[tor-bugs] #31144 [Applications/Tor Browser]: ESR68 Network Code Review

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Oct 11 16:20:38 UTC 2019 

#31144: ESR68 Network Code Review
-------------------------------------------------+-------------------------
 Reporter:  pili                                 |          Owner:  tbb-
                                                 |  team
     Type:  task                                 |         Status:
                                                 |  needs_review
 Priority:  Very High                            |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  TorBrowserTeam201910R, tbb-9.0       |  Actual Points:
  -alpha-must                                    |
Parent ID:                                       |         Points:  10
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by sysrqb):

 Replying to [comment:11 mikeperry]:
 > Ok I believe I have completed the android portion now. Here is the full
 list of found items, removing the ones GeKo said were fixed:
 >
 > 1. Rust lib check
 > 2. java.net.URL stream usage (which looks like it bypasses the proxy)
 >    - GeckoApplication.downloadImageForSetImage uses URL.openStream()

 I don't know why we missed this. We should've found this in #21863.

 >    - GeckoActionProvider.downloadImageForIntent uses
 java.net.URL.openStream()

 Same here.

 >    - GeckAppShell has many wrappers to create inputstreams from
 URLConnections (but these may need to be opened first?)

 This seems like it's only local connections (but it has the potential of
 bypassing the proxy). Specifically, this is used as a protocol handler for
 `android:` URIs. We can reject connections for now, and come back to this.

 >    - GeckoMediaDrmBridgeV21.java - uses android.media.MediaDrm which
 seems to fetch stuff??

 We disabled DRM by pref (ticket:16285#comment:34).

 >    - BitmapUtils.decodeUrl uses openStream for non-jar urls

 Sigh.

 >    - GeckoJarReader - tons of stream use.. Can this be used on remote
 jars?

 This is safe, only accepts valid file paths.

 >    - AbstractCommunicator.openConnectionAndSetHeaders() - uses
 url.openConnection() (I think we patched this one in #31934?)
 >    - AbstractCommunicator.sendData() - uses url.getOutputStream()..
 maybe ok?

 Only used in mozstumbler, which we exclude at compile time.

 (coming back for the rest.)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31144#comment:14>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list