Skip to content

Commit

Permalink
server: better hostname validation
Browse files Browse the repository at this point in the history 
This change is harder to test, but we could test that function directly
idk.
  • Loading branch information
@fsouza
fsouza committed Mar 25, 2022
1 parent ca00a1c commit c1b343b
Showing 1 changed file with 3 additions and 4 deletions.
7 changes: 3 additions & 4 deletions fakestorage/server.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,6 @@ import (
"net/http/httptest"
"net/http/httputil"
"net/textproto"
"regexp"
"strings"
"sync"

Expand Down Expand Up @@ -271,11 +270,11 @@ func (s *Server) buildMuxer() {

// publicHostMatcher matches incoming requests against the currently specified server publicHost.
func (s *Server) publicHostMatcher(r *http.Request, rm *mux.RouteMatch) bool {
if strings.Contains(s.publicHost, ":") {
if strings.Contains(s.publicHost, ":") || !strings.Contains(r.Host, ":") {
return r.Host == s.publicHost
}
matched, _ := regexp.MatchString("^"+regexp.QuoteMeta(s.publicHost), r.Host)
return matched
idx := strings.IndexByte(r.Host, ':')
return r.Host[:idx] == s.publicHost
}

// Stop stops the server, closing all connections.
Expand Down

0 comments on commit c1b343b

Please sign in to comment.