#27431: TBA connects to location.services.mozilla.com --------------------------------------+-------------------------- Reporter: towiw3 | Owner: sysrqb Type: defect | Status: assigned Priority: Medium | Milestone: Component: Applications/Tor Browser | Version: Severity: Major | Resolution: Keywords: tbb-mobile | Actual Points: Parent ID: | Points: Reviewer: | Sponsor: --------------------------------------+-------------------------- Changes (by sysrqb):
* cc: tbb-team, igt0 (added) * owner: tbb-team => sysrqb * status: new => assigned * severity: Normal => Major Comment: Thanks for reporting this! Ugh, okay. This is exactly what we feared. It looks like this is the result of a bug within the Android core HTTP library. This leak is already fixed in the more recent releases of Android. In particular, any version after Android O (API 26+) should not leak DNS queries. I didn't catch this in #21863 because I only audited the master branch. You can see the leak here, [https://android.googlesource.com/platform/external/okhttp/+/marshmallow- release/okhttp/src/main/java/com/squareup/okhttp/internal/http/RouteSelector.java#187 in Marshmallow]: {{{ if (proxy.type() == Proxy.Type.DIRECT || proxy.type() == Proxy.Type.SOCKS) { socketHost = address.getUriHost(); socketPort = getEffectivePort(uri); } else { SocketAddress proxyAddress = proxy.address(); if (!(proxyAddress instanceof InetSocketAddress)) { throw new IllegalArgumentException( "Proxy.address() is not an " + "InetSocketAddress: " + proxyAddress.getClass()); } InetSocketAddress proxySocketAddress = (InetSocketAddress) proxyAddress; socketHost = getHostString(proxySocketAddress); socketPort = proxySocketAddress.getPort(); } if (socketPort < 1 || socketPort > 65535) { throw new SocketException("No route to " + socketHost + ":" + socketPort + "; port is out of range"); } // Try each address for best behavior in mixed IPv4/IPv6 environments. for (InetAddress inetAddress : network.resolveInetAddresses(socketHost)) { inetSocketAddresses.add(new InetSocketAddress(inetAddress, socketPort)); } }}} And it is patched [https://android.googlesource.com/platform/external/okhttp/+/oreo- release/okhttp/src/main/java/com/squareup/okhttp/internal/http/RouteSelector.java#171 in Oreo]: {{{ if (proxy.type() == Proxy.Type.SOCKS) { inetSocketAddresses.add(InetSocketAddress.createUnresolved(socketHost, socketPort)); } else { // Try each address for best behavior in mixed IPv4/IPv6 environments. List<InetAddress> addresses = address.getDns().lookup(socketHost); for (int i = 0, size = addresses.size(); i < size; i++) { InetAddress inetAddress = addresses.get(i); inetSocketAddresses.add(new InetSocketAddress(inetAddress, socketPort)); } } }}} -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27431#comment:1> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs