Check for port forwarding to privileged port on local address

Refs #345
2016-02-26 10:32:05 +01:00 · 2016-02-26 10:32:05 +01:00 · 26737ff1f5
parent f6f0f62688
commit 26737ff1f5
2 changed files with 17 additions and 1 deletions
--- a/app/src/main/java/eu/faircode/netguard/ActivityForwardApproval.java
+++ b/app/src/main/java/eu/faircode/netguard/ActivityForwardApproval.java
@ -28,6 +28,9 @@ import android.view.View;
 import android.widget.Button;
 import android.widget.TextView;

+import java.net.InetAddress;
+import java.net.UnknownHostException;
+
 public class ActivityForwardApproval extends Activity {
    private static final String TAG = "NetGuard.Forward";
    private static final String ACTION_START_PORT_FORWARD = "eu.faircode.netguard.START_PORT_FORWARD";
@ -49,6 +52,15 @@ public class ActivityForwardApproval extends Activity {
        final int ruid = getIntent().getIntExtra("ruid", 0);
        final String raddr = (addr == null ? "127.0.0.1" : addr);

+        try {
+            InetAddress iraddr = InetAddress.getByName(raddr);
+            if (rport < 1024 && (iraddr.isLoopbackAddress() || iraddr.isAnyLocalAddress()))
+                throw new IllegalArgumentException("Port forwarding to privileged port on local address not possible");
+        } catch (Throwable ex) {
+            Log.e(TAG, ex.toString() + "\n" + Log.getStackTraceString(ex));
+            finish();
+        }
+
        String pname;
        if (protocol == 6)
            pname = getString(R.string.menu_protocol_tcp);
--- a/app/src/main/java/eu/faircode/netguard/ActivityForwarding.java
+++ b/app/src/main/java/eu/faircode/netguard/ActivityForwarding.java
@ -194,11 +194,15 @@ public class ActivityForwarding extends AppCompatActivity {
                                    final String raddr = etRAddr.getText().toString();
                                    final int rport = Integer.parseInt(etRPort.getText().toString());
                                    final int ruid = ((Rule) spRuid.getSelectedItem()).info.applicationInfo.uid;
+
+                                    InetAddress iraddr = InetAddress.getByName(raddr);
+                                    if (rport < 1024 && (iraddr.isLoopbackAddress() || iraddr.isAnyLocalAddress()))
+                                        throw new IllegalArgumentException("Port forwarding to privileged port on local address not possible");
+
                                    new AsyncTask<Object, Object, Throwable>() {
                                        @Override
                                        protected Throwable doInBackground(Object... objects) {
                                            try {
-                                                InetAddress.getByName(raddr);
                                                DatabaseHelper.getInstance(ActivityForwarding.this)
                                                        .addForward(protocol, dport, raddr, rport, ruid);
                                                return null;