From b8c0768b166a9963bc9529a88a3f20493a7e7d48 Mon Sep 17 00:00:00 2001 From: yuhan6665 <1588741+yuhan6665@users.noreply.github.com> Date: Sat, 6 Jul 2024 17:12:49 -0400 Subject: [PATCH] Properly parse HTTP host for verification Also fix H2 transport to not verify if host is not defined --- transport/internet/http/config.go | 7 ++++--- transport/internet/httpupgrade/hub.go | 2 +- transport/internet/internet.go | 15 +++++++++++++++ transport/internet/splithttp/hub.go | 2 +- transport/internet/websocket/hub.go | 2 +- 5 files changed, 22 insertions(+), 6 deletions(-) diff --git a/transport/internet/http/config.go b/transport/internet/http/config.go index 990c2680..2697f989 100644 --- a/transport/internet/http/config.go +++ b/transport/internet/http/config.go @@ -1,8 +1,6 @@ package http import ( - "strings" - "github.com/xtls/xray-core/common" "github.com/xtls/xray-core/common/dice" "github.com/xtls/xray-core/transport/internet" @@ -18,9 +16,12 @@ func (c *Config) getHosts() []string { } func (c *Config) isValidHost(host string) bool { + if len(c.Host) == 0 { + return true + } hosts := c.getHosts() for _, h := range hosts { - if strings.Contains(strings.ToLower(host), strings.ToLower(h)) { + if internet.IsValidHTTPHost(host, h) { return true } } diff --git a/transport/internet/httpupgrade/hub.go b/transport/internet/httpupgrade/hub.go index 5be9240f..dc67c747 100644 --- a/transport/internet/httpupgrade/hub.go +++ b/transport/internet/httpupgrade/hub.go @@ -39,7 +39,7 @@ func (s *server) Handle(conn net.Conn) (stat.Connection, error) { if s.config != nil { host := req.Host - if len(s.config.Host) > 0 && !strings.Contains(strings.ToLower(host), strings.ToLower(s.config.Host)) { + if len(s.config.Host) > 0 && !internet.IsValidHTTPHost(host, s.config.Host) { return nil, errors.New("bad host: ", host) } path := s.config.GetNormalizedPath() diff --git a/transport/internet/internet.go b/transport/internet/internet.go index 694129ad..70fab761 100644 --- a/transport/internet/internet.go +++ b/transport/internet/internet.go @@ -1,3 +1,18 @@ package internet +import ( + "net" + "strings" +) + //go:generate go run github.com/xtls/xray-core/common/errors/errorgen + +func IsValidHTTPHost(request string, config string) bool { + r := strings.ToLower(request) + c := strings.ToLower(config) + if strings.Contains(r, ":") { + h, _, _ := net.SplitHostPort(r) + return h == c + } + return r == c +} diff --git a/transport/internet/splithttp/hub.go b/transport/internet/splithttp/hub.go index 8fe4951f..f71709ed 100644 --- a/transport/internet/splithttp/hub.go +++ b/transport/internet/splithttp/hub.go @@ -72,7 +72,7 @@ func (h *requestHandler) upsertSession(sessionId string) *httpSession { } func (h *requestHandler) ServeHTTP(writer http.ResponseWriter, request *http.Request) { - if len(h.host) > 0 && !strings.Contains(strings.ToLower(request.Host), strings.ToLower(h.host)) { + if len(h.host) > 0 && !internet.IsValidHTTPHost(request.Host, h.host) { errors.LogInfo(context.Background(), "failed to validate host, request:", request.Host, ", config:", h.host) writer.WriteHeader(http.StatusNotFound) return diff --git a/transport/internet/websocket/hub.go b/transport/internet/websocket/hub.go index 1d86be1d..6d363a68 100644 --- a/transport/internet/websocket/hub.go +++ b/transport/internet/websocket/hub.go @@ -38,7 +38,7 @@ var upgrader = &websocket.Upgrader{ } func (h *requestHandler) ServeHTTP(writer http.ResponseWriter, request *http.Request) { - if len(h.host) > 0 && !strings.Contains(strings.ToLower(request.Host), strings.ToLower(h.host)) { + if len(h.host) > 0 && !internet.IsValidHTTPHost(request.Host, h.host) { errors.LogInfo(context.Background(), "failed to validate host, request:", request.Host, ", config:", h.host) writer.WriteHeader(http.StatusNotFound) return