Verify IP identifier contains valid IP

smallstep · Jun 3, 2021 · a0e92f8 · a0e92f8
1 parent 6486e60
commit a0e92f8
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/acme/api/order.go b/acme/api/order.go
@@ -5,6 +5,7 @@ import (
 	"crypto/x509"
 	"encoding/base64"
 	"encoding/json"
+	"net"
 	"net/http"
 	"strings"
 	"time"
@@ -31,6 +32,9 @@ func (n *NewOrderRequest) Validate() error {
 		if !(id.Type == "dns" || id.Type == "ip") {
 			return acme.NewError(acme.ErrorMalformedType, "identifier type unsupported: %s", id.Type)
 		}
+		if id.Type == "ip" && net.ParseIP(id.Value) == nil {
+			return acme.NewError(acme.ErrorMalformedType, "%s is not a valid IP address", id.Value)
+		}
 	}
 	return nil
 }
@@ -85,6 +89,7 @@ func (h *Handler) NewOrder(w http.ResponseWriter, r *http.Request) {
 			"failed to unmarshal new-order request payload"))
 		return
 	}
+
 	if err := nor.Validate(); err != nil {
 		api.WriteError(w, err)
 		return