Guard Proxy Relay URL Acceptance with Pattern Check

This commit is contained in:
Shelikhoo 2022-04-08 15:14:38 +01:00
parent 863a8296e8
commit d5a87c3c02
No known key found for this signature in database
GPG key ID: C4D5E79D22B25316

View file

@ -30,6 +30,7 @@ import (
"crypto/rand"
"encoding/base64"
"fmt"
"git.torproject.org/pluggable-transports/snowflake.git/v2/common/namematcher"
"io"
"io/ioutil"
"log"
@ -494,6 +495,12 @@ func (sf *SnowflakeProxy) runSession(sid string) {
tokens.ret()
return
}
matcher := namematcher.NewNameMatcher(sf.RelayDomainNamePattern)
if relayURL != "" && !matcher.IsMember(relayURL) {
log.Printf("bad offer from broker: rejected Relay URL")
tokens.ret()
return
}
dataChan := make(chan struct{})
dataChannelAdaptor := dataChannelHandlerWithRelayURL{RelayURL: relayURL, sf: sf}
pc, err := sf.makePeerConnectionFromOffer(offer, config, dataChan, dataChannelAdaptor.datachannelHandler)