[tor-commits] [Git][tpo/applications/tor-browser][tor-browser-102.7.0esr-12.5-1] amend! Bug 8324: Prevent DNS proxy bypasses caused by Drag&Drop

Richard Pospesel (@richard) git at gitlab.torproject.org
Tue Feb 7 12:50:39 UTC 2023 


Richard Pospesel pushed to branch tor-browser-102.7.0esr-12.5-1 at The Tor Project / Applications / Tor Browser


Commits:
1ac8520e by hackademix at 2023-02-07T09:27:49+01:00
amend! Bug 8324: Prevent DNS proxy bypasses caused by Drag&Drop

Bug 8324: Prevent DNS proxy bypasses caused by Drag&Drop
Bug 41613: Skip Drang & Drop filtering for DNS-safe URLs

- - - - -


1 changed file:

- toolkit/torbutton/components/dragDropFilter.js


Changes:

=====================================
toolkit/torbutton/components/dragDropFilter.js
=====================================
@@ -113,6 +113,25 @@ DragDropFilter.prototype = {
     for (let i = 0, count = aDataTransfer.mozItemCount; i < count; ++i) {
       this.logger.log(3, `Inspecting the data transfer: ${i}.`);
       const types = aDataTransfer.mozTypesAt(i);
+      const urlType = "text/x-moz-url";
+      // Fallback url type, to be parsed by this browser but not externally
+      const INTERNAL_FALLBACK = "application/x-torbrowser-opaque";
+      if (types.contains(urlType)) {
+        const links = aDataTransfer.mozGetDataAt(urlType, i);
+        // Skip DNS-safe URLs (no hostname, e.g. RFC 3966 tel:)
+        const mayLeakDNS = links.split("\n").some(link => {
+          try {
+            return new URL(link).hostname;
+          } catch (e) {
+            return false;
+          }
+        });
+        if (!mayLeakDNS) {
+          continue;
+        }
+        const opaqueKey = OpaqueDrag.store(links, urlType);
+        aDataTransfer.mozSetDataAt(INTERNAL_FALLBACK, opaqueKey, i);
+      }
       for (const type of types) {
         this.logger.log(3, `Type is: ${type}.`);
         if (URLISH_TYPES.includes(type)) {
@@ -120,14 +139,6 @@ DragDropFilter.prototype = {
             3,
             `Removing transfer data ${aDataTransfer.mozGetDataAt(type, i)}`
           );
-          const urlType = "text/x-moz-url";
-          // Fallback url type, to be parsed by this browser but not externally
-          const INTERNAL_FALLBACK = "application/x-torbrowser-opaque";
-          if (types.contains(urlType)) {
-            const link = aDataTransfer.mozGetDataAt(urlType, i);
-            const opaqueKey = OpaqueDrag.store(link, urlType);
-            aDataTransfer.mozSetDataAt(INTERNAL_FALLBACK, opaqueKey, i);
-          }
           for (const type of types) {
             if (
               type !== INTERNAL_FALLBACK &&



View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/1ac8520e83901abb1d1f57b8752b7f1aad58a3a4

-- 
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/1ac8520e83901abb1d1f57b8752b7f1aad58a3a4
You're receiving this email because of your account on gitlab.torproject.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-commits/attachments/20230207/8e513e35/attachment-0001.htm>

More information about the tor-commits mailing list