From 8cb6edcf4ac978610cef243656ceb779bf1f492f Mon Sep 17 00:00:00 2001 From: Steven Allen Date: Thu, 2 Apr 2020 22:12:24 -0700 Subject: [PATCH] fix: restrict dials to IP + TCP That is, forbid DNS. See https://github.com/libp2p/go-libp2p/issues/841 --- websocket.go | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/websocket.go b/websocket.go index 7e1c900..ddd4141 100644 --- a/websocket.go +++ b/websocket.go @@ -18,7 +18,7 @@ import ( var WsProtocol = ma.ProtocolWithCode(ma.P_WS) // WsFmt is multiaddr formatter for WsProtocol -var WsFmt = mafmt.And(mafmt.TCP, mafmt.Base(WsProtocol.Code)) +var WsFmt = mafmt.And(mafmt.TCP, mafmt.Base(ma.P_WS)) // WsCodec is the multiaddr-net codec definition for the websocket transport var WsCodec = &manet.NetCodec{ @@ -28,6 +28,10 @@ var WsCodec = &manet.NetCodec{ ParseNetAddr: ParseWebsocketNetAddr, } +// This is _not_ WsFmt because we want the transport to stick to dialing fully +// resolved addresses. +var dialMatcher = mafmt.And(mafmt.IP, mafmt.Base(ma.P_TCP), mafmt.Base(ma.P_WS)) + func init() { manet.RegisterNetCodec(WsCodec) } @@ -44,7 +48,7 @@ func New(u *tptu.Upgrader) *WebsocketTransport { } func (t *WebsocketTransport) CanDial(a ma.Multiaddr) bool { - return WsFmt.Matches(a) + return dialMatcher.Matches(a) } func (t *WebsocketTransport) Protocols() []int { -- GitLab