[vlc-devel] [vlc-commits] http: block special ports
Rémi Denis-Courmont
remi at remlab.net
Fri Aug 16 12:20:12 CEST 2019
They're blocked by Chromium and Safari AFAIK.
Le 16 août 2019 13:08:22 GMT+03:00, Thomas Guillem <thomas at gllm.fr> a écrit :
>Hello,
>
>On Tue, Aug 13, 2019, at 18:53, Rémi Denis-Courmont wrote:
>> vlc | branch: master | Rémi Denis-Courmont <remi at remlab.net> | Tue
>Aug
>> 13 19:45:14 2019 +0300| [2b00ed2e226133ce5521ce6e5cafcf4546fa4bd2] |
>> committer: Rémi Denis-Courmont
>>
>> http: block special ports
>>
>> This follows the defacto standard list of blocked ports for web
>> browsing (see also "Mozilla Port Blocking").
>>
>> >
>http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=2b00ed2e226133ce5521ce6e5cafcf4546fa4bd2
>> ---
>>
>> modules/access/http/Makefile.am | 1 +
>> modules/access/http/connmgr.c | 3 ++
>> modules/access/http/ports.c | 113
>++++++++++++++++++++++++++++++++++++++++
>> modules/access/http/transport.h | 2 +
>> 4 files changed, 119 insertions(+)
>>
>> diff --git a/modules/access/http/Makefile.am
>> b/modules/access/http/Makefile.am
>> index eea267f6e8..8054457b6c 100644
>> --- a/modules/access/http/Makefile.am
>> +++ b/modules/access/http/Makefile.am
>> @@ -12,6 +12,7 @@ libvlc_http_la_SOURCES = \
>> access/http/h2frame.c access/http/h2frame.h \
>> access/http/h2output.c access/http/h2output.h \
>> access/http/h2conn.c access/http/h1conn.c \
>> + access/http/ports.c \
>> access/http/chunked.c access/http/tunnel.c access/http/conn.h \
>> access/http/connmgr.c access/http/connmgr.h
>> libvlc_http_la_CPPFLAGS = -Dneedsomethinghere
>> diff --git a/modules/access/http/connmgr.c
>> b/modules/access/http/connmgr.c
>> index 43326b5252..f0f7616e40 100644
>> --- a/modules/access/http/connmgr.c
>> +++ b/modules/access/http/connmgr.c
>> @@ -260,6 +260,9 @@ struct vlc_http_msg *vlc_http_mgr_request(struct
>> vlc_http_mgr *mgr, bool https,
>> const char *host, unsigned
>
>> port,
>> const struct vlc_http_msg
>*m)
>> {
>> + if (port && vlc_http_port_blocked(port))
>> + return NULL;
>> +
>> return (https ? vlc_https_request : vlc_http_request)(mgr, host,
>
>> port, m);
>> }
>>
>> diff --git a/modules/access/http/ports.c
>b/modules/access/http/ports.c
>> new file mode 100644
>> index 0000000000..66ac89b621
>> --- /dev/null
>> +++ b/modules/access/http/ports.c
>> @@ -0,0 +1,113 @@
>>
>+/*****************************************************************************
>> + * ports.c: special ports block list
>> +
>*****************************************************************************
>> + * Copyright © 2019 Rémi Denis-Courmont
>> + *
>> + * This program is free software; you can redistribute it and/or
>modify it
>> + * under the terms of the GNU Lesser General Public License as
>published by
>> + * the Free Software Foundation; either version 2.1 of the License,
>or
>> + * (at your option) any later version.
>> + *
>> + * This program is distributed in the hope that it will be useful,
>> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
>> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
>> + * GNU Lesser General Public License for more details.
>> + *
>> + * You should have received a copy of the GNU Lesser General Public
>License
>> + * along with this program; if not, write to the Free Software
>Foundation,
>> + * Inc., 51 Franklin Street, Fifth Floor, Boston MA 02110-1301, USA.
