starred/headscale
1
0
Fork 0
mirror of https://github.com/juanfont/headscale.git synced 2026-03-19 07:54:17 +01:00
Code Issues 98 Packages Projects Releases 10 Wiki Activity
Files
4d427cfe2af6bd9bb71d1e2abcc987d2b0906e20
headscale/hscontrol
History
Juan Font 4d427cfe2a noise: limit request body size to prevent unauthenticated OOM 
The Noise handshake accepts any machine key without checking
registration, so all endpoints behind the Noise router are reachable
without credentials. Three handlers used io.ReadAll without size
limits, allowing an attacker to OOM-kill the server.

Fix:
- Add http.MaxBytesReader middleware (1 MiB) on the Noise router.
- Replace io.ReadAll + json.Unmarshal with json.NewDecoder in
  PollNetMapHandler and RegistrationHandler.
- Stop reading the body in NotImplementedHandler entirely.
2026-03-16 09:28:31 +01:00
..
assets
Swap favicon for updated version
2026-03-03 05:59:40 +01:00
capver
capver: regenerate from docker tags
2026-02-07 08:23:51 +01:00
db
all: fix test flakiness and improve test infrastructure
2026-03-14 02:52:28 -07:00
derp
all: fix golangci-lint issues (#3064)
2026-02-06 21:45:32 +01:00
dns
Fix typo in comment about fsnotify behavior
2026-02-27 15:23:06 +01:00
mapper
mapper/batcher: remove disabled X-prefixed test functions
2026-03-14 02:52:28 -07:00
policy
all: fix test flakiness and improve test infrastructure
2026-03-14 02:52:28 -07:00
routes
all: upgrade to Go 1.26rc2 and modernize codebase
2026-02-08 12:35:23 +01:00
state
state, policy, noise: implement SSH check period auto-approval
2026-02-25 21:28:05 +01:00
templates
templates: generalise auth templates for web and OIDC
2026-02-25 21:28:05 +01:00
types
all: fix test flakiness and improve test infrastructure
2026-03-14 02:52:28 -07:00
util
mapper/batcher: restructure internals for correctness
2026-03-14 02:52:28 -07:00
app.go
mapper: remove Batcher interface, rename to Batcher struct
2026-03-14 02:52:28 -07:00
auth_tags_test.go
auth: generalise auth flow and introduce AuthVerdict
2026-02-25 21:28:05 +01:00
auth_test.go
all: fix test flakiness and improve test infrastructure
2026-03-14 02:52:28 -07:00
auth.go
Update docs for auth-id changes
2026-03-01 13:38:22 +01:00
debug.go
mapper: remove Batcher interface, rename to Batcher struct
2026-03-14 02:52:28 -07:00
grpcv1_test.go
hscontrol: add tests for deleting users with tagged nodes
2026-02-20 21:51:00 +01:00
grpcv1.go
hscontrol, cli: add auth register and approve commands
2026-02-25 21:28:05 +01:00
handlers.go
Update docs for auth-id changes
2026-03-01 13:38:22 +01:00
metrics.go
all: fix golangci-lint issues (#3064)
2026-02-06 21:45:32 +01:00
noise_test.go
noise: limit request body size to prevent unauthenticated OOM
2026-03-16 09:28:31 +01:00
noise.go
noise: limit request body size to prevent unauthenticated OOM
2026-03-16 09:28:31 +01:00
oidc_template_test.go
templates: generalise auth templates for web and OIDC
2026-02-25 21:28:05 +01:00
oidc_test.go
oidc: make email verification configurable
2025-12-18 11:42:32 +00:00
oidc.go
Update docs for auth-id changes
2026-03-01 13:38:22 +01:00
platform_config.go
all: fix golangci-lint issues (#3064)
2026-02-06 21:45:32 +01:00
poll_test.go
poll: fix poll test linter violations
2026-03-12 01:27:34 -07:00
poll.go
poll: stop stale map sessions through an explicit teardown hook
2026-03-12 01:27:34 -07:00
tailsql.go
all: fix golangci-lint issues (#3064)
2026-02-06 21:45:32 +01:00
templates_consistency_test.go
templates: generalise auth templates for web and OIDC
2026-02-25 21:28:05 +01:00