TheArchive/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2024-11-29 13:05:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

ipn/ipnserver: validate Host header on debug ServeHTMLStatus status

Browse Source 
Updates tailscale/corp#7948

Change-Id: I3a8c64f353af1eeae620812b2700ce4af4fbbc88
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
This commit is contained in:
Brad Fitzpatrick 2022-11-17 22:04:29 -08:00 committed by Brad Fitzpatrick
parent a13753ae1e
commit f18dde6ad1
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
ipn/ipnserver/server.go
View File

@ -27,6 +27,7 @@
"sync" "sync"
"syscall" "syscall"
"time" "time"
"unicode"
"go4.org/mem" "go4.org/mem"
"inet.af/peercred" "inet.af/peercred"
@ -1024,7 +1025,17 @@ func (s *Server) localhostHandler(ci connIdentity) http.Handler {
}) })
} }
// ServeHTMLStatus serves an HTML status page at http://localhost:41112/ for
// Windows and via $DEBUG_LISTENER/debug/ipn when tailscaled's --debug flag
// is used to run a debug server.
func (s *Server) ServeHTMLStatus(w http.ResponseWriter, r *http.Request) { func (s *Server) ServeHTMLStatus(w http.ResponseWriter, r *http.Request) {
// As this is only meant for debug, verify there's no DNS name being used to
// access this.
if strings.IndexFunc(r.Host, unicode.IsLetter) != -1 {
http.Error(w, "invalid host", http.StatusForbidden)
return
}
w.Header().Set("Content-Type", "text/html; charset=utf-8") w.Header().Set("Content-Type", "text/html; charset=utf-8")
st := s.b.Status() st := s.b.Status()
// TODO(bradfitz): add LogID and opts to st? // TODO(bradfitz): add LogID and opts to st?