Split the lines

Allow more whitespace
Change whitelist format to domain:port
Tighten the space/tab regex a bit
Clear the whitelist when module closes
Use map and set instead of vector
Don't need to pass in lua interface
Use errcodes instead
Fixed lua error usage
Move comment
Got it compiling
Update premake5.lua
These aren't external
Progress
Started whitelist code

Author: thegrb93

projects/premake5.lua

@@ -4,7 +4,14 @@ newoption({
 	value = "path to garrysmod_common directory"
 })
 
+newoption({
+	trigger = "whitelist",
+	description = "Enables wrapping of getaddrinfo and a whitelist file to filter valid addresses and ports",
+	value = "0 or 1"
+})
+
 local gmcommon = _OPTIONS.gmcommon or os.getenv("GARRYSMOD_COMMON")
+local whitelist = _OPTIONS.whitelist == "1"
 if gmcommon == nil then
 	error("you didn't provide a path to your garrysmod_common (https://github.com/danielga/garrysmod_common) directory")
 end
@@ -16,6 +23,7 @@ local LUASOCKET_FOLDER = "../luasocket/src"
 CreateWorkspace({name = "socket.core"})
 	CreateProject({serverside = true, manual_files = true})
 		files("../source/socket.cpp")
+		if whitelist then files("../source/whitelist.cpp") defines({"USE_WHITELIST"}) includedirs(LUASOCKET_FOLDER) end
 		IncludeLuaShared()
 		links("socket")
 
@@ -24,6 +32,7 @@ CreateWorkspace({name = "socket.core"})
 
 	CreateProject({serverside = false, manual_files = true})
 		files("../source/socket.cpp")
+		if whitelist then files("../source/whitelist.cpp") defines({"USE_WHITELIST"}) includedirs(LUASOCKET_FOLDER) end
 		IncludeLuaShared()
 		links("socket")
 
@@ -52,19 +61,23 @@ CreateWorkspace({name = "socket.core"})
 		IncludeLuaShared()
 
 		filter("system:windows")
-			defines({
+			local windowsdefines = {
 				"LUASOCKET_API=__declspec(dllexport)",
 				"MIME_API=__declspec(dllexport)"
-			})
+			}
+			if whitelist then windowsdefines[#windowsdefines+1] = "getaddrinfo=__wrap_getaddrinfo" end
+			defines(windowsdefines)
 			files(LUASOCKET_FOLDER .. "/wsocket.c")
 			links("ws2_32")
 
 		filter("system:not windows")
-			defines({
+			local unixdefines = {
 				"LUASOCKET_API=''",
 				"UNIX_API=''",
 				"MIME_API=''"
-			})
+			}
+			if whitelist then unixdefines[#unixdefines+1] = "getaddrinfo=__wrap_getaddrinfo" end
+			defines(unixdefines)
 			files(LUASOCKET_FOLDER .. "/usocket.c")
 
 CreateWorkspace({name = "mime.core"})

source/socket.cpp

@@ -2,8 +2,33 @@
 
 extern "C" int luaopen_socket_core( lua_State *state );
 
+int parseWhitelist();
+void clearWhitelist();
+enum : int
+{
+	PARSE_SUCCESS = 0,
+	PARSE_CANT_READ = 1,
+	PARSE_NO_ENTRIES = 2
+};
+
 GMOD_MODULE_OPEN( )
 {
+	#ifdef USE_WHITELIST
+		switch (parseWhitelist())
+		{
+		case PARSE_SUCCESS:
+			break;
+		case PARSE_CANT_READ:
+			LUA->ThrowError("Failed to read whitelist file!");
+			break;
+		case PARSE_NO_ENTRIES:
+			LUA->ThrowError("Didn't find any valid entries in whitelist file!");
+			break;
+		default:
+			break;
+		}
+	#endif
+
 	if( luaopen_socket_core( LUA->GetState( ) ) == 1 )
 	{
 		LUA->Push( -1 );
@@ -15,6 +40,10 @@ GMOD_MODULE_OPEN( )
 
 GMOD_MODULE_CLOSE( )
 {
+	#ifdef USE_WHITELIST
+		clearWhitelist();
+	#endif
+
 	LUA->PushNil( );
 	LUA->SetField( GarrysMod::Lua::INDEX_GLOBAL, "socket" );
 	return 0;

source/whitelist.cpp

@@ -0,0 +1,90 @@
+#undef getaddrinfo
+
+#include "socket.h"
+#include <map>
+#include <set>
+#include <fstream>
+#include <sstream>
+#include <regex>
+
+//Somewhere glua can't read?
+const char* whitelistDir = "../gm_socket_whitelist.txt";
+std::map<std::string, std::set<std::string> > whitelist;
+
+enum : int
+{
+	PARSE_SUCCESS = 0,
+	PARSE_CANT_READ = 1,
+	PARSE_NO_ENTRIES = 2
+};
+
+int parseWhitelist()
+{
+	std::ifstream input(whitelistDir);
+	if (input)
+	{
+		std::stringstream filereader;
+		filereader << input.rdbuf();
+		std::string filedata = filereader.str();
+		std::regex line_parser("(?:(?!\r?\n).)+");
+		std::regex entry_parser("^[ \\t]*([\\w\\.-]+)\\:(\\d+)[ \\t]*$");
+		for (std::sregex_iterator line = std::sregex_iterator(filedata.begin(), filedata.end(), line_parser), end = std::sregex_iterator(); line != end; ++line)
+		{
+			const std::string& linestr = line->operator[](0);
+			std::smatch match;
+			if(std::regex_match(linestr, match, entry_parser))
+			{
+				whitelist[match[1].str()].insert(match[2].str());
+			}
+		}
+		if (whitelist.empty())
+		{
+			return PARSE_NO_ENTRIES;
+		}
+	}
+	else
+	{
+		return PARSE_CANT_READ;
+	}
+	return PARSE_SUCCESS;
+}
+
+void clearWhitelist()
+{
+	whitelist.clear();
+}
+
+bool isSafe(const char* pNodeName, const char* pServiceName)
+{
+    std::map<std::string, std::set<std::string> >::iterator domain = whitelist.find(pNodeName);
+    return domain != whitelist.end() && domain->second.count(pServiceName)==1;
+}
+
+extern "C" {
+
+#ifdef _WIN32
+	INT WSAAPI __wrap_getaddrinfo(
+		_In_opt_        PCSTR               pNodeName,
+		_In_opt_        PCSTR               pServiceName,
+		_In_opt_        const ADDRINFOA *   pHints,
+		_Outptr_result_maybenull_        PADDRINFOA *        ppResult
+	)
+#else
+	int __wrap_getaddrinfo (__const char *__restrict pNodeName,
+		__const char *__restrict pServiceName,
+		__const struct addrinfo *__restrict pHints,
+		struct addrinfo **__restrict ppResult)
+#endif
+	{
+		if(isSafe(pNodeName, pServiceName))
+		{
+			return getaddrinfo(pNodeName, pServiceName, pHints, ppResult);
+		}
+		else
+		{
+			*ppResult = nullptr;
+			return EAI_FAIL;
+		}
+	}
+
+}