mirror of
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake.git
synced 2025-10-13 20:11:19 -04:00
Block remote IPs and not just hostnames
This commit is contained in:
parent
c18a1b7e69
commit
37a2570643
1 changed files with 6 additions and 0 deletions
|
@ -690,9 +690,15 @@ func checkIsRelayURLAcceptable(
|
|||
}
|
||||
if !allowPrivateIPs {
|
||||
hostname := parsedRelayURL.Hostname()
|
||||
ipArray, _ := net.LookupIP(hostname)
|
||||
if isHostnameLocal(hostname) {
|
||||
return fmt.Errorf("rejected Relay URL: private hostnames are not allowed")
|
||||
}
|
||||
for _, ip := range ipArray {
|
||||
if !isRemoteAddress(ip) {
|
||||
return fmt.Errorf("rejected Relay URL: private IPs are not allowed")
|
||||
}
|
||||
}
|
||||
ip := net.ParseIP(hostname)
|
||||
// Otherwise it's a domain name, or an invalid IP.
|
||||
if ip != nil {
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue