Skip to content

GitLab

  • Menu
Projects Groups Snippets
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • gajim gajim
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 181
    • Issues 181
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 5
    • Merge requests 5
  • Deployments
    • Deployments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Wiki
    • Wiki
  • Activity
  • Graph
  • Create a new issue
  • Commits
  • Issue Boards
Collapse sidebar
  • gajim
  • gajimgajim
  • Issues
  • #9573

Closed
Open
Created Feb 08, 2019 by Ghost User@ghostContributor

Connecting to an onion service leaks DNS requests to clearnet

Upon connecting to any .onion account/server the client performs a DNS lookup for _xmppconnect.[...].onion which leaks the requested onion service to the users DNS resolver and its upstreams.

You can watch this happen by running sudo tcpdump udp port 53 -vv -X in any terminal window and then connecting to any (valid or not) .onion.

I don't python, but a patch like the following should fix the issue

diff --git a/gajim/common/connection.py b/gajim/common/connection.py
index 571e00d30..90b0bafd0 100644
--- a/gajim/common/connection.py
+++ b/gajim/common/connection.py
@@ -1078,12 +1078,16 @@ class Connection(CommonConnection, ConnectionHandlers):
         h = hostname
         p = 5222
         ssl_p = 5223
+        use_txt = True
         if use_custom:
             h = custom_h
             p = custom_p
             ssl_p = custom_p
             if not self.redirected:
                 use_srv = False
+        if h.endswith('.onion'):
+            use_srv = False
+            use_txt = False
 
         self.redirected = None
         # SRV resolver
@@ -1095,7 +1099,7 @@ class Connection(CommonConnection, ConnectionHandlers):
         ]
         self._hostname = hostname
 
-        if h:
+        if h and use_txt:
             app.resolver.resolve('_xmppconnect.' + helpers.idn_to_ascii(h),
                                  self._on_resolve_txt, type_='txt')
Edited Feb 08, 2019 by Ghost User
Assignee
Assign to
Time tracking