fix(wasm): close DNS-rebinding TOCTOU in the plugin HTTP client#100
Open
ndreno wants to merge 1 commit into
Open
fix(wasm): close DNS-rebinding TOCTOU in the plugin HTTP client#100ndreno wants to merge 1 commit into
ndreno wants to merge 1 commit into
Conversation
The SSRF guard resolves the target host and checks the IPs, but reqwest re-resolves DNS when it actually connects. A hostile resolver can answer with a public IP for the pre-flight check and then rebind to an internal address for the connection (TOCTOU), bypassing the guard. Install a custom reqwest DNS resolver (GuardedResolver) that resolves and filters internal/loopback/link-local/metadata addresses in one step, on both the default and TLS clients. reqwest connects to exactly the vetted addresses it returns and does not resolve again, so the address that is checked is the address that is connected to. When egress is disallowed and every resolved address is internal, resolution fails (blocked). The per-request pre-flight ssrf_guard is kept for early, clear errors and literal-IP targets. Addresses AR (DNS-rebinding residual) in private #9.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
The SSRF guard resolves the target host and checks the IPs, but reqwest re-resolves DNS when it connects. A hostile resolver can return a public IP for the pre-flight check, then rebind to an internal address for the actual connection (TOCTOU) — bypassing the guard.
Fix
Install a custom reqwest DNS resolver (
GuardedResolver) on both the default and TLS clients. It resolves and filters internal / loopback / link-local / cloud-metadata addresses in one step. reqwest connects to exactly the addresses it returns and does not resolve again, so the address that is checked is the address that is connected to. When egress is disallowed and every resolved address is internal, resolution fails (blocked).The per-request pre-flight
ssrf_guardis kept for early, clear errors and literal-IP targets; the resolver is the TOCTOU-safe enforcement point.Scope
Closes the AR (DNS-rebinding residual) item in private #9. With it, #9's other items (DP-4/5/8) having landed in #97, #9 should be fully addressed.
Tests