[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [sandboxed-tor-browser/master] Don't use control ports that aren't on the loopback interface.



commit d8696239faddcb5f2a3bd8335d0bc115f9d884b4
Author: Yawning Angel <yawning@xxxxxxxxxxxxxxx>
Date:   Fri Dec 2 18:55:44 2016 +0000

    Don't use control ports that aren't on the loopback interface.
---
 src/cmd/sandboxed-tor-browser/internal/ui/config/config.go | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/cmd/sandboxed-tor-browser/internal/ui/config/config.go b/src/cmd/sandboxed-tor-browser/internal/ui/config/config.go
index 7346c81..f119176 100644
--- a/src/cmd/sandboxed-tor-browser/internal/ui/config/config.go
+++ b/src/cmd/sandboxed-tor-browser/internal/ui/config/config.go
@@ -21,6 +21,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
+	gonet "net"
 	"os"
 	"path/filepath"
 	"runtime"
@@ -414,6 +415,13 @@ func New() (*Config, error) {
 		if net, addr, err := butils.ParseControlPortString(env); err != nil {
 			return nil, fmt.Errorf("invalid control port: %v", err)
 		} else {
+			// Refuse to use TCP control ports not on the loopback interface.
+			if net == "tcp" {
+				host, _, _ := gonet.SplitHostPort(addr)
+				if !gonet.ParseIP(host).IsLoopback() {
+					return nil, fmt.Errorf("non-loopback control port: %v", host)
+				}
+			}
 			cfg.UseSystemTor = true
 			cfg.SystemTorControlNet = net
 			cfg.SystemTorControlAddr = addr

_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits