CalvinBackup/ctrld
1
0
Fork 0
mirror of https://github.com/Control-D-Inc/ctrld.git synced 2026-05-02 12:45:10 +02:00
Code Issues Packages Projects Releases Wiki Activity

all: do not listen on 0.0.0.0 on desktop clients

Browse Source 
Since this may create security vulnerabilities such as DNS amplification
or abusing because the listener was exposed to the entire local network.
This commit is contained in:
Cuong Manh Le
2025-05-06 19:59:11 +07:00
committed by Cuong Manh Le
parent ace3b1e66e
commit 00e9d2bdd3
5 changed files with 34 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
cmd/cli/dns_proxy.go
+3 -1
View File
@@ -1042,8 +1042,10 @@ func (p *prog) queryFromSelf(ip string) bool {
return false
}
// needRFC1918Listeners reports whether ctrld need to spawn listener for RFC 1918 addresses.
// This is helpful for non-desktop platforms to receive queries from LAN clients.
func needRFC1918Listeners(lc *ctrld.ListenerConfig) bool {
return lc.IP == "127.0.0.1" && lc.Port == 53
return lc.IP == "127.0.0.1" && lc.Port == 53 && !ctrld.IsDesktopPlatform()
}
// ipFromARPA parses a FQDN arpa domain and return the IP address if valid.