Fix #7855 Implement port blocking

For WebSocket connection algorithm
servo · Oct 6, 2015 · 4e21b9f · 4e21b9f
1 parent ad94ef5
commit 4e21b9f
Show file tree

Hide file tree

Showing 2 changed files with 69 additions and 5 deletions.
diff --git a/components/script/dom/websocket.rs b/components/script/dom/websocket.rs
@@ -9,6 +9,7 @@ use dom::bindings::codegen::Bindings::WebSocketBinding::{BinaryType, WebSocketMe
 use dom::bindings::codegen::InheritTypes::EventCast;
 use dom::bindings::codegen::InheritTypes::EventTargetCast;
 use dom::bindings::conversions::ToJSValConvertible;
+use dom::bindings::error::Error::{InvalidAccess, Syntax, Security};
 use dom::bindings::error::{Error, Fallible};
 use dom::bindings::global::{GlobalField, GlobalRef};
 use dom::bindings::js::Root;
@@ -133,7 +134,75 @@ impl WebSocket {
         let net_url = try!(parse_url(&replace_hosts(&resource_url)).map_err(|_| Error::Syntax));
 
         // Step 2: Disallow https -> ws connections.
+
         // Step 3: Potentially block access to some ports.
+        // list of blacklist ports according to
+        // http://mxr.mozilla.org/mozilla-central/source/netwerk/base/nsIOService.cpp#87
+        let blocked_ports_list = [
+            1,    // tcpmux
+            7,    // echo
+            9,    // discard
+            11,   // systat
+            13,   // daytime
+            15,   // netstat
+            17,   // qotd
+            19,   // chargen
+            20,   // ftp-data
+            21,   // ftp-cntl
+            22,   // ssh
+            23,   // telnet
+            25,   // smtp
+            37,   // time
+            42,   // name
+            43,   // nicname
+            53,   // domain
+            77,   // priv-rjs
+            79,   // finger
+            87,   // ttylink
+            95,   // supdup
+            101,  // hostriame
+            102,  // iso-tsap
+            103,  // gppitnp
+            104,  // acr-nema
+            109,  // pop2
+            110,  // pop3
+            111,  // sunrpc
+            113,  // auth
+            115,  // sftp
+            117,  // uucp-path
+            119,  // nntp
+            123,  // NTP
+            135,  // loc-srv / epmap
+            139,  // netbios
+            143,  // imap2
+            179,  // BGP
+            389,  // ldap
+            465,  // smtp+ssl
+            512,  // print / exec
+            513,  // login
+            514,  // shell
+            515,  // printer
+            526,  // tempo
+            530,  // courier
+            531,  // Chat
+            532,  // netnews
+            540,  // uucp
+            556,  // remotefs
+            563,  // nntp+ssl
+            587,  //
+            601,  //
+            636,  // ldap+ssl
+            993,  // imap+ssl
+            995,  // pop3+ssl
+            2049, // nfs
+            4045, // lockd
+            6000, // x11
+        ];
+        let port: u16 = resource_url.port_or_default().unwrap();
+
+        if blocked_ports_list.iter().any(|p| *p == port) {
+            return Err(Security);
+        }
 
         // Step 4.
         let protocols: &[DOMString] = protocols

diff --git a/tests/wpt/metadata/websockets/Create-Secure-blocked-port.htm.ini b/tests/wpt/metadata/websockets/Create-Secure-blocked-port.htm.ini