>> +
>*****************************************************************************/
>> +
>> +#ifdef HAVE_CONFIG_H
>> +# include <config.h>
>> +#endif
>> +
>> +#include <stdbool.h>
>> +#include <stdlib.h>
>> +#include "transport.h"
>> +#include <vlc_common.h>
>> +
>> +/* Must be in ascending order */
>> +static const unsigned short blocked_ports[] = {
>> + 1, // tcpmux
>> + 7, // echo
>> + 9, // discard
>> + 11, // systat
>> + 13, // daytime
>> + 15, // netstat
>> + 17, // QOTD
>> + 19, // character generator
>> + 20, // FTP data
>> + 21, // FTP access
>> + 22, // SSH
>> + 23, // Telnet
>> + 25, // SMTP
>> + 37, // time
>> + 42, // name
>> + 43, // nicname
>> + 53, // DNS
>> + 77, // priv-rjs
>> + 79, // finger
>> + 87, // ttylink
>> + 95, // supdup
>> + 101, // hostriame
>> + 102, // iso-tsap
>> + 103, // gppitnp
>> + 104, // acr-nema
>> + 109, // POP2
>> + 110, // POP3
>> + 111, // Sun RPC
>> + 113, // auth
>> + 115, // SFTP
>> + 117, // UUCP path service
>> + 119, // NNTP (i.e. Usenet)
>> + 123, // NTP
>> + 135, // DCE endpoint resolution
>> + 139, // NetBIOS
>> + 143, // IMAP2
>> + 179, // BGP
>> + 389, // LDAP
>> + 465, // SMTP/TLS
>> + 512, // remote exec
>> + 513, // remote login
>> + 514, // remote shell
>> + 515, // printer
>> + 526, // tempo
>> + 530, // courier
>> + 531, // chat
>> + 532, // netnews
>> + 540, // UUCP
>> + 556, // remotefs
>> + 563, // NNTP/TLS
>> + 587, // Submission (i.e. first hop SMTP)
>> + 601, // rsyslog
>> + 636, // LDAP/TLS
>> + 993, // LDAP/TLS
>> + 995, // POP3/TLS
>> + 2049, // NFS
>> + 3659, // Apple SASL
>> + 4045, // NFS RPC lockd
>> + 6000, // X11
>> + 6665, // IRC
>> + 6666, // IRC
>> + 6667, // IRC
>> + 6668, // IRC
>> + 6669, // IRC
>
>cf.
>https://developer.mozilla.org/en-US/docs/Mozilla/Mozilla_Port_Blocking
>
>3659, 6665-6669 are not blocked by mozilla. Why are you blocking it ?
>
>Such commit could have been proposed on the mailing list first...
>
>> +};
>> +
>> +static int portcmp(const void *key, const void *entry)
>> +{
>> + const unsigned *port = key;
>> + const unsigned short *blocked_port = entry;
>> +
>> + return ((int)*port) - ((int)*blocked_port);
>> +}
>> +
>> +bool vlc_http_port_blocked(unsigned port)
>> +{
>> + if (port > 0xffff)
>> + return true;
>> +
>> + return bsearch(&port, blocked_ports, ARRAY_SIZE(blocked_ports),
>> + sizeof (unsigned short), portcmp) != NULL;
>> +}
>> diff --git a/modules/access/http/transport.h
>b/modules/access/http/transport.h
>> index 455f424931..3a7806c1ed 100644
>> --- a/modules/access/http/transport.h
>> +++ b/modules/access/http/transport.h
>> @@ -34,4 +34,6 @@ struct vlc_tls *vlc_https_connect_proxy(void *ctx,
>> struct vlc_tls_client
>*creds,
>> const char *name, unsigned
>port,
>> bool *restrict two, const
>char *proxy);
>> +bool vlc_http_port_blocked(unsigned port);
>> +
>> #endif
>>
>> _______________________________________________
>> vlc-commits mailing list
>> vlc-commits at videolan.org
>> https://mailman.videolan.org/listinfo/vlc-commits
>>
>_______________________________________________
>vlc-devel mailing list
>To unsubscribe or modify your subscription options:
>https://mailman.videolan.org/listinfo/vlc-devel
--
Envoyé de mon appareil Android avec Courriel K-9 Mail. Veuillez excuser ma brièveté.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.videolan.org/pipermail/vlc-devel/attachments/20190816/02726478/attachment.html>
More information about the vlc-devel
mailing list