clockwerk-opensim-stable – Blame information for rev 1
?pathlinks?
Rev | Author | Line No. | Line |
---|---|---|---|
1 | vero | 1 | /* |
2 | * Copyright (c) Contributors, http://opensimulator.org/ |
||
3 | * See CONTRIBUTORS.TXT for a full list of copyright holders. |
||
4 | * |
||
5 | * Redistribution and use in source and binary forms, with or without |
||
6 | * modification, are permitted provided that the following conditions are met: |
||
7 | * * Redistributions of source code must retain the above copyright |
||
8 | * notice, this list of conditions and the following disclaimer. |
||
9 | * * Redistributions in binary form must reproduce the above copyright |
||
10 | * notice, this list of conditions and the following disclaimer in the |
||
11 | * documentation and/or other materials provided with the distribution. |
||
12 | * * Neither the name of the OpenSimulator Project nor the |
||
13 | * names of its contributors may be used to endorse or promote products |
||
14 | * derived from this software without specific prior written permission. |
||
15 | * |
||
16 | * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY |
||
17 | * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED |
||
18 | * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE |
||
19 | * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY |
||
20 | * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES |
||
21 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
||
22 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND |
||
23 | * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
||
24 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS |
||
25 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
||
26 | */ |
||
27 | |||
28 | using System; |
||
29 | using System.Collections.Generic; |
||
30 | using System.IO; |
||
31 | using System.Net; |
||
32 | using System.Net.Security; |
||
33 | using System.Text; |
||
34 | using log4net; |
||
35 | |||
36 | namespace OpenSim.Framework |
||
37 | { |
||
38 | /// <summary> |
||
39 | /// Used for requests to untrusted endpoints that may potentially be |
||
40 | /// malicious |
||
41 | /// </summary> |
||
42 | public static class UntrustedHttpWebRequest |
||
43 | { |
||
44 | /// <summary>Setting this to true will allow HTTP connections to localhost</summary> |
||
45 | private const bool DEBUG = true; |
||
46 | |||
47 | private static readonly ILog m_log = |
||
48 | LogManager.GetLogger( |
||
49 | System.Reflection.MethodBase.GetCurrentMethod().DeclaringType); |
||
50 | |||
51 | private static readonly ICollection<string> allowableSchemes = new List<string> { "http", "https" }; |
||
52 | |||
53 | /// <summary> |
||
54 | /// Creates an HttpWebRequest that is hardened against malicious |
||
55 | /// endpoints after ensuring the given Uri is safe to retrieve |
||
56 | /// </summary> |
||
57 | /// <param name="uri">Web location to request</param> |
||
58 | /// <returns>A hardened HttpWebRequest if the uri was determined to be safe</returns> |
||
59 | /// <exception cref="ArgumentNullException">If uri is null</exception> |
||
60 | /// <exception cref="ArgumentException">If uri is unsafe</exception> |
||
61 | public static HttpWebRequest Create(Uri uri) |
||
62 | { |
||
63 | return Create(uri, DEBUG, 1000 * 5, 1000 * 20, 10); |
||
64 | } |
||
65 | |||
66 | /// <summary> |
||
67 | /// Creates an HttpWebRequest that is hardened against malicious |
||
68 | /// endpoints after ensuring the given Uri is safe to retrieve |
||
69 | /// </summary> |
||
70 | /// <param name="uri">Web location to request</param> |
||
71 | /// <param name="allowLoopback">True to allow connections to localhost, otherwise false</param> |
||
72 | /// <param name="readWriteTimeoutMS">Read write timeout, in milliseconds</param> |
||
73 | /// <param name="timeoutMS">Connection timeout, in milliseconds</param> |
||
74 | /// <param name="maximumRedirects">Maximum number of allowed redirects</param> |
||
75 | /// <returns>A hardened HttpWebRequest if the uri was determined to be safe</returns> |
||
76 | /// <exception cref="ArgumentNullException">If uri is null</exception> |
||
77 | /// <exception cref="ArgumentException">If uri is unsafe</exception> |
||
78 | public static HttpWebRequest Create(Uri uri, bool allowLoopback, int readWriteTimeoutMS, int timeoutMS, int maximumRedirects) |
||
79 | { |
||
80 | if (uri == null) |
||
81 | throw new ArgumentNullException("uri"); |
||
82 | |||
83 | if (!IsUriAllowable(uri, allowLoopback)) |
||
84 | throw new ArgumentException("Uri " + uri + " was rejected"); |
||
85 | |||
86 | HttpWebRequest httpWebRequest = (HttpWebRequest)HttpWebRequest.Create(uri); |
||
87 | httpWebRequest.MaximumAutomaticRedirections = maximumRedirects; |
||
88 | httpWebRequest.ReadWriteTimeout = readWriteTimeoutMS; |
||
89 | httpWebRequest.Timeout = timeoutMS; |
||
90 | httpWebRequest.KeepAlive = false; |
||
91 | |||
92 | return httpWebRequest; |
||
93 | } |
||
94 | |||
95 | public static string PostToUntrustedUrl(Uri url, string data) |
||
96 | { |
||
97 | try |
||
98 | { |
||
99 | byte[] requestData = System.Text.Encoding.UTF8.GetBytes(data); |
