From a04cb4dfa65b9d760e0bd8f983deda3b0d906f10 Mon Sep 17 00:00:00 2001
From: =?utf8?q?C=C3=B4me=20Chilliet?= <come.chilliet@nextcloud.com>
Date: Tue, 28 Jun 2022 16:48:38 +0200
Subject: [PATCH] Check for local IPs nested in IPv6 as well
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
---
 lib/private/Http/Client/LocalAddressChecker.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/private/Http/Client/LocalAddressChecker.php b/lib/private/Http/Client/LocalAddressChecker.php
index 34a04a75c7e..35240c38a8a 100644
--- a/lib/private/Http/Client/LocalAddressChecker.php
+++ b/lib/private/Http/Client/LocalAddressChecker.php
@@ -53,7 +53,9 @@ class LocalAddressChecker {
 			$delimiter = strrpos($ip, ':'); // Get last colon
 			$ipv4Address = substr($ip, $delimiter + 1);
 
-			if (!filter_var($ipv4Address, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) {
+			if (
+				!filter_var($ipv4Address, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE) ||
+				in_array($ipv4Address, $localIps, true)) {
 				$this->logger->warning("Host $ip was not connected to because it violates local access rules");
 				throw new LocalServerException('Host violates local access rules');
 			}
-- 
2.39.5