greenlock checks sni now

This commit is contained in:
AJ ONeal 2018-08-16 02:44:10 -06:00
parent 11e0db1f20
commit aac54d63f2
1 changed files with 7 additions and 10 deletions

View File

@ -13,7 +13,8 @@ var fs = require('fs');
var finalhandler = require('finalhandler'); var finalhandler = require('finalhandler');
var serveStatic = require('serve-static'); var serveStatic = require('serve-static');
var path = require('path'); var path = require('path');
var hostnameRe = /^[a-z0-9][\.a-z0-9\-]+$/; // Allowed characters are a-z,0-9,.,-,_ with TLDs being alpha-only
var hostnameRe = /^[\.a-z0-9_\-]+\.[a-z]+$/i;
//require('greenlock-express') //require('greenlock-express')
require('../').create({ require('../').create({
@ -39,17 +40,13 @@ require('../').create({
return; return;
} }
// TODO could test for www/no-www both in directory and IP // SECURITY Greenlock validates opts.domains ahead-of-time
var e;
var hostdir = path.join(srv, opts.domains[0]); var hostdir = path.join(srv, opts.domains[0]);
if (!hostnameRe.test(opts.domains[0])) { // TODO could test for www/no-www both in directory and IP
e = new Error("rejecting '" + opts.domains[0] + "' because it is not a valid domain name");
cb(e);
return;
}
fs.readdir(hostdir, function (err, nodes) { fs.readdir(hostdir, function (err, nodes) {
e = new Error("rejecting '" + opts.domains[0] + "' because '" + hostdir + "' could not be read"); var e;
if (err || !nodes) { if (err || !nodes) {
e = new Error("rejecting '" + opts.domains[0] + "' because '" + hostdir + "' could not be read");
console.error(err); console.error(err);
console.error(e); console.error(e);
cb(e); cb(e);
@ -74,7 +71,7 @@ require('../').create({
, app: function (req, res) { , app: function (req, res) {
console.log(req.headers.host); console.log(req.headers.host);
var hostname = (req.headers.host||'').toLowerCase().split(':')[0]; var hostname = (req.headers.host||'').toLowerCase().split(':')[0];
// sanatize hostname to prevent unauthorized fs access // SECURITY sanatize hostname to prevent unauthorized fs access
if (!hostnameRe.test(hostname)) { if (!hostnameRe.test(hostname)) {
res.statusCode = 404; res.statusCode = 404;
res.end('Bad Hostname'); res.end('Bad Hostname');