[tbb-bugs] #27431 [Applications/Tor Browser]: TBA connects to location.services.mozilla.com
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Oct 19 21:15:08 UTC 2018
#27431: TBA connects to location.services.mozilla.com
--------------------------------------+--------------------------
Reporter: towiw3 | Owner: sysrqb
Type: defect | Status: assigned
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Major | Resolution:
Keywords: tbb-mobile | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Changes (by sysrqb):
* cc: tbb-team, igt0 (added)
* owner: tbb-team => sysrqb
* status: new => assigned
* severity: Normal => Major
Comment:
Thanks for reporting this!
Ugh, okay. This is exactly what we feared. It looks like this is the
result of a bug within the Android core HTTP library. This leak is already
fixed in the more recent releases of Android. In particular, any version
after Android O (API 26+) should not leak DNS queries.
I didn't catch this in #21863 because I only audited the master branch.
You can see the leak here,
[https://android.googlesource.com/platform/external/okhttp/+/marshmallow-
release/okhttp/src/main/java/com/squareup/okhttp/internal/http/RouteSelector.java#187
in Marshmallow]:
{{{
if (proxy.type() == Proxy.Type.DIRECT || proxy.type() ==
Proxy.Type.SOCKS) {
socketHost = address.getUriHost();
socketPort = getEffectivePort(uri);
} else {
SocketAddress proxyAddress = proxy.address();
if (!(proxyAddress instanceof InetSocketAddress)) {
throw new IllegalArgumentException(
"Proxy.address() is not an " + "InetSocketAddress: " +
proxyAddress.getClass());
}
InetSocketAddress proxySocketAddress = (InetSocketAddress)
proxyAddress;
socketHost = getHostString(proxySocketAddress);
socketPort = proxySocketAddress.getPort();
}
if (socketPort < 1 || socketPort > 65535) {
throw new SocketException("No route to " + socketHost + ":" +
socketPort
+ "; port is out of range");
}
// Try each address for best behavior in mixed IPv4/IPv6 environments.
for (InetAddress inetAddress :
network.resolveInetAddresses(socketHost)) {
inetSocketAddresses.add(new InetSocketAddress(inetAddress,
socketPort));
}
}}}
And it is patched
[https://android.googlesource.com/platform/external/okhttp/+/oreo-
release/okhttp/src/main/java/com/squareup/okhttp/internal/http/RouteSelector.java#171
in Oreo]:
{{{
if (proxy.type() == Proxy.Type.SOCKS) {
inetSocketAddresses.add(InetSocketAddress.createUnresolved(socketHost,
socketPort));
} else {
// Try each address for best behavior in mixed IPv4/IPv6
environments.
List<InetAddress> addresses = address.getDns().lookup(socketHost);
for (int i = 0, size = addresses.size(); i < size; i++) {
InetAddress inetAddress = addresses.get(i);
inetSocketAddresses.add(new InetSocketAddress(inetAddress,
socketPort));
}
}
}}}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27431#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list