commit d8696239faddcb5f2a3bd8335d0bc115f9d884b4 Author: Yawning Angel <yawning@schwanenlied.me> Date: Fri Dec 2 18:55:44 2016 +0000 Don't use control ports that aren't on the loopback interface. --- src/cmd/sandboxed-tor-browser/internal/ui/config/config.go | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/cmd/sandboxed-tor-browser/internal/ui/config/config.go b/src/cmd/sandboxed-tor-browser/internal/ui/config/config.go index 7346c81..f119176 100644 --- a/src/cmd/sandboxed-tor-browser/internal/ui/config/config.go +++ b/src/cmd/sandboxed-tor-browser/internal/ui/config/config.go @@ -21,6 +21,7 @@ import ( "encoding/json" "fmt" "io/ioutil" + gonet "net" "os" "path/filepath" "runtime" @@ -414,6 +415,13 @@ func New() (*Config, error) { if net, addr, err := butils.ParseControlPortString(env); err != nil { return nil, fmt.Errorf("invalid control port: %v", err) } else { + // Refuse to use TCP control ports not on the loopback interface. + if net == "tcp" { + host, _, _ := gonet.SplitHostPort(addr) + if !gonet.ParseIP(host).IsLoopback() { + return nil, fmt.Errorf("non-loopback control port: %v", host) + } + } cfg.UseSystemTor = true cfg.SystemTorControlNet = net cfg.SystemTorControlAddr = addr