Skip to content

Commit b3b96b4

Browse files
committed
auth: login: explicit check for ipv6 port bindings before creating listener for redirectUrl
1 parent 9069021 commit b3b96b4

File tree

1 file changed

+9
-3
lines changed

1 file changed

+9
-3
lines changed

internal/pkg/auth/user_login.go

Lines changed: 9 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -95,9 +95,15 @@ func AuthorizeUser(p *print.Printer, isReauthentication bool) error {
9595
var port int
9696
for i := range configuredPortRange {
9797
port = defaultPort + i
98-
portString := fmt.Sprintf(":%s", strconv.Itoa(port))
98+
addr4 := fmt.Sprintf("127.0.0.1:%d", port)
99+
addr6 := fmt.Sprintf("[::1]:%d", port)
99100
p.Debug(print.DebugLevel, "trying to bind port %d for login redirect", port)
100-
listener, listenerErr = net.Listen("tcp", portString)
101+
ipv6Listener, ipv6ListenerErr := net.Listen("tcp6", addr6)
102+
if ipv6ListenerErr != nil {
103+
continue
104+
}
105+
_ = ipv6Listener.Close()
106+
listener, listenerErr = net.Listen("tcp4", addr4)
101107
if listenerErr == nil {
102108
redirectURL = fmt.Sprintf("http://localhost:%d", port)
103109
p.Debug(print.DebugLevel, "bound port %d for login redirect", port)
@@ -106,7 +112,7 @@ func AuthorizeUser(p *print.Printer, isReauthentication bool) error {
106112
p.Debug(print.DebugLevel, "unable to bind port %d for login redirect: %s", port, listenerErr)
107113
}
108114
if listenerErr != nil {
109-
return fmt.Errorf("unable to bind port for login redirect, tried from port %d to %d: %w", defaultPort, port, err)
115+
return fmt.Errorf("unable to bind port for login redirect, tried from port %d to %d: %w", defaultPort, port, listenerErr)
110116
}
111117

112118
conf := &oauth2.Config{

0 commit comments

Comments
 (0)