github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-09 05:27:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(ssrf): unify ipv6 special-use blocking

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-26 03:43:30 +01:00
parent 04d91d0319
commit 61b3246a7f
6 changed files with 17 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/infra/net/ssrf.ts
View File

@@ -4,11 +4,11 @@ import { Agent, type Dispatcher } from "undici";
import {
extractEmbeddedIpv4FromIpv6,
isBlockedSpecialUseIpv4Address,
isBlockedSpecialUseIpv6Address,
isCanonicalDottedDecimalIPv4,
type Ipv4SpecialUseBlockOptions,
isIpv4Address,
isLegacyIpv4Literal,
isPrivateOrLoopbackIpAddress,
parseCanonicalIpAddress,
parseLooseIpAddress,
} from "../../shared/net/ip.js";
@@ -120,7 +120,7 @@ export function isPrivateIpAddress(address: string, policy?: SsrFPolicy): boolea
if (isIpv4Address(strictIp)) {
return isBlockedSpecialUseIpv4Address(strictIp, blockOptions);
}
if (isPrivateOrLoopbackIpAddress(strictIp.toString())) {
if (isBlockedSpecialUseIpv6Address(strictIp)) {
return true;
}
const embeddedIpv4 = extractEmbeddedIpv4FromIpv6(strictIp);