archives/snowflake
2
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake.git synced 2025-10-14 05:11:19 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Move IP check

Browse source
This commit is contained in:
Neel Chauhan 2024-10-17 19:24:34 -04:00
parent 990d165937
commit f1e9f58b47
1 changed files with 10 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

17
proxy/lib/snowflake.go
View file

@ -674,6 +674,14 @@ func checkIsRelayURLAcceptable(
if util.IsHostnameLocal(hostname) { if util.IsHostnameLocal(hostname) {
return fmt.Errorf("rejected Relay URL: private hostnames are not allowed") return fmt.Errorf("rejected Relay URL: private hostnames are not allowed")
} }
ip := net.ParseIP(hostname)
// Otherwise it's a domain name, or an invalid IP.
if ip != nil {
// We should probably use a ready library for this.
if !isRemoteAddress(ip) {
return fmt.Errorf("rejected Relay URL: private IPs are not allowed")
}
} else {
ipArray, err := net.LookupIP(hostname) ipArray, err := net.LookupIP(hostname)
if err != nil { if err != nil {
return fmt.Errorf("Could not look up IP") return fmt.Errorf("Could not look up IP")
@ -683,15 +691,6 @@ func checkIsRelayURLAcceptable(
return fmt.Errorf("rejected Relay URL: private IPs are not allowed") return fmt.Errorf("rejected Relay URL: private IPs are not allowed")
} }
} }
ip := net.ParseIP(hostname)
// Otherwise it's a domain name, or an invalid IP.
if ip != nil {
// We should probably use a ready library for this.
if !isRemoteAddress(ip) {
return fmt.Errorf("rejected Relay URL: private IPs are not allowed")
}
} else {
// move net.LookupIP(hostname) and isRemoteAddress checks here
} }
} }
if !allowNonTLSRelay && parsedRelayURL.Scheme != "wss" { if !allowNonTLSRelay && parsedRelayURL.Scheme != "wss" {