[httpd] Workaround evhttp_connection_get_addr() issue in libevent 2.1.6 and 8

Fixes #1775
2024-07-04 16:56:52 +02:00 · 2024-07-04 16:56:52 +02:00 · 13131f43ef
parent be1bacf278
commit 13131f43ef
1 changed files with 28 additions and 0 deletions
--- a/src/httpd_libevhttp.c
+++ b/src/httpd_libevhttp.c
@ -24,6 +24,7 @@
 #include <string.h>
 #include <unistd.h>
 #include <sys/socket.h> // listen()
+#include <arpa/inet.h> // inet_pton()

 #include <event2/http.h>
 #include <event2/http_struct.h> // flags in struct evhttp
@ -543,6 +544,29 @@ httpd_backend_peer_get(const char **addr, uint16_t *port, httpd_backend *backend
  return 0;
 }

+// When removing this workaround then also remove the include of arpa/inet.h
+static bool
+address_is_trusted_workaround(httpd_backend *backend)
+{
+  union net_sockaddr naddr = { 0 };
+  const char *saddr;
+  uint16_t port;
+
+  DPRINTF(E_DBG, L_HTTPD, "Detected libevent version with buggy evhttp_connection_get_addr()\n");
+
+  if (httpd_backend_peer_get(&saddr, &port, backend, NULL) < 0)
+    return false;
+
+  if (inet_pton(AF_INET, saddr, &naddr.sin.sin_addr) == 1)
+    naddr.sa.sa_family = AF_INET;
+  else if (inet_pton(AF_INET6, saddr, &naddr.sin6.sin6_addr) == 1)
+    naddr.sa.sa_family = AF_INET6;
+  else
+    return false;
+
+  return net_peer_address_is_trusted(&naddr);
+}
+
 bool
 httpd_backend_peer_is_trusted(httpd_backend *backend)
 {
@ -556,6 +580,10 @@ httpd_backend_peer_is_trusted(httpd_backend *backend)
  if (!addr)
    return false;

+  // Workaround for bug in libevent 2.1.6 and .8, see #1775
+  if (addr->sa_family == AF_UNSPEC)
+    return address_is_trusted_workaround(backend);
+
  return net_peer_address_is_trusted((union net_sockaddr *)addr);
 }