kev
/
Onionr
1
0
Fork 0
Code Issues 24 Pull Requests Projects Releases 2 Wiki Activity

make lan server test only a few ports, add run time test grace period in service detection attack prevetion mechanism

This commit is contained in:
Kevin 2020-06-19 01:08:39 -05:00
parent 5751468e8a
commit 7205189d62
2 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/lan/server/__init__.py
View File

@ -3,6 +3,7 @@
LAN transport server thread LAN transport server thread
""" """
import ipaddress import ipaddress
import time
from threading import Thread from threading import Thread
from gevent.pywsgi import WSGIServer from gevent.pywsgi import WSGIServer
@ -36,6 +37,7 @@ from utils.bettersleep import better_sleep
along with this program. If not, see <https://www.gnu.org/licenses/>. along with this program. If not, see <https://www.gnu.org/licenses/>.
""" """
ports = range(1337, 1340) ports = range(1337, 1340)
_start_time = time.time()
class LANServer: class LANServer:
def __init__(self, shared_state): def __init__(self, shared_state):
@ -50,7 +52,8 @@ class LANServer:
@app.before_request @app.before_request
def dns_rebinding_prevention(): def dns_rebinding_prevention():
if request.remote_addr in lan_ips or ipaddress.ip_address(request.remote_addr).is_loopback: if request.remote_addr in lan_ips or ipaddress.ip_address(request.remote_addr).is_loopback:
abort(403) if time.time() - _start_time < 600:
abort(403)
if request.host != f'{self.host}:{self.port}': if request.host != f'{self.host}:{self.port}':
logger.warn('Potential DNS rebinding attack on LAN server:') logger.warn('Potential DNS rebinding attack on LAN server:')
logger.warn(f'Hostname {request.host} was used instead of {self.host}:{self.port}') logger.warn(f'Hostname {request.host} was used instead of {self.host}:{self.port}')

2
src/runtests/lanservertest.py
View File

@ -10,7 +10,7 @@ import logger
def test_lan_server(testmanager): def test_lan_server(testmanager):
start_time = get_epoch() start_time = get_epoch()
for i in range(1024, 65536): for i in range(1337, 1340):
try: try:
if requests.get(f"http://{best_ip}:{i}/ping").text == 'onionr!': if requests.get(f"http://{best_ip}:{i}/ping").text == 'onionr!':
bl = insert('test data') bl = insert('test data')