From 4fc8538e2f2afd7eb16e3f23394f2d2acb2db2ee Mon Sep 17 00:00:00 2001
From: Brad Fitzpatrick <bradfitz@tailscale.com>
Date: Wed, 16 Nov 2022 08:16:17 -0800
Subject: [PATCH] ipn/ipnlocal: check quad100 Host header in info page

Updates tailscale/corp#7948

Change-Id: I0ab61c764bff9ba8afaf9070db73e971eb018477
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
---
 ipn/ipnlocal/local.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/ipn/ipnlocal/local.go b/ipn/ipnlocal/local.go
index 7df12245d..fc5f87597 100644
--- a/ipn/ipnlocal/local.go
+++ b/ipn/ipnlocal/local.go
@@ -3906,6 +3906,12 @@ func (b *LocalBackend) handleQuad100Port80Conn(w http.ResponseWriter, r *http.Re
 		http.Error(w, "method not allowed", http.StatusMethodNotAllowed)
 		return
 	}
+	switch r.Host {
+	case "", tsaddr.TailscaleServiceIP().String(), tsaddr.TailscaleServiceIPv6().String():
+	default:
+		http.Error(w, "bad request", http.StatusBadRequest)
+		return
+	}
 
 	b.mu.Lock()
 	defer b.mu.Unlock()