Fix #7855 Implement port blocking

For WebSocket connection algorithm
author: vectorijk <jiangkai@gmail.com> 2015-10-06 07:05:01 -0700
committer: vectorijk <jiangkai@gmail.com> 2015-10-06 07:31:33 -0700
commit: 4e21b9fa8344575d5ab69a24571ebf67b6af1b4f (patch)
tree: 180b959a30d847f2364e443d53f3763c1e969f51 /components/script/dom
parent: ad94ef5a96e954f1a660cdd3a2ff03e0787f690b (diff)
download: servo-4e21b9fa8344575d5ab69a24571ebf67b6af1b4f.tar.gz
servo-4e21b9fa8344575d5ab69a24571ebf67b6af1b4f.zip
1 files changed, 69 insertions, 0 deletions
diff --git a/components/script/dom/websocket.rs b/components/script/dom/websocket.rs
index 84e78bc8832..eacb72994c3 100644
--- a/components/script/dom/websocket.rs
+++ b/components/script/dom/websocket.rs
@@ -9,6 +9,7 @@ use dom::bindings::codegen::Bindings::WebSocketBinding::{BinaryType, WebSocketMe
 use dom::bindings::codegen::InheritTypes::EventCast;
 use dom::bindings::codegen::InheritTypes::EventTargetCast;
 use dom::bindings::conversions::ToJSValConvertible;
+use dom::bindings::error::Error::{InvalidAccess, Syntax, Security};
 use dom::bindings::error::{Error, Fallible};
 use dom::bindings::global::{GlobalField, GlobalRef};
 use dom::bindings::js::Root;
@@ -133,7 +134,75 @@ impl WebSocket {
         let net_url = try!(parse_url(&replace_hosts(&resource_url)).map_err(|_| Error::Syntax));
 
         // Step 2: Disallow https -> ws connections.
+
         // Step 3: Potentially block access to some ports.
+        // list of blacklist ports according to
+        // http://mxr.mozilla.org/mozilla-central/source/netwerk/base/nsIOService.cpp#87
+        let blocked_ports_list = [
+            1,    // tcpmux
+            7,    // echo
+            9,    // discard
+            11,   // systat
+            13,   // daytime
+            15,   // netstat
+            17,   // qotd
+            19,   // chargen
+            20,   // ftp-data
+            21,   // ftp-cntl
+            22,   // ssh
+            23,   // telnet
+            25,   // smtp
+            37,   // time
+            42,   // name
+            43,   // nicname
+            53,   // domain
+            77,   // priv-rjs
+            79,   // finger
+            87,   // ttylink
+            95,   // supdup
+            101,  // hostriame
+            102,  // iso-tsap
+            103,  // gppitnp
+            104,  // acr-nema
+            109,  // pop2
+            110,  // pop3
+            111,  // sunrpc
+            113,  // auth
+            115,  // sftp
+            117,  // uucp-path
+            119,  // nntp
+            123,  // NTP
+            135,  // loc-srv / epmap
+            139,  // netbios
+            143,  // imap2
+            179,  // BGP
+            389,  // ldap
+            465,  // smtp+ssl
+            512,  // print / exec
+            513,  // login
+            514,  // shell
+            515,  // printer
+            526,  // tempo
+            530,  // courier
+            531,  // Chat
+            532,  // netnews
+            540,  // uucp
+            556,  // remotefs
+            563,  // nntp+ssl
+            587,  //
+            601,  //
+            636,  // ldap+ssl
+            993,  // imap+ssl
+            995,  // pop3+ssl
+            2049, // nfs
+            4045, // lockd
+            6000, // x11
+        ];
+        let port: u16 = resource_url.port_or_default().unwrap();
+
+        if blocked_ports_list.iter().any(|p| *p == port) {
+            return Err(Security);
+        }
 
         // Step 4.
         let protocols: &[DOMString] = protocols
author	vectorijk <jiangkai@gmail.com>	2015-10-06 07:05:01 -0700
committer	vectorijk <jiangkai@gmail.com>	2015-10-06 07:31:33 -0700
commit	4e21b9fa8344575d5ab69a24571ebf67b6af1b4f (patch)
tree	180b959a30d847f2364e443d53f3763c1e969f51 /components/script/dom
parent	ad94ef5a96e954f1a660cdd3a2ff03e0787f690b (diff)
download	servo-4e21b9fa8344575d5ab69a24571ebf67b6af1b4f.tar.gz servo-4e21b9fa8344575d5ab69a24571ebf67b6af1b4f.zip