Homec4science
Diffusion Phabricator 5a060b34df81

Add IPv6 reserved addresses to the default outbound blacklist
5a060b34df81
Actions

Authored by epriestley <git@epriestley.com> on Dec 5 2016, 18:46.

Description

Add IPv6 reserved addresses to the default outbound blacklist

Summary:
Ref T11939. Depends on D16984. Now that CIDRLists can contain IPv6 addresses, blacklist all of the reserved IPv6 space.

This reserved blacklist is used to prevent users from accessing internal services via "Import Calendar" or "Add Macro".

They can't actually reach IPv6 addresses via these mechanisms yet because we need to do more work to support outbound IPv6 requests, but make sure reserved IPv6 space is blacklisted already when that support eventaully arrives.

Also, clean up some error messages (e.g., for trying to hit a bad URI in "Add Macro").

Test Plan:

  • Loaded pages with default blacklist.
  • Tried to make requests into IPv6 space.
  • Currently, this is impossible because of parse_url() and gethostynamel() calls.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T11939

Differential Revision: https://secure.phabricator.com/D16986

Details

Committed
epriestley <git@epriestley.com>Dec 5 2016, 20:20
Pushed
aubortJan 31 2017, 17:16
Parents
rPH4a6229ee693b: Remove some no-op "canUninstall()" Application methods
Branches
Unknown
Tags
Unknown

Event Timeline

epriestley <git@epriestley.com> committed rPH5a060b34df81: Add IPv6 reserved addresses to the default outbound blacklist (authored by epriestley <git@epriestley.com>).Dec 5 2016, 20:20

Changes (2)

Path
Msrc/applications/config/option/PhabricatorSecurityConfigOptions.php
Msrc/infrastructure/env/PhabricatorEnv.php

rPH5a060b34df81

View Options

src/applications/config/option/PhabricatorSecurityConfigOptions.php

Loading...
View Options

src/infrastructure/env/PhabricatorEnv.php

Loading...
c4science ยท Help