From 0f40e7e73b0dbec2382201b6f8ace2a522797b62 Mon Sep 17 00:00:00 2001 From: Daniel Gultsch Date: Sat, 29 Feb 2020 12:52:39 +0100 Subject: [PATCH] fixed typo in resolver that cause hostnames not to be marked as authenticated (with DNSSec) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit usually this wasn’t a problem as this is only the fallback after no IPs have been discovered. this also isn‘t a security issue as worst case is the hostname doesn’t get accepeted as fallback in cert validation. thanks @genofire for spotting this --- .../conversations/crypto/axolotl/AxolotlService.java | 2 +- src/main/java/eu/siacs/conversations/utils/Resolver.java | 8 +++++--- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/src/main/java/eu/siacs/conversations/crypto/axolotl/AxolotlService.java b/src/main/java/eu/siacs/conversations/crypto/axolotl/AxolotlService.java index 018a86b5d..e67755586 100644 --- a/src/main/java/eu/siacs/conversations/crypto/axolotl/AxolotlService.java +++ b/src/main/java/eu/siacs/conversations/crypto/axolotl/AxolotlService.java @@ -651,7 +651,7 @@ public class AxolotlService implements OnAdvancedStreamFeaturesLoaded { final boolean wipe, final boolean firstAttempt) { final Bundle publishOptions = account.getXmppConnection().getFeatures().pepPublishOptions() ? PublishOptions.openAccess() : null; - IqPacket publish = mXmppConnectionService.getIqGenerator().publishBundles( + final IqPacket publish = mXmppConnectionService.getIqGenerator().publishBundles( signedPreKeyRecord, axolotlStore.getIdentityKeyPair().getPublicKey(), preKeyRecords, getOwnDeviceId(), publishOptions); Log.d(Config.LOGTAG, AxolotlService.getLogprefix(account) + ": Bundle " + getOwnDeviceId() + " in PEP not current. Publishing..."); diff --git a/src/main/java/eu/siacs/conversations/utils/Resolver.java b/src/main/java/eu/siacs/conversations/utils/Resolver.java index a7072e8bc..247e77fae 100644 --- a/src/main/java/eu/siacs/conversations/utils/Resolver.java +++ b/src/main/java/eu/siacs/conversations/utils/Resolver.java @@ -61,7 +61,9 @@ public class Resolver { final Field dnsClientField = ReliableDNSClient.class.getDeclaredField("dnsClient"); dnsClientField.setAccessible(true); final DNSClient dnsClient = (DNSClient) dnsClientField.get(reliableDNSClient); - dnsClient.getDataSource().setTimeout(3000); + if (dnsClient != null) { + dnsClient.getDataSource().setTimeout(3000); + } final Field useHardcodedDnsServers = DNSClient.class.getDeclaredField("useHardcodedDnsServers"); useHardcodedDnsServers.setAccessible(true); useHardcodedDnsServers.setBoolean(dnsClient, false); @@ -176,7 +178,7 @@ public class Resolver { final List ipv4s = resolveIp(record, A.class, result.isAuthenticData(), directTls); if (ipv4s.size() == 0) { Result resolverResult = Result.fromRecord(record, directTls); - resolverResult.authenticated = resolverResult.isAuthenticated(); + resolverResult.authenticated = result.isAuthenticData(); ipv4s.add(resolverResult); } synchronized (results) { @@ -210,7 +212,7 @@ public class Resolver { ResolverResult results = resolveWithFallback(srv.name, type, authenticated); for (D record : results.getAnswersOrEmptySet()) { Result resolverResult = Result.fromRecord(srv, directTls); - resolverResult.authenticated = results.isAuthenticData() && authenticated; + resolverResult.authenticated = results.isAuthenticData() && authenticated; //TODO technically it doesn’t matter if the IP was authenticated resolverResult.ip = record.getInetAddress(); list.add(resolverResult); }