[tbb-commits] [tor-browser/tor-browser-60.3.0esr-8.5-1] Bug 28125 - Prevent non-Necko network connections

gk at torproject.org gk at torproject.org
Tue Oct 30 12:03:05 UTC 2018


commit 2c4b103cfef5eafe276713478abf8bd1db057730
Author: Matthew Finkel <Matthew.Finkel at gmail.com>
Date:   Thu Oct 25 19:17:09 2018 +0000

    Bug 28125 - Prevent non-Necko network connections
---
 .../base/java/org/mozilla/gecko/CrashReporter.java |  5 ++
 .../base/java/org/mozilla/gecko/SuggestClient.java |  5 ++
 .../homepanel/topstories/PocketStoriesLoader.java  |  5 ++
 .../mozilla/gecko/distribution/Distribution.java   |  5 ++
 .../java/org/mozilla/gecko/dlc/BaseAction.java     |  6 ++
 .../java/org/mozilla/gecko/home/ImageLoader.java   |  7 ++
 .../mozilla/gecko/icons/loader/IconDownloader.java | 11 +++
 .../mozilla/gecko/search/SearchEngineManager.java  |  5 ++
 .../org/mozilla/gecko/switchboard/SwitchBoard.java |  6 ++
 .../org/mozilla/gecko/updater/UpdateService.java   | 11 +++
 .../gecko/media/GeckoMediaDrmBridgeV21.java        | 77 +++++++++++---------
 .../exoplayer2/upstream/DefaultHttpDataSource.java | 85 ++++++++++++----------
 .../service/utils/AbstractCommunicator.java        |  5 ++
 13 files changed, 157 insertions(+), 76 deletions(-)

diff --git a/mobile/android/base/java/org/mozilla/gecko/CrashReporter.java b/mobile/android/base/java/org/mozilla/gecko/CrashReporter.java
index f1305cfc5398..618278773c38 100644
--- a/mobile/android/base/java/org/mozilla/gecko/CrashReporter.java
+++ b/mobile/android/base/java/org/mozilla/gecko/CrashReporter.java
@@ -472,6 +472,11 @@ public class CrashReporter extends AppCompatActivity
     }
 
     private void sendReport(File minidumpFile, Map<String, String> extras, File extrasFile) {
+        if (AppConstants.isTorBrowser()) {
+            Log.i(LOGTAG, "sendReport: This is Tor Browser. Skipping.");
+            return;
+        }
+
         Log.i(LOGTAG, "sendReport: " + minidumpFile.getPath());
         final CheckBox includeURLCheckbox = (CheckBox) findViewById(R.id.include_url);
 
diff --git a/mobile/android/base/java/org/mozilla/gecko/SuggestClient.java b/mobile/android/base/java/org/mozilla/gecko/SuggestClient.java
index 0ebffeccdf21..137e53cc5c03 100644
--- a/mobile/android/base/java/org/mozilla/gecko/SuggestClient.java
+++ b/mobile/android/base/java/org/mozilla/gecko/SuggestClient.java
@@ -72,6 +72,11 @@ public class SuggestClient {
             return mPrevResults;
 
         ArrayList<String> suggestions = new ArrayList<String>();
+        if (AppConstants.isTorBrowser()) {
+            Log.i(LOGTAG, "This is Tor Browser. Skipping.");
+            return suggestions;
+        }
+
         if (TextUtils.isEmpty(mSuggestTemplate) || TextUtils.isEmpty(query)) {
             return suggestions;
         }
diff --git a/mobile/android/base/java/org/mozilla/gecko/activitystream/homepanel/topstories/PocketStoriesLoader.java b/mobile/android/base/java/org/mozilla/gecko/activitystream/homepanel/topstories/PocketStoriesLoader.java
index 7ebead4cfa3f..516c13610047 100644
--- a/mobile/android/base/java/org/mozilla/gecko/activitystream/homepanel/topstories/PocketStoriesLoader.java
+++ b/mobile/android/base/java/org/mozilla/gecko/activitystream/homepanel/topstories/PocketStoriesLoader.java
@@ -124,6 +124,11 @@ public class PocketStoriesLoader extends AsyncTaskLoader<List<TopStory>> {
     }
 
