diff options
author | Côme Chilliet <come.chilliet@nextcloud.com> | 2022-07-12 13:09:05 +0300 |
---|---|---|
committer | backportbot-nextcloud[bot] <backportbot-nextcloud[bot]@users.noreply.github.com> | 2022-07-26 12:45:33 +0300 |
commit | 91a244e77ef2567793b3290a1a4f7e910c8536bb (patch) | |
tree | 6aaca8b1980733a6d36bf8bd4b3e8ee2ce318bd3 | |
parent | a04cb4dfa65b9d760e0bd8f983deda3b0d906f10 (diff) |
Use Symfony IpUtils to check for local IP ranges
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
-rw-r--r-- | lib/private/Http/Client/LocalAddressChecker.php | 9 | ||||
-rw-r--r-- | tests/lib/Http/Client/LocalAddressCheckerTest.php | 5 |
2 files changed, 11 insertions, 3 deletions
diff --git a/lib/private/Http/Client/LocalAddressChecker.php b/lib/private/Http/Client/LocalAddressChecker.php index 35240c38a8a..14a45ce01bb 100644 --- a/lib/private/Http/Client/LocalAddressChecker.php +++ b/lib/private/Http/Client/LocalAddressChecker.php @@ -37,12 +37,15 @@ class LocalAddressChecker { } public function ThrowIfLocalIp(string $ip) : void { - $localIps = ['100.100.100.200']; + $localRanges = [ + '100.64.0.0/10', // See RFC 6598 + '192.0.0.0/24', // See RFC 6890 + ]; if ( (bool)filter_var($ip, FILTER_VALIDATE_IP) && ( !filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE) || - in_array($ip, $localIps, true) + IpUtils::checkIp($ip, $localRanges) )) { $this->logger->warning("Host $ip was not connected to because it violates local access rules"); throw new LocalServerException('Host violates local access rules'); @@ -55,7 +58,7 @@ class LocalAddressChecker { if ( !filter_var($ipv4Address, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE) || - in_array($ipv4Address, $localIps, true)) { + IpUtils::checkIp($ip, $localRanges)) { $this->logger->warning("Host $ip was not connected to because it violates local access rules"); throw new LocalServerException('Host violates local access rules'); } diff --git a/tests/lib/Http/Client/LocalAddressCheckerTest.php b/tests/lib/Http/Client/LocalAddressCheckerTest.php index b2e09c0700b..04694f98b65 100644 --- a/tests/lib/Http/Client/LocalAddressCheckerTest.php +++ b/tests/lib/Http/Client/LocalAddressCheckerTest.php @@ -96,6 +96,8 @@ class LocalAddressCheckerTest extends \Test\TestCase { ['10.0.0.1'], ['::'], ['::1'], + ['100.100.100.200'], + ['192.0.0.1'], ]; } @@ -116,6 +118,9 @@ class LocalAddressCheckerTest extends \Test\TestCase { ['another-host.local'], ['service.localhost'], ['!@#$'], // test invalid url + ['100.100.100.200'], + ['192.0.0.1'], + ['randomdomain.internal'], ]; } |