From da9cde083f9e63efbe6e4bbcb71c3b39c062af39 Mon Sep 17 00:00:00 2001 From: akwizgran Date: Tue, 3 Jan 2017 17:59:18 +0000 Subject: [PATCH 1/2] Include description of SOCKS error in exception. --- .../bramble/socks/SocksSocket.java | 25 +++++++++++++++---- 1 file changed, 20 insertions(+), 5 deletions(-) diff --git a/bramble-core/src/main/java/org/briarproject/bramble/socks/SocksSocket.java b/bramble-core/src/main/java/org/briarproject/bramble/socks/SocksSocket.java index 226596626..d012085f5 100644 --- a/bramble-core/src/main/java/org/briarproject/bramble/socks/SocksSocket.java +++ b/bramble-core/src/main/java/org/briarproject/bramble/socks/SocksSocket.java @@ -12,6 +12,18 @@ import java.net.SocketAddress; class SocksSocket extends Socket { + private static final String[] ERRORS = { + "Succeeded", + "General SOCKS server failure", + "Connection not allowed by ruleset", + "Network unreachable", + "Host unreachable", + "Connection refused", + "TTL expired", + "Command not supported", + "Address type not supported" + }; + private final SocketAddress proxy; private final int connectToProxyTimeout; @@ -93,13 +105,16 @@ class SocksSocket extends Socket { private void receiveConnectResponse(InputStream in) throws IOException { byte[] connectResponse = new byte[4]; IoUtils.read(in, connectResponse); - byte version = connectResponse[0]; - byte reply = connectResponse[1]; - byte addressType = connectResponse[3]; + int version = connectResponse[0] & 0xFF; + int reply = connectResponse[1] & 0xFF; + int addressType = connectResponse[3] & 0xFF; if (version != 5) throw new IOException("Unsupported SOCKS version: " + version); - if (reply != 0) - throw new IOException("Connection failed: " + reply); + if (reply != 0) { + if (reply < ERRORS.length) + throw new IOException("Connection failed: " + ERRORS[reply]); + else throw new IOException("Connection failed: " + reply); + } if (addressType == 1) IoUtils.read(in, new byte[4]); // IPv4 else if (addressType == 4) IoUtils.read(in, new byte[16]); // IPv6 else throw new IOException("Unsupported address type: " + addressType); From 9c41437870187f62c963fdf309715b79895110ed Mon Sep 17 00:00:00 2001 From: akwizgran Date: Wed, 22 Mar 2017 15:57:53 +0000 Subject: [PATCH 2/2] Prevent OkHttp from making local DNS lookups. --- .../briarproject/bramble/socks/SocksSocket.java | 9 +++++++++ .../briarproject/briar/feed/FeedManagerImpl.java | 16 ++++++++++++++++ 2 files changed, 25 insertions(+) diff --git a/bramble-core/src/main/java/org/briarproject/bramble/socks/SocksSocket.java b/bramble-core/src/main/java/org/briarproject/bramble/socks/SocksSocket.java index d012085f5..9494e6297 100644 --- a/bramble-core/src/main/java/org/briarproject/bramble/socks/SocksSocket.java +++ b/bramble-core/src/main/java/org/briarproject/bramble/socks/SocksSocket.java @@ -6,9 +6,11 @@ import org.briarproject.bramble.util.IoUtils; import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; +import java.net.InetAddress; import java.net.InetSocketAddress; import java.net.Socket; import java.net.SocketAddress; +import java.util.Arrays; class SocksSocket extends Socket { @@ -24,6 +26,8 @@ class SocksSocket extends Socket { "Address type not supported" }; + private static final byte[] UNSPECIFIED_ADDRESS = new byte[4]; + private final SocketAddress proxy; private final int connectToProxyTimeout; @@ -40,6 +44,11 @@ class SocksSocket extends Socket { if (!(endpoint instanceof InetSocketAddress)) throw new IllegalArgumentException(); InetSocketAddress inet = (InetSocketAddress) endpoint; + InetAddress address = inet.getAddress(); + if (address != null + && !Arrays.equals(address.getAddress(), UNSPECIFIED_ADDRESS)) { + throw new IllegalArgumentException(); + } String host = inet.getHostName(); if (host.length() > 255) throw new IllegalArgumentException(); int port = inet.getPort(); diff --git a/briar-core/src/main/java/org/briarproject/briar/feed/FeedManagerImpl.java b/briar-core/src/main/java/org/briarproject/briar/feed/FeedManagerImpl.java index 8c641fa89..d92df5001 100644 --- a/briar-core/src/main/java/org/briarproject/briar/feed/FeedManagerImpl.java +++ b/briar-core/src/main/java/org/briarproject/briar/feed/FeedManagerImpl.java @@ -39,6 +39,8 @@ import org.briarproject.briar.api.feed.FeedManager; import java.io.IOException; import java.io.InputStream; +import java.net.InetAddress; +import java.net.UnknownHostException; import java.security.GeneralSecurityException; import java.util.ArrayList; import java.util.Collections; @@ -55,6 +57,7 @@ import javax.annotation.concurrent.ThreadSafe; import javax.inject.Inject; import javax.net.SocketFactory; +import okhttp3.Dns; import okhttp3.OkHttpClient; import okhttp3.Request; import okhttp3.Response; @@ -77,6 +80,7 @@ class FeedManagerImpl implements FeedManager, Client, EventListener { private static final Logger LOG = Logger.getLogger(FeedManagerImpl.class.getName()); + private static final byte[] UNSPECIFIED_ADDRESS = new byte[4]; private static final int CONNECT_TIMEOUT = 60 * 1000; // Milliseconds private final ScheduledExecutorService scheduler; @@ -347,9 +351,21 @@ class FeedManagerImpl implements FeedManager, Client, EventListener { } private InputStream getFeedInputStream(String url) throws IOException { + // Don't make local DNS lookups + Dns noLookups = new Dns() { + @Override + public List lookup(String hostname) + throws UnknownHostException { + InetAddress unspecified = + InetAddress.getByAddress(hostname, UNSPECIFIED_ADDRESS); + return Collections.singletonList(unspecified); + } + }; + // Build HTTP Client OkHttpClient client = new OkHttpClient.Builder() .socketFactory(torSocketFactory) + .dns(noLookups) .connectTimeout(CONNECT_TIMEOUT, MILLISECONDS) .build();