tpws: block connections to ::ffff:127.0.0.0/104

2025-04-23 04:02:04 +05:00 · 2021-03-19 11:33:42 +03:00 · 2021-03-19 11:33:42 +03:00 · 5e1adaa348
commit 5e1adaa348
parent 94405e89c3
11 changed files with 5 additions and 4 deletions
--- a/binaries/aarch64/tpws
+++ b/binaries/aarch64/tpws
--- a/binaries/arm/tpws
+++ b/binaries/arm/tpws
--- a/binaries/mips32r1-lsb/tpws
+++ b/binaries/mips32r1-lsb/tpws
--- a/binaries/mips32r1-msb/tpws
+++ b/binaries/mips32r1-msb/tpws
--- a/binaries/mips64r2-msb/tpws
+++ b/binaries/mips64r2-msb/tpws
--- a/binaries/ppc/tpws
+++ b/binaries/ppc/tpws
--- a/binaries/x86/tpws
+++ b/binaries/x86/tpws
--- a/binaries/x86_64/tpws
+++ b/binaries/x86_64/tpws
--- a/binaries/x86_64/tpws_wsl.tgz
+++ b/binaries/x86_64/tpws_wsl.tgz
--- a/tpws/helpers.c
+++ b/tpws/helpers.c
@ -76,7 +76,7 @@ bool check_local_ip(const struct sockaddr *saddr)
 {
 	struct ifaddrs *addrs,*a;

-	if (saddr->sa_family==AF_INET && is_localnet((struct sockaddr_in *)saddr))
+	if (is_localnet(saddr))
 		return true;

 	if (getifaddrs(&addrs)<0) return false;
@ -153,9 +153,10 @@ bool saconvmapped(struct sockaddr_storage *a)
 	return false;
 }

-bool is_localnet(const struct sockaddr_in *a)
+bool is_localnet(const struct sockaddr *a)
 {
-	return (htonl(a->sin_addr.s_addr)>>24)==127;
+	return a->sa_family==AF_INET && *(char*)&((struct sockaddr_in *)a)->sin_addr.s_addr==127 ||
+		a->sa_family==AF_INET6 && saismapped((struct sockaddr_in6 *)a) && ((struct sockaddr_in6 *)a)->sin6_addr.s6_addr[12]==127;
 }
 bool is_linklocal(const struct sockaddr_in6 *a)
 {
--- a/tpws/helpers.h
+++ b/tpws/helpers.h
@ -21,7 +21,7 @@ uint16_t saport(const struct sockaddr *sa);
 // true = was converted
 bool saconvmapped(struct sockaddr_storage *a);

-bool is_localnet(const struct sockaddr_in *a);
+bool is_localnet(const struct sockaddr *a);
 bool is_linklocal(const struct sockaddr_in6* a);
 bool is_private6(const struct sockaddr_in6* a);