From 8499c86300f618d01f05287346b9b85f1bd74bdd Mon Sep 17 00:00:00 2001
From: niansa <tuxifan@posteo.de>
Date: Thu, 13 Apr 2023 10:01:56 +0200
Subject: [PATCH] Attempt to only apply to blocked websites

---
 Makefile   |  2 +-
 common.cpp | 28 ++++++++++++++++++++++++++++
 nss.c      | 13 +++++++++----
 3 files changed, 38 insertions(+), 5 deletions(-)

diff --git a/Makefile b/Makefile
index 507e40c..216291d 100644
--- a/Makefile
+++ b/Makefile
@@ -1,5 +1,5 @@
 libnosni.so: nss.o common.o common_cpp.o
-	g++ -g -fPIC -shared -ldl -lcurl -lcurlpp *.o -o libnosni.so
+	g++ -g -fPIC -shared *.o -ldl -lcurl -lcurlpp -o libnosni.so
 
 nss.o: nss.c
 	gcc -c -fPIC -I /usr/include/nspr/ nss.c -o nss.o
diff --git a/common.cpp b/common.cpp
index 011db5b..84b046a 100644
--- a/common.cpp
+++ b/common.cpp
@@ -1,9 +1,11 @@
+#include <stdio.h>
 #include <string>
 #include <string_view>
 #include <unordered_map>
 #include <optional>
 #include <curlpp/cURLpp.hpp>
 #include <curlpp/Easy.hpp>
+#include <curlpp/Infos.hpp>
 #include <curlpp/Options.hpp>
 
 
@@ -23,6 +25,8 @@ std::optional<bool> cached_is_domain_blocked(const char *hostname) {
 
 extern "C"
 bool is_domain_blocked(const char *hostname) {
+    bool fres;
+
     // Check cache first
     {
         auto fres = cached_is_domain_blocked(hostname);
@@ -32,5 +36,29 @@ bool is_domain_blocked(const char *hostname) {
     }
 
     // Use curlpp to check for HTTP != 200
+    try {
+        // Send request
+		curlpp::Cleanup cleanup;
+		curlpp::Easy req;
+		req.setOpt<curlpp::options::Url>(std::string("http://")+hostname);
+        req.setOpt<curlpp::options::NoBody>(true);
+		req.perform();
 
+        // Get status code
+        auto status = curlpp::infos::ResponseCode::get(req);
+
+        // Check result
+        fres = status > 400;
+	} catch (...) {
+		fres = true;
+	}
+
+	// Store result in cache
+	cache[hostname] = fres;
+
+    // Debug result
+    printf("Domain %s is%s\n", hostname, fres?" probably blocked":"n't blocked");
+
+    // Return result
+    return fres;
 }
diff --git a/nss.c b/nss.c
index f5313d9..4e0bac5 100644
--- a/nss.c
+++ b/nss.c
@@ -18,14 +18,19 @@ void *arg) {
 }
 
 SECStatus SSL_SetURL(PRFileDesc *fd, const char *url) {
-	// Debug
-	printf("Interrupted URL setter for %s; setting IP address on success.\n", url);
-	fflush(stdout);
-
 	// Get original function
 	static typeof(SSL_SetURL) *orig = NULL;
 	if (!orig) orig = dlsym(RTLD_NEXT, "SSL_SetURL");
 
+	// Don't do anything if domain isn't blocked
+	if (!is_domain_blocked(url)) {
+		return orig(fd, url);
+	}
+
+	// Debug
+	printf("Interrupted URL setter for %s; setting IP address on success.\n", url);
+	fflush(stdout);
+
 	// Get IP addr as string
 	url = resolve_hostname_to_str(url);
 	if (!url) return SECFailure;