mirror of
https://github.com/XTLS/Xray-core.git
synced 2024-12-22 11:23:32 +02:00
Properly parse HTTP host for verification
Also fix H2 transport to not verify if host is not defined
This commit is contained in:
parent
4c51636788
commit
b8c0768b16
5 changed files with 22 additions and 6 deletions
|
@ -1,8 +1,6 @@
|
|||
package http
|
||||
|
||||
import (
|
||||
"strings"
|
||||
|
||||
"github.com/xtls/xray-core/common"
|
||||
"github.com/xtls/xray-core/common/dice"
|
||||
"github.com/xtls/xray-core/transport/internet"
|
||||
|
@ -18,9 +16,12 @@ func (c *Config) getHosts() []string {
|
|||
}
|
||||
|
||||
func (c *Config) isValidHost(host string) bool {
|
||||
if len(c.Host) == 0 {
|
||||
return true
|
||||
}
|
||||
hosts := c.getHosts()
|
||||
for _, h := range hosts {
|
||||
if strings.Contains(strings.ToLower(host), strings.ToLower(h)) {
|
||||
if internet.IsValidHTTPHost(host, h) {
|
||||
return true
|
||||
}
|
||||
}
|
||||
|
|
|
@ -39,7 +39,7 @@ func (s *server) Handle(conn net.Conn) (stat.Connection, error) {
|
|||
|
||||
if s.config != nil {
|
||||
host := req.Host
|
||||
if len(s.config.Host) > 0 && !strings.Contains(strings.ToLower(host), strings.ToLower(s.config.Host)) {
|
||||
if len(s.config.Host) > 0 && !internet.IsValidHTTPHost(host, s.config.Host) {
|
||||
return nil, errors.New("bad host: ", host)
|
||||
}
|
||||
path := s.config.GetNormalizedPath()
|
||||
|
|
|
@ -1,3 +1,18 @@
|
|||
package internet
|
||||
|
||||
import (
|
||||
"net"
|
||||
"strings"
|
||||
)
|
||||
|
||||
//go:generate go run github.com/xtls/xray-core/common/errors/errorgen
|
||||
|
||||
func IsValidHTTPHost(request string, config string) bool {
|
||||
r := strings.ToLower(request)
|
||||
c := strings.ToLower(config)
|
||||
if strings.Contains(r, ":") {
|
||||
h, _, _ := net.SplitHostPort(r)
|
||||
return h == c
|
||||
}
|
||||
return r == c
|
||||
}
|
||||
|
|
|
@ -72,7 +72,7 @@ func (h *requestHandler) upsertSession(sessionId string) *httpSession {
|
|||
}
|
||||
|
||||
func (h *requestHandler) ServeHTTP(writer http.ResponseWriter, request *http.Request) {
|
||||
if len(h.host) > 0 && !strings.Contains(strings.ToLower(request.Host), strings.ToLower(h.host)) {
|
||||
if len(h.host) > 0 && !internet.IsValidHTTPHost(request.Host, h.host) {
|
||||
errors.LogInfo(context.Background(), "failed to validate host, request:", request.Host, ", config:", h.host)
|
||||
writer.WriteHeader(http.StatusNotFound)
|
||||
return
|
||||
|
|
|
@ -38,7 +38,7 @@ var upgrader = &websocket.Upgrader{
|
|||
}
|
||||
|
||||
func (h *requestHandler) ServeHTTP(writer http.ResponseWriter, request *http.Request) {
|
||||
if len(h.host) > 0 && !strings.Contains(strings.ToLower(request.Host), strings.ToLower(h.host)) {
|
||||
if len(h.host) > 0 && !internet.IsValidHTTPHost(request.Host, h.host) {
|
||||
errors.LogInfo(context.Background(), "failed to validate host, request:", request.Host, ", config:", h.host)
|
||||
writer.WriteHeader(http.StatusNotFound)
|
||||
return
|
||||
|
|
Loading…
Reference in a new issue