Add check to prevent the use of IP addresses as SNI hostnames

This commit is contained in:
Сашка724ая 2024-01-06 17:22:07 +11:00
parent ee9fa841e2
commit 9d02baad2c
No known key found for this signature in database
GPG key ID: 10612D4360CCE133
2 changed files with 10 additions and 2 deletions

View file

@ -14,6 +14,7 @@ import android.net.SSLCertificateSocketFactory;
import android.os.Build;
import android.text.TextUtils;
import app.k9mail.core.common.net.HostNameUtils;
import com.fsck.k9.mail.MessagingException;
import com.fsck.k9.mail.ssl.TrustManagerFactory;
import com.fsck.k9.mail.ssl.TrustedSocketFactory;
@ -129,7 +130,10 @@ public class DefaultTrustedSocketFactory implements TrustedSocketFactory {
hardenSocket(sslSocket);
setSniHost(socketFactory, sslSocket, host);
// RFC 6066 does not permit the use of literal IPv4 or IPv6 addresses as SNI hostnames.
if (HostNameUtils.INSTANCE.isLegalIPAddress(host) == null) {
setSniHost(socketFactory, sslSocket, host);
}
return trustedSocket;
}

View file

@ -14,6 +14,7 @@ import android.net.SSLCertificateSocketFactory;
import android.os.Build;
import android.text.TextUtils;
import app.k9mail.core.common.net.HostNameUtils;
import com.fsck.k9.mail.MessagingException;
import com.fsck.k9.mail.ssl.TrustManagerFactory;
import com.fsck.k9.mail.ssl.TrustedSocketFactory;
@ -129,7 +130,10 @@ public class DefaultTrustedSocketFactory implements TrustedSocketFactory {
hardenSocket(sslSocket);
setSniHost(socketFactory, sslSocket, host);
// RFC 6066 does not permit the use of literal IPv4 or IPv6 addresses as SNI hostnames.
if (HostNameUtils.INSTANCE.isLegalIPAddress(host) == null) {
setSniHost(socketFactory, sslSocket, host);
}
return trustedSocket;
}