[vlc-devel] [vlc-commits] http: block special ports
Thomas Guillem
thomas at gllm.fr
Fri Aug 16 12:08:22 CEST 2019
Hello,
On Tue, Aug 13, 2019, at 18:53, Rémi Denis-Courmont wrote:
> vlc | branch: master | Rémi Denis-Courmont <remi at remlab.net> | Tue Aug
> 13 19:45:14 2019 +0300| [2b00ed2e226133ce5521ce6e5cafcf4546fa4bd2] |
> committer: Rémi Denis-Courmont
>
> http: block special ports
>
> This follows the defacto standard list of blocked ports for web
> browsing (see also "Mozilla Port Blocking").
>
> > http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=2b00ed2e226133ce5521ce6e5cafcf4546fa4bd2
> ---
>
> modules/access/http/Makefile.am | 1 +
> modules/access/http/connmgr.c | 3 ++
> modules/access/http/ports.c | 113 ++++++++++++++++++++++++++++++++++++++++
> modules/access/http/transport.h | 2 +
> 4 files changed, 119 insertions(+)
>
> diff --git a/modules/access/http/Makefile.am
> b/modules/access/http/Makefile.am
> index eea267f6e8..8054457b6c 100644
> --- a/modules/access/http/Makefile.am
> +++ b/modules/access/http/Makefile.am
> @@ -12,6 +12,7 @@ libvlc_http_la_SOURCES = \
> access/http/h2frame.c access/http/h2frame.h \
> access/http/h2output.c access/http/h2output.h \
> access/http/h2conn.c access/http/h1conn.c \
> + access/http/ports.c \
> access/http/chunked.c access/http/tunnel.c access/http/conn.h \
> access/http/connmgr.c access/http/connmgr.h
> libvlc_http_la_CPPFLAGS = -Dneedsomethinghere
> diff --git a/modules/access/http/connmgr.c
> b/modules/access/http/connmgr.c
> index 43326b5252..f0f7616e40 100644
> --- a/modules/access/http/connmgr.c
> +++ b/modules/access/http/connmgr.c
> @@ -260,6 +260,9 @@ struct vlc_http_msg *vlc_http_mgr_request(struct
> vlc_http_mgr *mgr, bool https,
> const char *host, unsigned
> port,
> const struct vlc_http_msg *m)
> {
> + if (port && vlc_http_port_blocked(port))
> + return NULL;
> +
> return (https ? vlc_https_request : vlc_http_request)(mgr, host,
> port, m);
> }
>
> diff --git a/modules/access/http/ports.c b/modules/access/http/ports.c
> new file mode 100644
> index 0000000000..66ac89b621
> --- /dev/null
> +++ b/modules/access/http/ports.c
> @@ -0,0 +1,113 @@
> +/*****************************************************************************
> + * ports.c: special ports block list
> + *****************************************************************************
> + * Copyright © 2019 Rémi Denis-Courmont
> + *
> + * This program is free software; you can redistribute it and/or modify it
> + * under the terms of the GNU Lesser General Public License as published by
> + * the Free Software Foundation; either version 2.1 of the License, or
> + * (at your option) any later version.
> + *
> + * This program is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> + * GNU Lesser General Public License for more details.
> + *
> + * You should have received a copy of the GNU Lesser General Public License
> + * along with this program; if not, write to the Free Software Foundation,
> + * Inc., 51 Franklin Street, Fifth Floor, Boston MA 02110-1301, USA.
> + *****************************************************************************/
> +
> +#ifdef HAVE_CONFIG_H
> +# include <config.h>
> +#endif
> +
> +#include <stdbool.h>
> +#include <stdlib.h>
> +#include "transport.h"
> +#include <vlc_common.h>
> +
> +/* Must be in ascending order */
> +static const unsigned short blocked_ports[] = {
> + 1, // tcpmux
> + 7, // echo
> + 9, // discard
> + 11, // systat
> + 13, // daytime
> + 15, // netstat
> + 17, // QOTD
> + 19, // character generator
> + 20, // FTP data
> + 21, // FTP access
> + 22, // SSH
> + 23, // Telnet
> + 25, // SMTP
> + 37, // time
> + 42, // name
> + 43, // nicname
> + 53, // DNS
> + 77, // priv-rjs
> + 79, // finger
> + 87, // ttylink
> + 95, // supdup
> + 101, // hostriame
> + 102, // iso-tsap
> + 103, // gppitnp
> + 104, // acr-nema
> + 109, // POP2
> + 110, // POP3
> + 111, // Sun RPC
> + 113, // auth
> + 115, // SFTP
> + 117, // UUCP path service
> + 119, // NNTP (i.e. Usenet)
> + 123, // NTP
> + 135, // DCE endpoint resolution
> + 139, // NetBIOS
> + 143, // IMAP2
> + 179, // BGP
> + 389, // LDAP
> + 465, // SMTP/TLS
> + 512, // remote exec
> + 513, // remote login
> + 514, // remote shell
> + 515, // printer
> + 526, // tempo
> + 530, // courier
> + 531, // chat
> + 532, // netnews
> + 540, // UUCP
> + 556, // remotefs
> + 563, // NNTP/TLS
> + 587, // Submission (i.e. first hop SMTP)
> + 601, // rsyslog
> + 636, // LDAP/TLS
> + 993, // LDAP/TLS
> + 995, // POP3/TLS
> + 2049, // NFS
> + 3659, // Apple SASL
> + 4045, // NFS RPC lockd
> + 6000, // X11
> + 6665, // IRC
> + 6666, // IRC
> + 6667, // IRC
> + 6668, // IRC
> + 6669, // IRC
cf. https://developer.mozilla.org/en-US/docs/Mozilla/Mozilla_Port_Blocking
3659, 6665-6669 are not blocked by mozilla. Why are you blocking it ?
Such commit could have been proposed on the mailing list first...
> +};
> +
> +static int portcmp(const void *key, const void *entry)
> +{
> + const unsigned *port = key;
> + const unsigned short *blocked_port = entry;
> +
> + return ((int)*port) - ((int)*blocked_port);
> +}
> +
> +bool vlc_http_port_blocked(unsigned port)
> +{
> + if (port > 0xffff)
> + return true;
> +
> + return bsearch(&port, blocked_ports, ARRAY_SIZE(blocked_ports),
> + sizeof (unsigned short), portcmp) != NULL;
> +}
> diff --git a/modules/access/http/transport.h b/modules/access/http/transport.h
> index 455f424931..3a7806c1ed 100644
> --- a/modules/access/http/transport.h
> +++ b/modules/access/http/transport.h
> @@ -34,4 +34,6 @@ struct vlc_tls *vlc_https_connect_proxy(void *ctx,
> struct vlc_tls_client *creds,
> const char *name, unsigned port,
> bool *restrict two, const char *proxy);
> +bool vlc_http_port_blocked(unsigned port);
> +
> #endif
>
> _______________________________________________
> vlc-commits mailing list
> vlc-commits at videolan.org
> https://mailman.videolan.org/listinfo/vlc-commits
>
More information about the vlc-devel
mailing list