diff options
| author | Aaron Ball <nullspoon@oper.io> | 2021-07-01 20:37:33 -0600 |
|---|---|---|
| committer | Aaron Ball <nullspoon@oper.io> | 2021-07-02 16:08:44 -0600 |
| commit | 484913dc31314398d504472860b0e4b593241ab4 (patch) | |
| tree | 1ef5c8b3a13c487c31c77f79958247a6616e2069 /lib/private/Http/Client | |
| parent | a0d9dce26e0e669d1565e252f8df24ae07900dde (diff) | |
| download | nextcloud-server-484913dc31314398d504472860b0e4b593241ab4.tar.gz nextcloud-server-484913dc31314398d504472860b0e4b593241ab4.zip | |
Fix DnsPinMiddleware resolve pinning bug
Libcurl expects the value of the CURLOPT_RESOLVE configurations to be an
array of strings, those strings containing a comma delimited list of
resolved IPs for each host:port combination.
The original code here does create that array with the host:port:ip
combination, but multiple ips for a single host:port result in
additional array entries, rather than adding them to the end of the
string with a comma. Per the libcurl docs, the `CURLOPT_RESOLVE` array
entries should match the syntax `host:port:address[,address]`.
This creates a function-scoped associative array which uses `host:port`
as the key (which are supposed to be unique and this ensures that), and
the value is an array containing IP strings (ipv4 or ipv6). Once the
associative array is populated, it is then set to the CURLOPT_RESOLVE
array, imploding the ip arrays using a comma delimiter so the array
syntax matches the expected by libcurl.
Note that this reorders the "foreach ip" and "foreach port" loops.
Rather than looping over ips then ports, we now loop over ports then
ips, since ports are part of the unique host:port map, and multiple ips
can exist therein.
Signed-off-by: Aaron Ball <nullspoon@oper.io>
Diffstat (limited to 'lib/private/Http/Client')
| -rw-r--r-- | lib/private/Http/Client/DnsPinMiddleware.php | 17 |
1 files changed, 12 insertions, 5 deletions
diff --git a/lib/private/Http/Client/DnsPinMiddleware.php b/lib/private/Http/Client/DnsPinMiddleware.php index 019fde23723..900173bb506 100644 --- a/lib/private/Http/Client/DnsPinMiddleware.php +++ b/lib/private/Http/Client/DnsPinMiddleware.php @@ -112,15 +112,22 @@ class DnsPinMiddleware { $targetIps = $this->dnsResolve($hostName, 0); - foreach ($targetIps as $ip) { - $this->localAddressChecker->ThrowIfLocalIp($ip); + $curlResolves = []; - foreach ($ports as $port) { - $curlEntry = $hostName . ':' . $port . ':' . $ip; - $options['curl'][CURLOPT_RESOLVE][] = $curlEntry; + foreach ($ports as $port) { + $curlResolves["$hostName:$port"] = []; + + foreach ($targetIps as $ip) { + $this->localAddressChecker->ThrowIfLocalIp($ip); + $curlResolves["$hostName:$port"][] = $ip; } } + // Coalesce the per-host:port ips back into a comma separated list + foreach ($curlResolves as $hostport => $ips) { + $options['curl'][CURLOPT_RESOLVE][] = "$hostport:" . implode(',', $ips); + } + return $handler($request, $options); }; }; |