[Git][tpo/applications/tor-browser][tor-browser-102.7.0esr-12.5-1] amend! Bug 8324: Prevent DNS proxy bypasses caused by Drag&Drop - tor-commits

7 Feb 2023


      Richard Pospesel pushed to branch tor-browser-102.7.0esr-12.5-1 at The Tor Project / Applications / Tor Browser
Commits:
1ac8520e by hackademix at 2023-02-07T09:27:49+01:00
amend! Bug 8324: Prevent DNS proxy bypasses caused by Drag&amp;Drop
Bug 8324: Prevent DNS proxy bypasses caused by Drag&amp;Drop
Bug 41613: Skip Drang &amp; Drop filtering for DNS-safe URLs
- - - - -
1 changed file:
- toolkit/torbutton/components/dragDropFilter.js
Changes:
=====================================
toolkit/torbutton/components/dragDropFilter.js
=====================================
@@ -113,6 +113,25 @@ DragDropFilter.prototype = {
     for (let i = 0, count = aDataTransfer.mozItemCount; i < count; ++i) {
       this.logger.log(3, `Inspecting the data transfer: ${i}.`);
       const types = aDataTransfer.mozTypesAt(i);
+      const urlType = "text/x-moz-url";
+      // Fallback url type, to be parsed by this browser but not externally
+      const INTERNAL_FALLBACK = "application/x-torbrowser-opaque";
+      if (types.contains(urlType)) {
+        const links = aDataTransfer.mozGetDataAt(urlType, i);
+        // Skip DNS-safe URLs (no hostname, e.g. RFC 3966 tel:)
+        const mayLeakDNS = links.split("\n").some(link => {
+          try {
+            return new URL(link).hostname;
+          } catch (e) {
+            return false;
+          }
+        });
+        if (!mayLeakDNS) {
+          continue;
+        }
+        const opaqueKey = OpaqueDrag.store(links, urlType);
+        aDataTransfer.mozSetDataAt(INTERNAL_FALLBACK, opaqueKey, i);
+      }
       for (const type of types) {
         this.logger.log(3, `Type is: ${type}.`);
         if (URLISH_TYPES.includes(type)) {
@@ -120,14 +139,6 @@ DragDropFilter.prototype = {
             3,
             `Removing transfer data ${aDataTransfer.mozGetDataAt(type, i)}`
           );
-          const urlType = "text/x-moz-url";
-          // Fallback url type, to be parsed by this browser but not externally
-          const INTERNAL_FALLBACK = "application/x-torbrowser-opaque";
-          if (types.contains(urlType)) {
-            const link = aDataTransfer.mozGetDataAt(urlType, i);
-            const opaqueKey = OpaqueDrag.store(link, urlType);
-            aDataTransfer.mozSetDataAt(INTERNAL_FALLBACK, opaqueKey, i);
-          }
           for (const type of types) {
             if (
               type !== INTERNAL_FALLBACK &&
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/1ac8520e...
-- 
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/1ac8520e...
You're receiving this email because of your account on gitlab.torproject.org.





    