Search
j0ke.net Open Build Service
>
Projects
>
internetx
:
projects
:
sysutils
>
fish
> fish-upstream-CVE-2014-2914.patch
Sign Up
|
Log In
Username
Password
Cancel
Overview
Repositories
Revisions
Requests
Users
Advanced
Attributes
Meta
File fish-upstream-CVE-2014-2914.patch of Package fish
From 10642a34f17ae45bd93be3ae6021ee920d3da0c2 Mon Sep 17 00:00:00 2001 Message-Id: <10642a34f17ae45bd93be3ae6021ee920d3da0c2.1398707555.git.luto@amacapital.net> In-Reply-To: <3c5d5b344ee945b99e4bb16a44af6f293601813d.1398707555.git.luto@amacapital.net> References: <3c5d5b344ee945b99e4bb16a44af6f293601813d.1398707555.git.luto@amacapital.net> From: Anders Bergh <anders1@gmail.com> Date: Tue, 4 Mar 2014 09:59:26 +0100 Subject: [PATCH 2/4] fish_config: Listen on both IPv6 and IPv4. A subclass of TCPServer was created to deny any non-local connections and to listen using an IPv6 socket. --- share/tools/web_config/webconfig.py | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/share/tools/web_config/webconfig.py b/share/tools/web_config/webconfig.py index f735a02..1b9250b 100755 --- a/share/tools/web_config/webconfig.py +++ b/share/tools/web_config/webconfig.py @@ -250,6 +250,16 @@ class FishVar: if self.exported: flags.append('exported') return [self.name, self.value, ', '.join(flags)] +class FishConfigTCPServer(SocketServer.TCPServer): + """TCPServer that only accepts connections from localhost (IPv4/IPv6).""" + WHITELIST = set(['::1', '::ffff:127.0.0.1', '127.0.0.1']) + + address_family = socket.AF_INET6 + + def verify_request(self, request, client_address): + return client_address[0] in FishConfigTCPServer.WHITELIST + + class FishConfigHTTPRequestHandler(SimpleHTTPServer.SimpleHTTPRequestHandler): def write_to_wfile(self, txt): @@ -613,7 +623,7 @@ PORT = 8000 while PORT <= 9000: try: Handler = FishConfigHTTPRequestHandler - httpd = SocketServer.TCPServer(("", PORT), Handler) + httpd = FishConfigTCPServer(("::", PORT), Handler) # Success break except socket.error: -- 1.9.0
