TheArchive/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2024-11-29 04:55:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

tsnet: check a bit harder for https in Server.ListenFunnel

Browse Source 
This was mostly already fixed already indirectly in earlier
commits but add a last second length check to this slice so
it can't ever OOB.

Fixes #7860

Change-Id: I31ac17fc93b5808deb09ff34e452fe37c87ddf3a
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
This commit is contained in:
Brad Fitzpatrick 2023-11-09 07:44:13 -08:00 committed by Brad Fitzpatrick
parent bff786520e
commit d36a0d42aa
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
tsnet/tsnet.go
View File

@ -1009,6 +1009,9 @@ func (s *Server) ListenFunnel(network, addr string, opts ...FunnelOption) (net.L
if srvConfig == nil { if srvConfig == nil {
srvConfig = &ipn.ServeConfig{} srvConfig = &ipn.ServeConfig{}
} }
if len(st.CertDomains) == 0 {
return nil, errors.New("Funnel not available; HTTPS must be enabled. See https://tailscale.com/s/https")
}
domain := st.CertDomains[0] domain := st.CertDomains[0]
hp := ipn.HostPort(domain + ":" + portStr) hp := ipn.HostPort(domain + ":" + portStr)
if !srvConfig.AllowFunnel[hp] { if !srvConfig.AllowFunnel[hp] {