ipn/ipnserver: validate Host header on debug ServeHTMLStatus status

Updates tailscale/corp#7948 Change-Id: I3a8c64f353af1eeae620812b2700ce4af4fbbc88 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com> (cherry picked from commit f18dde6ad1)
3 years ago · 49ae82e8bd
parent 7077adc475
commit 49ae82e8bd
1 changed files with 11 additions and 0 deletions
--- a/ipn/ipnserver/server.go
+++ b/ipn/ipnserver/server.go
@ -27,6 +27,7 @@ import (
 	"sync"
 	"syscall"
 	"time"
+	"unicode"

 	"go4.org/mem"
 	"inet.af/peercred"
@ -1072,7 +1073,17 @@ func (s *Server) localhostHandler(ci connIdentity) http.Handler {
 	})
 }

+// ServeHTMLStatus serves an HTML status page at http://localhost:41112/ for
+// Windows and via $DEBUG_LISTENER/debug/ipn when tailscaled's --debug flag
+// is used to run a debug server.
 func (s *Server) ServeHTMLStatus(w http.ResponseWriter, r *http.Request) {
+	// As this is only meant for debug, verify there's no DNS name being used to
+	// access this.
+	if strings.IndexFunc(r.Host, unicode.IsLetter) != -1 {
+		http.Error(w, "invalid host", http.StatusForbidden)
+		return
+	}
+
 	w.Header().Set("Content-Type", "text/html; charset=utf-8")
 	st := s.b.Status()
 	// TODO(bradfitz): add LogID and opts to st?