From 45b691a06af6340a42076598a12ad39fe42730a3 Mon Sep 17 00:00:00 2001 From: Kevin Froman Date: Fri, 22 Jan 2021 21:14:34 +0000 Subject: [PATCH] if binding to 0.0.0.0, don't validate source ip in client api --- src/httpapi/security/client.py | 7 ++++--- src/netcontroller/torcontrol/__init__.py | 2 +- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/src/httpapi/security/client.py b/src/httpapi/security/client.py index 11ee4f99..71393dec 100644 --- a/src/httpapi/security/client.py +++ b/src/httpapi/security/client.py @@ -54,9 +54,10 @@ class ClientAPISecurity: """Validate request has set password & is the correct hostname.""" # For the purpose of preventing DNS rebinding attacks localhost = True - if request.host != '%s:%s' % \ - (client_api.host, client_api.bindPort): - localhost = False + if client_api.host != '0.0.0.0': + if request.host != '%s:%s' % \ + (client_api.host, client_api.bindPort): + localhost = False if not localhost and public_remote_enabled: if request.host not in public_remote_hostnames: diff --git a/src/netcontroller/torcontrol/__init__.py b/src/netcontroller/torcontrol/__init__.py index cb9763e6..2e861e6c 100644 --- a/src/netcontroller/torcontrol/__init__.py +++ b/src/netcontroller/torcontrol/__init__.py @@ -91,7 +91,7 @@ class NetController: if '100' not in line.decode(): logger.info(line.decode().strip(), terminal=True) if 'bootstrapped 100' in line.decode().lower(): - logger.info(line.decode()) + logger.info(line.decode(), terminal=True) break elif 'opening socks listener' in line.decode().lower(): logger.debug(line.decode().replace('\n', ''))