fix for mikeperry transproxy leak bug find

https://lists.torproject.org/pipermail/tor-talk/2014-March/032503.html
This commit is contained in:
Nathan Freitas 2014-04-07 23:36:10 -04:00
parent fc0554f9ff
commit 917ea6e09f
1 changed files with 34 additions and 15 deletions

View File

@ -19,13 +19,9 @@ public class TorTransProxy implements TorServiceConstants {
private TorService mTorService = null;
private File mFileXtables = null;
public TorTransProxy (TorService torService)
public TorTransProxy (TorService torService, File fileXTables)
{
mTorService = torService;
}
public void setXTables (File fileXTables)
{
mFileXtables = fileXTables;
}
@ -395,6 +391,8 @@ public class TorTransProxy implements TorServiceConstants {
}
}
fixTransproxyLeak (context);
return 1;
}
@ -469,22 +467,41 @@ public class TorTransProxy implements TorServiceConstants {
script.append(" -t filter");
script.append(" -F ").append(chainName); //delete previous user-defined chain
SimpleCommand cmd = new SimpleCommand(script.toString());
shell.add(cmd);
return cmd.getExitCode();
}
public int fixTransproxyLeak (Context context) throws Exception
{
String ipTablesPath = getIpTablesPath(context);
Shell shell = Shell.startRootShell();
StringBuilder script = new StringBuilder();
script.append(ipTablesPath);
script.append(" -I OUTPUT ! -o lo ! -d 127.0.0.1 ! -s 127.0.0.1 -p tcp -m tcp --tcp-flags ACK,FIN ACK,FIN -j DROP");
shell.add(new SimpleCommand(script.toString()));
return 0;
script = new StringBuilder();
script.append(ipTablesPath);
script.append(" -I OUTPUT ! -o lo ! -d 127.0.0.1 ! -s 127.0.0.1 -p tcp -m tcp --tcp-flags ACK,RST ACK,RST -j DROP");
shell.add(new SimpleCommand(script.toString()));
return 1;
}
public int setTransparentProxyingAll(Context context) throws Exception
{
boolean runRoot = true;
boolean waitFor = true;
//redirectDNSResolvConf(); //not working yet
String ipTablesPath = getIpTablesPath(context);
Shell shell = Shell.startRootShell();
int torUid = context.getApplicationInfo().uid;
@ -597,7 +614,6 @@ public class TorTransProxy implements TorServiceConstants {
}
// Reject all other outbound TCP packets
script.append(ipTablesPath);
script.append(" -t filter");
@ -621,9 +637,12 @@ public class TorTransProxy implements TorServiceConstants {
script.append(" ! -d 127.0.0.1"); //allow access to localhost
script.append(" -j REJECT");
shell.add(new SimpleCommand(script.toString()));
SimpleCommand cmd = new SimpleCommand(script.toString());
shell.add(cmd);
return 0;
fixTransproxyLeak (context);
return cmd.getExitCode();
}