enforce port restrictions against requests that happen to be missing the port

author: Hazelnoot <acomputerdog@gmail.com> 2025-05-13 22:22:40 -0400
committer: Hazelnoot <acomputerdog@gmail.com> 2025-05-13 22:22:40 -0400
commit: ebd4ccdd55a509e02fd8964061b90361d6c93924 (patch)
tree: 7f0f92b0a2f3d93462829ebfc6afbbba3dcae495
parent: rename "mask" to "prefixLength" for clarity (diff)
download: sharkey-ebd4ccdd55a509e02fd8964061b90361d6c93924.tar.gz
sharkey-ebd4ccdd55a509e02fd8964061b90361d6c93924.tar.bz2
sharkey-ebd4ccdd55a509e02fd8964061b90361d6c93924.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/packages/backend/src/core/HttpRequestService.ts b/packages/backend/src/core/HttpRequestService.ts
index 7c086c9976..2951691129 100644
--- a/packages/backend/src/core/HttpRequestService.ts
+++ b/packages/backend/src/core/HttpRequestService.ts
@@ -32,7 +32,7 @@ export function isPrivateIp(allowedPrivateNetworks: PrivateNetwork[] | undefined
 
 	for (const { cidr, ports } of allowedPrivateNetworks ?? []) {
 		if (cidr[0].kind() === parsedIp.kind() && parsedIp.match(cidr)) {
-			if (port == null || ports == null || ports.includes(port)) {
+			if (ports == null || (port != null && ports.includes(port))) {
 				return false;
 			}
 		}
author	Hazelnoot <acomputerdog@gmail.com>	2025-05-13 22:22:40 -0400
committer	Hazelnoot <acomputerdog@gmail.com>	2025-05-13 22:22:40 -0400
commit	ebd4ccdd55a509e02fd8964061b90361d6c93924 (patch)
tree	7f0f92b0a2f3d93462829ebfc6afbbba3dcae495
parent	rename "mask" to "prefixLength" for clarity (diff)
download	sharkey-ebd4ccdd55a509e02fd8964061b90361d6c93924.tar.gz sharkey-ebd4ccdd55a509e02fd8964061b90361d6c93924.tar.bz2 sharkey-ebd4ccdd55a509e02fd8964061b90361d6c93924.zip