RanchiMall/fcoin
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

more safety for wsproxy.

Browse Source
This commit is contained in:
Christopher Jeffrey 2016-06-05 21:59:18 -07:00
parent 4fdea6126a
commit 3e2b0eb3fc
No known key found for this signature in database
GPG Key ID: 8962AB9DE6666BBD
1 changed files with 16 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
browser/wsproxy.js
View File

@ -47,10 +47,16 @@ module.exports = function wsproxy(options) {
if (socket)
return;
if (!utils.isNumber(port)
|| typeof host !== 'string') {
utils.error('Client gave bad arguments.');
ws.emit('tcp close');
ws.disconnect();
return;
}
if (options.pow) {
if (!utils.isNumber(port)
|| typeof host !== 'string'
|| !utils.isNumber(nonce)) {
if (!utils.isNumber(nonce)) {
utils.error('Client did not solve proof of work.');
ws.emit('tcp close');
ws.disconnect();
@ -72,6 +78,13 @@ module.exports = function wsproxy(options) {
}
}
if (!/^[a-zA-Z0-9\.:]+$/.test(host)) {
utils.error('Client gave a bad host.');
ws.emit('tcp close');
ws.disconnect();
return;
}
if (IP.isPrivate(host)) {
utils.error('Client is trying to connect to a private ip.');
ws.emit('tcp close');