     protected String makeAPIRequestWithKey(final String apiKey) {
+        if (AppConstants.isTorBrowser()) {
+            Log.i(LOGTAG, "This is Tor Browser. Skipping.");
+            return null;
+        }
+
         HttpURLConnection connection = null;
 
         final Uri uri = Uri.parse(GLOBAL_ENDPOINT)
diff --git a/mobile/android/base/java/org/mozilla/gecko/distribution/Distribution.java b/mobile/android/base/java/org/mozilla/gecko/distribution/Distribution.java
index 7b93eb568acc..ea9534bfd741 100644
--- a/mobile/android/base/java/org/mozilla/gecko/distribution/Distribution.java
+++ b/mobile/android/base/java/org/mozilla/gecko/distribution/Distribution.java
@@ -534,6 +534,11 @@ public class Distribution {
             return false;
         }
 
+        if (AppConstants.isTorBrowser()) {
+            Log.i(LOGTAG, "This is Tor Browser. Skipping.");
+            return false;
+        }
+
         URI uri = getReferredDistribution(referrer);
         if (uri == null) {
             return false;
diff --git a/mobile/android/base/java/org/mozilla/gecko/dlc/BaseAction.java b/mobile/android/base/java/org/mozilla/gecko/dlc/BaseAction.java
index 5b1e0004fef1..56cfde26160c 100644
--- a/mobile/android/base/java/org/mozilla/gecko/dlc/BaseAction.java
+++ b/mobile/android/base/java/org/mozilla/gecko/dlc/BaseAction.java
@@ -151,6 +151,12 @@ public abstract class BaseAction {
     protected HttpURLConnection buildHttpURLConnection(String url)
             throws UnrecoverableDownloadContentException, IOException {
         try {
+            if (AppConstants.isTorBrowser()) {
+                String erdcl = "This is Tor Browser. Downloading is disabled for: " + url;
+                Log.i(LOGTAG, "This is Tor Browser. Skipping.");
+                throw new UnrecoverableDownloadContentException(erdcl);
+            }
+
             System.setProperty("http.keepAlive", "true");
 
             HttpURLConnection connection = (HttpURLConnection) ProxySelector.openConnectionWithProxy(new URI(url));
diff --git a/mobile/android/base/java/org/mozilla/gecko/home/ImageLoader.java b/mobile/android/base/java/org/mozilla/gecko/home/ImageLoader.java
index cbbe7babbba4..b6ea0249445c 100644
--- a/mobile/android/base/java/org/mozilla/gecko/home/ImageLoader.java
+++ b/mobile/android/base/java/org/mozilla/gecko/home/ImageLoader.java
@@ -15,6 +15,7 @@ import com.squareup.picasso.Picasso;
 import com.squareup.picasso.Downloader.Response;
 import com.squareup.picasso.UrlConnectionDownloader;
 
+import org.mozilla.gecko.AppConstants;
 import org.mozilla.gecko.util.ProxySelector;
 
 import java.io.File;
@@ -91,6 +92,12 @@ public class ImageLoader {
 
         @Override
         protected HttpURLConnection openConnection(Uri path) throws IOException {
+            if (AppConstants.isTorBrowser()) {
+                String err = "This is Tor Browser. Downloading is disabled for: " + path.toString();
+                Log.i(LOGTAG, "This is Tor Browser. Skipping.");
+                throw new IOException(err);
+            }
+
             try {
                 // This is annoying, but |path| is an android.net.Uri and
                 // openConnectionWithProxy() accepts a java.net.URI
diff --git a/mobile/android/base/java/org/mozilla/gecko/icons/loader/IconDownloader.java b/mobile/android/base/java/org/mozilla/gecko/icons/loader/IconDownloader.java
index 4a03d440556d..84eb7736e94e 100644
--- a/mobile/android/base/java/org/mozilla/gecko/icons/loader/IconDownloader.java
+++ b/mobile/android/base/java/org/mozilla/gecko/icons/loader/IconDownloader.java
@@ -12,6 +12,7 @@ import android.support.annotation.Nullable;
 import android.support.annotation.VisibleForTesting;
 import android.util.Log;
 
