walkero
/
nghttp2
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

nghttpx: Fix bug that IPv6 address in Forwarded "for" is not quoted-string

This commit is contained in:
Tatsuhiro Tsujikawa 2016-02-01 23:29:17 +09:00
parent aa07fe7fa6
commit 5e9bcbec9a
3 changed files with 21 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
src/shrpx_client_handler.cc
View File

@ -377,7 +377,7 @@ int ClientHandler::upstream_http1_connhd_read() {
} }
ClientHandler::ClientHandler(Worker *worker, int fd, SSL *ssl, ClientHandler::ClientHandler(Worker *worker, int fd, SSL *ssl,
const char *ipaddr, const char *port, const char *ipaddr, const char *port, int family,
const FrontendAddr *faddr) const FrontendAddr *faddr)
: conn_(worker->get_loop(), fd, ssl, worker->get_mcpool(), : conn_(worker->get_loop(), fd, ssl, worker->get_mcpool(),
get_config()->conn.upstream.timeout.write, get_config()->conn.upstream.timeout.write,
@ -418,11 +418,19 @@ ClientHandler::ClientHandler(Worker *worker, int fd, SSL *ssl,
auto &fwdconf = get_config()->http.forwarded; auto &fwdconf = get_config()->http.forwarded;
if ((fwdconf.params & FORWARDED_FOR) && if (fwdconf.params & FORWARDED_FOR) {
fwdconf.for_node_type == FORWARDED_NODE_OBFUSCATED) { if (fwdconf.for_node_type == FORWARDED_NODE_OBFUSCATED) {
forwarded_for_obfuscated_ = "_"; forwarded_for_ = "_";
forwarded_for_obfuscated_ += util::random_alpha_digit( forwarded_for_ += util::random_alpha_digit(worker_->get_randgen(),
worker_->get_randgen(), SHRPX_OBFUSCATED_NODE_LENGTH); SHRPX_OBFUSCATED_NODE_LENGTH);
} else if (family == AF_INET6) {
forwarded_for_ = "[";
forwarded_for_ += ipaddr_;
forwarded_for_ += ']';
} else {
// family == AF_INET or family == AF_UNIX
forwarded_for_ = ipaddr_;
}
} }
} }
@ -1129,11 +1137,7 @@ StringRef ClientHandler::get_forwarded_by() {
} }
const std::string &ClientHandler::get_forwarded_for() const { const std::string &ClientHandler::get_forwarded_for() const {
if (get_config()->http.forwarded.for_node_type == FORWARDED_NODE_OBFUSCATED) { return forwarded_for_;
return forwarded_for_obfuscated_;
}
return ipaddr_;
} }
} // namespace shrpx } // namespace shrpx

8
src/shrpx_client_handler.h
View File

@ -53,7 +53,7 @@ struct WorkerStat;
class ClientHandler { class ClientHandler {
public: public:
ClientHandler(Worker *worker, int fd, SSL *ssl, const char *ipaddr, ClientHandler(Worker *worker, int fd, SSL *ssl, const char *ipaddr,
const char *port, const FrontendAddr *faddr); const char *port, int family, const FrontendAddr *faddr);
~ClientHandler(); ~ClientHandler();
int noop(); int noop();
@ -152,9 +152,9 @@ private:
std::string port_; std::string port_;
// The ALPN identifier negotiated for this connection. // The ALPN identifier negotiated for this connection.
std::string alpn_; std::string alpn_;
// The obfuscated version of client address used in "for" parameter // The client address used in "for" parameter of Forwarded header
// of Forwarded header field. // field.
std::string forwarded_for_obfuscated_; std::string forwarded_for_;
std::function<int(ClientHandler &)> read_, write_; std::function<int(ClientHandler &)> read_, write_;
std::function<int(ClientHandler &)> on_read_, on_write_; std::function<int(ClientHandler &)> on_read_, on_write_;
// Address of frontend listening socket // Address of frontend listening socket

3
src/shrpx_ssl.cc
View File

@ -783,7 +783,8 @@ ClientHandler *accept_connection(Worker *worker, int fd, sockaddr *addr,
} }
} }
return new ClientHandler(worker, fd, ssl, host, service, faddr); return new ClientHandler(worker, fd, ssl, host, service, addr->sa_family,
faddr);
} }
bool tls_hostname_match(const char *pattern, size_t plen, const char *hostname, bool tls_hostname_match(const char *pattern, size_t plen, const char *hostname,