net/ServerSocket.hpp | 20 +++++++++++-
test/httpwstest.cpp | 3 +
wsd/LOOLWSD.cpp | 80 ++++++++++++++++++++++++++++-----------------------
3 files changed, 64 insertions(+), 39 deletions(-)
New commits:
commit 41238c5d1a9fa3f26f66252736f7986e83c389a9
Author: Michael Meeks <michael.me...@collabora.com>
Date: Sun May 13 13:35:32 2018 +0100
Restrict convert-to to known hosts - not all insert / downloads.
Change-Id: Ief26c80bf7e9e96f3c5dce0d8739a825f6fac629
diff --git a/wsd/LOOLWSD.cpp b/wsd/LOOLWSD.cpp
index 9f4e56405..7004cf795 100644
--- a/wsd/LOOLWSD.cpp
+++ b/wsd/LOOLWSD.cpp
@@ -1728,6 +1728,33 @@ public:
StaticFileContentCache["discovery.xml"] = getDiscoveryXML();
}
+ /// Does this address feature in the allowed hosts list.
+ bool allowPostFrom(const std::string &address)
+ {
+ static bool init = false;
+ static Util::RegexListMatcher hosts;
+ if (!init)
+ {
+ const auto& app = Poco::Util::Application::instance();
+ // Parse the host allow settings.
+ for (size_t i = 0; ; ++i)
+ {
+ const std::string path = "post_allow.host[" +
std::to_string(i) + "]";
+ const auto host = app.config().getString(path, "");
+ if (!host.empty())
+ {
+ LOG_INF("Adding trusted POST_ALLOW host: [" << host <<
"].");
+ hosts.allow(host);
+ }
+ else if (!app.config().has(path))
+ {
+ break;
+ }
+ }
+ }
+ return hosts.match(address);
+ }
+
private:
/// Set the socket associated with this ResponseClient.
@@ -1805,42 +1832,8 @@ private:
if (!(request.find("Upgrade") != request.end() &&
Poco::icompare(request["Upgrade"], "websocket") == 0) &&
reqPathTokens.count() > 0 && reqPathTokens[0] == "lool")
{
- // allow/deny for POST
- const auto& app = Poco::Util::Application::instance();
- Util::RegexListMatcher hosts;
- // Parse the host allow settings.
- for (size_t i = 0; ; ++i)
- {
- const std::string path = "post_allow.host[" +
std::to_string(i) + "]";
- const auto host = app.config().getString(path, "");
- if (!host.empty())
- {
- LOG_INF("Adding trusted POST_ALLOW host: [" <<
host << "].");
- hosts.allow(host);
- }
- else if (!app.config().has(path))
- {
- break;
- }
- }
- if (!hosts.match(socket->clientAddress()))
- {
- LOG_ERR("client address DENY: " <<
socket->clientAddress().c_str());
-
- std::ostringstream oss;
- oss << "HTTP/1.1 403\r\n"
- << "Date: " <<
Poco::DateTimeFormatter::format(Poco::Timestamp(),
Poco::DateTimeFormat::HTTP_FORMAT) << "\r\n"
- << "User-Agent: " << HTTP_AGENT_STRING << "\r\n"
- << "Content-Length: 0\r\n"
- << "\r\n";
- socket->send(oss.str());
- socket->shutdown();
- }
- else
- {
- // All post requests have url prefix 'lool'.
- handlePostRequest(request, message, disposition);
- }
+ // All post requests have url prefix 'lool'.
