[tor-bugs] #18101 [Applications/Tor Browser]: IP leak from Windows UI dialog with URI

Tor Bug Tracker & Wiki blackhole at torproject.org
Sun Nov 12 13:13:15 UTC 2017


#18101: IP leak from Windows UI dialog with URI
-------------------------------------------------+-------------------------
 Reporter:  uileak                               |          Owner:
                                                 |  arthuredelstein
     Type:  defect                               |         Status:
                                                 |  needs_revision
 Priority:  Very High                            |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Major                                |     Resolution:
 Keywords:  tbb-disk-leak, tbb-proxy-bypass,     |  Actual Points:
  TorBrowserTeam201711                           |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by cypherpunks):

 Replying to [comment:66 arthuredelstein]:
 > I foraged through the Windows API
 Have you foraged em'all? :)
 > In this hack
 As it's a hack, could you make it disableable via a pref?
 > just before the file dialog is created, I set a hook function for window
 creation. I use some heuristics to identify the File Dialog window, and
 then I add a second hook that listens for the "Open" command from the user
 (by button click, enter key, or keyboard shortcut).
 and button tap ;)
 > Before the "Open" command can propagate, I check the text in the
 dialog's filename text field to see if it looks like a URI, and if so, I
 clear the text and show an error message to the user explaining that URIs
 are not allowed.
 In the "Open File..." dialog, you can grab that URI and open it, because
 it's a browser! :)
 > I confirmed this approach prevents any DNS leak.
 What DNS leak? You use OS's feature to load URIs using system proxy
 settings or you don't.
 > Instead of clearing the text, it would be better to cancel the "Open"
 command and leave the text unchanged
 and user would say WTF?!
 > but so far I haven't found a way to do that. But I think the usability
 awkwardness is acceptable, especially given that we explain to the user
 what has gone wrong.
 Until TBB can handle URIs...
 > Anyway, the next step will be to turn this into a patch in Tor Browser.
 And check the security suites wouldn't mind.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18101#comment:67>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list