For #460, fix ipv6 intranet address filter bug. 3.0.93

2025-02-14 12:21:55 +00:00 · 2020-01-05 21:25:51 +08:00 · 2020-01-05 21:25:51 +08:00 · 76d92792b7
commit 76d92792b7
parent bc6c61e546
8 changed files with 144 additions and 21 deletions
--- a/README.md
+++ b/README.md
@ -146,6 +146,7 @@ For previous versions, please read:

 ## V3 changes

+* v3.0, 2020-01-05, For [#460][bug #460], fix ipv6 intranet address filter bug. 3.0.93
 * v3.0, 2020-01-05, For [#1543][bug #1543], use getpeername to retrieve client ip. 3.0.92
 * v3.0, 2020-01-02, For [#1042][bug #1042], improve test coverage for config. 3.0.91
 * v3.0, 2019-12-30, Fix mp4 security issue, check buffer when required size is variable.
--- a/trunk/src/core/srs_core.hpp
+++ b/trunk/src/core/srs_core.hpp
@ -27,7 +27,7 @@
 // The version config.
 #define VERSION_MAJOR       3
 #define VERSION_MINOR       0
-#define VERSION_REVISION    92
+#define VERSION_REVISION    93

 // The macros generated by configure script.
 #include <srs_auto_headers.hpp>
--- a/trunk/src/kernel/srs_kernel_mp4.hpp
+++ b/trunk/src/kernel/srs_kernel_mp4.hpp
@ -2169,7 +2169,7 @@ std::stringstream& srs_dumps_array(std::vector<T>&arr, std::stringstream& ss, Sr

        pfn(elem, ss, dc);

-        if (i < limit - 1) {
+        if ((int)i < limit - 1) {
            delimiter(ss, dc);
        }
    }
@ -2192,7 +2192,7 @@ std::stringstream& srs_dumps_array(T* arr, int size, std::stringstream& ss, SrsM

        pfn(elem, ss, dc);

-        if (i < limit - 1) {
+        if ((int)i < limit - 1) {
            delimiter(ss, dc);
        }
    }
--- a/trunk/src/kernel/srs_kernel_utility.cpp
+++ b/trunk/src/kernel/srs_kernel_utility.cpp
@ -170,25 +170,22 @@ string srs_dns_resolve(string host, int& family)
 {
    addrinfo hints;
    memset(&hints, 0, sizeof(hints));
-    hints.ai_family  = family;
+    hints.ai_family = family;
    
    addrinfo* r = NULL;
    SrsAutoFree(addrinfo, r);
-    
-    if(getaddrinfo(host.c_str(), NULL, NULL, &r)) {
+    if(getaddrinfo(host.c_str(), NULL, &hints, &r)) {
        return "";
    }
    
-    char saddr[64];
-    char* h = (char*)saddr;
-    socklen_t nbh = sizeof(saddr);
-    const int r0 = getnameinfo(r->ai_addr, r->ai_addrlen, h, nbh, NULL, 0, NI_NUMERICHOST);
-    if(!r0) {
-       family = r->ai_family;
-       return string(saddr);
+    char shost[64];
+    memset(shost, 0, sizeof(shost));
+    if (getnameinfo(r->ai_addr, r->ai_addrlen, shost, sizeof(shost), NULL, 0, NI_NUMERICHOST)) {
+        return "";
    }

