This is an automated email from the ASF dual-hosted git repository. zwoop pushed a commit to branch 7.1.x in repository https://gitbox.apache.org/repos/asf/trafficserver.git
commit c09fbcb5fa0343382c677ed3f2761fb79c1b1adc Author: Derek Dagit <[email protected]> AuthorDate: Mon Mar 26 17:33:28 2018 +0000 prevents connecting to INADDR_ANY hosts (cherry picked from commit 582a6731f9701acdc2739ee60676180227050d51) omits test due to missing uDNS test dependency. changes two function calls to use older versions --- proxy/http/HttpTransact.cc | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/proxy/http/HttpTransact.cc b/proxy/http/HttpTransact.cc index b91c06d..eaadead 100644 --- a/proxy/http/HttpTransact.cc +++ b/proxy/http/HttpTransact.cc @@ -1678,6 +1678,14 @@ HttpTransact::OSDNSLookup(State *s) DebugTxn("http_trans", "[HttpTransact::OSDNSLookup] This was attempt %d", s->dns_info.attempts); ++s->dns_info.attempts; + // It's never valid to connect *to* INADDR_ANY, so let's reject the request now. + if (ats_is_ip_any(s->host_db_info.ip())) { + DebugTxn("http_trans", "[OSDNSLookup] Invalid request IP: INADDR_ANY"); + build_error_response(s, HTTP_STATUS_BAD_REQUEST, "Bad Destination Address", "request#syntax_error", nullptr); + SET_VIA_STRING(VIA_DETAIL_TUNNEL, VIA_DETAIL_TUNNEL_NO_FORWARD); + TRANSACT_RETURN(SM_ACTION_SEND_ERROR_CACHE_NOOP, nullptr); + } + // detect whether we are about to self loop. the client may have // specified the proxy as the origin server (badness). // Check if this procedure is already done - YTS Team, yamsat -- To stop receiving notification emails like this one, please contact [email protected].