+import org.mozilla.gecko.AppConstants;
 import org.mozilla.gecko.GeckoApplication;
 import org.mozilla.gecko.icons.decoders.FaviconDecoder;
 import org.mozilla.gecko.icons.decoders.LoadFaviconResult;
@@ -132,6 +133,11 @@ public class IconDownloader implements IconLoader {
             return null;
         }
 
+        if (AppConstants.isTorBrowser()) {
+            Log.i(LOGTAG, "This is Tor Browser. Skipping.");
+            return null;
+        }
+
         HttpURLConnection connection = null;
 
         try {
@@ -183,6 +189,11 @@ public class IconDownloader implements IconLoader {
     @VisibleForTesting
     @NonNull
     HttpURLConnection connectTo(String uri) throws URISyntaxException, IOException {
+        if (AppConstants.isTorBrowser()) {
+            Log.i(LOGTAG, "This is Tor Browser. Skipping.");
+            throw new IOException();
+        }
+
         final HttpURLConnection connection = (HttpURLConnection) ProxySelector.openConnectionWithProxy(
                 new URI(uri));
 
diff --git a/mobile/android/base/java/org/mozilla/gecko/search/SearchEngineManager.java b/mobile/android/base/java/org/mozilla/gecko/search/SearchEngineManager.java
index 1004b7b25ef1..df9b6d67b467 100644
--- a/mobile/android/base/java/org/mozilla/gecko/search/SearchEngineManager.java
+++ b/mobile/android/base/java/org/mozilla/gecko/search/SearchEngineManager.java
@@ -379,6 +379,11 @@ public class SearchEngineManager implements SharedPreferences.OnSharedPreference
      * @return String containing the country code
      */
     private String fetchCountryCode() {
+        if (AppConstants.isTorBrowser()) {
+            Log.i(LOG_TAG, "This is Tor Browser. Skipping.");
+            return null;
+        }
+
         // First, we look to see if we have a cached code.
         final String region = GeckoSharedPrefs.forApp(context).getString(PREF_REGION_KEY, null);
         if (region != null) {
diff --git a/mobile/android/base/java/org/mozilla/gecko/switchboard/SwitchBoard.java b/mobile/android/base/java/org/mozilla/gecko/switchboard/SwitchBoard.java
index d78663060f99..e32b50ebadb5 100644
--- a/mobile/android/base/java/org/mozilla/gecko/switchboard/SwitchBoard.java
+++ b/mobile/android/base/java/org/mozilla/gecko/switchboard/SwitchBoard.java
@@ -409,6 +409,12 @@ public class SwitchBoard {
         HttpURLConnection connection = null;
         InputStreamReader inputStreamReader = null;
         BufferedReader bufferReader = null;
+
+        if (AppConstants.isTorBrowser()) {
+            Log.i(TAG, "This is Tor Browser. Skipping.");
+            return null;
+        }
+
         try {
             connection = (HttpURLConnection) ProxySelector.openConnectionWithProxy(url.toURI());
             connection.setRequestProperty("User-Agent", HardwareUtils.isTablet() ?
diff --git a/mobile/android/base/java/org/mozilla/gecko/updater/UpdateService.java b/mobile/android/base/java/org/mozilla/gecko/updater/UpdateService.java
index 0598105fe108..71e1097711d9 100644
--- a/mobile/android/base/java/org/mozilla/gecko/updater/UpdateService.java
+++ b/mobile/android/base/java/org/mozilla/gecko/updater/UpdateService.java
@@ -379,6 +379,11 @@ public class UpdateService extends IntentService {
         try {
             URI uri = getUpdateURI(force);
 
+            if (AppConstants.isTorBrowser()) {
+              Log.i(LOGTAG, "This is Tor Browser. Skipping.");
+              return null;
+            }
+
             if (uri == null) {
               Log.e(LOGTAG, "failed to get update URI");
               return null;
@@ -527,6 +532,12 @@ public class UpdateService extends IntentService {
 
     private File downloadUpdatePackage(UpdateInfo info, boolean overwriteExisting) {
         URL url = null;
+
+        if (AppConstants.isTorBrowser()) {
+          Log.i(LOGTAG, "This is Tor Browser. Skipping.");
+          return null;
+        }
+
         try {
             url = info.uri.toURL();
         } catch (java.net.MalformedURLException e) {
diff --git a/mobile/android/geckoview/src/main/java/org/mozilla/gecko/media/GeckoMediaDrmBridgeV21.java b/mobile/android/geckoview/src/main/java/org/mozilla/gecko/media/GeckoMediaDrmBridgeV21.java
index d0973f3dcc17..39d10615d35c 100644
--- a/mobile/android/geckoview/src/main/java/org/mozilla/gecko/media/GeckoMediaDrmBridgeV21.java
+++ b/mobile/android/geckoview/src/main/java/org/mozilla/gecko/media/GeckoMediaDrmBridgeV21.java
@@ -473,43 +473,48 @@ public class GeckoMediaDrmBridgeV21 implements GeckoMediaDrm {
 
         @Override
         protected Void doInBackground(Void... params) {
-            try {
-                URI finalURI = new URI(mURL + "&signedRequest=" + URLEncoder.encode(new String(mDrmRequest), "UTF-8"));
-                HttpURLConnection urlConnection = (HttpURLConnection) ProxySelector.openConnectionWithProxy(finalURI);
-                urlConnection.setRequestMethod("POST");
-                if (DEBUG) Log.d(LOGTAG, "Provisioning, posting url =" + finalURI.toString());
-
-                // Add data
-                urlConnection.setRequestProperty("Accept", "*/*");
-                urlConnection.setRequestProperty("User-Agent", getCDMUserAgent());
-                urlConnection.setRequestProperty("Content-Type", "application/json");
-
-                // Execute HTTP Post Request
-                urlConnection.connect();
-
-                int responseCode = urlConnection.getResponseCode();
-                if (responseCode == HttpURLConnection.HTTP_OK) {
-                    BufferedReader in =
-                      new BufferedReader(new InputStreamReader(urlConnection.getInputStream(), StringUtils.UTF_8));
-                    String inputLine;
-                    StringBuffer response = new StringBuffer();
-
-                    while ((inputLine = in.readLine()) != null) {
-                        response.append(inputLine);
-                    }
-                    in.close();
-                    mResponseBody = String.valueOf(response).getBytes(StringUtils.UTF_8);
-                    if (DEBUG) Log.d(LOGTAG, "Provisioning, response received.");
-                    if (mResponseBody != null) Log.d(LOGTAG, "response length=" + mResponseBody.length);
-                } else {
-                    Log.d(LOGTAG, "Provisioning, server returned HTTP error code :" + responseCode);
-                }
-            } catch (IOException e) {
-                Log.e(LOGTAG, "Got exception during posting provisioning request ...", e);
-            } catch (URISyntaxException e) {
-                Log.e(LOGTAG, "Got exception during creating uri ...", e);
-            }
+            // AppConstants.isTorBrowser() is in base/, so it's not available in geckoview/
+            Log.i(LOGTAG, "This is Tor Browser. Skipping.");
             return null;
+
+            /* Dead code */
+            //try {
+            //    URI finalURI = new URI(mURL + "&signedRequest=" + URLEncoder.encode(new String(mDrmRequest), "UTF-8"));
+            //    HttpURLConnection urlConnection = (HttpURLConnection) ProxySelector.openConnectionWithProxy(finalURI);
+            //    urlConnection.setRequestMethod("POST");
+            //    if (DEBUG) Log.d(LOGTAG, "Provisioning, posting url =" + finalURI.toString());
+
+            //    // Add data
+            //    urlConnection.setRequestProperty("Accept", "*/*");
+            //    urlConnection.setRequestProperty("User-Agent", getCDMUserAgent());
+            //    urlConnection.setRequestProperty("Content-Type", "application/json");
+
+            //    // Execute HTTP Post Request
+            //    urlConnection.connect();
+
+            //    int responseCode = urlConnection.getResponseCode();
+            //    if (responseCode == HttpURLConnection.HTTP_OK) {
+            //        BufferedReader in =
+            //          new BufferedReader(new InputStreamReader(urlConnection.getInputStream(), StringUtils.UTF_8));
+            //        String inputLine;
+            //        StringBuffer response = new StringBuffer();
+
+            //        while ((inputLine = in.readLine()) != null) {
+            //            response.append(inputLine);
+            //        }
+            //        in.close();
+            //        mResponseBody = String.valueOf(response).getBytes(StringUtils.UTF_8);
+            //        if (DEBUG) Log.d(LOGTAG, "Provisioning, response received.");
+            //        if (mResponseBody != null) Log.d(LOGTAG, "response length=" + mResponseBody.length);
+            //    } else {
+            //        Log.d(LOGTAG, "Provisioning, server returned HTTP error code :" + responseCode);
+            //    }
+            //} catch (IOException e) {
+            //    Log.e(LOGTAG, "Got exception during posting provisioning request ...", e);
+            //} catch (URISyntaxException e) {
+            //    Log.e(LOGTAG, "Got exception during creating uri ...", e);
+            //}
+            //return null;
         }
 
