diff options
author | jim-p <jimp@pfsense.org> | 2010-07-06 15:26:52 -0400 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2010-07-06 15:26:52 -0400 |
commit | 7319dc73098daba420018eb958439471d1d3e91c (patch) | |
tree | fd50ce734237e01efa77386dc1383b56fd9f05b5 /etc/inc/auth.inc | |
parent | 89e7778f20edde6a958d15c789c01422d761c028 (diff) | |
download | pfsense-7319dc73098daba420018eb958439471d1d3e91c.zip pfsense-7319dc73098daba420018eb958439471d1d3e91c.tar.gz |
More fixes for DNS rebinding checks (Most of this code is Scott's, with some minor fixes by me)
Diffstat (limited to 'etc/inc/auth.inc')
-rw-r--r-- | etc/inc/auth.inc | 27 |
1 files changed, 17 insertions, 10 deletions
diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc index ad53553..b41b81f 100644 --- a/etc/inc/auth.inc +++ b/etc/inc/auth.inc @@ -54,21 +54,28 @@ require_once("config.gui.inc"); if (function_exists("display_error_form")) { /* DNS ReBinding attack prevention. http://redmine.pfsense.org/issues/708 */ $found_host = false; - if($_SERVER['HTTP_HOST'] == "localhost" or $_SERVER['SERVER_ADDR'] == "localhost") - $found_host = true; - if($_SERVER['HTTP_HOST'] == "127.0.0.1" or $_SERVER['SERVER_ADDR'] == "127.0.0.1") + if(strstr($_SERVER['HTTP_HOST'], ":")) { + $http_host_port = explode(":", $_SERVER['HTTP_HOST']); + $http_host = $http_host_port[0]; + } else { + $http_host = $_SERVER['HTTP_HOST']; + } + if(($http_host == "localhost" or $_SERVER['SERVER_ADDR'] == "localhost") or + ($http_host == "127.0.0.1" or $_SERVER['SERVER_ADDR'] == "127.0.0.1")) $found_host = true; if($config['dyndnses']['dyndns']) foreach($config['dyndnses']['dyndns'] as $dyndns) - if($dyndns['host'] == $_SERVER['HTTP_HOST'] or $dyndns['host'] == $_SERVER['SERVER_ADDR']) + if($dyndns['host'] == $http_host or $dyndns['host'] == $_SERVER['SERVER_ADDR']) $found_host = true; + + if($http_host == $config['system']['hostname'] . "." . $config['system']['domain'] or + $http_host == $_SERVER['SERVER_ADDR'] or + $http_host == $config['system']['hostname']) + $found_host = true; + if($found_host == false) { - if ($_SERVER['HTTP_HOST'] != $config['system']['hostname'] . "." . $config['system']['domain'] and - $_SERVER['HTTP_HOST'] != $_SERVER['SERVER_ADDR'] and - $_SERVER['HTTP_HOST'] != $config['system']['hostname']) { - display_error_form("501", "Potential DNS Rebind attack detected, see http://en.wikipedia.org/wiki/DNS_rebinding"); - exit; - } + display_error_form("501", "Potential DNS Rebind attack detected, see http://en.wikipedia.org/wiki/DNS_rebinding"); + exit; } } |