Browse Source

if binding to 0.0.0.0, don't validate source ip in client api

master
Kevin Froman 1 year ago
parent
commit
7303cf041e
  1. 7
      src/httpapi/security/client.py
  2. 2
      src/netcontroller/torcontrol/__init__.py

7
src/httpapi/security/client.py

@ -54,9 +54,10 @@ class ClientAPISecurity:
"""Validate request has set password & is the correct hostname."""
# For the purpose of preventing DNS rebinding attacks
localhost = True
if request.host != '%s:%s' % \
(client_api.host, client_api.bindPort):
localhost = False
if client_api.host != '0.0.0.0':
if request.host != '%s:%s' % \
(client_api.host, client_api.bindPort):
localhost = False
if not localhost and public_remote_enabled:
if request.host not in public_remote_hostnames:

2
src/netcontroller/torcontrol/__init__.py

@ -91,7 +91,7 @@ class NetController:
if '100' not in line.decode():
logger.info(line.decode().strip(), terminal=True)
if 'bootstrapped 100' in line.decode().lower():
logger.info(line.decode())
logger.info(line.decode(), terminal=True)
break
elif 'opening socks listener' in line.decode().lower():
logger.debug(line.decode().replace('\n', ''))

Loading…
Cancel
Save