From 9c41437870187f62c963fdf309715b79895110ed Mon Sep 17 00:00:00 2001
From: akwizgran <akwizgran@users.sourceforge.net>
Date: Wed, 22 Mar 2017 15:57:53 +0000
Subject: [PATCH] Prevent OkHttp from making local DNS lookups.
---
.../briarproject/bramble/socks/SocksSocket.java | 9 +++++++++
.../briarproject/briar/feed/FeedManagerImpl.java | 16 ++++++++++++++++
2 files changed, 25 insertions(+)
diff --git a/bramble-core/src/main/java/org/briarproject/bramble/socks/SocksSocket.java b/bramble-core/src/main/java/org/briarproject/bramble/socks/SocksSocket.java
index d012085f57..9494e62977 100644
--- a/bramble-core/src/main/java/org/briarproject/bramble/socks/SocksSocket.java
+++ b/bramble-core/src/main/java/org/briarproject/bramble/socks/SocksSocket.java
@@ -6,9 +6,11 @@ import org.briarproject.bramble.util.IoUtils;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
+import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.net.SocketAddress;
+import java.util.Arrays;
class SocksSocket extends Socket {
@@ -24,6 +26,8 @@ class SocksSocket extends Socket {
"Address type not supported"
};
+ private static final byte[] UNSPECIFIED_ADDRESS = new byte[4];
+
private final SocketAddress proxy;
private final int connectToProxyTimeout;
@@ -40,6 +44,11 @@ class SocksSocket extends Socket {
if (!(endpoint instanceof InetSocketAddress))
throw new IllegalArgumentException();
InetSocketAddress inet = (InetSocketAddress) endpoint;
+ InetAddress address = inet.getAddress();
+ if (address != null
+ && !Arrays.equals(address.getAddress(), UNSPECIFIED_ADDRESS)) {
+ throw new IllegalArgumentException();
+ }
String host = inet.getHostName();
if (host.length() > 255) throw new IllegalArgumentException();
int port = inet.getPort();
diff --git a/briar-core/src/main/java/org/briarproject/briar/feed/FeedManagerImpl.java b/briar-core/src/main/java/org/briarproject/briar/feed/FeedManagerImpl.java
index 8c641fa89c..d92df5001d 100644
--- a/briar-core/src/main/java/org/briarproject/briar/feed/FeedManagerImpl.java
+++ b/briar-core/src/main/java/org/briarproject/briar/feed/FeedManagerImpl.java
@@ -39,6 +39,8 @@ import org.briarproject.briar.api.feed.FeedManager;
import java.io.IOException;
import java.io.InputStream;
+import java.net.InetAddress;
+import java.net.UnknownHostException;
import java.security.GeneralSecurityException;
import java.util.ArrayList;
import java.util.Collections;
@@ -55,6 +57,7 @@ import javax.annotation.concurrent.ThreadSafe;
import javax.inject.Inject;
import javax.net.SocketFactory;
+import okhttp3.Dns;
import okhttp3.OkHttpClient;
import okhttp3.Request;
import okhttp3.Response;
@@ -77,6 +80,7 @@ class FeedManagerImpl implements FeedManager, Client, EventListener {
private static final Logger LOG =
Logger.getLogger(FeedManagerImpl.class.getName());
+ private static final byte[] UNSPECIFIED_ADDRESS = new byte[4];
private static final int CONNECT_TIMEOUT = 60 * 1000; // Milliseconds
private final ScheduledExecutorService scheduler;
@@ -347,9 +351,21 @@ class FeedManagerImpl implements FeedManager, Client, EventListener {
}
private InputStream getFeedInputStream(String url) throws IOException {
+ // Don't make local DNS lookups
+ Dns noLookups = new Dns() {
+ @Override
+ public List<InetAddress> lookup(String hostname)
+ throws UnknownHostException {
+ InetAddress unspecified =
+ InetAddress.getByAddress(hostname, UNSPECIFIED_ADDRESS);
+ return Collections.singletonList(unspecified);
+ }
+ };
+
// Build HTTP Client
OkHttpClient client = new OkHttpClient.Builder()
.socketFactory(torSocketFactory)
+ .dns(noLookups)
.connectTimeout(CONNECT_TIMEOUT, MILLISECONDS)
.build();
--
GitLab