STORM-1112 Input sanitization of proxy options.

author: Logan Dethrow <log@lindenlab.com> 2011-07-29 15:38:20 -0400
committer: Logan Dethrow <log@lindenlab.com> 2011-07-29 15:38:20 -0400
commit: d2c72cb7e92896cb414e357ef262d91b0498a6b7 (patch)
tree: 6fec31cc40456a9ffe7fcbf626555418199d425e /indra/newview
parent: f15d28a636da7b6d2784d9301e7a030b5bd38a8c (diff)
3 files changed, 95 insertions, 13 deletions
diff --git a/indra/newview/llfloaterpreference.cpp b/indra/newview/llfloaterpreference.cpp
index 84547ec38a..b01dc616a3 100755
--- a/indra/newview/llfloaterpreference.cpp
+++ b/indra/newview/llfloaterpreference.cpp
@@ -618,10 +618,10 @@ void LLFloaterPreference::cancel()
 		updateDoubleClickControls();
 		mDoubleClickActionDirty = false;
 	}
-	LLFloaterPreferenceProxy * advanced_socks_settings = LLFloaterReg::findTypedInstance<LLFloaterPreferenceProxy>("prefs_socks5_advanced");
-	if (advanced_socks_settings)
+	LLFloaterPreferenceProxy * advanced_proxy_settings = LLFloaterReg::findTypedInstance<LLFloaterPreferenceProxy>("prefs_proxy");
+	if (advanced_proxy_settings)
 	{
-		advanced_socks_settings->cancel();
+		advanced_proxy_settings->cancel();
 	}
 }
 
@@ -1937,6 +1937,10 @@ LLFloaterPreferenceProxy::~LLFloaterPreferenceProxy()
 BOOL LLFloaterPreferenceProxy::postBuild()
 {
 	LLRadioGroup* socksAuth = getChild<LLRadioGroup>("socks5_auth_type");
+	if (!socksAuth)
+	{
+		return FALSE;
+	}
 	if (socksAuth->getSelectedValue().asString() == "None")
 	{
 		getChild<LLLineEditor>("socks5_username")->setEnabled(false);
diff --git a/indra/newview/llstartup.cpp b/indra/newview/llstartup.cpp
index eca3e5439e..c934ff9f1b 100644
--- a/indra/newview/llstartup.cpp
+++ b/indra/newview/llstartup.cpp
@@ -825,7 +825,7 @@ bool idle_startup()
 			if (!LLStartUp::handleSocksProxy())
 			{
 				// Proxy start up failed, we should now bail the state machine
-				// HandleSocksProxy() will have reported an error to the user 
+				// handleSocksProxy() will have reported an error to the user
 				// already, so we just go back to the login screen. The user
 				// could then change the preferences to fix the issue. 
 				LLStartUp::setStartupState(STATE_LOGIN_SHOW);
@@ -834,11 +834,11 @@ bool idle_startup()
 		}
 		else
 		{
-			LLProxy::getInstance()->stopProxy();
+			LLProxy::getInstance()->stopSOCKSProxy();
 		}
 		
 
-		//reset the values that could have come in from a slurl
+		// reset the values that could have come in from a slurl
 		// DEV-42215: Make sure they're not empty -- gUserCredential
 		// might already have been set from gSavedSettings, and it's too bad
 		// to overwrite valid values with empty strings.
@@ -2779,20 +2779,40 @@ bool LLStartUp::handleSocksProxy()
 		LLHost http_host;
 		http_host.setHostByName(gSavedSettings.getString("BrowserProxyAddress"));
 		http_host.setPort(gSavedSettings.getS32("BrowserProxyPort"));
-		LLProxy::getInstance()->enableHTTPProxy(http_host, LLPROXY_HTTP);
+		if (!LLProxy::getInstance()->enableHTTPProxy(http_host, LLPROXY_HTTP))
+		{
+			LLSD subs;
+			subs["HOST"] = http_host.getIPString();
+			subs["PORT"] = (S32)http_host.getPort();
+			LLNotificationsUtil::add("PROXY_INVALID_HTTP_HOST", subs);
+		}
 	}
 	else if ((httpProxyType.compare("Socks") == 0) && gSavedSettings.getBOOL("Socks5ProxyEnabled"))
 	{
 		LLHost socks_host;
 		socks_host.setHostByName(gSavedSettings.getString("Socks5ProxyHost"));
 		socks_host.setPort(gSavedSettings.getU32("Socks5ProxyPort"));
-		LLProxy::getInstance()->enableHTTPProxy(socks_host, LLPROXY_SOCKS);
+		if (!LLProxy::getInstance()->enableHTTPProxy(socks_host, LLPROXY_SOCKS))
+		{
+			LLSD subs;
+			subs["HOST"] = socks_host.getIPString();
+			subs["PORT"] = (S32)socks_host.getPort();
+			LLNotificationsUtil::add("PROXY_INVALID_SOCKS_HOST", subs);
+		}
+
+
+	}
+	else if (httpProxyType.compare("None") == 0)
+	{
+		LLProxy::getInstance()->disableHTTPProxy();
 	}
 	else
 	{
+		LL_WARNS("Proxy") << "Invalid HTTP proxy configuration."<< LL_ENDL;
+		gSavedSettings.setString("Socks5HttpProxyType", "None");
 		LLProxy::getInstance()->disableHTTPProxy();
 	}
-	
+
 	// Set up SOCKS proxy (if needed)
 	if (gSavedSettings.getBOOL("Socks5ProxyEnabled"))
 	{	
@@ -2805,7 +2825,14 @@ bool LLStartUp::handleSocksProxy()
 			LLPointer<LLCredential> socks_cred = gSecAPIHandler->loadCredential("SOCKS5");
 			std::string socks_user = socks_cred->getIdentifier()["username"].asString();
 			std::string socks_password = socks_cred->getAuthenticator()["creds"].asString();
-			LLProxy::getInstance()->setAuthPassword(socks_user, socks_password);
+
+			bool ok;
+			ok = LLProxy::getInstance()->setAuthPassword(socks_user, socks_password);
+			if (!ok)
+			{
+				LLNotificationsUtil::add("SOCKS_BAD_CREDS");
+			}
+
 		}
 		else if (auth_type.compare("None") == 0)
 		{
@@ -2824,8 +2851,11 @@ bool LLStartUp::handleSocksProxy()
 		}
 
