Backupppert/jellyfin
0
0
Fork 0
mirror of https://github.com/jellyfin/jellyfin.git synced 2024-07-08 23:00:51 +02:00
Code Issues Packages Projects Releases Wiki Activity

Replace CRLF injection mitigation by use of .NET ip parsing

Browse source
This commit is contained in:
VooDooS 2019-04-11 17:17:48 +02:00
parent 56d1050bac
commit bb807554e2
1 changed files with 11 additions and 84 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

95
Emby.Server.Implementations/SocketSharp/WebSocketSharpRequest.cs
View file

@ -53,91 +53,23 @@ namespace Emby.Server.Implementations.SocketSharp
return remoteIp;
}
var temp = CheckBadChars(GetHeader(HeaderNames.XForwardedFor).AsSpan());
if (temp.Length != 0)
IPAddress ip;
// "Real" remote ip might be in X-Forwarded-For of X-Real-Ip
// (if the server is behind a reverse proxy for example)
if (!IPAddress.TryParse(GetHeader(HeaderNames.XForwardedFor), out ip))
{
return remoteIp = temp.ToString();
if (!IPAddress.TryParse(GetHeader(HeaderNames.XRealIP), out ip))
{
ip = request.HttpContext.Connection.RemoteIpAddress;
}
}
temp = CheckBadChars(GetHeader(HeaderNames.XRealIP).AsSpan());
if (temp.Length != 0)
{
return remoteIp = NormalizeIp(temp.ToString()).ToString();
}
return remoteIp = NormalizeIp(request.HttpContext.Connection.RemoteIpAddress).ToString();
return remoteIp = NormalizeIp(ip).ToString();
}
}
private static readonly char[] HttpTrimCharacters = new char[] { (char)0x09, (char)0xA, (char)0xB, (char)0xC, (char)0xD, (char)0x20 };
// CheckBadChars - throws on invalid chars to be not found in header name/value
internal static ReadOnlySpan<char> CheckBadChars(ReadOnlySpan<char> name)
{
if (name.Length == 0)
{
return name;
}
// VALUE check
// Trim spaces from both ends
name = name.Trim(HttpTrimCharacters);
// First, check for correctly formed multi-line value
// Second, check for absence of CTL characters
int crlf = 0;
for (int i = 0; i < name.Length; ++i)
{
char c = (char)(0x000000ff & (uint)name[i]);
switch (crlf)
{
case 0:
if (c == '\r')
{
crlf = 1;
}
else if (c == '\n')
{
// Technically this is bad HTTP. But it would be a breaking change to throw here.
// Is there an exploit?
crlf = 2;
}
else if (c == 127 || (c < ' ' && c != '\t'))
{
throw new ArgumentException("net_WebHeaderInvalidControlChars", nameof(name));
}
break;
case 1:
if (c == '\n')
{
crlf = 2;
break;
}
throw new ArgumentException("net_WebHeaderInvalidCRLFChars", nameof(name));
case 2:
if (c == ' ' || c == '\t')
{
crlf = 0;
break;
}
throw new ArgumentException("net_WebHeaderInvalidCRLFChars", nameof(name));
}
}
if (crlf != 0)
{
throw new ArgumentException("net_WebHeaderInvalidCRLFChars", nameof(name));
}
return name;
}
private IPAddress NormalizeIp(IPAddress ip)
private static IPAddress NormalizeIp(IPAddress ip)
{
if (ip.IsIPv4MappedToIPv6)
{
@ -147,11 +79,6 @@ namespace Emby.Server.Implementations.SocketSharp
return ip;
}
private IPAddress NormalizeIp(string sip)
{
return NormalizeIp(IPAddress.Parse(sip));
}
public string[] AcceptTypes => request.Headers.GetCommaSeparatedValues(HeaderNames.Accept);
private Dictionary<string, object> items;