Add a check that the remote address is localhost

See 99designs#198 for more details.
ChrisSchreiber · Dec 18, 2017 · 1e43f18 · 1e43f18
1 parent 4bad7d4
commit 1e43f18
Showing 1 changed file with 14 additions and 0 deletions.
diff --git a/server/server.go b/server/server.go
@@ -122,6 +122,20 @@ func StartCredentialsServer(creds *vault.VaultCredentials) error {
 
 	log.Printf("Local instance role server running on %s", l.Addr())
 	go http.Serve(l, http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		ip, _, err := net.SplitHostPort(r.RemoteAddr)
+		if err != nil {
+			http.Error(w, err.Error(), http.StatusBadRequest)
+			return
+		}
+
+		// Must make sure the remote ip is localhost, otherwise clients on the same network segment could
+		// potentially route traffic via 169.254.169.254:80
+		if ip != `127.0.0.1` {
+			http.Error(w, "Access denied from non-localhost address", http.StatusUnauthorized)
+			return
+		}
+
+		log.Printf("RemoteAddr = %v", r.RemoteAddr)
 		log.Printf("Credentials.IsExpired() = %#v", creds.IsExpired())
 
 		val, err := creds.Get()