diff options
| -rw-r--r-- | lib/private/Http/Client/LocalAddressChecker.php | 16 | ||||
| -rw-r--r-- | tests/lib/Http/Client/LocalAddressCheckerTest.php | 5 |
2 files changed, 19 insertions, 2 deletions
diff --git a/lib/private/Http/Client/LocalAddressChecker.php b/lib/private/Http/Client/LocalAddressChecker.php index c69d1007a16..f4fea503ab9 100644 --- a/lib/private/Http/Client/LocalAddressChecker.php +++ b/lib/private/Http/Client/LocalAddressChecker.php @@ -27,6 +27,7 @@ namespace OC\Http\Client; use OCP\Http\Client\LocalServerException; use Psr\Log\LoggerInterface; +use Symfony\Component\HttpFoundation\IpUtils; class LocalAddressChecker { private LoggerInterface $logger; @@ -36,7 +37,16 @@ class LocalAddressChecker { } public function ThrowIfLocalIp(string $ip) : void { - if ((bool)filter_var($ip, FILTER_VALIDATE_IP) && !filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) { + $localRanges = [ + '100.64.0.0/10', // See RFC 6598 + '192.0.0.0/24', // See RFC 6890 + ]; + if ( + (bool)filter_var($ip, FILTER_VALIDATE_IP) && + ( + !filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE) || + IpUtils::checkIp($ip, $localRanges) + )) { $this->logger->warning("Host $ip was not connected to because it violates local access rules"); throw new LocalServerException('Host violates local access rules'); } @@ -46,7 +56,9 @@ class LocalAddressChecker { $delimiter = strrpos($ip, ':'); // Get last colon $ipv4Address = substr($ip, $delimiter + 1); - if (!filter_var($ipv4Address, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) { + if ( + !filter_var($ipv4Address, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE) || + IpUtils::checkIp($ip, $localRanges)) { $this->logger->warning("Host $ip was not connected to because it violates local access rules"); throw new LocalServerException('Host violates local access rules'); } diff --git a/tests/lib/Http/Client/LocalAddressCheckerTest.php b/tests/lib/Http/Client/LocalAddressCheckerTest.php index 0bba1cee5f4..9f2f6c72993 100644 --- a/tests/lib/Http/Client/LocalAddressCheckerTest.php +++ b/tests/lib/Http/Client/LocalAddressCheckerTest.php @@ -96,6 +96,8 @@ class LocalAddressCheckerTest extends \Test\TestCase { ['10.0.0.1'], ['::'], ['::1'], + ['100.100.100.200'], + ['192.0.0.1'], ]; } @@ -116,6 +118,9 @@ class LocalAddressCheckerTest extends \Test\TestCase { ['another-host.local'], ['service.localhost'], ['!@#$'], // test invalid url + ['100.100.100.200'], + ['192.0.0.1'], + ['randomdomain.internal'], ]; } |