Merge branch '908-rss-import-dns-leak' into 'master'

Don't make DNS lookups during RSS import Closes #908 See merge request !488

Merge branch '908-rss-import-dns-leak' into 'master'
Don't make DNS lookups during RSS import Closes #908 See merge request !488
a9053808 · akwizgran · d9a62a04 · 9c414378 · a9053808 · a9053808
Commit a9053808 authored 8 years ago by akwizgran
--- a/bramble-core/src/main/java/org/briarproject/bramble/socks/SocksSocket.java
+++ b/bramble-core/src/main/java/org/briarproject/bramble/socks/SocksSocket.java
@@ -6,12 +6,28 @@ import org.briarproject.bramble.util.IoUtils;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStream;
+import java.net.InetAddress;
 import java.net.InetSocketAddress;
 import java.net.Socket;
 import java.net.SocketAddress;
+import java.util.Arrays;

 class SocksSocket extends Socket {

+	private static final String[] ERRORS = {
+			"Succeeded",
+			"General SOCKS server failure",
+			"Connection not allowed by ruleset",
+			"Network unreachable",
+			"Host unreachable",
+			"Connection refused",
+			"TTL expired",
+			"Command not supported",
+			"Address type not supported"
+	};
+
+	private static final byte[] UNSPECIFIED_ADDRESS = new byte[4];
+
 	private final SocketAddress proxy;
 	private final int connectToProxyTimeout;

@@ -28,6 +44,11 @@ class SocksSocket extends Socket {
 		if (!(endpoint instanceof InetSocketAddress))
 			throw new IllegalArgumentException();
 		InetSocketAddress inet = (InetSocketAddress) endpoint;
+		InetAddress address = inet.getAddress();
+		if (address != null
+				&& !Arrays.equals(address.getAddress(), UNSPECIFIED_ADDRESS)) {
+				throw new IllegalArgumentException();
+		}
 		String host = inet.getHostName();
 		if (host.length() > 255) throw new IllegalArgumentException();
 		int port = inet.getPort();
@@ -93,13 +114,16 @@ class SocksSocket extends Socket {
 	private void receiveConnectResponse(InputStream in) throws IOException {
 		byte[] connectResponse = new byte[4];
 		IoUtils.read(in, connectResponse);
-		byte version = connectResponse[0];
-		byte reply = connectResponse[1];
-		byte addressType = connectResponse[3];
+		int version = connectResponse[0] & 0xFF;
+		int reply = connectResponse[1] & 0xFF;
+		int addressType = connectResponse[3] & 0xFF;
 		if (version != 5)
 			throw new IOException("Unsupported SOCKS version: " + version);
-		if (reply != 0)
-			throw new IOException("Connection failed: " + reply);
+		if (reply != 0) {
+			if (reply < ERRORS.length)
+				throw new IOException("Connection failed: " + ERRORS[reply]);
+			else throw new IOException("Connection failed: " + reply);
+		}
 		if (addressType == 1) IoUtils.read(in, new byte[4]); // IPv4
 		else if (addressType == 4) IoUtils.read(in, new byte[16]); // IPv6
 		else throw new IOException("Unsupported address type: " + addressType);

--- a/briar-core/src/main/java/org/briarproject/briar/feed/FeedManagerImpl.java
+++ b/briar-core/src/main/java/org/briarproject/briar/feed/FeedManagerImpl.java
@@ -39,6 +39,8 @@ import org.briarproject.briar.api.feed.FeedManager;

 import java.io.IOException;
 import java.io.InputStream;
+import java.net.InetAddress;
+import java.net.UnknownHostException;
 import java.security.GeneralSecurityException;
 import java.util.ArrayList;
 import java.util.Collections;
@@ -55,6 +57,7 @@ import javax.annotation.concurrent.ThreadSafe;
 import javax.inject.Inject;
 import javax.net.SocketFactory;

+import okhttp3.Dns;
 import okhttp3.OkHttpClient;
 import okhttp3.Request;
 import okhttp3.Response;
@@ -77,6 +80,7 @@ class FeedManagerImpl implements FeedManager, Client, EventListener {
 	private static final Logger LOG =
 			Logger.getLogger(FeedManagerImpl.class.getName());

+	private static final byte[] UNSPECIFIED_ADDRESS = new byte[4];
 	private static final int CONNECT_TIMEOUT = 60 * 1000; // Milliseconds

 	private final ScheduledExecutorService scheduler;
@@ -347,9 +351,21 @@ class FeedManagerImpl implements FeedManager, Client, EventListener {
 	}

 	private InputStream getFeedInputStream(String url) throws IOException {
+		// Don't make local DNS lookups
+		Dns noLookups = new Dns() {
+			@Override
+			public List<InetAddress> lookup(String hostname)
+					throws UnknownHostException {
+				InetAddress unspecified =
+						InetAddress.getByAddress(hostname, UNSPECIFIED_ADDRESS);
+				return Collections.singletonList(unspecified);
+			}
+		};
+
 		// Build HTTP Client
 		OkHttpClient client = new OkHttpClient.Builder()
 				.socketFactory(torSocketFactory)
+				.dns(noLookups)
 				.connectTimeout(CONNECT_TIMEOUT, MILLISECONDS)
 				.build();