[tor-bugs] #18101 [Applications/Tor Browser]: IP leak from Windows UI dialog with URI

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Sep 8 15:16:40 UTC 2017

#18101: IP leak from Windows UI dialog with URI
 Reporter:  uileak                               |          Owner:
                                                 |  arthuredelstein
     Type:  defect                               |         Status:
                                                 |  needs_revision
 Priority:  Very High                            |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Major                                |     Resolution:
 Keywords:  tbb-disk-leak, tbb-proxy-bypass,     |  Actual Points:
  TorBrowserTeam201709R                          |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
Changes (by gk):

 * cc: mcs, brade (added)
 * status:  needs_review => needs_revision


 Replying to [comment:49 arthuredelstein]:
 > Replying to [comment:48 gk]:
 > Answering questions in reverse order:
 > > And could you verify that other Tor Browser platforms are unaffected?
 comment:7 seems to point this out for Linux. See comment:9 for macOS.
 > Here's a patch that covers all platforms:
 > https://github.com/arthuredelstein/tor-browser/commit/18101+2
 > Unfortunately, I haven't yet been able to test these on old Linux and
 macOS platforms. The current platforms on desktops I tested (XFCE, KDE,
 macOS) do not show a text box in the Open Dialog. Once I have builds
 ready, I will post them on this ticket so that people can test on old
 Mac/Linux platforms if they have them.

 I built own bundles and this was a PITA to test. I can confirm that the
 patch for Linux fixes the problem and it looks good to me. After trying to
 reproduce the problem for quite a while I wrote custom extension code
 using the example on https://developer.mozilla.org/en-
 US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsIFilePicker but with
 `modSave` (this is important, I could not find a way to reproduce the
 issue and test the fix with `modOpen`) and, obviously,
 `nsIFilePicker.filterAllowURLs` added to the filters.

 Arthur/Mark/Kathy: that might be a way to test the fix on a Mac as well
 (which I don't have atm).

 With the patch for Windows I still see DNS leaks. Here is what I did:

 1) Open the patched Tor Browser
 2) Go to https://bugs.torproject.org/18101
 3) Copy the URL of the Tor logo
 4) Open https://bug711654.bmoattachments.org/attachment.cgi?id=582460 in a
 new tab
 5) Start Wireshark
 6) Click on the "Browse" button and paste the URL for the Tor log and
 click on "Open"
 7) Wait a while and a DNS query for trac.torproject.org will be in the
 Wireshark log.

 Marking this as `needs_revision` for this problem. Arthur, let me know
 whether you can reproduce that. This happens on a Windows 7 machine (in
 case that matters).

 > > Arthur: What do we want to do for XP (see comment:10)?
 > I am inclined to treat this problem as wontfix, because XP is deprecated
 by Microsoft and is expected to be deprecated in September by Mozilla as
 well. I did spend a little time looking into the problem but I don't see a
 quick solution.

 Well, we certainly would take a patch if someone came up with one. So,
 let's open a follow-up ticket for that case and set `ff59-esr-will-have`
 as keyword once we are done here.

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18101#comment:54>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list