TheArchive/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2024-11-29 04:55:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

ipn/localapi: fix validHost parsing logic

Browse Source 
Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
This commit is contained in:
David Crawshaw 2023-01-30 09:13:45 -08:00 committed by David Crawshaw
parent 0039993359
commit 4136f27f35
2 changed files with 42 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
ipn/localapi/localapi.go
View File

@ -179,6 +179,10 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
}
}
// validLocalHost allows either localhost or loopback IP hosts on platforms
// that use token security.
var validLocalHost = runtime.GOOS == "darwin" || runtime.GOOS == "ios" || runtime.GOOS == "android"
// validHost reports whether h is a valid Host header value for a LocalAPI request.
func validHost(h string) bool {
// The client code sends a hostname of "local-tailscaled.sock".
@ -186,7 +190,9 @@ func validHost(h string) bool {
case "", apitype.LocalAPIHost:
return true
}
// Allow either localhost or loopback IP hosts.
if !validLocalHost {
return false
}
host, _, err := net.SplitHostPort(h)
if err != nil {
return false
@ -194,7 +200,7 @@ func validHost(h string) bool {
if host == "localhost" {
return true
}
addr, err := netip.ParseAddr(h)
addr, err := netip.ParseAddr(host)
if err != nil {
return false
}

34
ipn/localapi/localapi_test.go Normal file
View File

@ -0,0 +1,34 @@
// Copyright (c) Tailscale Inc & AUTHORS
// SPDX-License-Identifier: BSD-3-Clause
package localapi
import (
"testing"
"tailscale.com/client/tailscale/apitype"
)
func TestValidHost(t *testing.T) {
tests := []struct {
host string
valid bool
}{
{"", true},
{apitype.LocalAPIHost, true},
{"localhost:9109", validLocalHost},
{"127.0.0.1:9110", validLocalHost},
{"[::1]:9111", validLocalHost},
{"100.100.100.100:41112", false},
{"10.0.0.1:41112", false},
{"37.16.9.210:41112", false},
}
for _, test := range tests {
t.Run(test.host, func(t *testing.T) {
if got := validHost(test.host); got != test.valid {
t.Errorf("validHost(%q)=%v, want %v", test.host, got, test.valid)
}
})
}
}