commit a39d6693e15f8a839014f288a749fcc4180b71ea Author: Cecylia Bocovich <cohosh@torproject.org> Date: Thu Aug 19 21:31:51 2021 -0400 Call conn.Reject() if SOCKS arguments are invalid --- client/snowflake.go | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/client/snowflake.go b/client/snowflake.go index d6bad0e..4ed4fd6 100644 --- a/client/snowflake.go +++ b/client/snowflake.go @@ -62,12 +62,6 @@ func socksAcceptLoop(ln *pt.SocksListener, config sf.ClientConfig, shutdown chan defer wg.Done() defer conn.Close() - err := conn.Grant(&net.TCPAddr{IP: net.IPv4zero, Port: 0}) - if err != nil { - log.Printf("conn.Grant error: %s", err) - return - } - // Check to see if our command line options are overriden by SOCKS options if arg, ok := conn.Req.Args.Get("ampcache"); ok { config.AmpCacheURL = arg @@ -80,16 +74,26 @@ func socksAcceptLoop(ln *pt.SocksListener, config sf.ClientConfig, shutdown chan } if arg, ok := conn.Req.Args.Get("max"); ok { max, err := strconv.Atoi(arg) - if err == nil { - config.Max = max + if err != nil { + conn.Reject() + log.Println("Invalid SOCKS arg: max=", arg) + return } + config.Max = max } if arg, ok := conn.Req.Args.Get("url"); ok { config.BrokerURL = arg } transport, err := sf.NewSnowflakeClient(config) if err != nil { - log.Fatal("Failed to start snowflake transport: ", err) + conn.Reject() + log.Println("Failed to start snowflake transport: ", err) + return + } + err := conn.Grant(&net.TCPAddr{IP: net.IPv4zero, Port: 0}) + if err != nil { + log.Printf("conn.Grant error: %s", err) + return } handler := make(chan struct{})