MyFavMirrors/headscale
1
0
Fork 0
mirror of https://github.com/juanfont/headscale.git synced 2025-05-23 02:21:53 -04:00
Code Issues Packages Projects Releases Wiki Activity

policy/v2: error on missing or zero port (#2606)

Browse Source 
* policy/v2: error on missing or zero port

Fixes #2605

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* changelog: add entry

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

---------

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
This commit is contained in:
Kristoffer Dalby 2025-05-16 17:30:47 +02:00 committed by GitHub
parent 30525cee0e
commit bd6ed80936
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 50 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
CHANGELOG.md
View File

@ -2,6 +2,11 @@
## Next ## Next
### BREAKING
- Policy: Zero or empty destination port is no longer allowed
[#2606](https://github.com/juanfont/headscale/pull/2606)
## 0.26.0 (2025-05-14) ## 0.26.0 (2025-05-14)
### BREAKING ### BREAKING

3
hscontrol/policy/v2/types.go
View File

@ -3,6 +3,7 @@ package v2
import ( import (
"bytes" "bytes"
"encoding/json" "encoding/json"
"errors"
"fmt" "fmt"
"net/netip" "net/netip"
"strings" "strings"
@ -467,6 +468,8 @@ func (ve *AliasWithPorts) UnmarshalJSON(b []byte) error {
return err return err
} }
ve.Ports = ports ve.Ports = ports
} else {
return errors.New(`hostport must contain a colon (":")`)
} }
ve.Alias, err = parseAlias(vs) ve.Alias, err = parseAlias(vs)

38
hscontrol/policy/v2/types_test.go
View File

@ -706,6 +706,44 @@ func TestUnmarshalPolicy(t *testing.T) {
`, `,
wantErr: `Tag "tag:notdefined" is not defined in the Policy, please define or remove the reference to it`, wantErr: `Tag "tag:notdefined" is not defined in the Policy, please define or remove the reference to it`,
}, },
{
name: "missing-dst-port-is-err",
input: `
{
"acls": [
{
"action": "accept",
"src": [
"*"
],
"dst": [
"100.64.0.1"
]
}
]
}
`,
wantErr: `hostport must contain a colon (":")`,
},
{
name: "dst-port-zero-is-err",
input: `
{
"acls": [
{
"action": "accept",
"src": [
"*"
],
"dst": [
"100.64.0.1:0"
]
}
]
}
`,
wantErr: `first port must be >0, or use '*' for wildcard`,
},
} }
cmps := append(util.Comparers, cmp.Comparer(func(x, y Prefix) bool { cmps := append(util.Comparers, cmp.Comparer(func(x, y Prefix) bool {

4
hscontrol/policy/v2/utils.go
View File

@ -73,6 +73,10 @@ func parsePortRange(portDef string) ([]tailcfg.PortRange, error) {
return nil, err return nil, err
} }
if port < 1 {
return nil, errors.New("first port must be >0, or use '*' for wildcard")
}
portRanges = append(portRanges, tailcfg.PortRange{First: port, Last: port}) portRanges = append(portRanges, tailcfg.PortRange{First: port, Last: port})
} }
} }