aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/OpenSim/Region/CoreModules/Scripting/LoadImageURL/LoadImageURLModule.cs
diff options
context:
space:
mode:
authorJustin Clark-Casey (justincc)2015-03-04 17:43:00 +0000
committerJustin Clark-Casey (justincc)2015-03-04 18:27:50 +0000
commit7d3bafd5abf22f5c1ea3c3d8918d9b8177693bda (patch)
treee50126a4e6c23ac747bf0842774538dc731d2d85 /OpenSim/Region/CoreModules/Scripting/LoadImageURL/LoadImageURLModule.cs
parentusability fixes for LSL API (diff)
downloadopensim-SC_OLD-7d3bafd5abf22f5c1ea3c3d8918d9b8177693bda.zip
opensim-SC_OLD-7d3bafd5abf22f5c1ea3c3d8918d9b8177693bda.tar.gz
opensim-SC_OLD-7d3bafd5abf22f5c1ea3c3d8918d9b8177693bda.tar.bz2
opensim-SC_OLD-7d3bafd5abf22f5c1ea3c3d8918d9b8177693bda.tar.xz
Add outbound URL filter to llHttpRequest() and osSetDynamicTextureURL*() script functions.
This is to address an issue where HTTP script functions could make calls to localhost and other endpoints inside the simulator's LAN. By default, calls to all private addresses are now blocked as per http://en.wikipedia.org/wiki/Reserved_IP_addresses If you require exceptions to this, configure [Network] OutboundDisallowForUserScriptsExcept in OpenSim.ini
Diffstat (limited to 'OpenSim/Region/CoreModules/Scripting/LoadImageURL/LoadImageURLModule.cs')
-rw-r--r--OpenSim/Region/CoreModules/Scripting/LoadImageURL/LoadImageURLModule.cs53
1 files changed, 38 insertions, 15 deletions
diff --git a/OpenSim/Region/CoreModules/Scripting/LoadImageURL/LoadImageURLModule.cs b/OpenSim/Region/CoreModules/Scripting/LoadImageURL/LoadImageURLModule.cs
index baf9f2f..7462ebd 100644
--- a/OpenSim/Region/CoreModules/Scripting/LoadImageURL/LoadImageURLModule.cs
+++ b/OpenSim/Region/CoreModules/Scripting/LoadImageURL/LoadImageURLModule.cs
@@ -32,6 +32,7 @@ using System.Net;
32using Nini.Config; 32using Nini.Config;
33using OpenMetaverse; 33using OpenMetaverse;
34using OpenMetaverse.Imaging; 34using OpenMetaverse.Imaging;
35using OpenSim.Framework.Communications;
35using OpenSim.Region.CoreModules.Scripting.DynamicTexture; 36using OpenSim.Region.CoreModules.Scripting.DynamicTexture;
36using OpenSim.Region.Framework.Interfaces; 37using OpenSim.Region.Framework.Interfaces;
37using OpenSim.Region.Framework.Scenes; 38using OpenSim.Region.Framework.Scenes;
@@ -50,6 +51,7 @@ namespace OpenSim.Region.CoreModules.Scripting.LoadImageURL
50 private Scene m_scene; 51 private Scene m_scene;
51 private IDynamicTextureManager m_textureManager; 52 private IDynamicTextureManager m_textureManager;
52 53
54 private OutboundUrlFilter m_outboundUrlFilter;
53 private string m_proxyurl = ""; 55 private string m_proxyurl = "";
54 private string m_proxyexcepts = ""; 56 private string m_proxyexcepts = "";
55 57
@@ -88,8 +90,7 @@ namespace OpenSim.Region.CoreModules.Scripting.LoadImageURL
88 90
89 public bool AsyncConvertUrl(UUID id, string url, string extraParams) 91 public bool AsyncConvertUrl(UUID id, string url, string extraParams)
90 { 92 {
91 MakeHttpRequest(url, id); 93 return MakeHttpRequest(url, id);
92 return true;
93 } 94 }
94 95
95 public bool AsyncConvertData(UUID id, string bodyData, string extraParams) 96 public bool AsyncConvertData(UUID id, string bodyData, string extraParams)
@@ -110,6 +111,7 @@ namespace OpenSim.Region.CoreModules.Scripting.LoadImageURL
110 111
111 public void Initialise(IConfigSource config) 112 public void Initialise(IConfigSource config)
112 { 113 {
114 m_outboundUrlFilter = new OutboundUrlFilter("Script dynamic texture image module", config);
113 m_proxyurl = config.Configs["Startup"].GetString("HttpProxy"); 115 m_proxyurl = config.Configs["Startup"].GetString("HttpProxy");
114 m_proxyexcepts = config.Configs["Startup"].GetString("HttpProxyExceptions"); 116 m_proxyexcepts = config.Configs["Startup"].GetString("HttpProxyExceptions");
