This is an automated email from the git hooks/post-receive script.
shelikhoo pushed a commit to branch main in repository pluggable-transports/snowflake.
commit d5a87c3c02ea673d397e3cb8f945f2f0f0e05a76 Author: Shelikhoo xiaokangwang@outlook.com AuthorDate: Fri Apr 8 15:14:38 2022 +0100
Guard Proxy Relay URL Acceptance with Pattern Check --- proxy/lib/snowflake.go | 7 +++++++ 1 file changed, 7 insertions(+)
diff --git a/proxy/lib/snowflake.go b/proxy/lib/snowflake.go index 83e4cd9..b2a2be1 100644 --- a/proxy/lib/snowflake.go +++ b/proxy/lib/snowflake.go @@ -30,6 +30,7 @@ import ( "crypto/rand" "encoding/base64" "fmt" + "git.torproject.org/pluggable-transports/snowflake.git/v2/common/namematcher" "io" "io/ioutil" "log" @@ -494,6 +495,12 @@ func (sf *SnowflakeProxy) runSession(sid string) { tokens.ret() return } + matcher := namematcher.NewNameMatcher(sf.RelayDomainNamePattern) + if relayURL != "" && !matcher.IsMember(relayURL) { + log.Printf("bad offer from broker: rejected Relay URL") + tokens.ret() + return + } dataChan := make(chan struct{}) dataChannelAdaptor := dataChannelHandlerWithRelayURL{RelayURL: relayURL, sf: sf} pc, err := sf.makePeerConnectionFromOffer(offer, config, dataChan, dataChannelAdaptor.datachannelHandler)