Kaladaran/briar
0
0
Fork 0
mirror of https://code.briarproject.org/briar/briar.git synced 2026-02-19 06:09:55 +01:00
Code Issues Projects Releases Wiki Activity

Merge branch '908-rss-import-dns-leak' into 'master'

Browse Source 
Don't make DNS lookups during RSS import

Closes #908

See merge request !488
This commit is contained in:
akwizgran
2017-03-24 10:02:19 +00:00
parent d9a62a0431 9c41437870
commit a9053808b4
2 changed files with 45 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
bramble-core/src/main/java/org/briarproject/bramble/socks/SocksSocket.java
View File

@@ -6,12 +6,28 @@ import org.briarproject.bramble.util.IoUtils;
import java.io.IOException; import java.io.IOException;
import java.io.InputStream; import java.io.InputStream;
import java.io.OutputStream; import java.io.OutputStream;
import java.net.InetAddress;
import java.net.InetSocketAddress; import java.net.InetSocketAddress;
import java.net.Socket; import java.net.Socket;
import java.net.SocketAddress; import java.net.SocketAddress;
import java.util.Arrays;
class SocksSocket extends Socket { class SocksSocket extends Socket {
private static final String[] ERRORS = {
"Succeeded",
"General SOCKS server failure",
"Connection not allowed by ruleset",
"Network unreachable",
"Host unreachable",
"Connection refused",
"TTL expired",
"Command not supported",
"Address type not supported"
};
private static final byte[] UNSPECIFIED_ADDRESS = new byte[4];
private final SocketAddress proxy; private final SocketAddress proxy;
private final int connectToProxyTimeout; private final int connectToProxyTimeout;
@@ -28,6 +44,11 @@ class SocksSocket extends Socket {
if (!(endpoint instanceof InetSocketAddress)) if (!(endpoint instanceof InetSocketAddress))
throw new IllegalArgumentException(); throw new IllegalArgumentException();
InetSocketAddress inet = (InetSocketAddress) endpoint; InetSocketAddress inet = (InetSocketAddress) endpoint;
InetAddress address = inet.getAddress();
if (address != null
&& !Arrays.equals(address.getAddress(), UNSPECIFIED_ADDRESS)) {
throw new IllegalArgumentException();
}
String host = inet.getHostName(); String host = inet.getHostName();
if (host.length() > 255) throw new IllegalArgumentException(); if (host.length() > 255) throw new IllegalArgumentException();
int port = inet.getPort(); int port = inet.getPort();
@@ -93,13 +114,16 @@ class SocksSocket extends Socket {
private void receiveConnectResponse(InputStream in) throws IOException { private void receiveConnectResponse(InputStream in) throws IOException {
byte[] connectResponse = new byte[4]; byte[] connectResponse = new byte[4];
IoUtils.read(in, connectResponse); IoUtils.read(in, connectResponse);
byte version = connectResponse[0]; int version = connectResponse[0] & 0xFF;
byte reply = connectResponse[1]; int reply = connectResponse[1] & 0xFF;
byte addressType = connectResponse[3]; int addressType = connectResponse[3] & 0xFF;
if (version != 5) if (version != 5)
throw new IOException("Unsupported SOCKS version: " + version); throw new IOException("Unsupported SOCKS version: " + version);
if (reply != 0) if (reply != 0) {
throw new IOException("Connection failed: " + reply); if (reply < ERRORS.length)
throw new IOException("Connection failed: " + ERRORS[reply]);
else throw new IOException("Connection failed: " + reply);
}
if (addressType == 1) IoUtils.read(in, new byte[4]); // IPv4 if (addressType == 1) IoUtils.read(in, new byte[4]); // IPv4
else if (addressType == 4) IoUtils.read(in, new byte[16]); // IPv6 else if (addressType == 4) IoUtils.read(in, new byte[16]); // IPv6
else throw new IOException("Unsupported address type: " + addressType); else throw new IOException("Unsupported address type: " + addressType);

16
briar-core/src/main/java/org/briarproject/briar/feed/FeedManagerImpl.java
View File

@@ -39,6 +39,8 @@ import org.briarproject.briar.api.feed.FeedManager;
import java.io.IOException; import java.io.IOException;
import java.io.InputStream; import java.io.InputStream;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.GeneralSecurityException; import java.security.GeneralSecurityException;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Collections; import java.util.Collections;
@@ -55,6 +57,7 @@ import javax.annotation.concurrent.ThreadSafe;
import javax.inject.Inject; import javax.inject.Inject;
import javax.net.SocketFactory; import javax.net.SocketFactory;
import okhttp3.Dns;
import okhttp3.OkHttpClient; import okhttp3.OkHttpClient;
import okhttp3.Request; import okhttp3.Request;
import okhttp3.Response; import okhttp3.Response;
@@ -77,6 +80,7 @@ class FeedManagerImpl implements FeedManager, Client, EventListener {
private static final Logger LOG = private static final Logger LOG =
Logger.getLogger(FeedManagerImpl.class.getName()); Logger.getLogger(FeedManagerImpl.class.getName());
private static final byte[] UNSPECIFIED_ADDRESS = new byte[4];
private static final int CONNECT_TIMEOUT = 60 * 1000; // Milliseconds private static final int CONNECT_TIMEOUT = 60 * 1000; // Milliseconds
private final ScheduledExecutorService scheduler; private final ScheduledExecutorService scheduler;
@@ -347,9 +351,21 @@ class FeedManagerImpl implements FeedManager, Client, EventListener {
} }
private InputStream getFeedInputStream(String url) throws IOException { private InputStream getFeedInputStream(String url) throws IOException {
// Don't make local DNS lookups
Dns noLookups = new Dns() {
@Override
public List<InetAddress> lookup(String hostname)
throws UnknownHostException {
InetAddress unspecified =
InetAddress.getByAddress(hostname, UNSPECIFIED_ADDRESS);
return Collections.singletonList(unspecified);
}
};
// Build HTTP Client // Build HTTP Client
OkHttpClient client = new OkHttpClient.Builder() OkHttpClient client = new OkHttpClient.Builder()
.socketFactory(torSocketFactory) .socketFactory(torSocketFactory)
.dns(noLookups)
.connectTimeout(CONNECT_TIMEOUT, MILLISECONDS) .connectTimeout(CONNECT_TIMEOUT, MILLISECONDS)
.build(); .build();