diff options
| author | Seth Mos <seth.mos@dds.nl> | 2011-03-14 18:44:28 +0100 |
|---|---|---|
| committer | Seth Mos <seth.mos@dds.nl> | 2011-03-14 18:44:28 +0100 |
| commit | 209620ea0356b057a7ff8a25c5be049e5878127d (patch) | |
| tree | 23ede12739c0f46a2a85afc9c6cd4509953f5573 /etc | |
| parent | 3795d067c95977ec4b4ddf95714236185cce5ac5 (diff) | |
| download | pfsense-209620ea0356b057a7ff8a25c5be049e5878127d.zip pfsense-209620ea0356b057a7ff8a25c5be049e5878127d.tar.gz | |
Add IPv6 support to the DNS rebinding attack function
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/inc/auth.inc | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc index 159e791..ec794d0 100644 --- a/etc/inc/auth.inc +++ b/etc/inc/auth.inc @@ -57,14 +57,21 @@ $security_passed = true; if (function_exists("display_error_form") && !isset($config['system']['webgui']['nodnsrebindcheck'])) { /* DNS ReBinding attack prevention. http://redmine.pfsense.org/issues/708 */ $found_host = false; + if(strstr($_SERVER['HTTP_HOST'], ":")) { $http_host_port = explode(":", $_SERVER['HTTP_HOST']); - $http_host = $http_host_port[0]; + /* v6 address has more parts, drop the last part */ + if(count($http_host_port) > 1) { + array_pop($http_host_port); + $http_host = str_replace(array("[", "]"), "", implode(":", $http_host_port)); + } else { + $http_host = $http_host_port[0]; + } } else { $http_host = $_SERVER['HTTP_HOST']; } if(is_ipaddr($http_host) or $_SERVER['SERVER_ADDR'] == "127.0.0.1" or - strcasecmp($http_host, "localhost") == 0) + strcasecmp($http_host, "localhost") == 0 or $_SERVER['SERVER_ADDR'] == "::1") $found_host = true; if(strcasecmp($http_host, $config['system']['hostname'] . "." . $config['system']['domain']) == 0 or strcasecmp($http_host, $config['system']['hostname']) == 0) |
