Adding Idempotent IDNA Decodes to Domain Checks

This operation _should_ be safe for non-IDNA domains. However, because so many different systems like Tor, Briar, i2p, etcetera, are supported by Epicyon, perhaps even this seemingly safe host transformation should be made opt-in as an argument to epicyon.
2021-01-22 00:28:33 +00:00 · 2021-01-22 00:28:33 +00:00 · da5e8103ed
parent 449d91c0ea
commit da5e8103ed
1 changed files with 8 additions and 3 deletions
--- a/daemon.py
+++ b/daemon.py
@ -17,6 +17,7 @@ from socket import error as SocketError
 import errno
 from functools import partial
 import pyqrcode
+import idna
 # for saving images
 from hashlib import sha256
 from hashlib import sha1
@ -9759,7 +9760,9 @@ class PubServer(BaseHTTPRequestHandler):
    def do_GET(self):
        callingDomain = self.server.domainFull
        if self.headers.get('Host'):
-            callingDomain = self.headers['Host']
+            # IDNA decoding is an idempotent operation so this should not break 'normal' domains.
+            # For non-IDNA domains perhaps this behaviour should be disabled: TODO add config option?
+            callingDomain = idna.decode(self.headers['Host'])
            if self.server.onionDomain:
                if callingDomain != self.server.domain and \
                   callingDomain != self.server.domainFull and \
@ -11908,7 +11911,8 @@ class PubServer(BaseHTTPRequestHandler):
    def do_HEAD(self):
        callingDomain = self.server.domainFull
        if self.headers.get('Host'):
-            callingDomain = self.headers['Host']
+            # As in the GET handler this should be idempotent but for security maybe make configurable.
+            callingDomain = idna.decode(self.headers['Host'])
            if self.server.onionDomain:
                if callingDomain != self.server.domain and \
                   callingDomain != self.server.domainFull and \
@ -12842,7 +12846,8 @@ class PubServer(BaseHTTPRequestHandler):

        callingDomain = self.server.domainFull
        if self.headers.get('Host'):
-            callingDomain = self.headers['Host']
+            # As notes in the GET handler, this should be idempotent but should be configurable just in case
+            callingDomain = idna.decode(self.headers['Host'])
            if self.server.onionDomain:
                if callingDomain != self.server.domain and \
                   callingDomain != self.server.domainFull and \