diff options
| author | Joas Schilling <213943+nickvergessen@users.noreply.github.com> | 2023-12-04 11:46:27 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-12-04 11:46:27 +0100 |
| commit | 89aa3957ce40011917303c3a7fb5d9629fca3129 (patch) | |
| tree | 8005c4a996d241c748637f15e5252976430d5250 | |
| parent | 1066f7e6e232bb1abc5f1e013fcf3da23d301fbf (diff) | |
| parent | 33e1c8b2361094be5466f5717bfa88ede7463784 (diff) | |
| download | nextcloud-server-89aa3957ce40011917303c3a7fb5d9629fca3129.tar.gz nextcloud-server-89aa3957ce40011917303c3a7fb5d9629fca3129.zip | |
Merge pull request #41999 from nextcloud/bugfix/noid/handle-idn_to_utf8-returning-false
fix(security): Handle idn_to_utf8 returning false
| -rw-r--r-- | lib/private/Security/RemoteHostValidator.php | 4 | ||||
| -rw-r--r-- | tests/lib/Http/Client/ClientTest.php | 1 | ||||
| -rw-r--r-- | tests/lib/Security/RemoteHostValidatorTest.php | 15 |
3 files changed, 17 insertions, 3 deletions
diff --git a/lib/private/Security/RemoteHostValidator.php b/lib/private/Security/RemoteHostValidator.php index 385b38cff98..9cc69594c32 100644 --- a/lib/private/Security/RemoteHostValidator.php +++ b/lib/private/Security/RemoteHostValidator.php @@ -52,6 +52,10 @@ final class RemoteHostValidator implements IRemoteHostValidator { } $host = idn_to_utf8(strtolower(urldecode($host))); + if ($host === false) { + return false; + } + // Remove brackets from IPv6 addresses if (str_starts_with($host, '[') && str_ends_with($host, ']')) { $host = substr($host, 1, -1); diff --git a/tests/lib/Http/Client/ClientTest.php b/tests/lib/Http/Client/ClientTest.php index 3cef9d75986..0e6e265584e 100644 --- a/tests/lib/Http/Client/ClientTest.php +++ b/tests/lib/Http/Client/ClientTest.php @@ -149,6 +149,7 @@ class ClientTest extends \Test\TestCase { ['https://service.localhost'], ['!@#$', true], // test invalid url ['https://normal.host.com'], + ['https://com.one-.nextcloud-one.com'], ]; } diff --git a/tests/lib/Security/RemoteHostValidatorTest.php b/tests/lib/Security/RemoteHostValidatorTest.php index 030a75b1e79..b1371d9343c 100644 --- a/tests/lib/Security/RemoteHostValidatorTest.php +++ b/tests/lib/Security/RemoteHostValidatorTest.php @@ -60,8 +60,17 @@ class RemoteHostValidatorTest extends TestCase { ); } - public function testValid(): void { - $host = 'nextcloud.com'; + public function dataValid(): array { + return [ + ['nextcloud.com', true], + ['com.one-.nextcloud-one.com', false], + ]; + } + + /** + * @dataProvider dataValid + */ + public function testValid(string $host, bool $expected): void { $this->hostnameClassifier ->method('isLocalHostname') ->with($host) @@ -73,7 +82,7 @@ class RemoteHostValidatorTest extends TestCase { $valid = $this->validator->isValid($host); - self::assertTrue($valid); + self::assertSame($expected, $valid); } public function testLocalHostname(): void { |