         @Override
diff --git a/mobile/android/geckoview/src/thirdparty/java/com/google/android/exoplayer2/upstream/DefaultHttpDataSource.java b/mobile/android/geckoview/src/thirdparty/java/com/google/android/exoplayer2/upstream/DefaultHttpDataSource.java
index 75e1f675c5eb..22e9e1ffcb9b 100644
--- a/mobile/android/geckoview/src/thirdparty/java/com/google/android/exoplayer2/upstream/DefaultHttpDataSource.java
+++ b/mobile/android/geckoview/src/thirdparty/java/com/google/android/exoplayer2/upstream/DefaultHttpDataSource.java
@@ -395,51 +395,56 @@ public class DefaultHttpDataSource implements HttpDataSource {
    */
   private HttpURLConnection makeConnection(URL url, byte[] postBody, long position,
       long length, boolean allowGzip, boolean followRedirects) throws IOException, URISyntaxException {
+    // AppConstants.isTorBrowser() is in base/, so it's not available in geckoview/
+    Log.i(TAG, "This is Tor Browser. Skipping.");
+    throw new IOException();
+
     /**
      * Tor Project modified the way the connection object was created. For the sake of
      * simplicity, instead of duplicating the whole file we changed the connection object
      * to use the ProxySelector.
      */
-    HttpURLConnection connection = (HttpURLConnection) ProxySelector.openConnectionWithProxy(url.toURI());
-
-    connection.setConnectTimeout(connectTimeoutMillis);
-    connection.setReadTimeout(readTimeoutMillis);
-    if (defaultRequestProperties != null) {
-      for (Map.Entry<String, String> property : defaultRequestProperties.getSnapshot().entrySet()) {
-        connection.setRequestProperty(property.getKey(), property.getValue());
-      }
-    }
-    for (Map.Entry<String, String> property : requestProperties.getSnapshot().entrySet()) {
-      connection.setRequestProperty(property.getKey(), property.getValue());
-    }
-    if (!(position == 0 && length == C.LENGTH_UNSET)) {
-      String rangeRequest = "bytes=" + position + "-";
-      if (length != C.LENGTH_UNSET) {
-        rangeRequest += (position + length - 1);
-      }
-      connection.setRequestProperty("Range", rangeRequest);
-    }
-    connection.setRequestProperty("User-Agent", userAgent);
-    if (!allowGzip) {
-      connection.setRequestProperty("Accept-Encoding", "identity");
-    }
-    connection.setInstanceFollowRedirects(followRedirects);
-    connection.setDoOutput(postBody != null);
-    if (postBody != null) {
-      connection.setRequestMethod("POST");
-      if (postBody.length == 0) {
-        connection.connect();
-      } else  {
-        connection.setFixedLengthStreamingMode(postBody.length);
-        connection.connect();
-        OutputStream os = connection.getOutputStream();
-        os.write(postBody);