+ handlePostRequest(request, message, disposition);
}
else if (reqPathTokens.count() > 2 && reqPathTokens[0] ==
"lool" && reqPathTokens[2] == "ws" &&
request.find("Upgrade") != request.end() &&
Poco::icompare(request["Upgrade"], "websocket") == 0)
@@ -2036,6 +2029,21 @@ private:
std::string format = (form.has("format") ? form.get("format") :
"");
+ if (!allowPostFrom(socket->clientAddress()))
+ {
+ LOG_ERR("client address DENY: " <<
socket->clientAddress().c_str());
+
+ std::ostringstream oss;
+ oss << "HTTP/1.1 403\r\n"
+ << "Date: " <<
Poco::DateTimeFormatter::format(Poco::Timestamp(),
Poco::DateTimeFormat::HTTP_FORMAT) << "\r\n"
+ << "User-Agent: " << HTTP_AGENT_STRING << "\r\n"
+ << "Content-Length: 0\r\n"
+ << "\r\n";
+ socket->send(oss.str());
+ socket->shutdown();
+ return;
+ }
+
// prefer what is in the URI
if (tokens.count() > 3)
format = tokens[3];
commit 98bb6f420b06ef4cc379481e549eca15fd17fa92
Author: Michael Meeks <michael.me...@collabora.com>
Date: Sun May 13 13:05:10 2018 +0100
Make slideshow unit test more verbose.
Change-Id: I8c9764d86962e93155421ce47f48689eb826533a
diff --git a/test/httpwstest.cpp b/test/httpwstest.cpp
index 45a424956..eb233f951 100644
--- a/test/httpwstest.cpp
+++ b/test/httpwstest.cpp
@@ -1279,11 +1279,12 @@ void HTTPWSTest::testSlideShow()
const std::string path = "/lool/" + encodedDoc + "/" + jail + "/" +
dir + "/" + name;
std::unique_ptr<Poco::Net::HTTPClientSession>
session(helpers::createSession(_uri));
Poco::Net::HTTPRequest requestSVG(Poco::Net::HTTPRequest::HTTP_GET,
path);
+ TST_LOG("Requesting SVG from " << path);
session->sendRequest(requestSVG);
Poco::Net::HTTPResponse responseSVG;
std::istream& rs = session->receiveResponse(responseSVG);
- CPPUNIT_ASSERT_EQUAL(Poco::Net::HTTPResponse::HTTP_OK,
responseSVG.getStatus());
+ CPPUNIT_ASSERT_EQUAL(Poco::Net::HTTPResponse::HTTP_OK /* 200 */,
responseSVG.getStatus());
CPPUNIT_ASSERT_EQUAL(std::string("image/svg+xml"),
responseSVG.getContentType());
TST_LOG("SVG file size: " << responseSVG.getContentLength());
commit adb3112820bd64e70919917203e9ca7ac16e7b99
Author: Michael Meeks <michael.me...@collabora.com>
Date: Sun May 13 12:32:05 2018 +0100
Use inet_ntop for ipv6 address names.
Change-Id: Ic52b69eb2dc86b6532a78d770531b2fac928fb28
diff --git a/net/ServerSocket.hpp b/net/ServerSocket.hpp
index abc018678..afd4b97f4 100644
--- a/net/ServerSocket.hpp
+++ b/net/ServerSocket.hpp
@@ -70,9 +70,25 @@ public:
// Create a socket object using the factory.
if (rc != -1)
{
- std::string ip = inet_ntoa(clientInfo.sin_addr);
+ char addrstr[INET6_ADDRSTRLEN];
+
+ const void *inAddr;
+ if (clientInfo.sin_family == AF_INET)
+ {
+ auto ipv4 = (struct sockaddr_in *)&clientInfo.sin_addr;
+ inAddr = &(ipv4->sin_addr);
+ }
+ else
+ {
+ auto ipv6 = (struct sockaddr_in6 *)&clientInfo.sin_addr;
+ inAddr = &(ipv6->sin6_addr);
+ }
+
+ inet_ntop(clientInfo.sin_family, inAddr, addrstr,
sizeof(addrstr));
std::shared_ptr<Socket> _socket = _sockFactory->create(rc);
- _socket->_clientAddress = ip;
+ _socket->_clientAddress = addrstr;
+ LOG_DBG("Accepted socket has family " << clientInfo.sin_family
<<
+ " address " << _socket->_clientAddress);
return _socket;
}
return std::shared_ptr<Socket>(nullptr);
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
