From 4a6a63b8b26330a8cdc250550936ca4a721acd22 Mon Sep 17 00:00:00 2001 From: Skywing Date: Wed, 19 Dec 2012 13:48:32 -0800 Subject: [PATCH] Don't allow loopback, RFC 1918, or multicast pending servers. --- .../App_Code/NWNMasterServerAPI.cs | 29 +++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/NWNMasterServerAPI/App_Code/NWNMasterServerAPI.cs b/NWNMasterServerAPI/App_Code/NWNMasterServerAPI.cs index 59a206e..3099d40 100644 --- a/NWNMasterServerAPI/App_Code/NWNMasterServerAPI.cs +++ b/NWNMasterServerAPI/App_Code/NWNMasterServerAPI.cs @@ -242,6 +242,7 @@ public uint RegisterPendingServers(string Product, string[] ServerAddresses) { int i = Address.IndexOf(':'); IPEndPoint ServerAddress; + UInt32 IPv4Address; if (i == -1) { @@ -250,9 +251,37 @@ public uint RegisterPendingServers(string Product, string[] ServerAddresses) try { + byte[] AddressBytes; ServerAddress = new IPEndPoint( IPAddress.Parse(Address.Substring(0, i)), Convert.ToInt32(Address.Substring(i + 1))); + + if (ServerAddress.Port <= 0 || ServerAddress.Port > 0xFFFF) + continue; + + AddressBytes = ServerAddress.Address.GetAddressBytes(); + + if (AddressBytes.Length != 4) + continue; + + IPv4Address = 0; + IPv4Address |= (UInt32)AddressBytes[0] << 24; + IPv4Address |= (UInt32)AddressBytes[1] << 16; + IPv4Address |= (UInt32)AddressBytes[2] << 8; + IPv4Address |= (UInt32)AddressBytes[3] << 0; + + // + // Disallow localhost, RFC 1918, and multicast addresses. + // + + if (((IPv4Address & 0xFF000000) == 0x7F000000) || + ((IPv4Address & 0xFF000000) == 0x0A000000) || + ((IPv4Address & 0xFFF00000) == 0xAC100000) || + ((IPv4Address & 0xFFFF0000) == 0xC0A80000) || + ((IPv4Address & 0xF0000000) == 0xE0000000)) + { + continue; + } } catch {