From 1f94d1b2190e046910cf247fa5b0499050fb5f0f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=B4me=20Chilliet?= <come.chilliet@nextcloud.com>
Date: Thu, 23 Jun 2022 11:45:16 +0200
Subject: [PATCH] Improve local domain detection
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
---
 lib/private/Http/Client/LocalAddressChecker.php | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/lib/private/Http/Client/LocalAddressChecker.php b/lib/private/Http/Client/LocalAddressChecker.php
index c534c5971d160..4d5407d6641a8 100644
--- a/lib/private/Http/Client/LocalAddressChecker.php
+++ b/lib/private/Http/Client/LocalAddressChecker.php
@@ -67,8 +67,10 @@ public function ThrowIfLocalAddress(string $uri) : void {
 			$host = substr($host, 1, -1);
 		}
 
-		// Disallow localhost and local network
-		if ($host === 'localhost' || substr($host, -6) === '.local' || substr($host, -10) === '.localhost') {
+		// Disallow local network top-level domains from RFC 6762
+		$localTopLevelDomains = ['local','localhost','intranet','internal','private','corp','home','lan'];
+		$topLevelDomain = substr((strrchr($host, '.') ?: ''), 1);
+		if (in_array($topLevelDomain, $localTopLevelDomains)) {
 			$this->logger->warning("Host $host was not connected to because it violates local access rules");
 			throw new LocalServerException('Host violates local access rules');
 		}