archives/snowflake
2
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake.git synced 2025-10-14 05:11:19 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Move IP check

Browse source
This commit is contained in:
Neel Chauhan 2024-10-17 19:24:34 -04:00
parent 990d165937
commit f1e9f58b47
1 changed files with 10 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

21
proxy/lib/snowflake.go
View file

@ -674,15 +674,6 @@ func checkIsRelayURLAcceptable(
if util.IsHostnameLocal(hostname) { if util.IsHostnameLocal(hostname) {
return fmt.Errorf("rejected Relay URL: private hostnames are not allowed") return fmt.Errorf("rejected Relay URL: private hostnames are not allowed")
} }
ipArray, err := net.LookupIP(hostname)
if err != nil {
return fmt.Errorf("Could not look up IP")
}
for _, ip := range ipArray {
if !isRemoteAddress(ip) {
return fmt.Errorf("rejected Relay URL: private IPs are not allowed")
}
}
ip := net.ParseIP(hostname) ip := net.ParseIP(hostname)
// Otherwise it's a domain name, or an invalid IP. // Otherwise it's a domain name, or an invalid IP.
if ip != nil { if ip != nil {
@ -691,8 +682,16 @@ func checkIsRelayURLAcceptable(
return fmt.Errorf("rejected Relay URL: private IPs are not allowed") return fmt.Errorf("rejected Relay URL: private IPs are not allowed")
} }
} else { } else {
// move net.LookupIP(hostname) and isRemoteAddress checks here ipArray, err := net.LookupIP(hostname)
} if err != nil {
return fmt.Errorf("Could not look up IP")
}
for _, ip := range ipArray {
if !isRemoteAddress(ip) {
return fmt.Errorf("rejected Relay URL: private IPs are not allowed")
}
}
}
} }
if !allowNonTLSRelay && parsedRelayURL.Scheme != "wss" { if !allowNonTLSRelay && parsedRelayURL.Scheme != "wss" {
return fmt.Errorf("rejected Relay URL protocol: non-TLS not allowed") return fmt.Errorf("rejected Relay URL protocol: non-TLS not allowed")