mirror of
https://git.savannah.gnu.org/git/guile.git
synced 2025-05-03 05:20:16 +02:00
Reported by Christopher Allan Webber <cwebber@dustycloud.org> Co-authored-by: Ludovic Courtès <ludo@gnu.org> This commit adds protection to Guile's REPL servers against HTTP inter-protocol exploitation attacks, a scenario whereby an attacker can, via an HTML page, cause a web browser to send data to TCP servers listening on a loopback interface or private network. See <https://en.wikipedia.org/wiki/Inter-protocol_exploitation> and <https://www.jochentopf.com/hfpa/hfpa.pdf>, The HTML Form Protocol Attack (2001) by Tochen Topf <jochen@remote.org>. Here we add a procedure to 'before-read-hook' that looks for a possible HTTP request-line in the first line of input from the client socket. If present, the socket is drained and closed, and a loud warning is written to stderr (POSIX file descriptor 2). * module/system/repl/server.scm: Add 'maybe-check-for-http-request' to 'before-read-hook' when this module is loaded. (with-temporary-port-encoding, with-saved-port-line+column) (drain-input-and-close, permissive-http-request-line?) (check-for-http-request, guard-against-http-request) (maybe-check-for-http-request): New procedures. (serve-client): Use 'guard-against-http-request'. * module/system/repl/coop-server.scm (start-repl-client): Use 'guard-against-http-request'. * doc/ref/guile-invoke.texi (Command-line Options): In the description of the --listen option, make the security warning more prominent. Mention the new protection added here. Recommend using UNIX domain sockets for REPL servers. "a path to" => "the file name of". |
||
---|---|---|
.. | ||
maint | ||
r5rs | ||
ref | ||
.gitignore | ||
BUGS | ||
ChangeLog-2008 | ||
ChangeLog-guile-doc | ||
gendocs_template | ||
gendocs_template_min | ||
goops.mail | ||
groupings.alist | ||
guile-api.alist | ||
guile.1 | ||
hacks.el | ||
Makefile.am | ||
NEWS | ||
README | ||
recipe-guidelines.txt | ||
release.org | ||
texinfo.tex | ||
THANKS | ||
use-cases.fig | ||
use-cases.txt |
This directory contains documentation on the Guile core. -*-text-*- The documentation consists of the following manuals. - The Guile Tutorial (guile-tut.texi) contains a tutorial introduction to using Guile. - The Guile Reference Manual (guile.texi) contains (or is intended to contain) reference documentation on all aspects of Guile. - The Revised^5 Report on the Algorithmic Language Scheme (r5rs.texi). Please be aware that this is all very much work in progress (apart from the Revised^5 Report). Bug reports and contributions are welcome! The `sources' directory includes some stuff relevant to the Guile reference manual, and which may eventually be folded in to it. It's not immediately relevant, however, which is why it's not in this directory. The Revised^4 Report (r4rs.texi) is no longer in this distribution, as it is completely superseded by the Revised^5 Report. If you need to consult R4RS, it is still widely available, for example at http://www-swiss.ai.mit.edu/projects/info/SchemeDocs/r4rs/.