mirror/guile
mirror/guile
1
Fork 0
mirror of https://git.savannah.gnu.org/git/guile.git synced 2025-06-04 11:10:27 +02:00
Code Activity
guile/doc/ref
History
Mark H Weaver 08c021916d REPL Server: Guard against HTTP inter-protocol exploitation attacks. 
Reported by Christopher Allan Webber <cwebber@dustycloud.org>
Co-authored-by: Ludovic Courtès <ludo@gnu.org>

This commit adds protection to Guile's REPL servers against HTTP
inter-protocol exploitation attacks, a scenario whereby an attacker can,
via an HTML page, cause a web browser to send data to TCP servers
listening on a loopback interface or private network.  See
<https://en.wikipedia.org/wiki/Inter-protocol_exploitation> and
<https://www.jochentopf.com/hfpa/hfpa.pdf>, The HTML Form Protocol
Attack (2001) by Tochen Topf <jochen@remote.org>.

Here we add a procedure to 'before-read-hook' that looks for a possible
HTTP request-line in the first line of input from the client socket.  If
present, the socket is drained and closed, and a loud warning is written
to stderr (POSIX file descriptor 2).

* module/system/repl/server.scm: Add 'maybe-check-for-http-request'
to 'before-read-hook' when this module is loaded.
(with-temporary-port-encoding, with-saved-port-line+column)
(drain-input-and-close, permissive-http-request-line?)
(check-for-http-request, guard-against-http-request)
(maybe-check-for-http-request): New procedures.
(serve-client): Use 'guard-against-http-request'.
* module/system/repl/coop-server.scm (start-repl-client): Use
'guard-against-http-request'.
* doc/ref/guile-invoke.texi (Command-line Options): In the description
of the --listen option, make the security warning more prominent.
Mention the new protection added here.  Recommend using UNIX domain
sockets for REPL servers.  "a path to" => "the file name of".
2016-10-11 11:29:09 +02:00
..
.gitignore add www-commit rule in doc/ref 2010-12-17 16:41:58 +01:00
api-binding.texi Fix typo about variable definitions 2016-08-08 22:20:51 +02:00
api-compound.texi Documentation fixes 2016-08-08 22:20:51 +02:00
api-control.texi Documentation fixes 2016-08-08 22:20:51 +02:00
api-coverage.texi Manual sections don't need a page break before 2010-10-31 08:34:05 +00:00
api-data.texi Add 'scm_to_uintptr_t' and 'scm_from_uintptr_t'. 2016-10-11 10:57:18 +02:00
api-debug.texi Add GDB extension to support Guile. 2014-02-18 23:04:33 +01:00
api-deprecated.texi
api-evaluation.texi doc: Add unquote and unquote-splicing examples. 2016-07-22 16:40:01 +02:00
api-foreign.texi doc: Do not gender the programmer. 2016-07-16 10:59:54 +02:00
api-i18n.texi Fix minor mistakes in documentation. 2013-09-30 12:46:01 -04:00
api-init.texi
api-io.texi doc: Clarify the unit of the 'offset' argument of 'seek'. 2014-12-03 19:07:28 +01:00
api-lalr.texi Manual sections don't need a page break before 2010-10-31 08:34:05 +00:00
api-languages.texi
api-macros.texi Clarify datum->syntax documentation. 2015-09-02 14:08:46 -04:00
api-memory.texi Clarify use of the term "scanning" in the manual 2016-06-26 22:27:18 +02:00
api-modules.texi Fix typo in manual. 2015-06-19 15:43:58 -04:00
api-options.texi Add popen feature 2016-07-14 16:33:32 +02:00
api-overview.texi Manual typo fix 2010-12-23 12:17:26 +00:00
api-procedures.texi Fix minor mistakes in documentation. 2013-09-30 12:46:01 -04:00
api-regex.texi Add reference to the lack of "non-greedy" variants 2016-06-21 17:55:37 +02:00
api-scheduling.texi Allow #f as timeout argument to unlock-mutex and SRFI-18 mutex-unlock! 2013-06-10 02:34:21 -04:00
api-scm.texi
api-smobs.texi doc: smobs: Fix typos. 2016-06-28 22:51:57 +02:00
api-snarf.texi
api-undocumented.texi excise use of "iff" in the manual 2013-03-10 22:29:18 +01:00
api-utility.texi Revert foreign objects. 2016-02-01 22:29:33 +01:00
api.txt
ChangeLog-2008
ChangeLog-goops-2008
ChangeLog-guile-doc-ref
compiler.texi docs: Fix external representation of <toplevel-define> in tree-il. 2015-09-17 22:32:10 -04:00
