Skip to content

Commit

Permalink
settings: validate netaddress when updating settings
Browse files Browse the repository at this point in the history
  • Loading branch information
@n8maninger
n8maninger committed Dec 30, 2023
1 parent 7a86b99 commit 00a0ac7
Show file tree
Hide file tree
Showing 2 changed files with 26 additions and 13 deletions.
32 changes: 19 additions & 13 deletions host/settings/netaddress_default.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,31 +6,37 @@ import (
"errors"
"fmt"
"net"
"strconv"
)

func validateNetAddress(netaddress string) error {
addr, _, err := net.SplitHostPort(netaddress)
host, port, err := net.SplitHostPort(netaddress)
if err != nil {
return fmt.Errorf("invalid net address %q: net addresses must contain an IP and port: %w", netaddress, err)
} else if addr == "" {
return fmt.Errorf("invalid net address %q: net addresses must contain a host and port: %w", netaddress, err)
}

// Check that the host is not empty or localhost.
if host == "" {
return errors.New("empty net address")
} else if addr == "localhost" {
} else if host == "localhost" {
return errors.New("net address cannot be localhost")
}

ip := net.ParseIP(addr)
// Check that the port is a valid number.
n, err := strconv.Atoi(port)
if err != nil {
return fmt.Errorf("failed to parse port: %w", err)
} else if n < 1 || n > 65535 {
return errors.New("port must be between 1 and 65535")
}

// If the host is an IP address, check that it is a public IP address.
ip := net.ParseIP(host)
if ip != nil {
if ip.IsLoopback() || ip.IsPrivate() || !ip.IsGlobalUnicast() {
return fmt.Errorf("invalid net address %q: only public IP addresses allowed", addr)
return fmt.Errorf("invalid net address %q: only public IP addresses allowed", host)
}
return nil
}

addrs, err := net.LookupIP(addr)
if err != nil {
return fmt.Errorf("failed to resolve net address %q: %w", addr, err)
} else if len(addrs) == 0 {
return fmt.Errorf("failed to resolve net address: no addresses found")
}
return nil
}
7 changes: 7 additions & 0 deletions host/settings/settings.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -220,6 +220,13 @@ func (m *ConfigManager) UpdateSettings(s Settings) error {
return fmt.Errorf("failed to validate DNS settings: %w", err)
}

// if a netaddress is set, validate it
if strings.TrimSpace(s.NetAddress) != "" {
if err := validateNetAddress(s.NetAddress); err != nil {
return fmt.Errorf("failed to validate net address: %w", err)
}
}

m.mu.Lock()
m.settings = s
m.setRateLimit(s.IngressLimit, s.EgressLimit)
Expand Down

0 comments on commit 00a0ac7

Please sign in to comment.