[package] uhttpd: add option to reject requests from RFC1918 IPs to public server IPs (DNS rebinding countermeasure)

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@22589 3c298f89-4303-0410-b956-a3cf2f4a3e73

1 files changed, 15 insertions, 0 deletions

diff --git a/package/uhttpd/src/uhttpd-utils.c b/package/uhttpd/src/uhttpd-utils.c
index 60badf26df..4a1423c715 100644
--- a/package/uhttpd/src/uhttpd-utils.c
+++ b/package/uhttpd/src/uhttpd-utils.c
@@ -59,6 +59,21 @@ int sa_port(void *sa)
 	return ntohs(((struct sockaddr_in6 *)sa)->sin6_port);
 }
 
+int sa_rfc1918(void *sa)
+{
+	struct sockaddr_in *v4 = (struct sockaddr_in *)sa;
+	unsigned long a = htonl(v4->sin_addr.s_addr);
+
+	if( v4->sin_family == AF_INET )
+	{
+		return ((a >= 0x0A000000) && (a <= 0x0AFFFFFF)) ||
+		       ((a >= 0xAC100000) && (a <= 0xAC1FFFFF)) ||
+		       ((a >= 0xC0A80000) && (a <= 0xC0A8FFFF));
+	}
+
+	return 0;
+}
+
 /* Simple strstr() like function that takes len arguments for both haystack and needle. */
 char *strfind(char *haystack, int hslen, const char *needle, int ndlen)
 {