curried.texi Document (ice-9 curried definitions) 2012-09-06 22:15:40 +01:00
data-rep.texi doc: Update libgc URL. 2015-04-03 16:35:54 +02:00
effective-version.texi.in
expect.texi
fdl.texi
gds.dia
gds.eps
gds.pdf
gds.txt
goops-tutorial.texi Merge tutorial' and reference' treatments of the same basic GOOPS 2010-12-06 22:28:39 +00:00
goops.texi GOOPS doc fix: #:dsupers is the init keyword for the dsupers slot. 2013-12-01 18:41:31 -05:00
guile-invoke.texi REPL Server: Guard against HTTP inter-protocol exploitation attacks. 2016-10-11 11:29:09 +02:00
guile.texi Revert foreign objects. 2016-02-01 22:29:33 +01:00
hierarchy.dot doc/ref/hierarchy.png: conform to hierarchy.txt and manual 2013-01-15 19:17:55 +01:00
hierarchy.eps doc/ref/hierarchy.png: conform to hierarchy.txt and manual 2013-01-15 19:17:55 +01:00
hierarchy.pdf doc/ref/hierarchy.png: conform to hierarchy.txt and manual 2013-01-15 19:17:55 +01:00
hierarchy.png doc/ref/hierarchy.png: conform to hierarchy.txt and manual 2013-01-15 19:17:55 +01:00
hierarchy.txt
history.texi doc: Set document encoding to UTF-8; typeset my surname correctly. 2011-12-14 22:26:15 +01:00
indices.texi Procedure/macro index includes Autoconf macros 2011-02-13 22:28:25 +00:00
intro.texi excise use of "iff" in the manual 2013-03-10 22:29:18 +01:00
libguile-autoconf.texi manual: reorganize autoconf, pkg-config info 2011-10-12 17:12:29 +02:00
libguile-concepts.texi Clarify use of the term "scanning" in the manual 2016-06-26 22:27:18 +02:00
libguile-extensions.texi @value{EFFECTIVE-VERSION} instead of 2.0 in some places in the manual 2011-02-20 13:16:37 +01:00
libguile-linking.texi doc: embedding example more readable. 2014-01-17 22:22:02 +01:00
libguile-parallel.texi Add the 'guild' and 'guile' variables to 'guile-2.0.pc'. 2014-12-03 18:59:36 +01:00
libguile-program.texi Revert foreign objects. 2016-02-01 22:29:33 +01:00
libguile-smobs.texi Revert foreign objects. 2016-02-01 22:29:33 +01:00
libguile-snarf.texi Prefer foreign objects over smobs in manual 2014-04-28 18:00:05 +02:00
Makefile.am Add meta/build-env 2016-07-10 13:21:38 +02:00
match.texi doc: Strengthen the case for pattern matching. 2012-11-17 16:14:02 +01:00
misc-modules.texi Document pretty-print #:max-expr-width 2016-06-21 18:05:10 +02:00
mod-getopt-long.texi Add documentation pointer from getopt-long to SRFI-37. 2016-06-26 22:38:00 +02:00
mop.text
new-docstrings.texi
posix.texi Remove 'umask' calls from 'mkdir'. 2016-10-11 10:23:57 +02:00
preface.texi doc: Set document encoding to UTF-8; typeset my surname correctly. 2011-12-14 22:26:15 +01:00
r6rs.texi Fix R6RS fold-left documentation 2016-06-26 22:26:59 +02:00
repl-modules.texi fix documentation for option-set! syntaxen 2011-05-20 11:54:46 +02:00
scheme-ideas.texi Document (ice-9 curried definitions) 2012-09-06 22:15:40 +01:00
scheme-indices.texi
scheme-intro.texi
scheme-reading.texi fix urls in docs 2011-11-16 23:21:59 +01:00
scheme-scripts.texi better invocation documentation 2011-06-30 13:19:04 +02:00
scheme-using.texi add %site-ccache-dir 2013-03-10 23:20:22 +01:00
scheme.dia
scheme.eps
scheme.pdf
scheme.txt
scsh.texi
slib.texi docs: fix typos in manual, and a couple in code comments. 2011-02-09 22:28:49 +00:00
srfi-modules.texi Manual recommends against SRFI-10 2016-08-07 13:31:37 +02:00
statprof.texi statprof: 'statprof' and 'with-statprof' return the code's return values. 2015-01-11 20:44:44 +01:00
sxml-match.texi Fix typo about pattern variables 2016-08-07 13:31:43 +02:00
sxml.texi doc: Do not gender the programmer. 2016-07-16 10:59:54 +02:00
texinfo.texi Fix typo in `transform-string' doc. 2014-06-04 20:59:36 -04:00
tools.texi Prefer foreign objects over smobs in manual 2014-04-28 18:00:05 +02:00
tour.texi doc: Use scm_{to,from}_double instead of old API in example. 2012-09-03 22:35:33 +02:00
vm.texi case-lambda* clauses fail to match if too many positionals 2013-01-14 11:38:09 +01:00
web.texi Fix uri-decode behavior for "+" 2016-06-21 18:02:03 +02:00