[Libreoffice-commits] online.git: wsd/LOOLWSD.cpp

Thu Oct 25 20:26:04 UTC 2018

wsd/LOOLWSD.cpp |   19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

New commits:
commit bf2dcdc01f04a440c8a12d5f5e212d9bdd39c1f6
Author:     Tamás Zolnai <tamas.zolnai at collabora.com>
AuthorDate: Thu Oct 25 22:24:00 2018 +0200
Commit:     Tamás Zolnai <tamas.zolnai at collabora.com>
CommitDate: Thu Oct 25 22:25:34 2018 +0200

    Have a better log for convert-to denial
    
    Change-Id: I5c8d367b3f82d47a45df8c298e39515bc89f7b0d

diff --git a/wsd/LOOLWSD.cpp b/wsd/LOOLWSD.cpp
index 2af6a1591..c0db3952a 100644
--- a/wsd/LOOLWSD.cpp
+++ b/wsd/LOOLWSD.cpp
@@ -1940,12 +1940,19 @@ public:
         }
         return hosts.match(address);
     }
-    bool allowConvertTo(const std::string &address, const Poco::Net::HTTPRequest& request)
+    bool allowConvertTo(const std::string &address, const Poco::Net::HTTPRequest& request, bool report = false)
     {
         std::string addressToCheck = address;
         std::string hostToCheck = request.getHost();
         bool allow = allowPostFrom(addressToCheck) || StorageBase::allowedWopiHost(hostToCheck);
 
+        if(!allow)
+        {
+            if(report)
+                LOG_ERR("Requesting address is denied: " << addressToCheck);
+            return false;
+        }
+
         // Handle forwarded header and make sure all participating IPs are allowed
         if(request.has("X-Forwarded-For"))
         {
@@ -1965,6 +1972,12 @@ public:
                     // We can't find out the hostname, check the IP only
                     allow &= allowPostFrom(addressToCheck);
                 }
+                if(!allow)
+                {
+                    if(report)
+                        LOG_ERR("Requesting address is denied: " << addressToCheck);
+                    return false;
+                }
             }
         }
         return allow;
@@ -2287,10 +2300,8 @@ private:
 
             std::string format = (form.has("format") ? form.get("format") : "");
 
-            if (!allowConvertTo(socket->clientAddress(), request))
+            if (!allowConvertTo(socket->clientAddress(), request, true))
             {
-                LOG_ERR("client address DENY: " << socket->clientAddress());
-
                 std::ostringstream oss;
                 oss << "HTTP/1.1 403\r\n"
                     << "Date: " << Poco::DateTimeFormatter::format(Poco::Timestamp(), Poco::DateTimeFormat::HTTP_FORMAT) << "\r\n"
