/chromium mirrored from https://chromium.googlesource.com/chromium/src

Permalink
Switch branches/tags
pre_blink_merge 72.0.3614.1 72.0.3614.0 72.0.3613.1 72.0.3613.0 72.0.3612.2 72.0.3612.1 72.0.3612.0 72.0.3611.2 72.0.3611.1 72.0.3611.0 72.0.3610.2 72.0.3610.1 72.0.3610.0 72.0.3609.3 72.0.3609.2 72.0.3609.1 72.0.3609.0 72.0.3608.5 72.0.3608.4 72.0.3608.3 72.0.3608.2 72.0.3608.1 72.0.3608.0 72.0.3607.1 72.0.3607.0 72.0.3606.2 72.0.3606.1 72.0.3606.0 72.0.3605.3 72.0.3605.2 72.0.3605.1 72.0.3605.0 72.0.3604.1 72.0.3604.0 72.0.3603.2 72.0.3603.1 72.0.3603.0 72.0.3602.2 72.0.3602.1 72.0.3602.0 72.0.3601.1 72.0.3601.0 72.0.3600.1 72.0.3600.0 72.0.3599.3 72.0.3599.2 72.0.3599.1 72.0.3599.0 72.0.3598.1 72.0.3598.0 72.0.3597.1 72.0.3597.0 72.0.3596.2 72.0.3596.1 72.0.3596.0 72.0.3595.2 72.0.3595.1 72.0.3595.0 72.0.3594.1 72.0.3594.0 72.0.3593.2 72.0.3593.1 72.0.3593.0 72.0.3592.2 72.0.3592.1 72.0.3592.0 72.0.3591.3 72.0.3591.2 72.0.3591.1 72.0.3591.0 72.0.3590.1 72.0.3590.0 72.0.3589.3 72.0.3589.2 72.0.3589.1 72.0.3589.0 72.0.3588.1 72.0.3588.0 72.0.3587.0 72.0.3586.2 72.0.3586.1 72.0.3586.0 72.0.3585.1 72.0.3585.0 72.0.3584.1 72.0.3584.0 72.0.3583.2 72.0.3583.1 72.0.3583.0 72.0.3582.0 72.0.3581.4 72.0.3581.3 72.0.3581.2 72.0.3581.1 72.0.3581.0 72.0.3580.1 72.0.3580.0 72.0.3579.1 72.0.3579.0
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
Raw Blame History
186 lines (162 sloc) 4.9 KB
// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "net/base/port_util.h"
#include <limits>
#include <set>
#include "base/lazy_instance.h"
#include "base/logging.h"
#include "base/strings/string_number_conversions.h"
#include "base/strings/string_util.h"
#include "url/url_constants.h"
namespace net {
namespace {
// The general list of blocked ports. Will be blocked unless a specific
// protocol overrides it. (Ex: ftp can use ports 20 and 21)
const int kRestrictedPorts[] = {
1, // tcpmux
7, // echo
9, // discard
11, // systat
13, // daytime
15, // netstat
17, // qotd
19, // chargen
20, // ftp data
21, // ftp access
22, // ssh
23, // telnet
25, // smtp
37, // time
42, // name
43, // nicname
53, // domain
77, // priv-rjs
79, // finger
87, // ttylink
95, // supdup
101, // hostriame
102, // iso-tsap
103, // gppitnp
104, // acr-nema
109, // pop2
110, // pop3
111, // sunrpc
113, // auth
115, // sftp
117, // uucp-path
119, // nntp
123, // NTP
135, // loc-srv /epmap
139, // netbios
143, // imap2
179, // BGP
389, // ldap
427, // SLP (Also used by Apple Filing Protocol)
465, // smtp+ssl
512, // print / exec
513, // login
514, // shell
515, // printer
526, // tempo
530, // courier
531, // chat
532, // netnews
540, // uucp
548, // AFP (Apple Filing Protocol)
556, // remotefs
563, // nntp+ssl
587, // stmp?
601, // ??
636, // ldap+ssl
993, // ldap+ssl
995, // pop3+ssl
2049, // nfs
3659, // apple-sasl / PasswordServer
4045, // lockd
6000, // X11
6665, // Alternate IRC [Apple addition]
6666, // Alternate IRC [Apple addition]
6667, // Standard IRC [Apple addition]
6668, // Alternate IRC [Apple addition]
6669, // Alternate IRC [Apple addition]
6697, // IRC + TLS
};
// FTP overrides the following restricted port.
const int kAllowedFtpPorts[] = {
21, // ftp data
};
base::LazyInstance<std::multiset<int>>::Leaky g_explicitly_allowed_ports =
LAZY_INSTANCE_INITIALIZER;
} // namespace
bool IsPortValid(int port) {
return port >= 0 && port <= std::numeric_limits<uint16_t>::max();
}
bool IsWellKnownPort(int port) {
return port >= 0 && port < 1024;
}
bool IsPortAllowedForScheme(int port, const std::string& url_scheme) {
// Reject invalid ports.
if (!IsPortValid(port))
return false;
// Allow explitly allowed ports for any scheme.
if (g_explicitly_allowed_ports.Get().count(port) > 0)
return true;
// FTP requests have an extra set of whitelisted schemes.
if (base::LowerCaseEqualsASCII(url_scheme, url::kFtpScheme)) {
for (int allowed_ftp_port : kAllowedFtpPorts) {
if (allowed_ftp_port == port)
return true;
}
}
// Finally check against the generic list of restricted ports for all
// schemes.
for (int restricted_port : kRestrictedPorts) {
if (restricted_port == port)
return false;
}
return true;
}
size_t GetCountOfExplicitlyAllowedPorts() {
return g_explicitly_allowed_ports.Get().size();
}
// Specifies a comma separated list of port numbers that should be accepted
// despite bans. If the string is invalid no allowed ports are stored.
void SetExplicitlyAllowedPorts(const std::string& allowed_ports) {
if (allowed_ports.empty())
return;
std::multiset<int> ports;
size_t last = 0;
size_t size = allowed_ports.size();
// The comma delimiter.
const std::string::value_type kComma = ',';
// Overflow is still possible for evil user inputs.
for (size_t i = 0; i <= size; ++i) {
// The string should be composed of only digits and commas.
if (i != size && !base::IsAsciiDigit(allowed_ports[i]) &&
(allowed_ports[i] != kComma))
return;
if (i == size || allowed_ports[i] == kComma) {
if (i > last) {
int port;
base::StringToInt(base::StringPiece(allowed_ports.begin() + last,
allowed_ports.begin() + i),
&port);
ports.insert(port);
}
last = i + 1;
}
}
g_explicitly_allowed_ports.Get() = ports;
}
ScopedPortException::ScopedPortException(int port) : port_(port) {
g_explicitly_allowed_ports.Get().insert(port);
}
ScopedPortException::~ScopedPortException() {
auto it = g_explicitly_allowed_ports.Get().find(port_);
if (it != g_explicitly_allowed_ports.Get().end())
g_explicitly_allowed_ports.Get().erase(it);
else
NOTREACHED();
}
} // namespace net