From ae754241ceb7fde640412bed826b2e85e45745d4 Mon Sep 17 00:00:00 2001 From: Pierre HUBERT Date: Thu, 22 Aug 2024 09:42:10 +0200 Subject: [PATCH] Handle restricted ports --- src/lib.rs | 1 + src/main.rs | 17 +++++++- src/restricted_port.rs | 89 ++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 105 insertions(+), 2 deletions(-) create mode 100644 src/lib.rs create mode 100644 src/restricted_port.rs diff --git a/src/lib.rs b/src/lib.rs new file mode 100644 index 0000000..5fd3b6d --- /dev/null +++ b/src/lib.rs @@ -0,0 +1 @@ +pub mod restricted_port; diff --git a/src/main.rs b/src/main.rs index 6d89bc8..c59851c 100644 --- a/src/main.rs +++ b/src/main.rs @@ -1,6 +1,7 @@ use actix_web::middleware::Logger; use actix_web::{web, App, HttpResponse, HttpServer}; use clap::Parser; +use hidden_server::restricted_port::is_restricted_port; use log::LevelFilter; use rand::Rng; @@ -22,7 +23,7 @@ struct Args { #[arg(short('M'), long, default_value_t = 1000)] max_port: u16, /// Host this server will listen to - #[arg(short, long, default_value="0.0.0.0")] + #[arg(short, long, default_value = "0.0.0.0")] listen_host: String, } @@ -43,7 +44,19 @@ async fn main() -> std::io::Result<()> { log::info!("Choosing a random port to start..."); let mut rng = rand::thread_rng(); - let port: u16 = args.min_port + rng.random::() % (args.max_port - args.min_port); + let mut port: u16; + + loop { + port = args.min_port + rng.random::() % (args.max_port - args.min_port); + + if !is_restricted_port(port) { + break; + } + + log::info!("I chose a restricted port, I have to choose another one..."); + } + + log::info!("Can now start server..."); HttpServer::new(|| { App::new() diff --git a/src/restricted_port.rs b/src/restricted_port.rs new file mode 100644 index 0000000..d5440ea --- /dev/null +++ b/src/restricted_port.rs @@ -0,0 +1,89 @@ +// Source : https://chromium.googlesource.com/chromium/src.git/+/refs/heads/master/net/base/port_util.cc + +const RESTRICTED_PORTS: [u16; 80] = [ + 1, // tcpmux + 7, // echo + 9, // discard + 11, // systat + 13, // daytime + 15, // netstat + 17, // qotd + 19, // chargen + 20, // ftp data + 21, // ftp access + 22, // ssh + 23, // telnet + 25, // smtp + 37, // time + 42, // name + 43, // nicname + 53, // domain + 69, // tftp + 77, // priv-rjs + 79, // finger + 87, // ttylink + 95, // supdup + 101, // hostriame + 102, // iso-tsap + 103, // gppitnp + 104, // acr-nema + 109, // pop2 + 110, // pop3 + 111, // sunrpc + 113, // auth + 115, // sftp + 117, // uucp-path + 119, // nntp + 123, // NTP + 135, // loc-srv /epmap + 137, // netbios + 139, // netbios + 143, // imap2 + 161, // snmp + 179, // BGP + 389, // ldap + 427, // SLP (Also used by Apple Filing Protocol) + 465, // smtp+ssl + 512, // print / exec + 513, // login + 514, // shell + 515, // printer + 526, // tempo + 530, // courier + 531, // chat + 532, // netnews + 540, // uucp + 548, // AFP (Apple Filing Protocol) + 554, // rtsp + 556, // remotefs + 563, // nntp+ssl + 587, // smtp (rfc6409) + 601, // syslog-conn (rfc3195) + 636, // ldap+ssl + 989, // ftps-data + 990, // ftps + 993, // ldap+ssl + 995, // pop3+ssl + 1719, // h323gatestat + 1720, // h323hostcall + 1723, // pptp + 2049, // nfs + 3659, // apple-sasl / PasswordServer + 4045, // lockd + 5060, // sip + 5061, // sips + 6000, // X11 + 6566, // sane-port + 6665, // Alternate IRC [Apple addition] + 6666, // Alternate IRC [Apple addition] + 6667, // Standard IRC [Apple addition] + 6668, // Alternate IRC [Apple addition] + 6669, // Alternate IRC [Apple addition] + 6697, // IRC + TLS + 10080, // Amanda +]; + +/// Check out wether a port is a restricted port for major browsers +pub fn is_restricted_port(port: u16) -> bool { + RESTRICTED_PORTS.contains(&port) +}