IPNumberPrefixCheck(const IPAddressNumber& ip_number, |
| 148 const unsigned char* ip_prefix, | 154 const unsigned char* ip_prefix, |
| 149 size_t prefix_length_in_bits) { | 155 size_t prefix_length_in_bits) { |
| 150 // Compare all the bytes that fall entirely within the prefix. | 156 // Compare all the bytes that fall entirely within the prefix. |
| 151 int num_entire_bytes_in_prefix = prefix_length_in_bits / 8; | 157 int num_entire_bytes_in_prefix = prefix_length_in_bits / 8; |
| 152 for (int i = 0; i < num_entire_bytes_in_prefix; ++i) { | 158 for (int i = 0; i < num_entire_bytes_in_prefix; ++i) { |
| 153 if (ip_number[i] != ip_prefix[i]) | 159 if (ip_number[i] != ip_prefix[i]) |
| 154 return false; | 160 return false; |
| 155 } | 161 } |
| 156 | 162 |
| (...skipping 156 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 313 int array_size = arraysize(kAllowedFtpPorts); | 319 int array_size = arraysize(kAllowedFtpPorts); |
| 314 for (int i = 0; i < array_size; i++) { | 320 for (int i = 0; i < array_size; i++) { |
| 315 if (kAllowedFtpPorts[i] == port) { | 321 if (kAllowedFtpPorts[i] == port) { |
| 316 return true; | 322 return true; |
| 317 } | 323 } |
| 318 } | 324 } |
| 319 // Port not explicitly allowed by FTP, so return the default restrictions. | 325 // Port not explicitly allowed by FTP, so return the default restrictions. |
| 320 return IsPortAllowedByDefault(port); | 326 return IsPortAllowedByDefault(port); |
| 321 } | 327 } |
| 322 | 328 |
| 329 bool IsPortAllowedByHttpsOrWss(int port) { |
| 330 int array_size = arraysize(kAllowedHttpsOrWssPorts); |
| 331 for (int i = 0; i < array_size; i++) { |
| 332 if (kAllowedHttpsOrWssPorts[i] == port) { |
| 333 return true; |
| 334 } |
| 335 } |
| 336 // Port not explicitly allowed by HTTPS or WSS, so return the default |
| 337 // restrictions. |
| 338 return IsPortAllowedByDefault(port); |
| 339 } |
| 340 |
| 323 bool IsPortAllowedByOverride(int port) { | 341 bool IsPortAllowedByOverride(int port) { |
| 324 if (g_explicitly_allowed_ports.Get().empty()) | 342 if (g_explicitly_allowed_ports.Get().empty()) |
| 325 return false; | 343 return false; |
| 326 | 344 |
| 327 return g_explicitly_allowed_ports.Get().count(port) > 0; | 345 return g_explicitly_allowed_ports.Get().count(port) > 0; |
| 328 } | 346 } |
| 329 | 347 |
| 330 int SetNonBlocking(int fd) { | 348 int SetNonBlocking(int fd) { |
| 331 #if defined(OS_WIN) | 349 #if defined(OS_WIN) |
| 332 unsigned long no_block = 1; | 350 unsigned long no_block = 1; |
| (...skipping 723 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1056 | 1074 |
| 1057 unsigned MaskPrefixLength(const IPAddressNumber& mask) { | 1075 unsigned MaskPrefixLength(const IPAddressNumber& mask) { |
| 1058 IPAddressNumber all_ones(mask.size(), 0xFF); | 1076 IPAddressNumber all_ones(mask.size(), 0xFF); |
| 1059 return CommonPrefixLength(mask, all_ones); | 1077 return CommonPrefixLength(mask, all_ones); |
| 1060 } | 1078 } |
| 1061 | 1079 |
| 1062 ScopedWifiOptions::~ScopedWifiOptions() { | 1080 ScopedWifiOptions::~ScopedWifiOptions() { |
| 1063 } | 1081 } |
| 1064 | 1082 |
| 1065 } // namespace net | 1083 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 770343003:
Block port 443 for all protocols other than HTTPS or WSS. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master