Skip to content

Commit

Permalink
make blacklist as const array
Browse files Browse the repository at this point in the history
  • Loading branch information
@vectorijk
vectorijk committed Oct 6, 2015
1 parent 4e21b9f commit 0fb5e74
Showing 1 changed file with 65 additions and 65 deletions.
130 changes: 65 additions & 65 deletions components/script/dom/websocket.rs
View file
Expand Up @@ -9,7 +9,6 @@ use dom::bindings::codegen::Bindings::WebSocketBinding::{BinaryType, WebSocketMe
use dom::bindings::codegen::InheritTypes::EventCast;
use dom::bindings::codegen::InheritTypes::EventTargetCast;
use dom::bindings::conversions::ToJSValConvertible;
use dom::bindings::error::Error::{InvalidAccess, Syntax, Security};
use dom::bindings::error::{Error, Fallible};
use dom::bindings::global::{GlobalField, GlobalRef};
use dom::bindings::js::Root;
Expand Down Expand Up @@ -63,6 +62,69 @@ enum MessageData {
Binary(Vec<u8>),
}

// list of blacklist ports according to
// http://mxr.mozilla.org/mozilla-central/source/netwerk/base/nsIOService.cpp#87
const BLOCKED_PORTS_LIST: &'static [u16] = &[
1, // tcpmux
7, // echo
9, // discard
11, // systat
13, // daytime
15, // netstat
17, // qotd
19, // chargen
20, // ftp-data
21, // ftp-cntl
22, // ssh
23, // telnet
25, // smtp
37, // time
42, // name
43, // nicname
53, // domain
77, // priv-rjs
79, // finger
87, // ttylink
95, // supdup
101, // hostriame
102, // iso-tsap
103, // gppitnp
104, // acr-nema
109, // pop2
110, // pop3
111, // sunrpc
113, // auth
115, // sftp
117, // uucp-path
119, // nntp
123, // NTP
135, // loc-srv / epmap
139, // netbios
143, // imap2
179, // BGP
389, // ldap
465, // smtp+ssl
512, // print / exec
513, // login
514, // shell
515, // printer
526, // tempo
530, // courier
531, // Chat
532, // netnews
540, // uucp
556, // remotefs
563, // nntp+ssl
587, //
601, //
636, // ldap+ssl
993, // imap+ssl
995, // pop3+ssl
2049, // nfs
4045, // lockd
6000, // x11
];

#[dom_struct]
pub struct WebSocket {
eventtarget: EventTarget,
Expand Down Expand Up @@ -136,72 +198,10 @@ impl WebSocket {
// Step 2: Disallow https -> ws connections.

// Step 3: Potentially block access to some ports.
// list of blacklist ports according to
// http://mxr.mozilla.org/mozilla-central/source/netwerk/base/nsIOService.cpp#87
let blocked_ports_list = [
1, // tcpmux
7, // echo
9, // discard
11, // systat
13, // daytime
15, // netstat
17, // qotd
19, // chargen
20, // ftp-data
21, // ftp-cntl
22, // ssh
23, // telnet
25, // smtp
37, // time
42, // name
43, // nicname
53, // domain
77, // priv-rjs
79, // finger
87, // ttylink
95, // supdup
101, // hostriame
102, // iso-tsap
103, // gppitnp
104, // acr-nema
109, // pop2
110, // pop3
111, // sunrpc
113, // auth
115, // sftp
117, // uucp-path
119, // nntp
123, // NTP
135, // loc-srv / epmap
139, // netbios
143, // imap2
179, // BGP
389, // ldap
465, // smtp+ssl
512, // print / exec
513, // login
514, // shell
515, // printer
526, // tempo
530, // courier
531, // Chat
532, // netnews
540, // uucp
556, // remotefs
563, // nntp+ssl
587, //
601, //
636, // ldap+ssl
993, // imap+ssl
995, // pop3+ssl
2049, // nfs
4045, // lockd
6000, // x11
];
let port: u16 = resource_url.port_or_default().unwrap();

if blocked_ports_list.iter().any(|p| *p == port) {
return Err(Security);
if BLOCKED_PORTS_LIST.iter().any(|&p| p == port) {
return Err(Error::Security);
}

// Step 4.
Expand Down

0 comments on commit 0fb5e74

Please sign in to comment.