Browse Source

Validate hostnames before accepting a new peer

Don't retain non-public addresses

Closes #157
master
Neil Booth 8 years ago
parent
commit
be5397a853
  1. 6
      lib/peer.py
  2. 11
      lib/util.py
  3. 2
      server/peers.py

6
lib/peer.py

@ -28,7 +28,7 @@
import re import re
from ipaddress import ip_address from ipaddress import ip_address
from lib.util import cachedproperty from lib.util import cachedproperty, is_valid_hostname
class Peer(object): class Peer(object):
@ -144,7 +144,7 @@ class Peer(object):
if ip: if ip:
return ((ip.is_global or ip.is_private) return ((ip.is_global or ip.is_private)
and not (ip.is_multicast or ip.is_unspecified)) and not (ip.is_multicast or ip.is_unspecified))
return True return is_valid_hostname(self.host)
@cachedproperty @cachedproperty
def is_public(self): def is_public(self):
@ -152,7 +152,7 @@ class Peer(object):
if ip: if ip:
return self.is_valid and not ip.is_private return self.is_valid and not ip.is_private
else: else:
return self.host != 'localhost' return self.is_valid and self.host != 'localhost'
@cachedproperty @cachedproperty
def ip_address(self): def ip_address(self):

11
lib/util.py

@ -31,6 +31,7 @@ import array
import inspect import inspect
from ipaddress import ip_address from ipaddress import ip_address
import logging import logging
import re
import sys import sys
from collections import Container, Mapping from collections import Container, Mapping
@ -241,3 +242,13 @@ def address_string(address):
if host.version == 6: if host.version == 6:
fmt = '[{}]:{:d}' fmt = '[{}]:{:d}'
return fmt.format(host, port) return fmt.format(host, port)
# See http://stackoverflow.com/questions/2532053/validate-a-hostname-string
SEGMENT_REGEX = re.compile("(?!-)[A-Z\d-]{1,63}(?<!-)$", re.IGNORECASE)
def is_valid_hostname(hostname):
if len(hostname) > 255:
return False
# strip exactly one dot from the right, if present
if hostname[-1] == ".":
hostname = hostname[:-1]
return all(SEGMENT_REGEX.match(x) for x in hostname.split("."))

2
server/peers.py

@ -277,7 +277,7 @@ class PeerManager(util.LoggedClass):
retry = False retry = False
new_peers = [] new_peers = []
for peer in peers: for peer in peers:
if not peer.is_valid: if not peer.is_public:
continue continue
matches = peer.matches(self.peers) matches = peer.matches(self.peers)
if not matches: if not matches:

Loading…
Cancel
Save