archives/snowflake
2
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake.git synced 2025-10-13 20:11:19 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Block remote IPs and not just hostnames

Browse source
This commit is contained in:
Neel Chauhan 2024-10-14 08:40:41 -04:00
parent c18a1b7e69
commit 37a2570643
1 changed files with 6 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

6
proxy/lib/snowflake.go
View file

@ -690,9 +690,15 @@ func checkIsRelayURLAcceptable(
} }
if !allowPrivateIPs { if !allowPrivateIPs {
hostname := parsedRelayURL.Hostname() hostname := parsedRelayURL.Hostname()
ipArray, _ := net.LookupIP(hostname)
if isHostnameLocal(hostname) { if isHostnameLocal(hostname) {
return fmt.Errorf("rejected Relay URL: private hostnames are not allowed") return fmt.Errorf("rejected Relay URL: private hostnames are not allowed")
} }
for _, ip := range ipArray {
if !isRemoteAddress(ip) {
return fmt.Errorf("rejected Relay URL: private IPs are not allowed")
}
}
ip := net.ParseIP(hostname) ip := net.ParseIP(hostname)
// Otherwise it's a domain name, or an invalid IP. // Otherwise it's a domain name, or an invalid IP.
if ip != nil { if ip != nil {