||
100 | |||
101 | HttpWebRequest request = Create(url); |
||
102 | request.Method = "POST"; |
||
103 | request.ContentLength = requestData.Length; |
||
104 | request.ContentType = "application/x-www-form-urlencoded"; |
||
105 | |||
106 | using (Stream requestStream = request.GetRequestStream()) |
||
107 | requestStream.Write(requestData, 0, requestData.Length); |
||
108 | |||
109 | using (WebResponse response = request.GetResponse()) |
||
110 | { |
||
111 | using (Stream responseStream = response.GetResponseStream()) |
||
112 | return responseStream.GetStreamString(); |
||
113 | } |
||
114 | } |
||
115 | catch (Exception ex) |
||
116 | { |
||
117 | m_log.Warn("POST to untrusted URL " + url + " failed: " + ex.Message); |
||
118 | return null; |
||
119 | } |
||
120 | } |
||
121 | |||
122 | public static string GetUntrustedUrl(Uri url) |
||
123 | { |
||
124 | try |
||
125 | { |
||
126 | HttpWebRequest request = Create(url); |
||
127 | |||
128 | using (WebResponse response = request.GetResponse()) |
||
129 | { |
||
130 | using (Stream responseStream = response.GetResponseStream()) |
||
131 | return responseStream.GetStreamString(); |
||
132 | } |
||
133 | } |
||
134 | catch (Exception ex) |
||
135 | { |
||
136 | m_log.Warn("GET from untrusted URL " + url + " failed: " + ex.Message); |
||
137 | return null; |
||
138 | } |
||
139 | } |
||
140 | |||
141 | /// <summary> |
||
142 | /// Determines whether a URI is allowed based on scheme and host name. |
||
143 | /// No requireSSL check is done here |
||
144 | /// </summary> |
||
145 | /// <param name="allowLoopback">True to allow loopback addresses to be used</param> |
||
146 | /// <param name="uri">The URI to test for whether it should be allowed.</param> |
||
147 | /// <returns> |
||
148 | /// <c>true</c> if [is URI allowable] [the specified URI]; otherwise, <c>false</c>. |
||
149 | /// </returns> |
||
150 | private static bool IsUriAllowable(Uri uri, bool allowLoopback) |
||
151 | { |
||
152 | if (!allowableSchemes.Contains(uri.Scheme)) |
||
153 | { |
||
154 | m_log.WarnFormat("Rejecting URL {0} because it uses a disallowed scheme.", uri); |
||
155 | return false; |
||
156 | } |
||
157 | |||
158 | // Try to interpret the hostname as an IP address so we can test for internal |
||
159 | // IP address ranges. Note that IP addresses can appear in many forms |
||
160 | // (e.g. http://127.0.0.1, http://2130706433, http://0x0100007f, http://::1 |
||
161 | // So we convert them to a canonical IPAddress instance, and test for all |
||
162 | // non-routable IP ranges: 10.*.*.*, 127.*.*.*, ::1 |
||
163 | // Note that Uri.IsLoopback is very unreliable, not catching many of these variants. |
||
164 | IPAddress hostIPAddress; |
||
165 | if (IPAddress.TryParse(uri.DnsSafeHost, out hostIPAddress)) |
||
166 | { |
||
167 | byte[] addressBytes = hostIPAddress.GetAddressBytes(); |
||
168 | |||
169 | // The host is actually an IP address. |
||
170 | switch (hostIPAddress.AddressFamily) |
||
171 | { |
||
172 | case System.Net.Sockets.AddressFamily.InterNetwork: |
||
173 | if (!allowLoopback && (addressBytes[0] == 127 || addressBytes[0] == 10)) |
||
174 | { |
||
175 | m_log.WarnFormat("Rejecting URL {0} because it is a loopback address.", uri); |
||
176 | return false; |
||
177 | } |
||
178 | break; |
||
179 | case System.Net.Sockets.AddressFamily.InterNetworkV6: |
||
180 | if (!allowLoopback && IsIPv6Loopback(hostIPAddress)) |
||
181 | { |
||
182 | m_log.WarnFormat("Rejecting URL {0} because it is a loopback address.", uri); |
||
183 | return false; |
||
184 | } |
||
185 | break; |
||
186 | default: |
||
187 | m_log.WarnFormat("Rejecting URL {0} because it does not use an IPv4 or IPv6 address.", uri); |
||
188 | return false; |
||
189 | } |
||
190 | } |
||
191 | else |
||
192 | { |
||
193 | // The host is given by name. We require names to contain periods to |
||
194 | // help make sure it's not an internal address. |
||
195 | if (!allowLoopback && !uri.Host.Contains(".")) |
||
196 | { |
||
197 | m_log.WarnFormat("Rejecting URL {0} because it does not contain a period in the host name.", uri); |
||
198 | return false; |
||
199 | } |
||
200 | } |
||
201 | |||
202 | return true; |
||
203 | } |
||
204 | |||
205 | /// <summary> |
||
206 | /// Determines whether an IP address is the IPv6 equivalent of "localhost/127.0.0.1". |
||
207 | /// </summary> |
||
208 | /// <param name="ip">The ip address to check.</param> |
||
209 | /// <returns> |
||
210 | /// <c>true</c> if this is a loopback IP address; <c>false</c> otherwise. |
||
211 | /// </returns> |
||
212 | private static bool IsIPv6Loopback(IPAddress ip) |
||
213 | { |
||
214 | if (ip == null) |
||
215 | throw new ArgumentNullException("ip"); |
||
216 | |||
217 | byte[] addressBytes = ip.GetAddressBytes(); |
||
218 | for (int i = 0; i < addressBytes.Length - 1; i++) |
||
219 | { |
||
220 | if (addressBytes[i] != 0) |
||
221 | return false; |
||
222 | } |
||
223 | |||
224 | if (addressBytes[addressBytes.Length - 1] != 1) |
||
225 | return false; |
||
226 | |||
227 | return true; |
||
228 | } |
||
229 | } |
||
230 | } |