Verified Commit d5a87c3c authored by shelikhoo's avatar shelikhoo
Browse files

Guard Proxy Relay URL Acceptance with Pattern Check

parent 863a8296
......@@ -30,6 +30,7 @@ import (
"crypto/rand"
"encoding/base64"
"fmt"
"git.torproject.org/pluggable-transports/snowflake.git/v2/common/namematcher"
"io"
"io/ioutil"
"log"
......@@ -494,6 +495,12 @@ func (sf *SnowflakeProxy) runSession(sid string) {
tokens.ret()
return
}
matcher := namematcher.NewNameMatcher(sf.RelayDomainNamePattern)
if relayURL != "" && !matcher.IsMember(relayURL) {
log.Printf("bad offer from broker: rejected Relay URL")
tokens.ret()
return
}
dataChan := make(chan struct{})
dataChannelAdaptor := dataChannelHandlerWithRelayURL{RelayURL: relayURL, sf: sf}
pc, err := sf.makePeerConnectionFromOffer(offer, config, dataChan, dataChannelAdaptor.datachannelHandler)
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment