net: do not allow resolving to an internal address

theuni · theuni · commit 6d0bd5b73d14 · 2017-06-14T18:05:01.000-04:00
In order to prevent mixups, our internal range is never allowed as a resolve
result. This means that no user-provided string will ever be confused with an
internal address.
diff --git a/src/netbase.cpp b/src/netbase.cpp
@@ -108,17 +108,22 @@ bool static LookupIntern(const char *pszName, std::vector<CNetAddr>& vIP, unsign
     struct addrinfo *aiTrav = aiRes;
     while (aiTrav != NULL && (nMaxSolutions == 0 || vIP.size() < nMaxSolutions))
     {
+        CNetAddr resolved;
         if (aiTrav->ai_family == AF_INET)
         {
             assert(aiTrav->ai_addrlen >= sizeof(sockaddr_in));
-            vIP.push_back(CNetAddr(((struct sockaddr_in*)(aiTrav->ai_addr))->sin_addr));
+            resolved = CNetAddr(((struct sockaddr_in*)(aiTrav->ai_addr))->sin_addr);
         }
 
         if (aiTrav->ai_family == AF_INET6)
         {
             assert(aiTrav->ai_addrlen >= sizeof(sockaddr_in6));
             struct sockaddr_in6* s6 = (struct sockaddr_in6*) aiTrav->ai_addr;
-            vIP.push_back(CNetAddr(s6->sin6_addr, s6->sin6_scope_id));
+            resolved = CNetAddr(s6->sin6_addr, s6->sin6_scope_id);
+        }
+        /* Never allow resolving to an internal address. Consider any such result invalid */
+        if (!resolved.IsInternal()) {
+            vIP.push_back(resolved);
         }
 
         aiTrav = aiTrav->ai_next;
diff --git a/src/test/netbase_tests.cpp b/src/test/netbase_tests.cpp
@@ -113,6 +113,11 @@ BOOST_AUTO_TEST_CASE(netbase_lookupnumeric)
     BOOST_CHECK(TestParse("[::]:8333", "[::]:8333"));
     BOOST_CHECK(TestParse("[127.0.0.1]", "127.0.0.1:65535"));
     BOOST_CHECK(TestParse(":::", "[::]:0"));
+
+    // verify that an internal address fails to resolve
+    BOOST_CHECK(TestParse("[fd6b:88c0:8724:1:2:3:4:5]", "[::]:0"));
+    // and that a one-off resolves correctly
+    BOOST_CHECK(TestParse("[fd6c:88c0:8724:1:2:3:4:5]", "[fd6c:88c0:8724:1:2:3:4:5]:65535"));
 }
 
 BOOST_AUTO_TEST_CASE(onioncat_test)

Original file line number	Diff line number	Diff line change
`@@ -108,17 +108,22 @@ bool static LookupIntern(const char *pszName, std::vector<CNetAddr>& vIP, unsign`
`108`	`108`	`struct addrinfo *aiTrav = aiRes;`
`109`	`109`	`while (aiTrav != NULL && (nMaxSolutions == 0 \|\| vIP.size() < nMaxSolutions))`
`110`	`110`	`{`
	`111`	`+ CNetAddr resolved;`
`111`	`112`	`if (aiTrav->ai_family == AF_INET)`
`112`	`113`	`{`
`113`	`114`	`assert(aiTrav->ai_addrlen >= sizeof(sockaddr_in));`
`114`		`- vIP.push_back(CNetAddr(((struct sockaddr_in*)(aiTrav->ai_addr))->sin_addr));`
	`115`	`+ resolved = CNetAddr(((struct sockaddr_in*)(aiTrav->ai_addr))->sin_addr);`
`115`	`116`	`}`
`116`	`117`
`117`	`118`	`if (aiTrav->ai_family == AF_INET6)`
`118`	`119`	`{`
`119`	`120`	`assert(aiTrav->ai_addrlen >= sizeof(sockaddr_in6));`
`120`	`121`	`struct sockaddr_in6* s6 = (struct sockaddr_in6*) aiTrav->ai_addr;`
`121`		`- vIP.push_back(CNetAddr(s6->sin6_addr, s6->sin6_scope_id));`
	`122`	`+ resolved = CNetAddr(s6->sin6_addr, s6->sin6_scope_id);`
	`123`	`+ }`
	`124`	`+ /* Never allow resolving to an internal address. Consider any such result invalid */`
	`125`	`+ if (!resolved.IsInternal()) {`
	`126`	`+ vIP.push_back(resolved);`
`122`	`127`	`}`
`123`	`128`
`124`	`129`	`aiTrav = aiTrav->ai_next;`