fix for mikeperry transproxy leak bug find

https://lists.torproject.org/pipermail/tor-talk/2014-March/032503.html
2014-04-07 23:36:10 -04:00 · 2014-04-07 23:36:10 -04:00 · 917ea6e09f
parent fc0554f9ff
commit 917ea6e09f
1 changed files with 34 additions and 15 deletions
--- a/src/org/torproject/android/service/TorTransProxy.java
+++ b/src/org/torproject/android/service/TorTransProxy.java
@ -19,13 +19,9 @@ public class TorTransProxy implements TorServiceConstants {
 	private TorService mTorService = null;
 	private File mFileXtables = null;
 	
-	public TorTransProxy (TorService torService)
+	public TorTransProxy (TorService torService, File fileXTables)
 	{
 		mTorService = torService;
-	}
-	
-	public void setXTables (File fileXTables)
-	{
 		mFileXtables = fileXTables;
 	}
 	
@ -395,6 +391,8 @@ public class TorTransProxy implements TorServiceConstants {
 			}		
 		}		
 		
+		fixTransproxyLeak (context);
+		
 		return 1;
    }	
 	
@ -469,22 +467,41 @@ public class TorTransProxy implements TorServiceConstants {
    	script.append(" -t filter");		
    	script.append(" -F ").append(chainName); //delete previous user-defined chain
    	
+    	SimpleCommand cmd = new SimpleCommand(script.toString());
+    	
+    	shell.add(cmd);
+    	
+    	return cmd.getExitCode();
+	}
+	
+	public int fixTransproxyLeak (Context context) throws Exception 
+	{
+		String ipTablesPath = getIpTablesPath(context);
+		
+    	Shell shell = Shell.startRootShell();
+    	
+    	StringBuilder script = new StringBuilder();
+    	script.append(ipTablesPath);
+		script.append(" -I OUTPUT ! -o lo ! -d 127.0.0.1 ! -s 127.0.0.1 -p tcp -m tcp --tcp-flags ACK,FIN ACK,FIN -j DROP");
 		shell.add(new SimpleCommand(script.toString()));
 		
-    	return 0;
+		script = new StringBuilder();
+		script.append(ipTablesPath);
+		script.append(" -I OUTPUT ! -o lo ! -d 127.0.0.1 ! -s 127.0.0.1 -p tcp -m tcp --tcp-flags ACK,RST ACK,RST -j DROP");
+		shell.add(new SimpleCommand(script.toString()));
+		
+		return 1;
+		 
 	}
 	
 	public int setTransparentProxyingAll(Context context) throws Exception 
 	{
 		
-		boolean runRoot = true;
-    	boolean waitFor = true;
    	
 		//redirectDNSResolvConf(); //not working yet
 		
 		String ipTablesPath = getIpTablesPath(context);
 		
-    	
    	Shell shell = Shell.startRootShell();
    	
    	int torUid = context.getApplicationInfo().uid;
@ -597,7 +614,6 @@ public class TorTransProxy implements TorServiceConstants {

 		}

-		
 		// Reject all other outbound TCP packets
 		script.append(ipTablesPath);
 		script.append(" -t filter");
@ -621,9 +637,12 @@ public class TorTransProxy implements TorServiceConstants {
 		script.append(" ! -d 127.0.0.1"); //allow access to localhost
 		script.append(" -j REJECT");

-		shell.add(new SimpleCommand(script.toString()));
+		SimpleCommand cmd = new SimpleCommand(script.toString());
+		shell.add(cmd);
 		
-    	return 0;
+		fixTransproxyLeak (context);
+		
+    	return cmd.getExitCode();
 	}