Skip to content

Commit

Permalink
fix: don't allow dialing DNS addresses
Browse files Browse the repository at this point in the history
See #841
  • Loading branch information
Stebalien committed Apr 3, 2020
1 parent 70f680f commit 503a78e
Show file tree
Hide file tree
Showing 2 changed files with 24 additions and 1 deletion.
4 changes: 3 additions & 1 deletion p2p/transport/tcp/tcp.go
Original file line number Diff line number Diff line change
Expand Up @@ -70,10 +70,12 @@ func NewTCPTransport(upgrader *tptu.Upgrader) *TcpTransport {
return &TcpTransport{Upgrader: upgrader, ConnectTimeout: DefaultConnectTimeout}
}

var dialMatcher = mafmt.And(mafmt.IP, mafmt.Base(ma.P_TCP))

// CanDial returns true if this transport believes it can dial the given
// multiaddr.
func (t *TcpTransport) CanDial(addr ma.Multiaddr) bool {
return mafmt.TCP.Matches(addr)
return dialMatcher.Matches(addr)
}

func (t *TcpTransport) maDial(ctx context.Context, raddr ma.Multiaddr) (manet.Conn, error) {
Expand Down
21 changes: 21 additions & 0 deletions p2p/transport/tcp/tcp_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,27 @@ func TestTcpTransport(t *testing.T) {
envReuseportVal = true
}

func TestTcpTransportCantDialDNS(t *testing.T) {
for i := 0; i < 2; i++ {
dnsa, err := ma.NewMultiaddr("/dns4/example.com/tcp/1234")
if err != nil {
t.Fatal(err)
}

tpt := NewTCPTransport(&tptu.Upgrader{
Secure: makeInsecureTransport(t),
Muxer: new(mplex.Transport),
})

if tpt.CanDial(dnsa) {
t.Fatal("shouldn't be able to dial dns")
}

envReuseportVal = false
}
envReuseportVal = true
}

func TestTcpTransportCantListenUtp(t *testing.T) {
for i := 0; i < 2; i++ {
utpa, err := ma.NewMultiaddr("/ip4/127.0.0.1/udp/0/utp")
Expand Down

0 comments on commit 503a78e

Please sign in to comment.