Commit 0599062
authored
security: require mixed inbound auth whenever exposed to LAN (#4)
The mixed inbound binds to 0.0.0.0 when allowAccess is enabled (in both VPN
and Proxy modes), but authentication was only applied in VPN mode and was
dropped entirely when appendHttpProxy was active on Android Q+. That left an
unauthenticated open proxy reachable from the LAN.
- mixedInboundNeedsAuth now requires auth whenever allowAccess is set,
regardless of service mode or appendHttpProxy.
- Loopback-only behavior is unchanged (appendHttpProxy still works).
- When allowAccess and appendHttpProxy are both on (Q+), skip
VpnService.setHttpProxy, since Android's system HTTP proxy cannot supply
credentials; log a note explaining why.1 parent b5458cc commit 0599062
2 files changed
Lines changed: 22 additions & 3 deletions
Lines changed: 12 additions & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
189 | 189 | | |
190 | 190 | | |
191 | 191 | | |
192 | | - | |
| 192 | + | |
| 193 | + | |
| 194 | + | |
| 195 | + | |
| 196 | + | |
| 197 | + | |
| 198 | + | |
| 199 | + | |
| 200 | + | |
| 201 | + | |
| 202 | + | |
| 203 | + | |
193 | 204 | | |
194 | 205 | | |
195 | 206 | | |
| |||
Lines changed: 10 additions & 2 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
153 | 153 | | |
154 | 154 | | |
155 | 155 | | |
156 | | - | |
157 | | - | |
| 156 | + | |
| 157 | + | |
| 158 | + | |
| 159 | + | |
| 160 | + | |
| 161 | + | |
| 162 | + | |
| 163 | + | |
| 164 | + | |
| 165 | + | |
158 | 166 | | |
159 | 167 | | |
160 | 168 | | |
| |||
0 commit comments