lib/discover: Don't leak relay-tokens to discovery (#8762)

Use an allowlist to send only the `id` query param to the discovery server.
This commit is contained in:
entity0xfe 2023-03-04 12:16:57 +01:00 committed by GitHub
parent 8bbf2ba9ac
commit 4558eef446
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 41 additions and 0 deletions

View File

@ -54,6 +54,15 @@ type announcement struct {
Addresses []string `json:"addresses"` Addresses []string `json:"addresses"`
} }
func (a announcement) MarshalJSON() ([]byte, error) {
type announcementCopy announcement
a.Addresses = sanitizeRelayAddresses(a.Addresses)
aCopy := announcementCopy(a)
return json.Marshal(aCopy)
}
type serverOptions struct { type serverOptions struct {
insecure bool // don't check certificate insecure bool // don't check certificate
noAnnounce bool // don't announce noAnnounce bool // don't announce

View File

@ -116,6 +116,9 @@ func (c *localClient) announcementPkt(instanceID int64, msg []byte) ([]byte, boo
// usable as-is. // usable as-is.
addrs = filterUnspecifiedLocal(addrs) addrs = filterUnspecifiedLocal(addrs)
// do not leak relay tokens to discovery
addrs = sanitizeRelayAddresses(addrs)
if len(addrs) == 0 { if len(addrs) == 0 {
// Nothing to announce // Nothing to announce
return msg, false return msg, false
@ -315,3 +318,32 @@ func filterUnspecifiedLocal(addrs []string) []string {
} }
return filtered return filtered
} }
func sanitizeRelayAddresses(addrs []string) []string {
filtered := addrs[:0]
allowlist := []string{"id"}
for _, addr := range addrs {
u, err := url.Parse(addr)
if err != nil {
continue
}
if u.Scheme == "relay" {
s := url.Values{}
q := u.Query()
for _, w := range allowlist {
if q.Has(w) {
s.Add(w, q.Get(w))
}
}
u.RawQuery = s.Encode()
addr = u.String()
}
filtered = append(filtered, addr)
}
return filtered
}