ogb912/opensim
1
0
Fork 0
mirror of https://github.com/opensim/opensim.git synced 2026-06-17 10:05:56 +08:00
Code Issues Packages Projects Releases Wiki Activity

Add outbound URL filter to llHttpRequest() and osSetDynamicTextureURL*() script functions.

Browse Source 
This is to address an issue where HTTP script functions could make calls to localhost and other endpoints inside the simulator's LAN.
By default, calls to all private addresses are now blocked as per http://en.wikipedia.org/wiki/Reserved_IP_addresses
If you require exceptions to this, configure [Network] OutboundDisallowForUserScriptsExcept in OpenSim.ini
This commit is contained in:
Justin Clark-Casey (justincc)
2015-03-04 17:29:13 +00:00
parent 1a185a048b
commit 56dcb4e283
10 changed files with 499 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
OpenSim/Region/ScriptEngine/Shared/Api/Implementation/LSL_Api.cs
View File

@@ -11004,8 +11004,12 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
}
}
HttpInitialRequestStatus status;
UUID reqID
= httpScriptMod.StartHttpRequest(m_host.LocalId, m_item.ItemID, url, param, httpHeaders, body);
= httpScriptMod.StartHttpRequest(m_host.LocalId, m_item.ItemID, url, param, httpHeaders, body, out status);
if (status == HttpInitialRequestStatus.DISALLOWED_BY_FILTER)
Error("llHttpRequest", string.Format("Request to {0} disallowed by filter", url));
if (reqID != UUID.Zero)
return reqID.ToString();