mirror of
https://github.com/minio/minio.git
synced 2024-12-24 06:05:55 -05:00
send proper IPv6 names avoid bracketing notation (#18699)
Following policies if present ``` "Condition": { "IpAddress": { "aws:SourceIp": [ "54.240.143.0/24", "2001:DB8:1234:5678::/64" ] } } ``` And client is making a request to MinIO via IPv6 can potentially crash the server. Workarounds are turn-off IPv6 and use only IPv4
This commit is contained in:
parent
8432fd5ac2
commit
4550535cbb
@ -121,7 +121,7 @@ func getConditionValues(r *http.Request, lc string, cred auth.Credentials) map[s
|
||||
"CurrentTime": {currTime.Format(time.RFC3339)},
|
||||
"EpochTime": {strconv.FormatInt(currTime.Unix(), 10)},
|
||||
"SecureTransport": {strconv.FormatBool(r.TLS != nil)},
|
||||
"SourceIp": {handlers.GetSourceIP(r)},
|
||||
"SourceIp": {handlers.GetSourceIPRaw(r)},
|
||||
"UserAgent": {r.UserAgent()},
|
||||
"Referer": {r.Referer()},
|
||||
"principaltype": {principalType},
|
||||
|
@ -113,16 +113,27 @@ func GetSourceIPFromHeaders(r *http.Request) string {
|
||||
return addr
|
||||
}
|
||||
|
||||
// GetSourceIP retrieves the IP from the request headers
|
||||
// GetSourceIPRaw retrieves the IP from the request headers
|
||||
// and falls back to r.RemoteAddr when necessary.
|
||||
func GetSourceIP(r *http.Request) string {
|
||||
// however returns without bracketing.
|
||||
func GetSourceIPRaw(r *http.Request) string {
|
||||
addr := GetSourceIPFromHeaders(r)
|
||||
if addr != "" {
|
||||
return addr
|
||||
if addr == "" {
|
||||
addr = r.RemoteAddr
|
||||
}
|
||||
|
||||
// Default to remote address if headers not set.
|
||||
addr, _, _ = net.SplitHostPort(r.RemoteAddr)
|
||||
raddr, _, _ := net.SplitHostPort(addr)
|
||||
if raddr == "" {
|
||||
return addr
|
||||
}
|
||||
return raddr
|
||||
}
|
||||
|
||||
// GetSourceIP retrieves the IP from the request headers
|
||||
// and falls back to r.RemoteAddr when necessary.
|
||||
func GetSourceIP(r *http.Request) string {
|
||||
addr := GetSourceIPRaw(r)
|
||||
if strings.ContainsRune(addr, ':') {
|
||||
return "[" + addr + "]"
|
||||
}
|
||||
|
@ -62,10 +62,10 @@ func TestGetSourceIP(t *testing.T) {
|
||||
{xForwardedFor, "8.8.8.8, 8.8.4.4", "8.8.8.8"}, // Multiple
|
||||
{xForwardedFor, "", ""}, // None
|
||||
{xRealIP, "8.8.8.8", "8.8.8.8"}, // Single address
|
||||
{xRealIP, "[2001:db8:cafe::17]:4711", "[2001:db8:cafe::17]:4711"}, // IPv6 address
|
||||
{xRealIP, "[2001:db8:cafe::17]:4711", "[2001:db8:cafe::17]"}, // IPv6 address
|
||||
{xRealIP, "", ""}, // None
|
||||
{forwarded, `for="_gazonk"`, "_gazonk"}, // Hostname
|
||||
{forwarded, `For="[2001:db8:cafe::17]:4711`, `[2001:db8:cafe::17]:4711`}, // IPv6 address
|
||||
{forwarded, `For="[2001:db8:cafe::17]:4711`, `[2001:db8:cafe::17]`}, // IPv6 address
|
||||
{forwarded, `for=192.0.2.60;proto=http;by=203.0.113.43`, `192.0.2.60`}, // Multiple params
|
||||
{forwarded, `for=192.0.2.43, for=198.51.100.17`, "192.0.2.43"}, // Multiple params
|
||||
{forwarded, `for="workstation.local",for=198.51.100.17`, "workstation.local"}, // Hostname
|
||||
|
Loading…
Reference in New Issue
Block a user