[tor-commits] [snowflake/master] Bug 28727: remove "broker" and "relay" query string parameters.

dcf at torproject.org dcf at torproject.org
Wed Dec 5 20:36:21 UTC 2018


commit debe9c3748835400e9152ce4683964884a131edb
Author: David Fifield <david at bamsoftware.com>
Date:   Wed Dec 5 12:02:17 2018 -0700

    Bug 28727: remove "broker" and "relay" query string parameters.
    
    These could be misused to cause Snowflake proxies to attempt connect to
    unsuspecting third parties.
    https://bugs.torproject.org/28727
---
 proxy/snowflake.coffee | 12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)

diff --git a/proxy/snowflake.coffee b/proxy/snowflake.coffee
index e0d6921..8cb4d46 100644
--- a/proxy/snowflake.coffee
+++ b/proxy/snowflake.coffee
@@ -11,8 +11,8 @@ TODO: More documentation
 
 # General snowflake proxy constants.
 # For websocket-specific constants, see websocket.coffee.
-DEFAULT_BROKER = 'snowflake-broker.bamsoftware.com'
-DEFAULT_RELAY =
+BROKER = 'snowflake-broker.bamsoftware.com'
+RELAY =
   host: 'snowflake.bamsoftware.com'
   port: '443'
   # Original non-wss relay:
@@ -236,10 +236,7 @@ init = (isNode) ->
   # Hook up to the debug UI if available.
   ui = if isNode then null else new UI()
   silenceNotifications = Params.getBool(query, 'silent', false)
-  # Retrieve connectivity information for the Broker and
-  # initialize Snowflake contexts.
-  brokerUrl = Params.getString(query, 'broker', DEFAULT_BROKER)
-  broker = new Broker brokerUrl
+  broker = new Broker BROKER
   snowflake = new Snowflake broker, ui
 
   log '== snowflake proxy =='
@@ -251,8 +248,7 @@ init = (isNode) ->
   # Otherwise, begin setting up WebRTC and acting as a proxy.
   log 'Copy-Paste mode detected.' if COPY_PASTE_ENABLED
   dbg 'Contacting Broker at ' + broker.url if not COPY_PASTE_ENABLED
-  relayAddr = Params.getAddress(query, 'relay', DEFAULT_RELAY)
-  snowflake.setRelayAddr relayAddr
+  snowflake.setRelayAddr RELAY
   snowflake.beginWebRTC()
 
 # Notification of closing tab with active proxy.



More information about the tor-commits mailing list