From 97572a798ce24879341bc38ddb8fb5f70509902e Mon Sep 17 00:00:00 2001 From: Robert Scott Date: Sun, 6 Mar 2022 13:08:19 +0000 Subject: [PATCH] nixosTests.minidlna: fix by performing requests by IP a little ugly, but minidlna now checks requests Host: header and only accepts requests using an IPv4 address to avoid DNS-rebinding attacks. --- nixos/tests/minidlna.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/nixos/tests/minidlna.nix b/nixos/tests/minidlna.nix index d852c7f60bc4..104b79078fd5 100644 --- a/nixos/tests/minidlna.nix +++ b/nixos/tests/minidlna.nix @@ -33,7 +33,9 @@ import ./make-test-python.nix ({ pkgs, ... }: { server.succeed("mkdir -p /tmp/stuff && chown minidlna: /tmp/stuff") server.wait_for_unit("minidlna") server.wait_for_open_port("8200") - server.succeed("curl --fail http://localhost:8200/") - client.succeed("curl --fail http://server:8200/") + # requests must be made *by IP* to avoid triggering minidlna's + # DNS-rebinding protection + server.succeed("curl --fail http://$(getent ahostsv4 localhost | head -n1 | cut -f 1 -d ' '):8200/") + client.succeed("curl --fail http://$(getent ahostsv4 server | head -n1 | cut -f 1 -d ' '):8200/") ''; })