Move listener validation/creation to config.go.

Jigsaw-Code · Jun 14, 2024 · 51a13a7 · 51a13a7
1 parent 87a1565
commit 51a13a7
Show file tree

Hide file tree

Showing 2 changed files with 47 additions and 20 deletions.
diff --git a/cmd/outline-ss-server/config.go b/cmd/outline-ss-server/config.go
@@ -15,7 +15,11 @@
 package main
 
 import (
+	"errors"
 	"fmt"
+	"io"
+	"net"
+	"net/url"
 	"os"
 
 	"gopkg.in/yaml.v2"
@@ -86,3 +90,45 @@ func ReadConfig(filename string) (*Config, error) {
 
 	return &config, nil
 }
+
+// validateListener asserts that a listener URI conforms to the expected format.
+func validateListener(u *url.URL) error {
+	if u.Opaque != "" {
+		return errors.New("URI cannot have an opaque part")
+	}
+	if u.User != nil {
+		return errors.New("URI cannot have an userdata part")
+	}
+	if u.RawQuery != "" || u.ForceQuery {
+		return errors.New("URI cannot have a query part")
+	}
+	if u.Fragment != "" {
+		return errors.New("URI cannot have a fragement")
+	}
+	if u.Path != "" && u.Path != "/" {
+		return errors.New("URI path not allowed")
+	}
+	return nil
+}
+
+func NewListener(addr string) (io.Closer, error) {
+	u, err := url.Parse(addr)
+	if err != nil {
+		return nil, err
+	}
+
+	switch u.Scheme {
+	case "tcp", "tcp4", "tcp6":
+		if err := validateListener(u); err != nil {
+			return nil, fmt.Errorf("invalid listener `%s`: %v", u, err)
+		}
+		return net.Listen(u.Scheme, u.Host)
+	case "udp", "udp4", "udp6":
+		if err := validateListener(u); err != nil {
+			return nil, fmt.Errorf("invalid listener `%s`: %v", u, err)
+		}
+		return net.ListenPacket(u.Scheme, u.Host)
+	default:
+		return nil, fmt.Errorf("unsupported protocol: %s", u.Scheme)
+	}
+}
diff --git a/cmd/outline-ss-server/main.go b/cmd/outline-ss-server/main.go
@@ -21,7 +21,6 @@ import (
 	"io"
 	"net"
 	"net/http"
-	"net/url"
 	"os"
 	"os/signal"
 	"strings"
@@ -98,26 +97,8 @@ func (s *SSServer) serve(listener io.Closer, cipherList service.CipherList) erro
 	return nil
 }
 
-func newListener(addr string) (io.Closer, error) {
-	u, err := url.Parse(addr)
-	if err != nil {
-		return nil, err
-	}
-
-	switch u.Scheme {
-	case "tcp", "tcp4", "tcp6":
-		// TODO: Validate `u` address.
-		return net.Listen(u.Scheme, u.Host)
-	case "udp", "udp4", "udp6":
-		// TODO: Validate `u` address.
-		return net.ListenPacket(u.Scheme, u.Host)
-	default:
-		return nil, fmt.Errorf("unsupported protocol: %s", u.Scheme)
-	}
-}
-
 func (s *SSServer) start(addr string, cipherList service.CipherList) (io.Closer, error) {
-	listener, err := newListener(addr)
+	listener, err := NewListener(addr)
 	if err != nil {
 		//lint:ignore ST1005 Shadowsocks is capitalized.
 		return nil, fmt.Errorf("Shadowsocks service failed to start on address %v: %w", addr, err)