-    return "";
+   family = r->ai_family;
+   return string(shost);
 }

 void srs_parse_hostport(const string& hostport, string& host, int& port)
--- a/trunk/src/service/srs_service_st.cpp
+++ b/trunk/src/service/srs_service_st.cpp
@ -157,7 +157,7 @@ srs_error_t srs_tcp_connect(string server, int port, srs_utime_t tm, srs_netfd_t
    
    addrinfo hints;
    memset(&hints, 0, sizeof(hints));
-    hints.ai_family   = AF_UNSPEC;
+    hints.ai_family = AF_UNSPEC;
    hints.ai_socktype = SOCK_STREAM;
    
    addrinfo* r  = NULL;
--- a/trunk/src/service/srs_service_utility.cpp
+++ b/trunk/src/service/srs_service_utility.cpp
@ -115,8 +115,28 @@ bool srs_net_device_is_internet(const sockaddr* addr)
        }
    } else if(addr->sa_family == AF_INET6) {
        const sockaddr_in6* a6 = (const sockaddr_in6*)addr;
-        if ((IN6_IS_ADDR_LINKLOCAL(&a6->sin6_addr)) ||
-            (IN6_IS_ADDR_SITELOCAL(&a6->sin6_addr))) {
+
+        // IPv6 loopback is ::1
+        if (IN6_IS_ADDR_LOOPBACK(&a6->sin6_addr)) {
+            return false;
+        }
+
+        // IPv6 unspecified is ::
+        if (IN6_IS_ADDR_UNSPECIFIED(&a6->sin6_addr)) {
+            return false;
+        }
+
+        // From IPv4, you might know APIPA (Automatic Private IP Addressing) or AutoNet.
+        // Whenever automatic IP configuration through DHCP fails.
+        // The prefix of a site-local address is FE80::/10.
+        if (IN6_IS_ADDR_LINKLOCAL(&a6->sin6_addr)) {
+            return false;
+        }
+
+        // Site-local addresses are equivalent to private IP addresses in IPv4.
+        // The prefix of a site-local address is FEC0::/10.
+        // https://4sysops.com/archives/ipv6-tutorial-part-6-site-local-addresses-and-link-local-addresses/
+        if (IN6_IS_ADDR_SITELOCAL(&a6->sin6_addr)) {
           return false;
        }
    }
--- a/trunk/src/utest/srs_utest_kernel.cpp
+++ b/trunk/src/utest/srs_utest_kernel.cpp
@ -4253,6 +4253,14 @@ VOID TEST(KernelUtilityTest, CoverTimeUtilityAll)
    
    _srs_system_time_us_cache -= 300*1000 * 1000 + 1;
    EXPECT_TRUE(srs_update_system_time() > 0);
+
+    if (true) {
+        string host;
+        int port = 8080;
+        srs_parse_hostport("3ffe:dead:beef::1", host, port);
+        EXPECT_EQ(8080, port);
+        EXPECT_STREQ("3ffe:dead:beef::1", host.c_str());
+    }
    
    if (true) {
        string host;
--- a/trunk/src/utest/srs_utest_service.cpp
+++ b/trunk/src/utest/srs_utest_service.cpp
@ -36,6 +36,8 @@ using namespace std;
 #include <srs_utest_protocol.hpp>
 #include <srs_utest_http.hpp>
 #include <srs_service_utility.hpp>
+#include <sys/socket.h>
+#include <netdb.h>

 class MockSrsConnection : public ISrsConnection
 {
@ -940,11 +942,30 @@ VOID TEST(TCPServerTest, CoverUtility)
    EXPECT_FALSE(srs_string_is_rtmp("http://"));
    EXPECT_FALSE(srs_string_is_rtmp("rtmp:"));

+    // ipv4 loopback
    if (true) {
-        sockaddr_in6 addr;
-        memset(&addr, 0, sizeof(addr));
-        addr.sin6_family = AF_INET6;
-        EXPECT_FALSE(srs_net_device_is_internet((sockaddr*)&addr));
+        addrinfo hints;
+        memset(&hints, 0, sizeof(hints));
+        hints.ai_family = AF_INET;
+
+        addrinfo* r = NULL;
+        SrsAutoFree(addrinfo, r);
+        ASSERT_TRUE(!getaddrinfo("127.0.0.1", NULL, &hints, &r));
+
+        EXPECT_FALSE(srs_net_device_is_internet((sockaddr*)r->ai_addr));
+    }
+
+    // ipv4 intranet
+    if (true) {
+        addrinfo hints;
+        memset(&hints, 0, sizeof(hints));
+        hints.ai_family = AF_INET;
+
+        addrinfo* r = NULL;
+        SrsAutoFree(addrinfo, r);
+        ASSERT_TRUE(!getaddrinfo("192.168.0.1", NULL, &hints, &r));
+
+        EXPECT_FALSE(srs_net_device_is_internet((sockaddr*)r->ai_addr));
    }

