Check for local IPs nested in IPv6 as well

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
author: Côme Chilliet <come.chilliet@nextcloud.com> 2022-06-28 16:48:38 +0200
committer: Côme Chilliet (Rebase PR Action) <come-nc@users.noreply.github.com> 2022-07-12 09:49:27 +0000
commit: 707b46bb01e67b764274fc00275e2076aeea5327 (patch)
tree: e81c3e65212efd4c477637945473a76c84c20337 /lib/private/Http
parent: d0830432a7ce4dece2af7a5ca3c0f3831dbd1291 (diff)
download: nextcloud-server-707b46bb01e67b764274fc00275e2076aeea5327.tar.gz
nextcloud-server-707b46bb01e67b764274fc00275e2076aeea5327.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/lib/private/Http/Client/LocalAddressChecker.php b/lib/private/Http/Client/LocalAddressChecker.php
index 749a1a97c8a..b0c420a4fe8 100644
--- a/lib/private/Http/Client/LocalAddressChecker.php
+++ b/lib/private/Http/Client/LocalAddressChecker.php
@@ -52,7 +52,9 @@ class LocalAddressChecker {
 			$delimiter = strrpos($ip, ':'); // Get last colon
 			$ipv4Address = substr($ip, $delimiter + 1);
 
-			if (!filter_var($ipv4Address, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) {
+			if (
+				!filter_var($ipv4Address, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE) ||
+				in_array($ipv4Address, $localIps, true)) {
 				$this->logger->warning("Host $ip was not connected to because it violates local access rules");
 				throw new LocalServerException('Host violates local access rules');
 			}
author	Côme Chilliet <come.chilliet@nextcloud.com>	2022-06-28 16:48:38 +0200
committer	Côme Chilliet (Rebase PR Action) <come-nc@users.noreply.github.com>	2022-07-12 09:49:27 +0000
commit	707b46bb01e67b764274fc00275e2076aeea5327 (patch)
tree	e81c3e65212efd4c477637945473a76c84c20337 /lib/private/Http
parent	d0830432a7ce4dece2af7a5ca3c0f3831dbd1291 (diff)
download	nextcloud-server-707b46bb01e67b764274fc00275e2076aeea5327.tar.gz nextcloud-server-707b46bb01e67b764274fc00275e2076aeea5327.zip