tsnet: check a bit harder for https in Server.ListenFunnel
This was mostly already fixed already indirectly in earlier commits but add a last second length check to this slice so it can't ever OOB. Fixes #7860 Change-Id: I31ac17fc93b5808deb09ff34e452fe37c87ddf3a Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
This commit is contained in:
parent
bff786520e
commit
d36a0d42aa
|
@ -1009,6 +1009,9 @@ func (s *Server) ListenFunnel(network, addr string, opts ...FunnelOption) (net.L
|
|||
if srvConfig == nil {
|
||||
srvConfig = &ipn.ServeConfig{}
|
||||
}
|
||||
if len(st.CertDomains) == 0 {
|
||||
return nil, errors.New("Funnel not available; HTTPS must be enabled. See https://tailscale.com/s/https")
|
||||
}
|
||||
domain := st.CertDomains[0]
|
||||
hp := ipn.HostPort(domain + ":" + portStr)
|
||||
if !srvConfig.AllowFunnel[hp] {
|
||||
|
|
Loading…
Reference in New Issue