From 17a1316bd3563df8fdc4d712985d31944603fc9c Mon Sep 17 00:00:00 2001 From: Anthony Tseng Date: Thu, 28 Jan 2021 15:41:10 -0700 Subject: [PATCH 1/2] Merge pull request #7731 from brave/doh-leak Specify resolver source to avoid using system resolver for CNAME adblocking --- browser/net/brave_ad_block_tp_network_delegate_helper.cc | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/browser/net/brave_ad_block_tp_network_delegate_helper.cc b/browser/net/brave_ad_block_tp_network_delegate_helper.cc index 6c71bd02b18b..0a97affeba05 100644 --- a/browser/net/brave_ad_block_tp_network_delegate_helper.cc +++ b/browser/net/brave_ad_block_tp_network_delegate_helper.cc @@ -133,6 +133,10 @@ class AdblockCnameResolveHostClient : public network::mojom::ResolveHostClient { network::mojom::ResolveHostParametersPtr optional_parameters = network::mojom::ResolveHostParameters::New(); optional_parameters->include_canonical_name = true; + // Explicitly specify source to avoid using `HostResolverProc` + // which will be handled by system resolver + // See https://crbug.com/872665 + optional_parameters->source = net::HostResolverSource::DNS; network::mojom::NetworkContext* network_context = content::BrowserContext::GetDefaultStoragePartition(context) From da2fa9ec0317b770141736f766d0d3c33602c8bf Mon Sep 17 00:00:00 2001 From: Kamil Jozwiak Date: Fri, 19 Feb 2021 10:49:56 -0500 Subject: [PATCH 2/2] Merge pull request #7909 from brave/pr7769_tor-dns-leak_1.21.x Fix Tor dns leak (uplift to 1.21.x) --- browser/net/BUILD.gn | 6 ++---- .../net/brave_ad_block_tp_network_delegate_helper.cc | 11 ++++++++++- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/browser/net/BUILD.gn b/browser/net/BUILD.gn index 94aca54a4839..25be6c6b6158 100644 --- a/browser/net/BUILD.gn +++ b/browser/net/BUILD.gn @@ -54,11 +54,11 @@ source_set("net") { "//brave/components/brave_webtorrent/browser/buildflags", "//brave/components/ipfs/buildflags", "//brave/extensions:common", + "//components/content_settings/core/browser", "//components/prefs", "//components/user_prefs", "//content/public/browser", "//content/public/common", - "//components/content_settings/core/browser", "//extensions/common:common_constants", "//mojo/public/cpp/bindings", "//mojo/public/cpp/system", @@ -88,9 +88,7 @@ source_set("net") { "brave_referrals_network_delegate_helper.h", ] - deps += [ - "//brave/components/brave_referrals/browser", - ] + deps += [ "//brave/components/brave_referrals/browser" ] } if (enable_brave_webtorrent) { diff --git a/browser/net/brave_ad_block_tp_network_delegate_helper.cc b/browser/net/brave_ad_block_tp_network_delegate_helper.cc index 0a97affeba05..a74f189d7648 100644 --- a/browser/net/brave_ad_block_tp_network_delegate_helper.cc +++ b/browser/net/brave_ad_block_tp_network_delegate_helper.cc @@ -196,7 +196,16 @@ void OnBeforeURLRequestAdBlockTP(const ResponseCallback& next_callback, scoped_refptr task_runner = g_brave_browser_process->ad_block_service()->GetTaskRunner(); - new AdblockCnameResolveHostClient(std::move(next_callback), task_runner, ctx); + DCHECK(ctx->browser_context); + // DoH or standard DNS quries won't be routed through Tor, so we need to skip + // it. + if (ctx->browser_context->IsTor()) { + ShouldBlockAdWithOptionalCname(task_runner, std::move(next_callback), ctx, + base::nullopt); + } else { + new AdblockCnameResolveHostClient(std::move(next_callback), task_runner, + ctx); + } } int OnBeforeURLRequest_AdBlockTPPreWork(const ResponseCallback& next_callback,