mirrors/git-annex
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
34901 commits 13 branches 442 tags 103 MiB
Commit graph

5 commits

Author SHA1 Message Date
Joey Hess
67c06f5121
add back support for ftp urls 
Add back support for ftp urls, which was disabled as part of the fix for
security hole CVE-2018-10857 (except for configurations which enabled curl
and bypassed public IP address restrictions). Now it will work if allowed
by annex.security.allowed-ip-addresses.
 2019-05-30 14:51:34 -04:00
Joey Hess
4603713b4e
avoid using htonl 
It got removed from network-3.0.0.0 and nothing in the haskell ecosystem
currently provides it (which seems it ought to be fixed).

Tested new code on both little-endian and big-endian with:

ghci> hostAddressToTuple $ fromJust $ embeddedIpv4 (0,0,0,0,0,0xffff,0x7f00,1)
(127,0,0,1)
 2019-02-19 12:17:20 -04:00
Joey Hess
3976b89116
fix license date 
I wrote this this year
 2018-06-22 10:25:53 -04:00
Joey Hess
43bf219a3c
added makeAddressMatcher 
Would be nice to add CIDR notation to this, but this is the minimal
thing needed for the security fix.

This commit was sponsored by Ewen McNeill on Patreon.
 2018-06-17 13:29:15 -04:00
Joey Hess
014a3fef34
added isPrivateAddress and isLoopbackAddress 
For use in a security boundary enforcement.

Based on https://en.wikipedia.org/wiki/Reserved_IP_addresses

Including supporting IPv4 addresses embedded in IPv6 addresses. Because
while RFC6052 3.1 says "Address translators MUST NOT translate packets
in which an address is composed of the Well-Known Prefix and a non-
global IPv4 address; they MUST drop these packets", I don't want to
trust that implementations get that right when enforcing a security
boundary.

This commit was sponsored by John Pellman on Patreon.
 2018-06-17 13:28:25 -04:00