From fc1258cb1c8cba570a095f3aa9aa8291057598ef Mon Sep 17 00:00:00 2001 From: =?utf8?q?C=C3=B4me=20Chilliet?= Date: Thu, 23 Jun 2022 11:45:16 +0200 Subject: [PATCH] Improve local domain detection MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Signed-off-by: Côme Chilliet --- lib/private/Http/Client/LocalAddressChecker.php | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/lib/private/Http/Client/LocalAddressChecker.php b/lib/private/Http/Client/LocalAddressChecker.php index 2789b1b5935..c69d1007a16 100644 --- a/lib/private/Http/Client/LocalAddressChecker.php +++ b/lib/private/Http/Client/LocalAddressChecker.php @@ -66,8 +66,10 @@ class LocalAddressChecker { $host = substr($host, 1, -1); } - // Disallow localhost and local network - if ($host === 'localhost' || substr($host, -6) === '.local' || substr($host, -10) === '.localhost') { + // Disallow local network top-level domains from RFC 6762 + $localTopLevelDomains = ['local','localhost','intranet','internal','private','corp','home','lan']; + $topLevelDomain = substr((strrchr($host, '.') ?: ''), 1); + if (in_array($topLevelDomain, $localTopLevelDomains)) { $this->logger->warning("Host $host was not connected to because it violates local access rules"); throw new LocalServerException('Host violates local access rules'); } -- 2.39.5