Re: [tor-bugs] #18101 [Applications/Tor Browser]: IP leak from Windows UI dialog with URI

["Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>]

#18101: IP leak from Windows UI dialog with URI
-------------------------------------------------+-------------------------
 Reporter:  uileak                               |          Owner:
                                                 |  arthuredelstein
     Type:  defect                               |         Status:
                                                 |  needs_revision
 Priority:  Very High                            |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Major                                |     Resolution:
 Keywords:  tbb-disk-leak, tbb-proxy-bypass,     |  Actual Points:
  TorBrowserTeam201711                           |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by arthuredelstein):

 I foraged through the Windows API and came up with what I think is a
 reasonable solution that works with the modern file dialog. Here's the
 PoC:

 https://gist.github.com/arthuredelstein/376e33ce8d4482561593657036db32e8

 In this hack, just before the file dialog is created, I set a hook
 function for window creation. I use some heuristics to identify the File
 Dialog window, and then I add a second hook that listens for the "Open"
 command from the user (by button click, enter key, or keyboard shortcut).
 Before the "Open" command can propagate, I check the text in the dialog's
 filename text field to see if it looks like a URI, and if so, I clear the
 text and show an error message to the user explaining that URIs are not
 allowed. I confirmed this approach prevents any DNS leak.

 Instead of clearing the text, it would be better to cancel the "Open"
 command and leave the text unchanged, but so far I haven't found a way to
 do that. But I think the usability awkwardness is acceptable, especially
 given that we explain to the user what has gone wrong.

 Anyway, the next step will be to turn this into a patch in Tor Browser.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18101#comment:66>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs