I guess we can leave this as-is for the time being, but it might be worth opening an issue as future work to open PR on https://github.com/armon/go-socks5 to return the listener (or set it as an attribute to the server struct).
[x] MIV-01-007 Possible DoS via Predictable Port Usage
From a review in #23:
I was thinking you could perhaps just call
server.ListendAndServe
with addr ={ip}:0
so as to make the OS pick the next available port for you.I then saw, though, that the sock5 library you are using doesn't return the
net.listener
(https://github.com/armon/go-socks5/blob/master/socks5.go#L100) so if you actually need to know the picked port you have no way of extracting it :(I guess we can leave this as-is for the time being, but it might be worth opening an issue as future work to open PR on https://github.com/armon/go-socks5 to return the listener (or set it as an attribute to the server struct).
_Originally posted by @hellais in https://github.com/ooni/minivpn/pull/23#discussion_r1038047244_