| From 955064fc220b5739010a2e207a8561ea44f974d3 Mon Sep 17 00:00:00 2001 |
| From: Dusan Stevanovic <dule@wire.com> |
| Date: Thu, 11 Mar 2021 13:15:27 +0100 |
| Subject: [PATCH] turn: block whole loopback range, also block broadcast |
| |
| --- |
| modules/turn/turn.c | 20 ++++++++++++++++++-- |
| 1 file changed, 18 insertions(+), 2 deletions(-) |
| |
| --- a/modules/turn/turn.c |
| +++ b/modules/turn/turn.c |
| @@ -144,6 +144,22 @@ static bool request_handler(struct restu |
| return true; |
| } |
| |
| +static inline bool is_loopback(const struct sa *sa) |
| +{ |
| + return (ntohl(sa->u.in.sin_addr.s_addr) & 0xffffff00) == 0x7f000000; |
| +} |
| + |
| +static inline bool is_broadcast(const struct sa *sa) |
| +{ |
| + return ntohl(sa->u.in.sin_addr.s_addr) == 0xffffffff; |
| +} |
| + |
| +static inline bool is_blocked(const struct sa *sa) |
| +{ |
| + return is_loopback(sa) || is_broadcast(sa) |
| + || sa_is_any(sa) || sa_is_linklocal(sa); |
| + |
| +} |
| |
| static bool indication_handler(struct restund_msgctx *ctx, int proto, |
| void *sock, const struct sa *src, |
| @@ -181,7 +197,7 @@ static bool indication_handler(struct re |
| return true; |
| } |
| |
| - if (sa_is_loopback(psa) || sa_is_any(psa) || sa_is_linklocal(psa)) |
| + if (is_blocked(psa)) |
| err = EPERM; |
| else |
| err = udp_send(al->rel_us, psa, &data->v.data); |
| @@ -234,7 +250,7 @@ static bool raw_handler(int proto, const |
| |
| mb->end = mb->pos + len; |
| |
| - if (sa_is_loopback(psa) || sa_is_any(psa) || sa_is_linklocal(psa)) |
| + if (is_blocked(psa)) |
| err = EPERM; |
| else |
| err = udp_send(al->rel_us, psa, mb); |