Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(544)

Unified Diff: net/base/net_util.cc

Issue 770343003: Block port 443 for all protocols other than HTTPS or WSS. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Add link to issue in comment next to port 443 on the (default) blocked list. Created 6 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/base/net_util.h ('k') | net/http/http_stream_factory_impl_job.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/base/net_util.cc
diff --git a/net/base/net_util.cc b/net/base/net_util.cc
index 3b49dffb5c20d889003a09755276ddaa8e41542d..6f280683720268fe3d60bfc8feb4e753c537b35b 100644
--- a/net/base/net_util.cc
+++ b/net/base/net_util.cc
@@ -107,6 +107,7 @@ static const int kRestrictedPorts[] = {
143, // imap2
179, // BGP
389, // ldap
+ 443, // https / wss (see https://crbug.com/436451)
465, // smtp+ssl
512, // print / exec
513, // login
@@ -144,6 +145,11 @@ static const int kAllowedFtpPorts[] = {
22, // ssh
};
+// HTTPS and WSS override the following restricted port.
+static const int kAllowedHttpsOrWssPorts[] = {
+ 443, // https / wss
+};
+
bool IPNumberPrefixCheck(const IPAddressNumber& ip_number,
const unsigned char* ip_prefix,
size_t prefix_length_in_bits) {
@@ -320,6 +326,29 @@ bool IsPortAllowedByFtp(int port) {
return IsPortAllowedByDefault(port);
}
+bool IsPortAllowedByHttpsOrWss(int port) {
+ int array_size = arraysize(kAllowedHttpsOrWssPorts);
PhistucK 2014/12/05 09:02:30 Just a drive by - Should this (and similar cases)
+ for (int i = 0; i < array_size; i++) {
+ if (kAllowedHttpsOrWssPorts[i] == port) {
+ return true;
mmenke 2014/12/05 21:44:40 Indent here is wrong.
+ }
+ }
+ // Port not explicitly allowed by HTTPS or WSS, so return the default
+ // restrictions.
+ return IsPortAllowedByDefault(port);
+}
+
+bool IsEffectivePortAllowedByScheme(const GURL& url) {
+ int port = url.EffectiveIntPort();
+ if (url.SchemeIs("ftp")) {
+ return IsPortAllowedByFtp(port);
+ } else if (url.SchemeIs("https") || url.SchemeIs("wss")) {
+ return IsPortAllowedByHttpsOrWss(port);
+ } else {
+ return IsPortAllowedByDefault(port);
+ }
+}
+
bool IsPortAllowedByOverride(int port) {
if (g_explicitly_allowed_ports.Get().empty())
return false;
« no previous file with comments | « net/base/net_util.h ('k') | net/http/http_stream_factory_impl_job.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698