115 } 117 }
@@ -157,9 +159,13 @@ namespace OpenSim.Region.CoreModules.Scripting.LoadImageURL
157 159
158 #endregion 160 #endregion
159 161
160 private void MakeHttpRequest(string url, UUID requestID) 162 private bool MakeHttpRequest(string url, UUID requestID)
161 { 163 {
162 WebRequest request = HttpWebRequest.Create(url); 164 if (!m_outboundUrlFilter.CheckAllowed(new Uri(url)))
165 return false;
166
167 HttpWebRequest request = (HttpWebRequest)WebRequest.Create(url);
168 request.AllowAutoRedirect = false;
163 169
164 if (!string.IsNullOrEmpty(m_proxyurl)) 170 if (!string.IsNullOrEmpty(m_proxyurl))
165 { 171 {
@@ -174,12 +180,14 @@ namespace OpenSim.Region.CoreModules.Scripting.LoadImageURL
174 } 180 }
175 } 181 }
176 182
177 RequestState state = new RequestState((HttpWebRequest) request, requestID); 183 RequestState state = new RequestState(request, requestID);
178 // IAsyncResult result = request.BeginGetResponse(new AsyncCallback(HttpRequestReturn), state); 184 // IAsyncResult result = request.BeginGetResponse(new AsyncCallback(HttpRequestReturn), state);
179 request.BeginGetResponse(new AsyncCallback(HttpRequestReturn), state); 185 request.BeginGetResponse(new AsyncCallback(HttpRequestReturn), state);
180 186
181 TimeSpan t = (DateTime.UtcNow - new DateTime(1970, 1, 1)); 187 TimeSpan t = (DateTime.UtcNow - new DateTime(1970, 1, 1));
182 state.TimeOfRequest = (int) t.TotalSeconds; 188 state.TimeOfRequest = (int) t.TotalSeconds;
189
190 return true;
183 } 191 }
184 192
185 private void HttpRequestReturn(IAsyncResult result) 193 private void HttpRequestReturn(IAsyncResult result)
@@ -195,10 +203,11 @@ namespace OpenSim.Region.CoreModules.Scripting.LoadImageURL
195 Stream stream = null; 203 Stream stream = null;
196 byte[] imageJ2000 = new byte[0]; 204 byte[] imageJ2000 = new byte[0];
197 Size newSize = new Size(0, 0); 205 Size newSize = new Size(0, 0);
206 HttpWebResponse response = null;
198 207
199 try 208 try
200 { 209 {
201 HttpWebResponse response = (HttpWebResponse)request.EndGetResponse(result); 210 response = (HttpWebResponse)request.EndGetResponse(result);
202 if (response != null && response.StatusCode == HttpStatusCode.OK) 211 if (response != null && response.StatusCode == HttpStatusCode.OK)
203 { 212 {
204 stream = response.GetResponseStream(); 213 stream = response.GetResponseStream();
@@ -262,18 +271,32 @@ namespace OpenSim.Region.CoreModules.Scripting.LoadImageURL
262 finally 271 finally
263 { 272 {
264 if (stream != null) 273 if (stream != null)
265 {
266 stream.Close(); 274 stream.Close();
267 }
268 }
269 275
270 m_log.DebugFormat("[LOADIMAGEURLMODULE]: Returning {0} bytes of image data for request {1}", 276 if (response != null)
271 imageJ2000.Length, state.RequestID); 277 response.Close();
272 278
273 m_textureManager.ReturnData( 279 if (
274 state.RequestID, 280 response.StatusCode == HttpStatusCode.MovedPermanently
275 new OpenSim.Region.CoreModules.Scripting.DynamicTexture.DynamicTexture( 281 || response.StatusCode == HttpStatusCode.Found
276 request.RequestUri, null, imageJ2000, newSize, false)); 282 || response.StatusCode == HttpStatusCode.SeeOther
283 || response.StatusCode == HttpStatusCode.TemporaryRedirect)
284 {
285 string redirectedUrl = response.Headers["Location"];
286
287 MakeHttpRequest(redirectedUrl, state.RequestID);
288 }
289 else
290 {
291 m_log.DebugFormat("[LOADIMAGEURLMODULE]: Returning {0} bytes of image data for request {1}",
292 imageJ2000.Length, state.RequestID);
293
294 m_textureManager.ReturnData(
295 state.RequestID,
296 new OpenSim.Region.CoreModules.Scripting.DynamicTexture.DynamicTexture(
297 request.RequestUri, null, imageJ2000, newSize, false));
298 }
299 }
277 } 300 }
278 301
279 #region Nested type: RequestState 302 #region Nested type: RequestState
generated by cgit v1.1 at 2024-08-25 06:11:18 +0000