Skip to content

GitLab

Unverified Commit 9c414378 authored by akwizgran's avatar akwizgran
Browse files
Options

Prevent OkHttp from making local DNS lookups.

parent da9cde08
Hide whitespace changes
Inline Side-by-side
Showing with 25 additions and 0 deletions
bramble-core/src/main/java/org/briarproject/bramble/socks/SocksSocket.java
View file @ 9c414378
......@@ -6,9 +6,11 @@ import org.briarproject.bramble.util.IoUtils;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.net.SocketAddress;
import java.util.Arrays;
class SocksSocket extends Socket {
......@@ -24,6 +26,8 @@ class SocksSocket extends Socket {
"Address type not supported"
};
private static final byte[] UNSPECIFIED_ADDRESS = new byte[4];
private final SocketAddress proxy;
private final int connectToProxyTimeout;
......@@ -40,6 +44,11 @@ class SocksSocket extends Socket {
if (!(endpoint instanceof InetSocketAddress))
throw new IllegalArgumentException();
InetSocketAddress inet = (InetSocketAddress) endpoint;
InetAddress address = inet.getAddress();
if (address != null
&& !Arrays.equals(address.getAddress(), UNSPECIFIED_ADDRESS)) {
throw new IllegalArgumentException();
}
String host = inet.getHostName();
if (host.length() > 255) throw new IllegalArgumentException();
int port = inet.getPort();
......
briar-core/src/main/java/org/briarproject/briar/feed/FeedManagerImpl.java
View file @ 9c414378
......@@ -39,6 +39,8 @@ import org.briarproject.briar.api.feed.FeedManager;
import java.io.IOException;
import java.io.InputStream;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.GeneralSecurityException;
import java.util.ArrayList;
import java.util.Collections;
......@@ -55,6 +57,7 @@ import javax.annotation.concurrent.ThreadSafe;
import javax.inject.Inject;
import javax.net.SocketFactory;
import okhttp3.Dns;
import okhttp3.OkHttpClient;
import okhttp3.Request;
import okhttp3.Response;
......@@ -77,6 +80,7 @@ class FeedManagerImpl implements FeedManager, Client, EventListener {
private static final Logger LOG =
Logger.getLogger(FeedManagerImpl.class.getName());
private static final byte[] UNSPECIFIED_ADDRESS = new byte[4];
private static final int CONNECT_TIMEOUT = 60 * 1000; // Milliseconds
private final ScheduledExecutorService scheduler;
......@@ -347,9 +351,21 @@ class FeedManagerImpl implements FeedManager, Client, EventListener {
}
private InputStream getFeedInputStream(String url) throws IOException {
// Don't make local DNS lookups
Dns noLookups = new Dns() {
@Override
public List<InetAddress> lookup(String hostname)
throws UnknownHostException {
InetAddress unspecified =
InetAddress.getByAddress(hostname, UNSPECIFIED_ADDRESS);
return Collections.singletonList(unspecified);
}
};
// Build HTTP Client
OkHttpClient client = new OkHttpClient.Builder()
.socketFactory(torSocketFactory)
.dns(noLookups)
.connectTimeout(CONNECT_TIMEOUT, MILLISECONDS)
.build();
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment