diff --git a/apps/i2ptunnel/java/src/net/i2p/i2ptunnel/I2PTunnelConnectClient.java b/apps/i2ptunnel/java/src/net/i2p/i2ptunnel/I2PTunnelConnectClient.java
index 029435efa12bb51a8bd878a0c009d74e0620ed1e..9c6439264d7c0a113615e25721176c2d8c9a3709 100644
--- a/apps/i2ptunnel/java/src/net/i2p/i2ptunnel/I2PTunnelConnectClient.java
+++ b/apps/i2ptunnel/java/src/net/i2p/i2ptunnel/I2PTunnelConnectClient.java
@@ -203,7 +203,8 @@ public class I2PTunnelConnectClient extends I2PTunnelHTTPClientBase implements R
restofline = request.substring(pos); // ":80 HTTP/1.1" or " HTTP/1.1"
}
- if (host.toLowerCase(Locale.US).endsWith(".i2p")) {
+ String hostLowerCase = host.toLowerCase(Locale.US);
+ if (hostLowerCase.endsWith(".i2p")) {
// Destination gets the host name
destination = host;
} else if (host.contains(".") || host.startsWith("[")) {
@@ -235,7 +236,9 @@ public class I2PTunnelConnectClient extends I2PTunnelHTTPClientBase implements R
usingWWWProxy = true;
newRequest.append("CONNECT ").append(host).append(restofline).append("\r\n"); // HTTP spec
}
- } else if (host.toLowerCase(Locale.US).equals("localhost")) {
+ } else if (hostLowerCase.equals("localhost") || host.equals("127.0.0.1") ||
+ hostLowerCase.endsWith(".localhost") ||
+ host.startsWith("192.168.") || host.equals("[::1]")) {
writeErrorMessage(ERR_LOCALHOST, out);
return;
} else { // full b64 address (hopefully)
diff --git a/apps/i2ptunnel/java/src/net/i2p/i2ptunnel/socks/SOCKS4aServer.java b/apps/i2ptunnel/java/src/net/i2p/i2ptunnel/socks/SOCKS4aServer.java
index fd99ce1699f130539f0be8b0c85b0e69d4fddb6b..bf18449398b686a44d42fe98bac410134739c094 100644
--- a/apps/i2ptunnel/java/src/net/i2p/i2ptunnel/socks/SOCKS4aServer.java
+++ b/apps/i2ptunnel/java/src/net/i2p/i2ptunnel/socks/SOCKS4aServer.java
@@ -210,7 +210,8 @@ class SOCKS4aServer extends SOCKSServer {
I2PSocket destSock;
try {
- if (connHostName.toLowerCase(Locale.US).endsWith(".i2p")) {
+ String hostLowerCase = connHostName.toLowerCase(Locale.US);
+ if (hostLowerCase.endsWith(".i2p")) {
Destination dest = _context.namingService().lookup(connHostName);
if (dest == null) {
try {
@@ -224,7 +225,9 @@ class SOCKS4aServer extends SOCKSServer {
I2PSocketOptions sktOpts = t.buildOptions(overrides);
sktOpts.setPort(connPort);
destSock = t.createI2PSocket(dest, sktOpts);
- } else if ("localhost".equals(connHostName) || "127.0.0.1".equals(connHostName)) {
+ } else if ("localhost".equals(hostLowerCase) || "127.0.0.1".equals(connHostName) ||
+ hostLowerCase.endsWith(".localhost") ||
+ connHostName.startsWith("192.168.") || connHostName.equals("[::1]")) {
String err = "No localhost accesses allowed through the Socks Proxy";
_log.error(err);
try {
diff --git a/apps/i2ptunnel/java/src/net/i2p/i2ptunnel/socks/SOCKS5Server.java b/apps/i2ptunnel/java/src/net/i2p/i2ptunnel/socks/SOCKS5Server.java
index 7ae5997931c731085c8997dc357ad80c12213feb..aa02b8aadb65d79233cf28c74a99c21544fdd175 100644
--- a/apps/i2ptunnel/java/src/net/i2p/i2ptunnel/socks/SOCKS5Server.java
+++ b/apps/i2ptunnel/java/src/net/i2p/i2ptunnel/socks/SOCKS5Server.java
@@ -369,7 +369,8 @@ class SOCKS5Server extends SOCKSServer {
I2PSocket destSock;
try {
- if (connHostName.toLowerCase(Locale.US).endsWith(".i2p")) {
+ String hostLowerCase = connHostName.toLowerCase(Locale.US);
+ if (hostLowerCase.endsWith(".i2p")) {
// Let's not do a new Dest for every request, huh?
//I2PSocketManager sm = I2PSocketManagerFactory.createManager();
//destSock = sm.connect(I2PTunnel.destFromName(connHostName), null);
@@ -386,7 +387,9 @@ class SOCKS5Server extends SOCKSServer {
I2PSocketOptions sktOpts = t.buildOptions(overrides);
sktOpts.setPort(connPort);
destSock = t.createI2PSocket(dest, sktOpts);
- } else if ("localhost".equals(connHostName) || "127.0.0.1".equals(connHostName)) {
+ } else if (hostLowerCase.equals("localhost") || connHostName.equals("127.0.0.1") ||
+ hostLowerCase.endsWith(".localhost") ||
+ connHostName.startsWith("192.168.") || connHostName.equals("[::1]")) {
String err = "No localhost accesses allowed through the Socks Proxy";
_log.error(err);
try {