Skip to content

Commit

Permalink
fix: use localhost to avoid config leak attacks
Browse files Browse the repository at this point in the history
  • Loading branch information
@tzmax
tzmax committed Nov 7, 2023
1 parent 8ab90e9 commit 1365ff3
Show file tree
Hide file tree
Showing 3 changed files with 20 additions and 4 deletions.
2 changes: 1 addition & 1 deletion GCDWebServer
Submodule GCDWebServer updated 18 files
+1 −1 .travis.yml
+8 −3 GCDWebDAVServer/GCDWebDAVServer.m
+3 −3 GCDWebServer.podspec
+14 −18 GCDWebServer.xcodeproj/project.pbxproj
+3 −7 GCDWebServer.xcodeproj/xcshareddata/xcschemes/GCDWebServers (Mac).xcscheme
+3 −7 GCDWebServer.xcodeproj/xcshareddata/xcschemes/GCDWebServers (iOS).xcscheme
+3 −7 GCDWebServer.xcodeproj/xcshareddata/xcschemes/GCDWebServers (tvOS).xcscheme
+22 −0 GCDWebServer/Core/GCDWebServer.h
+94 −52 GCDWebServer/Core/GCDWebServer.m
+2 −2 GCDWebServer/Core/GCDWebServerConnection.m
+4 −1 GCDWebServer/Core/GCDWebServerFunctions.m
+1 −1 GCDWebServer/Core/GCDWebServerResponse.h
+8 −3 GCDWebUploader/GCDWebUploader.m
+1 −1 Mac/main.m
+6 −6 README.md
+6 −4 format-source.sh
+1 −1 iOS/Info.plist
+1 −1 tvOS/Info.plist
1 change: 1 addition & 0 deletions V2RayX/AppDelegate.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,7 @@ int runCommandLine(NSString* launchPath, NSArray* arguments);
}

@property NSString* logDirPath;
@property NSString* webServerUuidString;

@property BOOL proxyState;
@property ProxyMode proxyMode;
Expand Down
21 changes: 18 additions & 3 deletions V2RayX/AppDelegate.m
View file
Original file line number Diff line number Diff line change
Expand Up @@ -128,9 +128,20 @@ - (void)applicationDidFinishLaunching:(NSNotification *)aNotification {
return [GCDWebServerDataResponse responseWithData:[weakSelf pacData] contentType:@"application/x-ns-proxy-autoconfig"];
}];
[webServer addHandlerForMethod:@"GET" path:@"/config.json" requestClass:[GCDWebServerRequest class] processBlock:^GCDWebServerResponse * _Nullable(__kindof GCDWebServerRequest * _Nonnull request) {
return [GCDWebServerDataResponse responseWithData:[weakSelf v2rayJSONconfig] contentType:@"application/json"];
// check uuid
NSString *uuid = request.query[@"u"];
if(uuid != NULL) {
uuid = [uuid uppercaseString];
if([uuid isEqualToString:weakSelf.webServerUuidString]) {
return [GCDWebServerDataResponse responseWithData:[weakSelf v2rayJSONconfig] contentType:@"application/json"];
}
}
return [GCDWebServerResponse responseWithStatusCode:404];
}];
[webServer startWithPort:webServerPort bonjourName:nil];

// only bind localhost
NSDictionary *options = @{ @"Port": @webServerPort, @"BindToLocalhost": @YES };
[webServer startWithOptions:options error:nil];


[self checkUpgrade:self];
Expand Down Expand Up @@ -1110,7 +1121,11 @@ - (IBAction)copyExportCmd:(id)sender {
}

- (IBAction)viewConfigJson:(NSMenuItem *)sender {
[[NSWorkspace sharedWorkspace] openURL:[NSURL URLWithString:[NSString stringWithFormat:@"http:https://127.0.0.1:%d/config.json", webServerPort]]];
if(_webServerUuidString == nil) {
NSUUID *uuid = [NSUUID UUID];
_webServerUuidString = [uuid UUIDString];
}
[[NSWorkspace sharedWorkspace] openURL:[NSURL URLWithString:[NSString stringWithFormat:@"http:https://127.0.0.1:%d/config.json?u=%@", webServerPort, _webServerUuidString]]];
}


Expand Down

0 comments on commit 1365ff3

Please sign in to comment.