 		// Start the proxy and check for errors
-		// If status != SOCKS_OK, stopProxy() will already have been called when startProxy() returns.
-		int status = LLProxy::getInstance()->startProxy(gSavedSettings.getString("Socks5ProxyHost"), gSavedSettings.getU32("Socks5ProxyPort"));
+		// If status != SOCKS_OK, stopSOCKSProxy() will already have been called when startSOCKSProxy() returns.
+		LLHost socks_host;
+		socks_host.setHostByName(gSavedSettings.getString("Socks5ProxyHost"));
+		socks_host.setPort(gSavedSettings.getU32("Socks5ProxyPort"));
+		int status = LLProxy::getInstance()->startSOCKSProxy(socks_host);
 
 		if (status == SOCKS_OK)
 		{
@@ -2865,6 +2895,10 @@ bool LLStartUp::handleSocksProxy()
 					error_string = "SOCKS_HOST_CONNECT_FAILED";
 					break;
 
+				case SOCKS_INVALID_HOST: // Improperly formatted host address or port.
+					error_string = "SOCKS_INVALID_HOST";
+					break;
+
 				default:
 					error_string = "SOCKS_UNKNOWN_STATUS"; // Something strange happened,
 					LL_WARNS("Proxy") << "Unknown return from LLProxy::startProxy(): " << status << LL_ENDL;
@@ -2877,7 +2911,7 @@ bool LLStartUp::handleSocksProxy()
 	}
 	else
 	{
-		LLProxy::getInstance()->stopProxy(); // ensure no UDP proxy is running and it's all cleaned up
+		LLProxy::getInstance()->stopSOCKSProxy(); // ensure no UDP proxy is running and it's all cleaned up
 	}
 
 	return true;
diff --git a/indra/newview/skins/default/xui/en/notifications.xml b/indra/newview/skins/default/xui/en/notifications.xml
index 8b7e6d8c4e..ccc678d942 100644
--- a/indra/newview/skins/default/xui/en/notifications.xml
+++ b/indra/newview/skins/default/xui/en/notifications.xml
@@ -7218,6 +7218,50 @@ Click and drag anywhere on the world to rotate your view
      name="okbutton"
      yestext="OK"/>
   </notification>
+  
+  <notification
+   icon="alertmodal.tga"
+   name="SOCKS_INVALID_HOST"
+   type="alertmodal">
+	Invalid SOCKS proxy address or port "[HOST]:[PORT]".
+	<tag>fail</tag>
+   <usetemplate
+     name="okbutton"
+     yestext="OK"/>
+  </notification>
+  
+  <notification
+   icon="alertmodal.tga"
+   name="SOCKS_BAD_CREDS"
+   type="alertmodal">
+	Invalid SOCKS 5 username or password.
+	<tag>fail</tag>
+   <usetemplate
+     name="okbutton"
+     yestext="OK"/>
+  </notification>
+  
+  <notification
+   icon="alertmodal.tga"
+   name="PROXY_INVALID_HTTP_HOST"
+   type="alertmodal">
+    Invalid HTTP proxy address or port "[HOST]:[PORT]".
+	<tag>fail</tag>
+   <usetemplate
+     name="okbutton"
+     yestext="OK"/>
+  </notification>
+
+  <notification
+   icon="alertmodal.tga"
+   name="PROXY_INVALID_SOCKS_HOST"
+   type="alertmodal">
+	Invalid SOCKS proxy address or port "[HOST]:[PORT]".
+	<tag>fail</tag>
+   <usetemplate
+     name="okbutton"
+     yestext="OK"/>
+  </notification>
 
   <notification
    icon="alertmodal.tga"
author	Logan Dethrow <log@lindenlab.com>	2011-07-29 15:38:20 -0400
committer	Logan Dethrow <log@lindenlab.com>	2011-07-29 15:38:20 -0400
commit	d2c72cb7e92896cb414e357ef262d91b0498a6b7 (patch)
tree	6fec31cc40456a9ffe7fcbf626555418199d425e /indra/newview
parent	f15d28a636da7b6d2784d9301e7a030b5bd38a8c (diff)