Workaround TLS fragmented records

[aitorvs]

Task/Issue URL: https://app.asana.com/0/1202279501986195/1205874074739543/f

Description

We currently don't have support for TLS fragmented records and we think that lack of support is cause for the crashes/issues we see described in the asana task.

This PR doesn't support fragmented records but it takes them into consideration when parsing the TLS. The main goal would be twofold:

• avoid issues/crashes due to out of bounds buffer addressing on a fragmented record
• eagerly check TLS extensions to still block trakcers on fragmented records when the SNI falls into the first record

Steps to test this PR

• from this branch, publish the library to maven local ie. ./gradlew clean assemble publishToMavenLocal
• In the DDG android app apply the following path

Subject: [PATCH] Maven local use
---
Index: build.gradle
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
===================================================================
diff --git a/build.gradle b/build.gradle
--- a/build.gradle	(revision d11f7491d7ab4b27223fd352f83c26be403e79ed)
+++ b/build.gradle	(revision 3b1fe446b5d33e4d8a7f400137134ea0b5a797d7)
@@ -40,6 +40,7 @@
     repositories {
         google()
         mavenCentral()
+        mavenLocal()
     }
     configurations.all {
         resolutionStrategy.force 'org.objenesis:objenesis:2.6'
Index: versions.properties
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>ISO-8859-1
===================================================================
diff --git a/versions.properties b/versions.properties
--- a/versions.properties	(revision d11f7491d7ab4b27223fd352f83c26be403e79ed)
+++ b/versions.properties	(revision 3b1fe446b5d33e4d8a7f400137134ea0b5a797d7)
@@ -55,7 +55,7 @@
 
 version.com.android.installreferrer..installreferrer=2.2
 
-version.com.duckduckgo.netguard..netguard-android=1.6.0
+version.com.duckduckgo.netguard..netguard-android=1.7.0-SNAPSHOT
 
 version.com.duckduckgo.synccrypto..sync-crypto-android=0.3.0
 

• build DDG app
• AppTP smoke tests

[aitorvs]

Current dependencies on/for this PR:

• main
  • PR Workaround TLS fragmented records #32 👈

This stack of pull requests is managed by Graphite.

[aitorvs]

This is a check we had before that got lost when we re-wrote the TLS parsing.
We've seen some instances where the hostname is not UTF-8. The JNI interface (is_domain_blocked) uses NewStringUTF to pass the domain name to JVM, this is just to ensure we never get there with non UTF string.

[ngoossens]

I have read the code and run the tests (with some logging enabled) and this change looks good to me. I haven't built the DDG app and tested the whole thing together so approving with that caveat.