TheArchive/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2025-08-12 05:37:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

ipn/ipnlocal: validate domain of PopBrowserURL on default control URL (#11394)

Browse Source 
If the client uses the default Tailscale control URL, validate that all
PopBrowserURLs are under tailscale.com or *.tailscale.com. This reduces
the risk of a compromised control plane opening phishing pages for
example.

The client trusts control for many other things, but this is one easy
way to reduce that trust a bit.

Fixes #11393

Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
This commit is contained in:
Andrew Lytvynov
2024-03-13 17:31:07 -07:00
committed by GitHub
parent 48eef9e6eb
commit decd9893e4
3 changed files with 71 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
ipn/ipnlocal/local_test.go
View File

@@ -2469,3 +2469,41 @@ func TestTailFSManageShares(t *testing.T) {
})
}
}
func TestValidPopBrowserURL(t *testing.T) {
b := newTestBackend(t)
tests := []struct {
desc string
controlURL string
popBrowserURL string
want bool
}{
{"saas_login", "https://login.tailscale.com", "https://login.tailscale.com/a/foo", true},
{"saas_controlplane", "https://controlplane.tailscale.com", "https://controlplane.tailscale.com/a/foo", true},
{"saas_root", "https://login.tailscale.com", "https://tailscale.com/", true},
{"saas_bad_hostname", "https://login.tailscale.com", "https://example.com/a/foo", false},
{"localhost", "http://localhost", "http://localhost/a/foo", true},
{"custom_control_url_https", "https://example.com", "https://example.com/a/foo", true},
{"custom_control_url_https_diff_domain", "https://example.com", "https://other.com/a/foo", true},
{"custom_control_url_http", "http://example.com", "http://example.com/a/foo", true},
{"custom_control_url_http_diff_domain", "http://example.com", "http://other.com/a/foo", true},
{"bad_scheme", "https://example.com", "http://example.com/a/foo", false},
}
for _, tt := range tests {
t.Run(tt.desc, func(t *testing.T) {
if _, err := b.EditPrefs(&ipn.MaskedPrefs{
ControlURLSet: true,
Prefs: ipn.Prefs{
ControlURL: tt.controlURL,
},
}); err != nil {
t.Fatal(err)
}
got := b.validPopBrowserURL(tt.popBrowserURL)
if got != tt.want {
t.Errorf("got %v, want %v", got, tt.want)
}
})
}
}