From 282f748e77b56c81380e846f1b2f5c0a40bf435d Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Thu, 16 Aug 2018 19:55:02 -0600 Subject: [PATCH] v2.3.10: add utility fn for sanitizing hostnames, reduce buzzwords, drop old deps --- index.js | 29 +++++++++++++++++++++++++++++ package.json | 22 +++------------------- 2 files changed, 32 insertions(+), 19 deletions(-) diff --git a/index.js b/index.js index 7da7291..7ff95e5 100644 --- a/index.js +++ b/index.js @@ -481,5 +481,34 @@ Greenlock.create = function (gl) { gl.middleware = gl.middleware.create(gl); } + //var SERVERNAME_RE = /^[a-z0-9\.\-_]+$/; + var SERVERNAME_G = /[^a-z0-9\.\-_]/; + gl.middleware.sanitizeHost = function (req, res, next) { + // Get the host:port combo, if it exists + var host = (req.headers.host||'').split(':'); + + // if not, move along + if (!host[0]) { next(req, res); return; } + + // if so, remove non-allowed characters + var safehost = host[0].replace(SERVERNAME_G, ''); + + // if there were unallowed characters, complain + if (!gl.__sni_allow_dangerous_name && safehost.length !== host[0].length) { + res.statusCode = 400; + res.end("Malformed HTTP Header: 'Host: " + host[0] + "'"); + return; + } + + // make lowercase + if (!gl.__sni_preserve_case) { + host[0] = host[0].toLowerCase(); + req.headers.host = host.join(':'); + } + + // carry on + next(req, res); + }; + return gl; }; diff --git a/package.json b/package.json index dc557dc..5d948e6 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "greenlock", - "version": "2.3.9", + "version": "2.3.10", "description": "Let's Encrypt for node.js on npm", "main": "index.js", "files": [ @@ -18,25 +18,12 @@ "letsencrypt", "ACME", "v2", - "v02", - "draft-11", - "draft-12", "auto-sni", - "draft", - "11", - "12", "Free SSL", "Automated HTTPS", "tls", "https", - "Greenlock", - "letsencrypt.org", - "le", - "le.js", - "node", - "nodejs", - "node.js", - "client" + "Greenlock" ], "author": "AJ ONeal (https://coolaj86.com/)", "license": "(MIT OR Apache-2.0)", @@ -55,13 +42,10 @@ "dependencies": { "acme": "^1.0.6", "acme-v2": "^1.2.0", - "asn1js": "^1.2.12", - "certpem": "^1.0.0", + "certpem": "^1.1.0", "le-challenge-fs": "^2.0.2", "le-sni-auto": "^2.1.3", "le-store-certbot": "^2.1.7", - "node.extend": "^1.1.5", - "pkijs": "^1.3.27", "rsa-compat": "^1.5.0" }, "engines": {