-        os.close();
-      }
-    } else {
-      connection.connect();
-    }
-    return connection;
+    /* Dead code */
+    //HttpURLConnection connection = (HttpURLConnection) ProxySelector.openConnectionWithProxy(url.toURI());
+
+    //connection.setConnectTimeout(connectTimeoutMillis);
+    //connection.setReadTimeout(readTimeoutMillis);
+    //if (defaultRequestProperties != null) {
+    //  for (Map.Entry<String, String> property : defaultRequestProperties.getSnapshot().entrySet()) {
+    //    connection.setRequestProperty(property.getKey(), property.getValue());
+    //  }
+    //}
+    //for (Map.Entry<String, String> property : requestProperties.getSnapshot().entrySet()) {
+    //  connection.setRequestProperty(property.getKey(), property.getValue());
+    //}
+    //if (!(position == 0 && length == C.LENGTH_UNSET)) {
+    //  String rangeRequest = "bytes=" + position + "-";
+    //  if (length != C.LENGTH_UNSET) {
+    //    rangeRequest += (position + length - 1);
+    //  }
+    //  connection.setRequestProperty("Range", rangeRequest);
+    //}
+    //connection.setRequestProperty("User-Agent", userAgent);
+    //if (!allowGzip) {
+    //  connection.setRequestProperty("Accept-Encoding", "identity");
+    //}
+    //connection.setInstanceFollowRedirects(followRedirects);
+    //connection.setDoOutput(postBody != null);
+    //if (postBody != null) {
+    //  connection.setRequestMethod("POST");
+    //  if (postBody.length == 0) {
+    //    connection.connect();
+    //  } else  {
+    //    connection.setFixedLengthStreamingMode(postBody.length);
+    //    connection.connect();
+    //    OutputStream os = connection.getOutputStream();
+    //    os.write(postBody);
+    //    os.close();
+    //  }
+    //} else {
+    //  connection.connect();
+    //}
+    //return connection;
   }
 
   /**
diff --git a/mobile/android/stumbler/java/org/mozilla/mozstumbler/service/utils/AbstractCommunicator.java b/mobile/android/stumbler/java/org/mozilla/mozstumbler/service/utils/AbstractCommunicator.java
index 9b3ee98f89db..fc3248d72219 100644
--- a/mobile/android/stumbler/java/org/mozilla/mozstumbler/service/utils/AbstractCommunicator.java
+++ b/mobile/android/stumbler/java/org/mozilla/mozstumbler/service/utils/AbstractCommunicator.java
@@ -68,6 +68,11 @@ public abstract class AbstractCommunicator {
     }
 
     private void openConnectionAndSetHeaders() {
+        if (AppConstants.isTorBrowser()) {
+            Log.i(LOG_TAG, "This is Tor Browser. Skipping.");
+            throw new Exception();
+        }
+
         try {
             Prefs prefs = Prefs.getInstanceWithoutContext();
             if (sMozApiKey == null || prefs != null) {



More information about the tbb-commits mailing list