tpws: block connections to 127.0.0.0/8

2024-11-26 20:20:53 +03:00 · 2021-03-19 10:55:20 +03:00 · 2021-03-19 10:55:20 +03:00 · 94405e89c3
commit 94405e89c3
parent 638a27c181
11 changed files with 10 additions and 2 deletions
--- a/binaries/aarch64/tpws
+++ b/binaries/aarch64/tpws
--- a/binaries/arm/tpws
+++ b/binaries/arm/tpws
--- a/binaries/mips32r1-lsb/tpws
+++ b/binaries/mips32r1-lsb/tpws
--- a/binaries/mips32r1-msb/tpws
+++ b/binaries/mips32r1-msb/tpws
--- a/binaries/mips64r2-msb/tpws
+++ b/binaries/mips64r2-msb/tpws
--- a/binaries/ppc/tpws
+++ b/binaries/ppc/tpws
--- a/binaries/x86/tpws
+++ b/binaries/x86/tpws
--- a/binaries/x86_64/tpws
+++ b/binaries/x86_64/tpws
--- a/binaries/x86_64/tpws_wsl.tgz
+++ b/binaries/x86_64/tpws_wsl.tgz
--- a/tpws/helpers.c
+++ b/tpws/helpers.c
@ -75,7 +75,10 @@ void print_sockaddr(const struct sockaddr *sa)
 bool check_local_ip(const struct sockaddr *saddr)
 {
 	struct ifaddrs *addrs,*a;
-    
+
+	if (saddr->sa_family==AF_INET && is_localnet((struct sockaddr_in *)saddr))
+		return true;
+
 	if (getifaddrs(&addrs)<0) return false;
 	a  = addrs;

@ -150,7 +153,11 @@ bool saconvmapped(struct sockaddr_storage *a)
 	return false;
 }

-bool is_linklocal(const struct sockaddr_in6* a)
+bool is_localnet(const struct sockaddr_in *a)
+{
+	return (htonl(a->sin_addr.s_addr)>>24)==127;
+}
+bool is_linklocal(const struct sockaddr_in6 *a)
 {
 	// fe80::/10
 	return a->sin6_addr.s6_addr[0]==0xFE && (a->sin6_addr.s6_addr[1] & 0xC0)==0x80;
--- a/tpws/helpers.h
+++ b/tpws/helpers.h
@ -21,6 +21,7 @@ uint16_t saport(const struct sockaddr *sa);
 // true = was converted
 bool saconvmapped(struct sockaddr_storage *a);

+bool is_localnet(const struct sockaddr_in *a);
 bool is_linklocal(const struct sockaddr_in6* a);
 bool is_private6(const struct sockaddr_in6* a);