From 2d699cd5dac48dcdd4318edeb2a27c9a10770742 Mon Sep 17 00:00:00 2001
From: Brendan Coles <bcoles@gmail.com>
Date: Sun, 12 Apr 2020 04:01:34 +0000
Subject: LibWeb: Add port blacklist for ResourceLoader::load

`ResourceLoader::load` now rejects URLs which specify a `port`
associated with network services known to be vulnerable to
inter-protocol exploitation.

Fixes #1735
---
 Libraries/LibWeb/ResourceLoader.cpp | 17 +++++++++++++++++
 Libraries/LibWeb/ResourceLoader.h   |  1 +
 2 files changed, 18 insertions(+)

diff --git a/Libraries/LibWeb/ResourceLoader.cpp b/Libraries/LibWeb/ResourceLoader.cpp
index 7ef40f5cf5..cddb11ca2a 100644
--- a/Libraries/LibWeb/ResourceLoader.cpp
+++ b/Libraries/LibWeb/ResourceLoader.cpp
@@ -67,6 +67,11 @@ void ResourceLoader::load_sync(const URL& url, Function<void(const ByteBuffer&)>
 
 void ResourceLoader::load(const URL& url, Function<void(const ByteBuffer&)> success_callback, Function<void(const String&)> error_callback)
 {
+    if (is_port_blocked(url.port())) {
+	dbg() << "ResourceLoader::load: Error: blocked port " << url.port() << " for URL: " << url;
+	return;
+    }
+
     if (url.protocol() == "file") {
         auto f = Core::File::construct();
         f->set_filename(url.path());
@@ -112,4 +117,16 @@ void ResourceLoader::load(const URL& url, Function<void(const ByteBuffer&)> succ
         error_callback(String::format("Protocol not implemented: %s", url.protocol().characters()));
 }
 
+bool ResourceLoader::is_port_blocked(int port) {
+    int ports[] { 1, 7, 9, 11, 13, 15, 17, 19, 20, 21, 22, 23, 25, 37, 42,
+        43, 53, 77, 79, 87, 95, 101, 102, 103, 104, 109, 110, 111, 113,
+        115, 117, 119, 123, 135, 139, 143, 179, 389, 465, 512, 513, 514,
+        515, 526, 530, 531, 532, 540, 556, 563, 587, 601, 636, 993, 995,
+        2049, 3659, 4045, 6000, 6379, 6665, 6666, 6667, 6668, 6669, 9000 };
+    for (auto blocked_port : ports)
+        if (port == blocked_port)
+            return true;
+    return false;
+}
+
 }
diff --git a/Libraries/LibWeb/ResourceLoader.h b/Libraries/LibWeb/ResourceLoader.h
index 4a98b16591..9adfc169ee 100644
--- a/Libraries/LibWeb/ResourceLoader.h
+++ b/Libraries/LibWeb/ResourceLoader.h
@@ -55,6 +55,7 @@ private:
 
     Protocol::Client& protocol_client() { return *m_protocol_client; }
     RefPtr<Protocol::Client> m_protocol_client;
+    bool is_port_blocked(int port);
 };
 
 }
-- 
cgit v1.2.3