    EXPECT_FALSE(srs_net_device_is_internet("eth0"));
@ -980,5 +1001,81 @@ VOID TEST(TCPServerTest, CoverUtility)
        addr.sin_addr.s_addr = htonl(0xc0a8ffff);
        EXPECT_FALSE(srs_net_device_is_internet((sockaddr*)&addr));
    }
+
+    // Normal ipv6 address.
+    if (true) {
+        addrinfo hints;
+        memset(&hints, 0, sizeof(hints));
+        hints.ai_family = AF_INET6;
+
+        addrinfo* r = NULL;
+        SrsAutoFree(addrinfo, r);
+        ASSERT_TRUE(!getaddrinfo("2001:da8:6000:291:21f:d0ff:fed4:928c", NULL, &hints, &r));
+
+        EXPECT_TRUE(srs_net_device_is_internet((sockaddr*)r->ai_addr));
+    }
+    if (true) {
+        addrinfo hints;
+        memset(&hints, 0, sizeof(hints));
+        hints.ai_family = AF_INET6;
+
+        addrinfo* r = NULL;
+        SrsAutoFree(addrinfo, r);
+        ASSERT_TRUE(!getaddrinfo("3ffe:dead:beef::1", NULL, &hints, &r));
+
+        EXPECT_TRUE(srs_net_device_is_internet((sockaddr*)r->ai_addr));
+    }
+
+    // IN6_IS_ADDR_UNSPECIFIED
+    if (true) {
+        addrinfo hints;
+        memset(&hints, 0, sizeof(hints));
+        hints.ai_family = AF_INET6;
+
+        addrinfo* r = NULL;
+        SrsAutoFree(addrinfo, r);
+        ASSERT_TRUE(!getaddrinfo("::", NULL, &hints, &r));
+
+        EXPECT_FALSE(srs_net_device_is_internet((sockaddr*)r->ai_addr));
+    }
+
+    // IN6_IS_ADDR_SITELOCAL
+    if (true) {
+        addrinfo hints;
+        memset(&hints, 0, sizeof(hints));
+        hints.ai_family = AF_INET6;
+
+        addrinfo* r = NULL;
+        SrsAutoFree(addrinfo, r);
+        ASSERT_TRUE(!getaddrinfo("fec0::", NULL, &hints, &r));
+
+        EXPECT_FALSE(srs_net_device_is_internet((sockaddr*)r->ai_addr));
+    }
+
+    // IN6_IS_ADDR_LINKLOCAL
+    if (true) {
+        addrinfo hints;
+        memset(&hints, 0, sizeof(hints));
+        hints.ai_family = AF_INET6;
+
+        addrinfo* r = NULL;
+        SrsAutoFree(addrinfo, r);
+        ASSERT_TRUE(!getaddrinfo("FE80::", NULL, &hints, &r));
+
+        EXPECT_FALSE(srs_net_device_is_internet((sockaddr*)r->ai_addr));
+    }
+
+    // IN6_IS_ADDR_LINKLOCAL
+    if (true) {
+        addrinfo hints;
+        memset(&hints, 0, sizeof(hints));
+        hints.ai_family = AF_INET6;
+
+        addrinfo* r = NULL;
+        SrsAutoFree(addrinfo, r);
+        ASSERT_TRUE(!getaddrinfo("::1", NULL, &hints, &r));
+
+        EXPECT_FALSE(srs_net_device_is_internet((sockaddr*)r->ai_addr));
+    }
 }