add back support for ftp urls
Add back support for ftp urls, which was disabled as part of the fix for security hole CVE-2018-10857 (except for configurations which enabled curl and bypassed public IP address restrictions). Now it will work if allowed by annex.security.allowed-ip-addresses.
This commit is contained in:
Joey Hess
parent
1871295765
commit
67c06f5121
7 changed files with 165 additions and 29 deletions
|
|
@ -12,9 +12,22 @@ import Utility.Exception
|
|||
import Network.Socket
|
||||
import Data.Word
|
||||
import Data.Memory.Endian
|
||||
import Data.List
|
||||
import Control.Applicative
|
||||
import Text.Printf
|
||||
import Prelude
|
||||
|
||||
extractIPAddress :: SockAddr -> Maybe String
|
||||
extractIPAddress (SockAddrInet _ ipv4) =
|
||||
let (a,b,c,d) = hostAddressToTuple ipv4
|
||||
in Just $ intercalate "." [show a, show b, show c, show d]
|
||||
extractIPAddress (SockAddrInet6 _ _ ipv6 _) =
|
||||
let (a,b,c,d,e,f,g,h) = hostAddress6ToTuple ipv6
|
||||
in Just $ intercalate ":" [s a, s b, s c, s d, s e, s f, s g, s h]
|
||||
where
|
||||
s = printf "%x"
|
||||
extractIPAddress _ = Nothing
|
||||
|
||||
{- Check if an IP address is a loopback address; connecting to it
|
||||
- may connect back to the local host. -}
|
||||
isLoopbackAddress :: SockAddr -> Bool
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue