From deff20edc63956ab09e8a1339afb9b5691999547 Mon Sep 17 00:00:00 2001
From: Christine Dodrill <xe@tailscale.com>
Date: Mon, 15 Mar 2021 15:44:56 -0400
Subject: [PATCH] cmd/tailscale/cli: don't permit setting self IP as exit node
 (#1491)

This change makes it impossible to set your own IP address as the exit node for this system.

Fixes #1489

Signed-off-by: Christine Dodrill <xe@tailscale.com>
---
 cmd/tailscale/cli/status.go | 18 +++++++++++-------
 cmd/tailscale/cli/up.go     | 12 ++++++++++++
 2 files changed, 23 insertions(+), 7 deletions(-)

diff --git a/cmd/tailscale/cli/status.go b/cmd/tailscale/cli/status.go
index 8997a187a..851b0c2bd 100644
--- a/cmd/tailscale/cli/status.go
+++ b/cmd/tailscale/cli/status.go
@@ -53,12 +53,7 @@ var statusArgs struct {
 	peers   bool   // in CLI mode, show status of peer machines
 }
 
-func runStatus(ctx context.Context, args []string) error {
-	c, bc, ctx, cancel := connect(ctx)
-	defer cancel()
-
-	bc.AllowVersionSkew = true
-
+func getStatusFromServer(ctx context.Context, c net.Conn, bc *ipn.BackendClient) func() (*ipnstate.Status, error) {
 	ch := make(chan *ipnstate.Status, 1)
 	bc.SetNotifyCallback(func(n ipn.Notify) {
 		if n.ErrMessage != nil {
@@ -80,7 +75,7 @@ func runStatus(ctx context.Context, args []string) error {
 	})
 	go pump(ctx, bc, c)
 
-	getStatus := func() (*ipnstate.Status, error) {
+	return func() (*ipnstate.Status, error) {
 		bc.RequestStatus()
 		select {
 		case st := <-ch:
@@ -89,6 +84,15 @@ func runStatus(ctx context.Context, args []string) error {
 			return nil, ctx.Err()
 		}
 	}
+}
+
+func runStatus(ctx context.Context, args []string) error {
+	c, bc, ctx, cancel := connect(ctx)
+	defer cancel()
+
+	bc.AllowVersionSkew = true
+
+	getStatus := getStatusFromServer(ctx, c, bc)
 	st, err := getStatus()
 	if err != nil {
 		return err
diff --git a/cmd/tailscale/cli/up.go b/cmd/tailscale/cli/up.go
index 3f0081425..5994434ed 100644
--- a/cmd/tailscale/cli/up.go
+++ b/cmd/tailscale/cli/up.go
@@ -249,6 +249,18 @@ func runUp(ctx context.Context, args []string) error {
 	c, bc, ctx, cancel := connect(ctx)
 	defer cancel()
 
+	if !prefs.ExitNodeIP.IsZero() {
+		st, err := getStatusFromServer(ctx, c, bc)()
+		if err != nil {
+			fatalf("can't fetch status from tailscaled: %v", err)
+		}
+		for _, ip := range st.TailscaleIPs {
+			if prefs.ExitNodeIP == ip {
+				fatalf("cannot use %s as the exit node as it is a local IP address to this machine, did you mean --advertise-exit-node?", ip)
+			}
+		}
+	}
+
 	var printed bool
 	var loginOnce sync.Once
 	startLoginInteractive := func() { loginOnce.Do(func() { bc.StartLoginInteractive() }) }