Fix tests for nested v4 in v6

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>

diff --git a/lib/private/Http/Client/LocalAddressChecker.php b/lib/private/Http/Client/LocalAddressChecker.php
index ec73fe1c44ec39e63fb4a5eb9a1d742a01ab0138..1c3fbfebc2c62ef5769821e384761888fe5d2998 100644 (file)
--- a/lib/private/Http/Client/LocalAddressChecker.php
+++ b/lib/private/Http/Client/LocalAddressChecker.php
@@ -25,6 +25,7 @@ declare(strict_types=1);
  */
 namespace OC\Http\Client;
 
+use IPLib\Address\IPv6;
 use IPLib\Factory;
 use IPLib\ParseStringFlag;
 use OCP\Http\Client\LocalServerException;
@@ -48,7 +49,11 @@ class LocalAddressChecker {
                        return;
                }
                /* Replace by normalized form */
-               $ip = (string)$parsedIp;
+               if ($parsedIp instanceof IPv6) {
+                       $ip = (string)($parsedIp->toIPv4() ?? $parsedIp);
+               } else {
+                       $ip = (string)$parsedIp;
+               }
 
                $localRanges = [
                        '100.64.0.0/10', // See RFC 6598
@@ -63,19 +68,6 @@ class LocalAddressChecker {
                        $this->logger->warning("Host $ip was not connected to because it violates local access rules");
                        throw new LocalServerException('Host violates local access rules');
                }
-
-               // Also check for IPv6 IPv4 nesting, because that's not covered by filter_var
-               if ((bool)filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) && substr_count($ip, '.') > 0) {
-                       $delimiter = strrpos($ip, ':'); // Get last colon
-                       $ipv4Address = substr($ip, $delimiter + 1);
-
-                       if (
-                               !filter_var($ipv4Address, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE) ||
-                               IpUtils::checkIp($ip, $localRanges)) {
-                               $this->logger->warning("Host $ip was not connected to because it violates local access rules");
-                               throw new LocalServerException('Host violates local access rules');
-                       }
-               }
        }
 
        public function ThrowIfLocalAddress(string $uri) : void {

diff --git a/tests/lib/Http/Client/LocalAddressCheckerTest.php b/tests/lib/Http/Client/LocalAddressCheckerTest.php
index 991801f043dd2967aaeeeefaa75b3ff493663eb4..8c8e64eddf928b62f2f1e9ceeae9a2c222115e5e 100644 (file)
--- a/tests/lib/Http/Client/LocalAddressCheckerTest.php
+++ b/tests/lib/Http/Client/LocalAddressCheckerTest.php
@@ -91,7 +91,7 @@ class LocalAddressCheckerTest extends \Test\TestCase {
                return [
                        ['192.168.0.1'],
                        ['fe80::200:5aee:feaa:20a2'],
-                       ['0:0:0:0:0:0:10.0.0.1'],
+                       ['0:0:0:0:0:ffff:10.0.0.1'],
                        ['0:0:0:0:0:ffff:127.0.0.0'],
                        ['10.0.0.1'],
                        ['::'],
@@ -112,7 +112,7 @@ class LocalAddressCheckerTest extends \Test\TestCase {
                        ['172.16.42.1'],
                        ['[fdf8:f53b:82e4::53]/secret.ics'],
                        ['[fe80::200:5aee:feaa:20a2]/secret.ics'],
-                       ['[0:0:0:0:0:0:10.0.0.1]/secret.ics'],
+                       ['[0:0:0:0:0:ffff:10.0.0.1]/secret.ics'],
                        ['[0:0:0:0:0:ffff:127.0.0.0]/secret.ics'],
                        ['10.0.0.1'],
                        ['another-host.local'],