[tor-commits] [sandboxed-tor-browser/master] Don't use control ports that aren't on the loopback interface.
yawning at torproject.org
yawning at torproject.org
Fri Dec 2 18:57:26 UTC 2016
commit d8696239faddcb5f2a3bd8335d0bc115f9d884b4
Author: Yawning Angel <yawning at schwanenlied.me>
Date: Fri Dec 2 18:55:44 2016 +0000
Don't use control ports that aren't on the loopback interface.
---
src/cmd/sandboxed-tor-browser/internal/ui/config/config.go | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/src/cmd/sandboxed-tor-browser/internal/ui/config/config.go b/src/cmd/sandboxed-tor-browser/internal/ui/config/config.go
index 7346c81..f119176 100644
--- a/src/cmd/sandboxed-tor-browser/internal/ui/config/config.go
+++ b/src/cmd/sandboxed-tor-browser/internal/ui/config/config.go
@@ -21,6 +21,7 @@ import (
"encoding/json"
"fmt"
"io/ioutil"
+ gonet "net"
"os"
"path/filepath"
"runtime"
@@ -414,6 +415,13 @@ func New() (*Config, error) {
if net, addr, err := butils.ParseControlPortString(env); err != nil {
return nil, fmt.Errorf("invalid control port: %v", err)
} else {
+ // Refuse to use TCP control ports not on the loopback interface.
+ if net == "tcp" {
+ host, _, _ := gonet.SplitHostPort(addr)
+ if !gonet.ParseIP(host).IsLoopback() {
+ return nil, fmt.Errorf("non-loopback control port: %v", host)
+ }
+ }
cfg.UseSystemTor = true
cfg.SystemTorControlNet = net
cfg.SystemTorControlAddr = addr
More information about the tor-commits
mailing list