mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-12-17 11:54:26 -05:00
72ff1b1a4d
Signed-off-by: Tavi <tavi@divested.dev>
25 lines
1.1 KiB
Diff
25 lines
1.1 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
|
|
Date: Thu, 9 May 2024 23:02:17 +0300
|
|
Subject: [PATCH] fix DNS leak in VPN lockdown mode when VPN is down
|
|
|
|
---
|
|
server/NetworkController.cpp | 4 ++--
|
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/server/NetworkController.cpp b/server/NetworkController.cpp
|
|
index 20ae44b2..93ccf202 100644
|
|
--- a/server/NetworkController.cpp
|
|
+++ b/server/NetworkController.cpp
|
|
@@ -204,8 +204,8 @@ int NetworkController::setDefaultNetwork(unsigned netId) {
|
|
|
|
uint32_t NetworkController::getNetworkForDnsLocked(unsigned* netId, uid_t uid) const {
|
|
Fwmark fwmark;
|
|
- fwmark.protectedFromVpn = true;
|
|
- fwmark.permission = PERMISSION_SYSTEM;
|
|
+ fwmark.protectedFromVpn = canProtectLocked(uid);
|
|
+ fwmark.permission = getPermissionForUserLocked(uid);
|
|
|
|
// Common case: there is no VPN that applies to the user, and the query did not specify a netId.
|
|
// Therefore, it is safe to set the explicit bit on this query and skip all the complex logic
|