From 3d99f030820877eb84835fb1be66a7db3f5b0c68 Mon Sep 17 00:00:00 2001
From: Jo-Philipp Wich <jow@openwrt.org>
Date: Wed, 11 Aug 2010 00:05:34 +0000
Subject: uhttpd: add option to reject requests from RFC1918 IPs to public
 server IPs (DNS rebinding countermeasure)

SVN-Revision: 22589
---
 package/uhttpd/src/uhttpd-utils.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

(limited to 'package/uhttpd/src/uhttpd-utils.c')

diff --git a/package/uhttpd/src/uhttpd-utils.c b/package/uhttpd/src/uhttpd-utils.c
index 60badf26df..4a1423c715 100644
--- a/package/uhttpd/src/uhttpd-utils.c
+++ b/package/uhttpd/src/uhttpd-utils.c
@@ -59,6 +59,21 @@ int sa_port(void *sa)
 	return ntohs(((struct sockaddr_in6 *)sa)->sin6_port);
 }
 
+int sa_rfc1918(void *sa)
+{
+	struct sockaddr_in *v4 = (struct sockaddr_in *)sa;
+	unsigned long a = htonl(v4->sin_addr.s_addr);
+
+	if( v4->sin_family == AF_INET )
+	{
+		return ((a >= 0x0A000000) && (a <= 0x0AFFFFFF)) ||
+		       ((a >= 0xAC100000) && (a <= 0xAC1FFFFF)) ||
+		       ((a >= 0xC0A80000) && (a <= 0xC0A8FFFF));
+	}
+
+	return 0;
+}
+
 /* Simple strstr() like function that takes len arguments for both haystack and needle. */
 char *strfind(char *haystack, int hslen, const char *needle, int ndlen)
 {
-- 
cgit v1.2.3