Fix DDOS and SSRF security issues with Cling dependency

Description : 4thline/cling#253
JasonMahdjoub · Aug 19, 2021 · 27c85a9 · 27c85a9
1 parent 62b47a2
commit 27c85a9
Show file tree

Hide file tree

Showing 5 changed files with 407 additions and 104 deletions.
diff --git a/MaDKitLanEdition/src/main/java/com/distrimind/madkit/kernel/Madkit.java b/MaDKitLanEdition/src/main/java/com/distrimind/madkit/kernel/Madkit.java
@@ -150,7 +150,8 @@ static Version getNewVersionInstance()
 							.addItem("Disable useless server stream into Upnp IGD")
 							.addItem("UPNP IGD test pass")
 							.addItem("Fix issue when determining if a local ip is compatible with another ip")
-							.addItem("Fix XXE issue with Cling dependency")
+							.addItem("Fix XXE security issue with Cling dependency : https://github.com/4thline/cling/issues/243")
+							.addItem("Fix DDOS and SSRF security issues with Cling dependency : https://github.com/4thline/cling/issues/253")
 					)
 					.addDescription(new Description((short)2, (short)2, (short)0, Version.Type.BETA, (short)1, "2021-07-07")
 							.addItem("Update Utils to 5.18.5 STABLE")

diff --git a/MaDKitLanEdition/src/main/java/com/distrimind/madkit/kernel/network/InetAddressFilter.java b/MaDKitLanEdition/src/main/java/com/distrimind/madkit/kernel/network/InetAddressFilter.java
@@ -41,6 +41,7 @@
 import java.net.InterfaceAddress;
 import java.net.NetworkInterface;
 import java.net.SocketException;
+import java.util.Locale;
 
 import com.distrimind.util.properties.MultiFormatProperties;
 
@@ -176,4 +177,55 @@ public static boolean isSameLocalNetwork(InetAddress ia1, InetAddress ia2) throw
 
 	}
 
+	public static boolean isValidNetworkInterface(NetworkInterface ni) {
+		try {
+			if (!ni.isUp()) {
+				return false;
+			}
+
+			if (!ni.getInetAddresses().hasMoreElements()) {
+				return false;
+			}
+
+			if (ni.getName().toLowerCase(Locale.ROOT).startsWith("vmnet") ||
+					(ni.getDisplayName() != null && ni.getDisplayName().toLowerCase(Locale.ROOT).contains("vmnet"))) {
+				return false;
+			}
+
+			if (ni.getName().toLowerCase(Locale.ROOT).startsWith("vnic")) {
+				return false;
+			}
+
+			if (ni.getName().toLowerCase(Locale.ROOT).startsWith("vboxnet")) {
+				return false;
+			}
+
+			if (ni.getName().toLowerCase(Locale.ROOT).contains("virtual")) {
+				return false;
+			}
+
+			if (ni.getName().toLowerCase(Locale.ROOT).startsWith("ppp")) {
+				return false;
+			}
+
+
+			long addr = getHardwareAddressIntoLongValue(ni.getHardwareAddress());
+			return (addr != 0 || ni.isLoopback()) && addr != 224;
+		} catch (SocketException e) {
+			return false;
+		}
+
+	}
+	public static long getHardwareAddressIntoLongValue(byte[] hardwareAddress) {
+		long result = 0;
+		if (hardwareAddress != null) {
+			for (final byte value : hardwareAddress) {
+				result <<= 8;
+				result |= value & 255;
+			}
+		}
+		return result;
+	}
+
+
 }
diff --git a/MaDKitLanEdition/src/main/java/com/distrimind/madkit/kernel/network/LocalNetworkAgent.java b/MaDKitLanEdition/src/main/java/com/distrimind/madkit/kernel/network/LocalNetworkAgent.java
@@ -132,21 +132,7 @@ private LocalNetworkAgent(NetworkInterface ni, InterfaceAddress ia1, InterfaceAd
 
 	static ArrayList<LocalNetworkAgent> extractLocalNetworkAgents(NetworkInterface ni, ArrayList<InterfaceAddress> list) {
 		ArrayList<LocalNetworkAgent> res = new ArrayList<>();
-		if (list.size() == 1) {
-			res.add(new LocalNetworkAgent(ni, list.iterator().next()));
-		} else if (list.size() == 2) {
-			try {
-				Iterator<InterfaceAddress> it = list.iterator();
-				res.add(new LocalNetworkAgent(ni, it.next(), it.next()));
-			} catch (Exception e) {
-				res.clear();
-				Iterator<InterfaceAddress> it = list.iterator();
-				res.add(new LocalNetworkAgent(ni, it.next()));
-				res.add(new LocalNetworkAgent(ni, it.next()));
-			}
-		} else {
-			for (InterfaceAddress aList : list) res.add(new LocalNetworkAgent(ni, aList));
-		}
+		for (InterfaceAddress aList : list) res.add(new LocalNetworkAgent(ni, aList));
 		return res;
 	}
 
@@ -210,6 +196,7 @@ private static ArrayList<LocalNetworkAgent> putNetworkInterface(List<LocalNetwor
 					not_found_addresses.add(ia);
 			}
 		}
+
 		if (found_lna_match.size() > 0) {
 			for (LocalNetworkAgent lna : found_lna_match)
 				lna.receiveMessage(new NetworkInterfaceAddedMessage(ni));
@@ -274,12 +261,22 @@ static class ActivateAskConnection extends Message {
 	 * 
 	 * } } }
 	 */
-	private boolean isConcernedBy(NetworkInterface ni) {
-		for (InterfaceAddress ia : ni.getInterfaceAddresses()) {
+
+
+
+
+
+	private boolean isConcernedBy(NetworkInterface iface) {
+		/*if (!InetAddressFilter.isValidNetworkInterface(iface)) {
+			return false;
+		}*/
+
+		for (InterfaceAddress ia : iface.getInterfaceAddresses()) {
 			if (isConcernedBy(ia))
 				return true;
 		}
 		return false;
+
 	}
 
 	private boolean isConcernedBy(InterfaceAddress ia) {