mirror of
				https://github.com/tailscale/tailscale.git
				synced 2025-10-20 15:10:43 +00:00 
			
		
		
		
	ipn/ipnlocal: sanitize prefs before sending over IPN Bus
Signed-off-by: Maisem Ali <maisem@tailscale.com>
This commit is contained in:
		| @@ -904,8 +904,7 @@ func (b *LocalBackend) setClientStatus(st controlclient.Status) { | ||||
| 
 | ||||
| 	// Now complete the lock-free parts of what we started while locked. | ||||
| 	if prefsChanged { | ||||
| 		p := prefs.View() | ||||
| 		b.send(ipn.Notify{Prefs: &p}) | ||||
| 		b.notifyPrefs(prefs.View()) | ||||
| 	} | ||||
| 
 | ||||
| 	if st.NetMap != nil { | ||||
| @@ -1314,7 +1313,7 @@ func (b *LocalBackend) Start(opts ipn.Options) error { | ||||
| 	blid := b.backendLogID | ||||
| 	b.logf("Backend: logs: be:%v fe:%v", blid, opts.FrontendLogID) | ||||
| 	b.send(ipn.Notify{BackendLogID: &blid}) | ||||
| 	b.send(ipn.Notify{Prefs: &prefs}) | ||||
| 	b.notifyPrefs(prefs) | ||||
| 
 | ||||
| 	if !loggedOut && b.hasNodeKey() { | ||||
| 		// Even if !WantRunning, we should verify our key, if there | ||||
| @@ -1326,6 +1325,19 @@ func (b *LocalBackend) Start(opts ipn.Options) error { | ||||
| 	return nil | ||||
| } | ||||
| 
 | ||||
| // notifyPrefs delivers prefs to the connected frontend and any API watchers | ||||
| // from LocalBackend.WatchNotifications (via the LocalAPI). | ||||
| // It strips keys and other sensitive data prior to sending. | ||||
| // | ||||
| // If no frontend is connected or API watchers are backed up, the notification | ||||
| // is dropped without being delivered. | ||||
| // | ||||
| // b.mu must not be held. | ||||
| func (b *LocalBackend) notifyPrefs(p ipn.PrefsView) { | ||||
| 	np := stripKeysFromPrefs(p) | ||||
| 	b.send(ipn.Notify{Prefs: &np}) | ||||
| } | ||||
| 
 | ||||
| var warnInvalidUnsignedNodes = health.NewWarnable() | ||||
| 
 | ||||
| // updateFilterLocked updates the packet filter in wgengine based on the | ||||
| @@ -1762,6 +1774,8 @@ func (b *LocalBackend) pollRequestEngineStatus(ctx context.Context) { | ||||
| // | ||||
| // If no frontend is connected or API watchers are backed up, the notification | ||||
| // is dropped without being delivered. | ||||
| // | ||||
| // b.mu must not be held. | ||||
| func (b *LocalBackend) send(n ipn.Notify) { | ||||
| 	n.Version = version.Long | ||||
| 
 | ||||
| @@ -2520,7 +2534,7 @@ func (b *LocalBackend) setPrefsLockedOnEntry(caller string, newp *ipn.Prefs) ipn | ||||
| 		b.authReconfig() | ||||
| 	} | ||||
| 
 | ||||
| 	b.send(ipn.Notify{Prefs: &prefs}) | ||||
| 	b.notifyPrefs(prefs) | ||||
| 	return prefs | ||||
| } | ||||
| 
 | ||||
|   | ||||
		Reference in New Issue
	
	Block a user
	 Maisem Ali
					Maisem Ali