This is an automated email from the git hooks/post-receive script.
shelikhoo pushed a commit to branch main
in repository pluggable-transports/snowflake.
commit d5a87c3c02ea673d397e3cb8f945f2f0f0e05a76
Author: Shelikhoo <xiaokangw...@outlook.com>
AuthorDate: Fri Apr 8 15:14:38 2022 +0100
Guard Proxy Relay URL Acceptance with Pattern Check
---
proxy/lib/snowflake.go | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/proxy/lib/snowflake.go b/proxy/lib/snowflake.go
index 83e4cd9..b2a2be1 100644
--- a/proxy/lib/snowflake.go
+++ b/proxy/lib/snowflake.go
@@ -30,6 +30,7 @@ import (
"crypto/rand"
"encoding/base64"
"fmt"
+
"git.torproject.org/pluggable-transports/snowflake.git/v2/common/namematcher"
"io"
"io/ioutil"
"log"
@@ -494,6 +495,12 @@ func (sf *SnowflakeProxy) runSession(sid string) {
tokens.ret()
return
}
+ matcher := namematcher.NewNameMatcher(sf.RelayDomainNamePattern)
+ if relayURL != "" && !matcher.IsMember(relayURL) {
+ log.Printf("bad offer from broker: rejected Relay URL")
+ tokens.ret()
+ return
+ }
dataChan := make(chan struct{})
dataChannelAdaptor := dataChannelHandlerWithRelayURL{RelayURL:
relayURL, sf: sf}
pc, err := sf.makePeerConnectionFromOffer(offer, config, dataChan,
dataChannelAdaptor.datachannelHandler)
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
_______________________________________________
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
