Annikka/evennia
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Guard against HTTP input on the Telnet port. Resolve #2004

Browse source
This commit is contained in:
Griatch 2019-12-20 20:22:55 +01:00
parent 8685de3c56
commit 3c08447f59
1 changed files with 24 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

24
evennia/server/portal/telnet.py
View file

@ -40,6 +40,22 @@ _RE_SCREENREADER_REGEX = re.compile(
) )
_IDLE_COMMAND = str.encode(settings.IDLE_COMMAND + "\n") _IDLE_COMMAND = str.encode(settings.IDLE_COMMAND + "\n")
# identify HTTP indata
_HTTP_REGEX = re.compile(
b"(GET|HEAD|POST|PUT|DELETE|TRACE|OPTIONS|CONNECT|PATCH) (.*? HTTP/[0-9]\.[0-9])",
re.I,
)
_HTTP_WARNING = bytes(
"""
This is Evennia's Telnet port and cannot be used for regular HTTP traffic.
Use a telnet client to connect here and point your browser to the server's
dedicated web port instead.
""".strip(),
"utf-8",
)
class TelnetServerFactory(protocol.ServerFactory): class TelnetServerFactory(protocol.ServerFactory):
"This is only to name this better in logs" "This is only to name this better in logs"
@ -253,6 +269,14 @@ class TelnetProtocol(Telnet, StatefulTelnetProtocol, Session):
data = [_IDLE_COMMAND] data = [_IDLE_COMMAND]
else: else:
data = _RE_LINEBREAK.split(data) data = _RE_LINEBREAK.split(data)
if len(data) > 2 and _HTTP_REGEX.match(data[0]):
# guard against HTTP request on the Telnet port; we
# block and kill the connection.
self.transport.write(_HTTP_WARNING)
self.transport.loseConnection()
return
if self.line_buffer and len(data) > 1: if self.line_buffer and len(data) > 1:
# buffer exists, it is terminated by the first line feed # buffer exists, it is terminated by the first line feed
data[0] = self.line_buffer + data[0] data[0] = self.line_buffer + data[0]