1 files changed, 34 insertions, 0 deletions

diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc
index 4c02aad..0d288ef 100644
--- a/etc/inc/auth.inc
+++ b/etc/inc/auth.inc
@@ -37,6 +37,40 @@ $auth_method="htpasswd_backed_basic_auth";
 if (!$auth_method())
 	exit;
 
+/* If this function doesn't exist, we're being called from Captive Portal or 
+   another internal subsystem which does not include authgui.inc */
+if (function_exists("display_error_form") && !isset($config['system']['webgui']['nodnsrebindcheck'])) {
+	/* DNS ReBinding attack prevention.  http://redmine.pfsense.org/issues/708 */
+	$found_host = false;
+	if(strstr($_SERVER['HTTP_HOST'], ":")) {
+		$http_host_port = explode(":", $_SERVER['HTTP_HOST']);
+		$http_host = $http_host_port[0];
+	} else {
+		$http_host = $_SERVER['HTTP_HOST'];
+	}
+	if(is_ipaddr($http_host) or $_SERVER['SERVER_ADDR'] == "127.0.0.1" or
+	   $http_host == "localhost" or $_SERVER['SERVER_ADDR'] == "localhost")
+		$found_host = true;
+	if($config['dyndnses']['dyndns'])
+		foreach($config['dyndnses']['dyndns'] as $dyndns)
+			if($dyndns['host'] == $http_host or $dyndns['host'] == $_SERVER['SERVER_ADDR'])
+				$found_host = true;
+	if(!empty($config['system']['webgui']['althostnames'])) {
+		$althosts = explode(" ", $config['system']['webgui']['althostnames']);
+		foreach ($althosts as $ah)
+			if($ah == $http_host or $ah == $_SERVER['SERVER_ADDR'])
+				$found_host = true;
+	}
+	if($http_host == $config['system']['hostname'] . "." . $config['system']['domain'] or
+			$http_host == $_SERVER['SERVER_ADDR'] or
+			$http_host == $config['system']['hostname'])
+		$found_host = true;
+	if($found_host == false) {
+		echo "Potential DNS Rebind attack detected, see http://en.wikipedia.org/wiki/DNS_rebinding";
+		exit;
+	}
+}
+
 function basic_auth_prompt(){
 	header("WWW-Authenticate: Basic realm=\".\"");
 	header("HTTP/1.0 401 Unauthorized");