guillaumef/redis-accept-private-network-only.patch

## redis-accept-private-network-only.patch
--- redis/src/anet.c	2021-06-01 16:03:36.000000000 +0200
+++ redis.mod/src/anet.c	2021-06-10 15:32:14.280101531 +0200
@@ -519,6 +519,43 @@ int anetTcpAccept(char *err, int s, char
         struct sockaddr_in *s = (struct sockaddr_in *)&sa;
         if (ip) inet_ntop(AF_INET,(void*)&(s->sin_addr),ip,ip_len);
         if (port) *port = ntohs(s->sin_port);
+        /* EULERIAN */
+        {
+          struct sockaddr_storage sa;
+          socklen_t salen = sizeof(sa);
+
+          if (getsockname(fd, (struct sockaddr *)&sa, &salen) == -1) {
+            close (fd);
+            return ANET_ERR;
+          }
+          if (sa.ss_family == AF_INET) {
+            uint32_t usip = htonl(
+              ((struct sockaddr_in *)&sa)->sin_addr.s_addr );
+            if (
+              !(
+                (usip >= 167772160 && usip <= 184549375)  /* 10.0.0.0/8 */
+                ||
+                (usip >= 2886729728 && usip <= 2887778303) /* 172.16.0.0/12 */
+                ||
+                (usip >= 3232235520 && usip <= 3232301055) /* 192.168.0.0/16 */
+                ||
+                (usip >= 2130706432 && usip <= 2147483647) /* 127.0.0.0/8 */
+               )
+              )
+            {
+#if 0
+              char ip[64]; int ip_len=63;
+              inet_ntop(AF_INET,(void*)&(((struct sockaddr_in *)&sa)->sin_addr),
+                        ip,ip_len);
+              fprintf(stderr, "accept ip denied: %s", ip);
+#endif
+              close (fd);
+              return ANET_ERR;
+            }
+          }
+        }
+        /* / EULERIAN */
+
     } else {
         struct sockaddr_in6 *s = (struct sockaddr_in6 *)&sa;
         if (ip) inet_ntop(AF_INET6,(void*)&(s->sin6_addr),ip,ip_len);
	--- redis/src/anet.c 2021-06-01 16:03:36.000000000 +0200
	+++ redis.mod/src/anet.c 2021-06-10 15:32:14.280101531 +0200
	@@ -519,6 +519,43 @@ int anetTcpAccept(char *err, int s, char
	struct sockaddr_in s = (struct sockaddr_in )&sa;
	if (ip) inet_ntop(AF_INET,(void*)&(s->sin_addr),ip,ip_len);
	if (port) *port = ntohs(s->sin_port);
	+ /* EULERIAN */
	+ {
	+ struct sockaddr_storage sa;
	+ socklen_t salen = sizeof(sa);
	+
	+ if (getsockname(fd, (struct sockaddr *)&sa, &salen) == -1) {
	+ close (fd);
	+ return ANET_ERR;
	+ }
	+ if (sa.ss_family == AF_INET) {
	+ uint32_t usip = htonl(
	+ ((struct sockaddr_in *)&sa)->sin_addr.s_addr );
	+ if (
	+ !(
	+ (usip >= 167772160 && usip <= 184549375) /* 10.0.0.0/8 */
	+ \|\|
	+ (usip >= 2886729728 && usip <= 2887778303) /* 172.16.0.0/12 */
	+ \|\|
	+ (usip >= 3232235520 && usip <= 3232301055) /* 192.168.0.0/16 */
	+ \|\|
	+ (usip >= 2130706432 && usip <= 2147483647) /* 127.0.0.0/8 */
	+ )
	+ )
	+ {
	+#if 0
	+ char ip[64]; int ip_len=63;
	+ inet_ntop(AF_INET,(void)&(((struct sockaddr_in )&sa)->sin_addr),
	+ ip,ip_len);
	+ fprintf(stderr, "accept ip denied: %s", ip);
	+#endif
	+ close (fd);
	+ return ANET_ERR;
	+ }
	+ }
	+ }
	+ /* / EULERIAN */
	+
	} else {
	struct sockaddr_in6 s = (struct sockaddr_in6 )&sa;
	if (ip) inet_ntop(AF_INET6,(void*)&(s->sin6_addr),ip,ip_len);