From 5aeab1463bece85363327a49a46e9f8d7cd29496 Mon Sep 17 00:00:00 2001 From: Preetha Appan Date: Fri, 28 Jul 2017 17:18:10 -0500 Subject: [PATCH] Validate unix sockets and ip addresses as needed, more test cases --- agent/config.go | 29 +++++++++++++++++------------ agent/config_test.go | 6 ++++++ 2 files changed, 23 insertions(+), 12 deletions(-) diff --git a/agent/config.go b/agent/config.go index 437e33641d..cc0958c85d 100644 --- a/agent/config.go +++ b/agent/config.go @@ -2127,7 +2127,7 @@ func ReadConfigPaths(paths []string) (*Config, error) { // and performs go-sockaddr/template Parse on each known address in case the // user specified a template config for any of their values. func (c *Config) ResolveTmplAddrs() (err error) { - parse := func(addr *string, validateIP bool, name string) { + parse := func(addr *string, socketAllowed bool, name string) { if *addr == "" || err != nil { return } @@ -2137,26 +2137,31 @@ func (c *Config) ResolveTmplAddrs() (err error) { err = fmt.Errorf("Resolution of %s failed: %v", name, err) return } - - if validateIP && net.ParseIP(ip) == nil { + ipAddr := net.ParseIP(ip) + if !socketAllowed && ipAddr == nil { err = fmt.Errorf("Failed to parse %s: %v", name, ip) return } + if socketAllowed && socketPath(ip) == "" && ipAddr == nil { + err = fmt.Errorf("Failed to parse %s, is not a valid IP address or socket: %v", name, ip) + return + } + *addr = ip } if c == nil { return } - parse(&c.Addresses.DNS, false, "DNS address") - parse(&c.Addresses.HTTP, false, "HTTP address") - parse(&c.Addresses.HTTPS, false, "HTTPS address") - parse(&c.AdvertiseAddr, true, "Advertise address") - parse(&c.AdvertiseAddrWan, true, "Advertise WAN address") - parse(&c.BindAddr, false, "Bind address") - parse(&c.ClientAddr, false, "Client address") - parse(&c.SerfLanBindAddr, true, "Serf LAN address") - parse(&c.SerfWanBindAddr, true, "Serf WAN address") + parse(&c.Addresses.DNS, true, "DNS address") + parse(&c.Addresses.HTTP, true, "HTTP address") + parse(&c.Addresses.HTTPS, true, "HTTPS address") + parse(&c.AdvertiseAddr, false, "Advertise address") + parse(&c.AdvertiseAddrWan, false, "Advertise WAN address") + parse(&c.BindAddr, true, "Bind address") + parse(&c.ClientAddr, true, "Client address") + parse(&c.SerfLanBindAddr, false, "Serf LAN address") + parse(&c.SerfWanBindAddr, false, "Serf WAN address") return } diff --git a/agent/config_test.go b/agent/config_test.go index dca9d7cc3b..13b3738c2a 100644 --- a/agent/config_test.go +++ b/agent/config_test.go @@ -71,6 +71,12 @@ func TestDecodeConfig(t *testing.T) { parseTemplateErr: errors.New("Failed to parse Advertise WAN address: unix:///path/to/file"), c: &Config{AdvertiseAddrWan: "unix:///path/to/file"}, }, + { + in: `{"addresses":{"http":"notunix://blah"}}`, + parseTemplateErr: errors.New("Failed to parse HTTP address, is not a valid IP address or socket: notunix://blah"), + c: &Config{Addresses: AddressConfig{HTTP: "notunix://blah"}}, + }, + // happy flows in alphabetical order { in: `{"acl_agent_master_token":"a"}`,