[tor-commits] [pluggable-transports/snowflake] 07/31: Guard Proxy Relay URL Acceptance with Pattern Check

[gitolite role]

This is an automated email from the git hooks/post-receive script.

shelikhoo pushed a commit to branch main
in repository pluggable-transports/snowflake.

commit d5a87c3c02ea673d397e3cb8f945f2f0f0e05a76
Author: Shelikhoo <xiaokangwang at outlook.com>
AuthorDate: Fri Apr 8 15:14:38 2022 +0100

    Guard Proxy Relay URL Acceptance with Pattern Check
---
 proxy/lib/snowflake.go | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/proxy/lib/snowflake.go b/proxy/lib/snowflake.go
index 83e4cd9..b2a2be1 100644
--- a/proxy/lib/snowflake.go
+++ b/proxy/lib/snowflake.go
@@ -30,6 +30,7 @@ import (
 	"crypto/rand"
 	"encoding/base64"
 	"fmt"
+	"git.torproject.org/pluggable-transports/snowflake.git/v2/common/namematcher"
 	"io"
 	"io/ioutil"
 	"log"
@@ -494,6 +495,12 @@ func (sf *SnowflakeProxy) runSession(sid string) {
 		tokens.ret()
 		return
 	}
+	matcher := namematcher.NewNameMatcher(sf.RelayDomainNamePattern)
+	if relayURL != "" && !matcher.IsMember(relayURL) {
+		log.Printf("bad offer from broker: rejected Relay URL")
+		tokens.ret()
+		return
+	}
 	dataChan := make(chan struct{})
 	dataChannelAdaptor := dataChannelHandlerWithRelayURL{RelayURL: relayURL, sf: sf}
 	pc, err := sf.makePeerConnectionFromOffer(offer, config, dataChan, dataChannelAdaptor.datachannelHandler)

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.