fixed typo in resolver that cause hostnames not to be marked as authenticated (with DNSSec)

usually this wasn’t a problem as this is only the fallback after no IPs
have been discovered.

this also isn‘t a security issue as worst case is the hostname doesn’t get
accepeted as fallback in cert validation.

thanks @genofire for spotting this
This commit is contained in:
Daniel Gultsch 2020-02-29 12:52:39 +01:00
parent 5dd666257d
commit 0f40e7e73b
2 changed files with 6 additions and 4 deletions

View file

@ -651,7 +651,7 @@ public class AxolotlService implements OnAdvancedStreamFeaturesLoaded {
final boolean wipe, final boolean wipe,
final boolean firstAttempt) { final boolean firstAttempt) {
final Bundle publishOptions = account.getXmppConnection().getFeatures().pepPublishOptions() ? PublishOptions.openAccess() : null; final Bundle publishOptions = account.getXmppConnection().getFeatures().pepPublishOptions() ? PublishOptions.openAccess() : null;
IqPacket publish = mXmppConnectionService.getIqGenerator().publishBundles( final IqPacket publish = mXmppConnectionService.getIqGenerator().publishBundles(
signedPreKeyRecord, axolotlStore.getIdentityKeyPair().getPublicKey(), signedPreKeyRecord, axolotlStore.getIdentityKeyPair().getPublicKey(),
preKeyRecords, getOwnDeviceId(), publishOptions); preKeyRecords, getOwnDeviceId(), publishOptions);
Log.d(Config.LOGTAG, AxolotlService.getLogprefix(account) + ": Bundle " + getOwnDeviceId() + " in PEP not current. Publishing..."); Log.d(Config.LOGTAG, AxolotlService.getLogprefix(account) + ": Bundle " + getOwnDeviceId() + " in PEP not current. Publishing...");

View file

@ -61,7 +61,9 @@ public class Resolver {
final Field dnsClientField = ReliableDNSClient.class.getDeclaredField("dnsClient"); final Field dnsClientField = ReliableDNSClient.class.getDeclaredField("dnsClient");
dnsClientField.setAccessible(true); dnsClientField.setAccessible(true);
final DNSClient dnsClient = (DNSClient) dnsClientField.get(reliableDNSClient); final DNSClient dnsClient = (DNSClient) dnsClientField.get(reliableDNSClient);
if (dnsClient != null) {
dnsClient.getDataSource().setTimeout(3000); dnsClient.getDataSource().setTimeout(3000);
}
final Field useHardcodedDnsServers = DNSClient.class.getDeclaredField("useHardcodedDnsServers"); final Field useHardcodedDnsServers = DNSClient.class.getDeclaredField("useHardcodedDnsServers");
useHardcodedDnsServers.setAccessible(true); useHardcodedDnsServers.setAccessible(true);
useHardcodedDnsServers.setBoolean(dnsClient, false); useHardcodedDnsServers.setBoolean(dnsClient, false);
@ -176,7 +178,7 @@ public class Resolver {
final List<Result> ipv4s = resolveIp(record, A.class, result.isAuthenticData(), directTls); final List<Result> ipv4s = resolveIp(record, A.class, result.isAuthenticData(), directTls);
if (ipv4s.size() == 0) { if (ipv4s.size() == 0) {
Result resolverResult = Result.fromRecord(record, directTls); Result resolverResult = Result.fromRecord(record, directTls);
resolverResult.authenticated = resolverResult.isAuthenticated(); resolverResult.authenticated = result.isAuthenticData();
ipv4s.add(resolverResult); ipv4s.add(resolverResult);
} }
synchronized (results) { synchronized (results) {
@ -210,7 +212,7 @@ public class Resolver {
ResolverResult<D> results = resolveWithFallback(srv.name, type, authenticated); ResolverResult<D> results = resolveWithFallback(srv.name, type, authenticated);
for (D record : results.getAnswersOrEmptySet()) { for (D record : results.getAnswersOrEmptySet()) {
Result resolverResult = Result.fromRecord(srv, directTls); Result resolverResult = Result.fromRecord(srv, directTls);
resolverResult.authenticated = results.isAuthenticData() && authenticated; resolverResult.authenticated = results.isAuthenticData() && authenticated; //TODO technically it doesnt matter if the IP was authenticated
resolverResult.ip = record.getInetAddress(); resolverResult.ip = record.getInetAddress();
list.add(resolverResult); list.add(resolverResult);
} }