Bug 1570104 - Add shared IPv4 range from RFC 6598 (100.64/10) to allowed list of IP addresses for testing. r=dragana

Differential Revision: https://phabricator.services.mozilla.com/D40167 --HG-- extra : moz-landing-system : lando
2024-10-08 10:44:56 +00:00 · 2019-08-28 10:58:48 +00:00 · 2019-08-28 10:58:48 +00:00 · 1803585259
commit 1803585259
parent 91d20d2982
8 changed files with 84 additions and 1 deletions
--- a/netwerk/base/nsIIOService.idl
+++ b/netwerk/base/nsIIOService.idl
@ -189,6 +189,14 @@ interface nsIIOService : nsISupports
     */
    boolean hostnameIsLocalIPAddress(in nsIURI aURI);

+    /**
+     * Checks if a URI host is a shared IPv4 address literal.
+     *
+     * @param nsIURI the URI that contains the hostname to check
+     * @return true if the URI hostname is a shared IP address
+     */
+    boolean hostnameIsSharedIPAddress(in nsIURI aURI);
+
    /**
     * While this is set, IOService will monitor an nsINetworkLinkService
     * (if available) and set its offline status to "true" whenever
--- a/netwerk/base/nsIOService.cpp
+++ b/netwerk/base/nsIOService.cpp
@ -770,6 +770,34 @@ nsIOService::HostnameIsLocalIPAddress(nsIURI* aURI, bool* aResult) {
  return NS_OK;
 }

+NS_IMETHODIMP
+nsIOService::HostnameIsSharedIPAddress(nsIURI* aURI, bool* aResult) {
+  NS_ENSURE_ARG_POINTER(aURI);
+
+  nsCOMPtr<nsIURI> innerURI = NS_GetInnermostURI(aURI);
+  NS_ENSURE_ARG_POINTER(innerURI);
+
+  nsAutoCString host;
+  nsresult rv = innerURI->GetAsciiHost(host);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  *aResult = false;
+
+  PRNetAddr addr;
+  PRStatus result = PR_StringToNetAddr(host.get(), &addr);
+  if (result == PR_SUCCESS) {
+    NetAddr netAddr;
+    PRNetAddrToNetAddr(&addr, &netAddr);
+    if (IsIPAddrShared(&netAddr)) {
+      *aResult = true;
+    }
+  }
+
+  return NS_OK;
+}
+
 NS_IMETHODIMP
 nsIOService::GetProtocolFlags(const char* scheme, uint32_t* flags) {
  nsCOMPtr<nsIProtocolHandler> handler;
--- a/netwerk/base/nsSocketTransport2.cpp
+++ b/netwerk/base/nsSocketTransport2.cpp
@ -1269,7 +1269,8 @@ nsresult nsSocketTransport::InitiateSocket() {
 #endif

    if (NS_SUCCEEDED(mCondition) && xpc::AreNonLocalConnectionsDisabled() &&
-        !(IsIPAddrAny(&mNetAddr) || IsIPAddrLocal(&mNetAddr))) {
+        !(IsIPAddrAny(&mNetAddr) || IsIPAddrLocal(&mNetAddr) ||
+          IsIPAddrShared(&mNetAddr))) {
      nsAutoCString ipaddr;
      RefPtr<nsNetAddr> netaddr = new nsNetAddr(&mNetAddr);
      netaddr->GetAddress(ipaddr);
--- a/netwerk/dns/DNS.cpp
+++ b/netwerk/dns/DNS.cpp
@ -204,6 +204,21 @@ bool IsIPAddrLocal(const NetAddr* addr) {
  return false;
 }

+bool IsIPAddrShared(const NetAddr* addr) {
+  MOZ_ASSERT(addr);
+
+  // IPv4 RFC6598.
+  if (addr->raw.family == AF_INET) {
+    uint32_t addr32 = ntohl(addr->inet.ip);
+    if (addr32 >> 22 == 0x644 >> 2) {  // 100.64/10 prefix (RFC 6598).
+      return true;
+    }
+  }
+
+  // Not an IPv4 shared address.
+  return false;
+}
+
 nsresult GetPort(const NetAddr* aAddr, uint16_t* aResult) {
  uint16_t port;
  if (aAddr->raw.family == PR_AF_INET) {
--- a/netwerk/dns/DNS.h
+++ b/netwerk/dns/DNS.h
@ -177,6 +177,8 @@ bool IsIPAddrV4Mapped(const NetAddr* addr);

 bool IsIPAddrLocal(const NetAddr* addr);

+bool IsIPAddrShared(const NetAddr* addr);
+
 nsresult GetPort(const NetAddr* aAddr, uint16_t* aResult);

 }  // namespace net
--- a/netwerk/test/unit/test_hostnameIsLocalIPAddress.js
+++ b/netwerk/test/unit/test_hostnameIsLocalIPAddress.js
@ -6,16 +6,25 @@ function run_test() {
  let testURIs = [
    ["http://example.com", false],
    ["about:robots", false],
+    // 10/8 prefix (RFC 1918)
    ["http://9.255.255.255", false],
    ["http://10.0.0.0", true],
    ["http://10.0.23.31", true],
    ["http://10.255.255.255", true],
    ["http://11.0.0.0", false],
+    // 169.254/16 prefix (Link Local)
+    ["http://169.253.255.255", false],
+    ["http://169.254.0.0", true],
+    ["http://169.254.42.91", true],
+    ["http://169.254.255.255", true],
+    ["http://169.255.0.0", false],
+    // 172.16/12 prefix (RFC 1918)
    ["http://172.15.255.255", false],
    ["http://172.16.0.0", true],
    ["http://172.25.110.0", true],
    ["http://172.31.255.255", true],
    ["http://172.32.0.0", false],
+    // 192.168/16 prefix (RFC 1918)
    ["http://192.167.255.255", false],
    ["http://192.168.0.0", true],
    ["http://192.168.127.10", true],
--- a/netwerk/test/unit/test_hostnameIsSharedIPAddress.js
+++ b/netwerk/test/unit/test_hostnameIsSharedIPAddress.js
@ -0,0 +1,19 @@
+var ioService = Cc["@mozilla.org/network/io-service;1"].getService(
+  Ci.nsIIOService
+);
+
+function run_test() {
+  let testURIs = [
+    // 100.64/10 prefix (RFC 6598)
+    ["http://100.63.255.254", false],
+    ["http://100.64.0.0", true],
+    ["http://100.91.63.42", true],
+    ["http://100.127.255.254", true],
+    ["http://100.128.0.0", false],
+  ];
+
+  for (let [uri, isShared] of testURIs) {
+    let nsuri = ioService.newURI(uri);
+    equal(isShared, ioService.hostnameIsSharedIPAddress(nsuri));
+  }
+}
--- a/netwerk/test/unit/xpcshell.ini
+++ b/netwerk/test/unit/xpcshell.ini
@ -233,6 +233,7 @@ skip-if = true # Bug 863738
 [test_header_Accept-Language_case.js]
 [test_headers.js]
 [test_hostnameIsLocalIPAddress.js]
+[test_hostnameIsSharedIPAddress.js]
 [test_http_headers.js]
 [test_httpauth.js]
 [test_httpcancel.js]