[package] uhttpd: add option to reject requests from RFC1918 IPs to public server IPs (DNS rebinding countermeasure)

git-svn-id: svn://svn.openwrt.org/openwrt/trunk/package/uhttpd/src@22589 3c298f89-4303-0410-b956-a3cf2f4a3e73
author: jow <jow@3c298f89-4303-0410-b956-a3cf2f4a3e73> 2010-08-11 00:05:34 +0000
committer: jow <jow@3c298f89-4303-0410-b956-a3cf2f4a3e73> 2010-08-11 00:05:34 +0000
commit: 262ee5065c716d2b2c4963ce024b9471f3d6f0f5 (patch)
tree: be0dd50c8730ad99adbd52f3d96e61bc83998e68 /uhttpd-utils.c
parent: eca18b19053fcd4350039ffa46c24c335f4142c4 (diff)
download: uhttpd-262ee5065c716d2b2c4963ce024b9471f3d6f0f5.tar.gz
1 files changed, 15 insertions, 0 deletions
diff --git a/uhttpd-utils.c b/uhttpd-utils.c
index 60badf2..4a1423c 100644
--- a/uhttpd-utils.c
+++ b/uhttpd-utils.c
@@ -59,6 +59,21 @@ int sa_port(void *sa)
 	return ntohs(((struct sockaddr_in6 *)sa)->sin6_port);
 }
 
+int sa_rfc1918(void *sa)
+{
+	struct sockaddr_in *v4 = (struct sockaddr_in *)sa;
+	unsigned long a = htonl(v4->sin_addr.s_addr);
+
+	if( v4->sin_family == AF_INET )
+	{
+		return ((a >= 0x0A000000) && (a <= 0x0AFFFFFF)) ||
+		       ((a >= 0xAC100000) && (a <= 0xAC1FFFFF)) ||
+		       ((a >= 0xC0A80000) && (a <= 0xC0A8FFFF));
+	}
+
+	return 0;
+}
+
 /* Simple strstr() like function that takes len arguments for both haystack and needle. */
 char *strfind(char *haystack, int hslen, const char *needle, int ndlen)
 {
author	jow <jow@3c298f89-4303-0410-b956-a3cf2f4a3e73>	2010-08-11 00:05:34 +0000
committer	jow <jow@3c298f89-4303-0410-b956-a3cf2f4a3e73>	2010-08-11 00:05:34 +0000
commit	262ee5065c716d2b2c4963ce024b9471f3d6f0f5 (patch)
tree	be0dd50c8730ad99adbd52f3d96e61bc83998e68 /uhttpd-utils.c
parent	eca18b19053fcd4350039ffa46c24c335f4142c4 (diff)
download	uhttpd-262ee5065c716d2b2c4963ce024b9471f3d6f0f5.tar.gz