#22170: Check uses of ch.boye.httpclientandroidlib.impl.client.* for proxy safety on Android -------------------------------------------------+------------------------- Reporter: gk | Owner: sysrqb Type: defect | Status: | accepted Priority: High | Milestone: Component: Applications/Tor Browser | Version: Severity: Normal | Resolution: Keywords: ff52-esr, tbb-mobile, | Actual Points: TorBrowserTeam201807 | Parent ID: #21863 | Points: Reviewer: | Sponsor: -------------------------------------------------+-------------------------
Comment (by sysrqb): Replying to [comment:20 sysrqb]: > All files where Fennec uses `conn` > > {{{ > $ git grep -n ch.boye.httpclientandroidlib.conn mobile/android/[bs]* > mobile/android/base/java/org/mozilla/gecko/util/URIUtils.java:14:import ch.boye.httpclientandroidlib.conn.util.InetAddressUtils; > }}} Only used for parsing a string. This class is only a utility, it doesn't create any connections. > {{{ > mobile/android/services/src/main/java/org/mozilla/gecko/sync/net/BaseResource.java:44:import ch.boye.httpclientandroidlib.conn.ClientConnectionManager; > mobile/android/services/src/main/java/org/mozilla/gecko/sync/net/BaseResource.java:45:import ch.boye.httpclientandroidlib.conn.params.ConnRoutePNames; > mobile/android/services/src/main/java/org/mozilla/gecko/sync/net/BaseResource.java:46:import ch.boye.httpclientandroidlib.conn.scheme.PlainSocketFactory; > mobile/android/services/src/main/java/org/mozilla/gecko/sync/net/BaseResource.java:47:import ch.boye.httpclientandroidlib.conn.scheme.Scheme; > mobile/android/services/src/main/java/org/mozilla/gecko/sync/net/BaseResource.java:48:import ch.boye.httpclientandroidlib.conn.scheme.SchemeRegistry; > mobile/android/services/src/main/java/org/mozilla/gecko/sync/net/BaseResource.java:49:import ch.boye.httpclientandroidlib.conn.ssl.SSLSocketFactory; > }}} This is proxy-safe but only because we hard-code the default HTTP proxy. `scheme.PlainSocketFactory` and `ssl.SSLSocketFactory` are used for establishing a connection to the proxy, instead of the destination. `params.ConnRoutePNames` is used for specifying the default proxy. `scheme.Scheme`, `scheme.SchemeRegistry`, and `ClientConnectionManager` are used during instantiation of the connection manager (`ThreadSafeClientConnManager`). > {{{ > mobile/android/services/src/main/java/org/mozilla/gecko/sync/net/TLSSocketFactory.java:16:import ch.boye.httpclientandroidlib.conn.ssl.SSLSocketFactory; > }}} Dead class. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22170#comment:22> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs