October 2011 - tor-commits - lists.torproject.org

[torsocks/osx] Use socket rather than address to determine connection type
by hoganrobert＠torproject.org 23 Oct '11

23 Oct '11

commit c8c6c60bfb9bc9eda73a8ff400ea2fb7ca0a7f3e Author: Robert Hogan <robert(a)roberthogan.net> Date: Sun Sep 19 13:34:02 2010 +0100 Use socket rather than address to determine connection type In sendmsg() and sendto() we were inspecting the sock_addr_t structure to determine if the connection was Internet or not. Since msg->msg_name is an optional value in sendmsg() and sendto() this could result in crashes because we weren't ensuring it was non-null. Since it's optional we should have been inspecting the SO_DOMAIN of the connection's socket anyway - it will always be there. Part of the fix for: http://code.google.com/p/torsocks/issues/detail?id=15 --- src/tsocks.c | 75 +++++++++++++++++++++++++++------------------------------- 1 files changed, 35 insertions(+), 40 deletions(-) diff --git a/src/tsocks.c b/src/tsocks.c index fe2ec66..3a9327a 100644 --- a/src/tsocks.c +++ b/src/tsocks.c @@ -1732,9 +1732,10 @@ struct hostent *tsocks_getipnodebyname_guts(GETIPNODEBYNAME_SIGNATURE, struct ho ssize_t tsocks_sendto_guts(SENDTO_SIGNATURE, ssize_t (*original_sendto)(SENDTO_SIGNATURE)) { - struct sockaddr_in *connaddr; int sock_type = -1; unsigned int sock_type_len = sizeof(sock_type); + int sock_domain = -1; + unsigned int sock_domain_len = sizeof(sock_domain); /* See comment in close() */ if (!tsocks_init_complete) { @@ -1749,30 +1750,26 @@ ssize_t tsocks_sendto_guts(SENDTO_SIGNATURE, ssize_t (*original_sendto)(SENDTO_S show_msg(MSGDEBUG, "Got sendto request\n"); - connaddr = (struct sockaddr_in *) to; - - /* Get the type of the socket */ - getsockopt(s, SOL_SOCKET, SO_TYPE, - (void *) &sock_type, &sock_type_len); + /* Get the domain of the socket */ + getsockopt(s, SOL_SOCKET, SO_DOMAIN, + (void *) &sock_domain, &sock_domain_len); - show_msg(MSGDEBUG, "sin_family: %i " - "\n", - connaddr->sin_family); - - show_msg(MSGDEBUG, "sockopt: %i " - "\n", - sock_type); - - /* If this isn't an INET socket we can't */ - /* handle it, just call the real connect now */ - if ((connaddr->sin_family != AF_INET)) { - show_msg(MSGDEBUG, "Connection isn't a TCP stream ignoring\n"); + /* If this isn't an INET socket we can't handle it, just call the real + connect now */ + if ((sock_domain != PF_INET)) { + show_msg(MSGDEBUG, "Connection isn't an Internet socket ignoring\n"); return (ssize_t) original_sendto(s, buf, len, flags, to, tolen); } #ifdef USE_TOR_DNS - /* If this a UDP socket */ - /* then we refuse it, since it is probably a DNS request */ + /* Get the type of the socket */ + getsockopt(s, SOL_SOCKET, SO_TYPE, + (void *) &sock_type, &sock_type_len); + + show_msg(MSGDEBUG, "sockopt: %i\n", sock_type); + + /* If this a UDP socket then we refuse it, since it is probably a DNS + request */ if ((sock_type != SOCK_STREAM)) { show_msg(MSGERR, "sendto: Connection is a UDP or ICMP stream, may be a " "DNS request or other form of leak: rejecting.\n"); @@ -1786,9 +1783,10 @@ ssize_t tsocks_sendto_guts(SENDTO_SIGNATURE, ssize_t (*original_sendto)(SENDTO_S ssize_t tsocks_sendmsg_guts(SENDMSG_SIGNATURE, ssize_t (*original_sendmsg)(SENDMSG_SIGNATURE)) { - struct sockaddr_in *connaddr; int sock_type = -1; unsigned int sock_type_len = sizeof(sock_type); + int sock_domain = -1; + unsigned int sock_domain_len = sizeof(sock_domain); /* See comment in close() */ if (!tsocks_init_complete) { @@ -1803,36 +1801,33 @@ ssize_t tsocks_sendmsg_guts(SENDMSG_SIGNATURE, ssize_t (*original_sendmsg)(SENDM show_msg(MSGDEBUG, "Got sendmsg request\n"); - connaddr = (struct sockaddr_in *) msg->msg_name; + /* Get the domain of the socket */ + getsockopt(s, SOL_SOCKET, SO_DOMAIN, + (void *) &sock_domain, &sock_domain_len); - /* Get the type of the socket */ - getsockopt(s, SOL_SOCKET, SO_TYPE, - (void *) &sock_type, &sock_type_len); - - show_msg(MSGDEBUG, "sin_family: %i " - "\n", - connaddr->sin_family); - - show_msg(MSGDEBUG, "sockopt: %i " - "\n", - sock_type); - - /* If this isn't an INET socket we can't */ - /* handle it, just call the real connect now */ - if ((connaddr->sin_family != AF_INET)) { - show_msg(MSGDEBUG, "Connection isn't a TCP stream ignoring\n"); + /* If this isn't an INET socket we can't handle it, just call the real + connect now */ + if ((sock_domain != PF_INET)) { + show_msg(MSGDEBUG, "Connection isn't an Internet socket ignoring\n"); return (ssize_t) original_sendmsg(s, msg, flags); } #ifdef USE_TOR_DNS - /* If this a UDP socket */ - /* then we refuse it, since it is probably a DNS request */ + /* Get the type of the socket */ + getsockopt(s, SOL_SOCKET, SO_TYPE, + (void *) &sock_type, &sock_type_len); + + show_msg(MSGDEBUG, "sockopt: %i\n", sock_type); + + /* If this a UDP socket then we refuse it, since it is probably a DNS + request */ if ((sock_type != SOCK_STREAM)) { show_msg(MSGERR, "sendmsg: Connection is a UDP or ICMP stream, may be a " "DNS request or other form of leak: rejecting.\n"); return -1; } #endif + return (ssize_t) original_sendmsg(s, msg, flags); }

1 0

[torsocks/osx] Make a global variable less generic
by hoganrobert＠torproject.org 23 Oct '11

23 Oct '11

commit 24794f78844ecc9978e6f78ace136c5f45154a16 Author: Robert Hogan <robert(a)roberthogan.net> Date: Sun Sep 19 13:39:18 2010 +0100 Make a global variable less generic Exporting a global variable called 'progname' is not a good idea if you are a library. Exporting global variables at all is probably a bad idea. For now, make the name less generic - it was causing crashes when torsocks was used with dig. Part of the fix for: http://code.google.com/p/torsocks/issues/detail?id=15 --- src/common.c | 4 ++-- src/inspectsocks.c | 2 +- src/tsocks.c | 2 +- src/validateconf.c | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/common.c b/src/common.c index 8a53bb0..2f7e233 100644 --- a/src/common.c +++ b/src/common.c @@ -182,7 +182,7 @@ int count_netmask_bits(uint32_t mask) void show_msg(int level, const char *fmt, ...) { va_list ap; int saveerr; - extern char *progname; + extern char *torsocks_progname; char timestring[20]; time_t timestamp; @@ -208,7 +208,7 @@ void show_msg(int level, const char *fmt, ...) { fprintf(logfile, "%s ", timestring); } - fputs(progname, logfile); + fputs(torsocks_progname, logfile); if (logstamp) { fprintf(logfile, "(%d)", getpid()); diff --git a/src/inspectsocks.c b/src/inspectsocks.c index e780518..d93bddf 100644 --- a/src/inspectsocks.c +++ b/src/inspectsocks.c @@ -50,7 +50,7 @@ */ /* Global configuration variables */ -const char *progname = "inspectsocks"; /* Name for error msgs */ +const char *torsocks_progname = "inspectsocks"; /* Name for error msgs */ int defaultport = 1080; /* Default SOCKS port */ /* Header Files */ diff --git a/src/tsocks.c b/src/tsocks.c index 3a9327a..ddaebf3 100644 --- a/src/tsocks.c +++ b/src/tsocks.c @@ -72,7 +72,7 @@ From 'man compat' in OSX: #endif /* Global configuration variables */ -const char *progname = "libtorsocks"; /* Name used in err msgs */ +const char *torsocks_progname = "libtorsocks"; /* Name used in err msgs */ /* Header Files */ #include <stdio.h> diff --git a/src/validateconf.c b/src/validateconf.c index 5c2acc5..6f92b55 100644 --- a/src/validateconf.c +++ b/src/validateconf.c @@ -50,7 +50,7 @@ */ /* Global configuration variables */ -const char *progname = "validateconf"; /* Name for error msgs */ +const char *torsocks_progname = "validateconf"; /* Name for error msgs */ /* Header Files */ #include <config.h>

1 0

[torsocks/osx] Remove USE_TOR_DNS compile guard
by hoganrobert＠torproject.org 23 Oct '11

23 Oct '11

commit 0cb8405b7af9c7be86b03e5b172f6d7f68540613 Author: Robert Hogan <robert(a)roberthogan.net> Date: Mon Sep 20 19:26:18 2010 +0100 Remove USE_TOR_DNS compile guard This is a leftover from the tsocks days. We always want this option enabled. --- configure.in | 11 ----------- src/patch_table.h | 7 ------- src/tsocks.c | 42 ++++-------------------------------------- src/validateconf.c | 2 -- 4 files changed, 4 insertions(+), 58 deletions(-) diff --git a/configure.in b/configure.in index ee5b4f4..9d8a1e2 100644 --- a/configure.in +++ b/configure.in @@ -180,17 +180,6 @@ if test "${enable_socksdns}" = "yes"; then AC_DEFINE([USE_SOCKS_DNS],[],[Description]) fi -AC_MSG_CHECKING(whether to enable tordns) -if test "x${enable_tordns}" = "x"; then - AC_DEFINE([USE_TOR_DNS],[],[Description]) - DEADPOOL_O="\${DEADPOOL}.o" - AC_MSG_RESULT(yes) -else - DEADPOOL_O="" - AC_MSG_RESULT(no) -fi -AC_SUBST(DEADPOOL_O) - if test "x${enable_envconf}" = "x"; then AC_DEFINE([ALLOW_ENV_CONFIG],[],[Description]) fi diff --git a/src/patch_table.h b/src/patch_table.h index 9ebde08..f859613 100644 --- a/src/patch_table.h +++ b/src/patch_table.h @@ -15,17 +15,10 @@ #define RES_FUNCD64 EMPTY_FUNC #endif -#ifdef USE_TOR_DNS #define DNS_FUNC FUNC #define DNS_FUNCD FUNCD #define DNS_FUNCD32 FUNCD32 #define DNS_FUNCD64 FUNCD64 -#else - #define DNS_FUNC EMPTY_FUNC - #define DNS_FUNCD EMPTY_FUNC - #define DNS_FUNCD32 EMPTY_FUNC - #define DNS_FUNCD64 EMPTY_FUNC -#endif #define EMPTY_FUNC(e,r,s,n,b,m) diff --git a/src/tsocks.c b/src/tsocks.c index ddaebf3..468f9d2 100644 --- a/src/tsocks.c +++ b/src/tsocks.c @@ -95,9 +95,7 @@ const char *torsocks_progname = "libtorsocks"; /* Name used in err msgs #if !defined(__APPLE__) && !defined(__darwin__) #include <sys/socket.h> #endif -#ifdef USE_TOR_DNS #include <resolv.h> -#endif #include <parser.h> #include <tsocks.h> #include "dead_pool.h" @@ -108,9 +106,7 @@ const char *torsocks_progname = "libtorsocks"; /* Name used in err msgs #define EXPAND_GUTS_NAME(x) EXPAND_GUTS(x) /* Global Declarations */ -#ifdef USE_TOR_DNS static dead_pool *pool = NULL; -#endif /*USE_TOR_DNS*/ /* Function prototypes for original functions that we patch */ #ifdef SUPPORT_RES_API @@ -169,10 +165,8 @@ static int read_socksv5_method(struct connreq *conn); static int read_socksv4_req(struct connreq *conn); static int read_socksv5_connect(struct connreq *conn); static int read_socksv5_auth(struct connreq *conn); -#ifdef USE_TOR_DNS static int deadpool_init(void); static int send_socksv4a_request(struct connreq *conn, const char *onion_host); -#endif static pthread_mutex_t tsocks_init_mutex = PTHREAD_MUTEX_INITIALIZER; @@ -230,14 +224,12 @@ void tsocks_init(void) realconnect = dlsym(lib, "connect"); realselect = dlsym(lib, "select"); realpoll = dlsym(lib, "poll"); - #ifdef USE_TOR_DNS realgethostbyname = dlsym(lib, "gethostbyname"); realgethostbyaddr = dlsym(lib, "gethostbyaddr"); realgetaddrinfo = dlsym(lib, "getaddrinfo"); realgetipnodebyname = dlsym(lib, "getipnodebyname"); realsendto = dlsym(lib, "sendto"); realsendmsg = dlsym(lib, "sendmsg"); - #endif dlclose(lib); lib = dlopen(LIBC, RTLD_LAZY); realclose = dlsym(lib, "close"); @@ -252,11 +244,9 @@ void tsocks_init(void) dlclose(lib); #endif #endif -#ifdef USE_TOR_DNS /* Unfortunately, we can't do this lazily because otherwise our mmap'd area won't be shared across fork()s. */ deadpool_init(); -#endif tsocks_init_complete=1; pthread_mutex_unlock(&tsocks_init_mutex); @@ -375,7 +365,6 @@ int tsocks_connect_guts(CONNECT_SIGNATURE, int (*original_connect)(CONNECT_SIGNA return(original_connect(__fd, __addr, __len)); } -#ifdef USE_TOR_DNS /* If this a UDP socket */ /* then we refuse it, since it is probably a DNS request */ if ((sock_type != SOCK_STREAM)) { @@ -383,7 +372,6 @@ int tsocks_connect_guts(CONNECT_SIGNATURE, int (*original_connect)(CONNECT_SIGNA "DNS request or other form of leak: rejecting.\n"); return -1; } -#endif // /* If we haven't initialized yet, do it now */ get_config(); @@ -441,14 +429,10 @@ int tsocks_connect_guts(CONNECT_SIGNATURE, int (*original_connect)(CONNECT_SIGNA "%s\n", __fd, inet_ntoa(connaddr->sin_addr)); /* If the address is local call original_connect */ -#ifdef USE_TOR_DNS - if (!(is_local(&config, &(connaddr->sin_addr))) && + if (!(is_local(&config, &(connaddr->sin_addr))) && !is_dead_address(pool, connaddr->sin_addr.s_addr)) { -#else - if (!(is_local(&config, &(connaddr->sin_addr)))) { -#endif - show_msg(MSGDEBUG, "Connection for socket %d is local\n", __fd); - return(original_connect(__fd, __addr, __len)); + show_msg(MSGDEBUG, "Connection for socket %d is local\n", __fd); + return(original_connect(__fd, __addr, __len)); } /* Ok, so its not local, we need a path to the net */ @@ -1128,7 +1112,6 @@ static int send_socks_request(struct connreq *conn) { int rc = 0; -#ifdef USE_TOR_DNS if (conn->path->type == 4) { char *name = get_pool_entry(pool, &(conn->connaddr.sin_addr)); if(name != NULL) { @@ -1136,18 +1119,13 @@ static int send_socks_request(struct connreq *conn) } else { rc = send_socksv4_request(conn); } -#else - if (conn->path->type == 4) { - rc = send_socksv4_request(conn); -#endif } else { rc = send_socksv5_method(conn); } return(rc); } -#ifdef USE_TOR_DNS -static int send_socksv4a_request(struct connreq *conn,const char *onion_host) +static int send_socksv4a_request(struct connreq *conn,const char *onion_host) { struct passwd *user; struct sockreq *thisreq; @@ -1189,7 +1167,6 @@ static int send_socksv4a_request(struct connreq *conn,const char *onion_host) return(0); } -#endif /* USE_TOR_DNS */ static int send_socksv4_request(struct connreq *conn) { @@ -1247,10 +1224,8 @@ static int send_socksv5_method(struct connreq *conn) static int send_socksv5_connect(struct connreq *conn) { -#ifdef USE_TOR_DNS int namelen = 0; char *name = NULL; -#endif char constring[] = { 0x05, /* Version 5 SOCKS */ 0x01, /* Connect request */ 0x00, /* Reserved */ @@ -1263,8 +1238,6 @@ static int send_socksv5_connect(struct connreq *conn) memcpy(conn->buffer, constring, sizeof(constring)); conn->datalen = sizeof(constring); -#ifdef USE_TOR_DNS - show_msg(MSGDEBUG, "send_socksv5_connect: looking for: %s\n", inet_ntoa(conn->connaddr.sin_addr)); @@ -1285,14 +1258,11 @@ static int send_socksv5_connect(struct connreq *conn) conn->datalen += namelen; } else { show_msg(MSGDEBUG, "send_socksv5_connect: ip address not found\n"); -#endif /* Use the raw IP address */ memcpy(&conn->buffer[conn->datalen], &(conn->connaddr.sin_addr.s_addr), sizeof(conn->connaddr.sin_addr.s_addr)); conn->datalen += sizeof(conn->connaddr.sin_addr.s_addr); -#ifdef USE_TOR_DNS } -#endif memcpy(&conn->buffer[conn->datalen], &(conn->connaddr.sin_port), sizeof(conn->connaddr.sin_port)); conn->datalen += sizeof(conn->connaddr.sin_port); @@ -1761,7 +1731,6 @@ ssize_t tsocks_sendto_guts(SENDTO_SIGNATURE, ssize_t (*original_sendto)(SENDTO_S return (ssize_t) original_sendto(s, buf, len, flags, to, tolen); } -#ifdef USE_TOR_DNS /* Get the type of the socket */ getsockopt(s, SOL_SOCKET, SO_TYPE, (void *) &sock_type, &sock_type_len); @@ -1775,7 +1744,6 @@ ssize_t tsocks_sendto_guts(SENDTO_SIGNATURE, ssize_t (*original_sendto)(SENDTO_S "DNS request or other form of leak: rejecting.\n"); return -1; } -#endif return (ssize_t) original_sendto(s, buf, len, flags, to, tolen); @@ -1812,7 +1780,6 @@ ssize_t tsocks_sendmsg_guts(SENDMSG_SIGNATURE, ssize_t (*original_sendmsg)(SENDM return (ssize_t) original_sendmsg(s, msg, flags); } -#ifdef USE_TOR_DNS /* Get the type of the socket */ getsockopt(s, SOL_SOCKET, SO_TYPE, (void *) &sock_type, &sock_type_len); @@ -1826,7 +1793,6 @@ ssize_t tsocks_sendmsg_guts(SENDMSG_SIGNATURE, ssize_t (*original_sendmsg)(SENDM "DNS request or other form of leak: rejecting.\n"); return -1; } -#endif return (ssize_t) original_sendmsg(s, msg, flags); } diff --git a/src/validateconf.c b/src/validateconf.c index 6f92b55..1d2eb44 100644 --- a/src/validateconf.c +++ b/src/validateconf.c @@ -191,7 +191,6 @@ void show_conf(struct parsedfile *config) { } } -#ifdef USE_TOR_DNS /* Show tordns configuration options */ printf("=== TorDNS Configuration Options ===\n"); printf("Tor DNS enabled: %s\n", @@ -202,7 +201,6 @@ void show_conf(struct parsedfile *config) { inet_ntoa(config->tordns_deadpool_range->localnet)); printf("Tor DNS cache size: %d\n", config->tordns_cache_size); printf("\n"); -#endif return; }

1 0

[torsocks/osx] Whitespace fixes in tsocks.c
by hoganrobert＠torproject.org 23 Oct '11

23 Oct '11

commit 8c0a33433e8e2e98064a5552d3fea2c19519f6ed Author: Robert Hogan <robert(a)roberthogan.net> Date: Mon Sep 20 20:03:56 2010 +0100 Whitespace fixes in tsocks.c --- src/tsocks.c | 561 ++++++++++++++++++++++++++++----------------------------- 1 files changed, 276 insertions(+), 285 deletions(-) diff --git a/src/tsocks.c b/src/tsocks.c index 468f9d2..2bd21fd 100644 --- a/src/tsocks.c +++ b/src/tsocks.c @@ -185,7 +185,7 @@ void tsocks_init(void) /* We only need to be called once */ if (tsocks_init_complete) { - return; + return; } /* Not strictly true yet, but prevents us getting called while still in progress.*/ @@ -212,13 +212,13 @@ void tsocks_init(void) dlerror(); #ifndef USE_OLD_DLSYM - #ifdef SUPPORT_RES_API - if ((realres_init = dlsym(RTLD_NEXT, "res_init")) == NULL) - LOAD_ERROR("res_init", MSGERR); - #endif - #define PATCH_TABLE_EXPANSION(e,r,s,n,b,m) if ((real##n = dlsym(RTLD_NEXT, m)) == NULL) LOAD_ERROR(m, MSG##e); - #include "patch_table.h" - #undef PATCH_TABLE_EXPANSION + #ifdef SUPPORT_RES_API + if ((realres_init = dlsym(RTLD_NEXT, "res_init")) == NULL) + LOAD_ERROR("res_init", MSGERR); + #endif + #define PATCH_TABLE_EXPANSION(e,r,s,n,b,m) if ((real##n = dlsym(RTLD_NEXT, m)) == NULL) LOAD_ERROR(m, MSG##e); + #include "patch_table.h" + #undef PATCH_TABLE_EXPANSION #else lib = dlopen(LIBCONNECT, RTLD_LAZY); realconnect = dlsym(lib, "connect"); @@ -333,7 +333,7 @@ int tsocks_connect_guts(CONNECT_SIGNATURE, int (*original_connect)(CONNECT_SIGNA /* See comment in close() */ if (!tsocks_init_complete) { - tsocks_init(); + tsocks_init(); } /* If the real connect doesn't exist, we're stuffed */ @@ -350,19 +350,15 @@ int tsocks_connect_guts(CONNECT_SIGNATURE, int (*original_connect)(CONNECT_SIGNA getsockopt(__fd, SOL_SOCKET, SO_TYPE, (void *) &sock_type, &sock_type_len); - show_msg(MSGDEBUG, "sin_family: %i " - "\n", - connaddr->sin_family); + show_msg(MSGDEBUG, "sin_family: %i\n", connaddr->sin_family); - show_msg(MSGDEBUG, "sockopt: %i " - "\n", - sock_type); + show_msg(MSGDEBUG, "sockopt: %i \n", sock_type); /* If this isn't an INET socket we can't */ /* handle it, just call the real connect now */ if ((connaddr->sin_family != AF_INET)) { show_msg(MSGDEBUG, "Connection isn't a TCP stream ignoring\n"); - return(original_connect(__fd, __addr, __len)); + return(original_connect(__fd, __addr, __len)); } /* If this a UDP socket */ @@ -373,47 +369,47 @@ int tsocks_connect_guts(CONNECT_SIGNATURE, int (*original_connect)(CONNECT_SIGNA return -1; } - // /* If we haven't initialized yet, do it now */ + /* If we haven't initialized yet, do it now */ get_config(); /* Are we already handling this connect? */ if ((newconn = find_socks_request(__fd, 1))) { if (memcmp(&newconn->connaddr, connaddr, sizeof(*connaddr))) { - /* Ok, they're calling connect on a socket that is in our - * queue but this connect() isn't to the same destination, - * they're obviously not trying to check the status of - * they're non blocking connect, they must have close()d - * the other socket and created a new one which happens - * to have the same fd as a request we haven't had the chance - * to delete yet, so we delete it here. */ - show_msg(MSGDEBUG, "Call to connect received on old " - "tsocks request for socket %d but to " - "new destination, deleting old request\n", - newconn->sockid); - kill_socks_request(newconn); - } else { - /* Ok, this call to connect() is to check the status of - * a current non blocking connect(). */ - if (newconn->state == FAILED) { - show_msg(MSGDEBUG, "Call to connect received on failed " - "request %d, returning %d\n", - newconn->sockid, newconn->err); - errno = newconn->err; - rc = -1; - } else if (newconn->state == DONE) { - show_msg(MSGERR, "Call to connect received on completed " - "request %d\n", - newconn->sockid, newconn->err); - rc = 0; - } else { - show_msg(MSGDEBUG, "Call to connect received on current request %d\n", + /* Ok, they're calling connect on a socket that is in our + * queue but this connect() isn't to the same destination, + * they're obviously not trying to check the status of + * they're non blocking connect, they must have close()d + * the other socket and created a new one which happens + * to have the same fd as a request we haven't had the chance + * to delete yet, so we delete it here. */ + show_msg(MSGDEBUG, "Call to connect received on old " + "tsocks request for socket %d but to " + "new destination, deleting old request\n", newconn->sockid); - rc = handle_request(newconn); - errno = rc; - } - if ((newconn->state == FAILED) || (newconn->state == DONE)) - kill_socks_request(newconn); - return((rc ? -1 : 0)); + kill_socks_request(newconn); + } else { + /* Ok, this call to connect() is to check the status of + * a current non blocking connect(). */ + if (newconn->state == FAILED) { + show_msg(MSGDEBUG, "Call to connect received on failed " + "request %d, returning %d\n", + newconn->sockid, newconn->err); + errno = newconn->err; + rc = -1; + } else if (newconn->state == DONE) { + show_msg(MSGERR, "Call to connect received on completed " + "request %d\n", + newconn->sockid, newconn->err); + rc = 0; + } else { + show_msg(MSGDEBUG, "Call to connect received on current request %d\n", + newconn->sockid); + rc = handle_request(newconn); + errno = rc; + } + if ((newconn->state == FAILED) || (newconn->state == DONE)) + kill_socks_request(newconn); + return((rc ? -1 : 0)); } } @@ -422,7 +418,7 @@ int tsocks_connect_guts(CONNECT_SIGNATURE, int (*original_connect)(CONNECT_SIGNA if (!getpeername(__fd, (struct sockaddr *) &peer_address, &namelen)) { show_msg(MSGDEBUG, "Socket is already connected, defering to " "real connect\n"); - return(original_connect(__fd, __addr, __len)); + return(original_connect(__fd, __addr, __len)); } show_msg(MSGDEBUG, "Got connection request for socket %d to " @@ -435,62 +431,61 @@ int tsocks_connect_guts(CONNECT_SIGNATURE, int (*original_connect)(CONNECT_SIGNA return(original_connect(__fd, __addr, __len)); } - /* Ok, so its not local, we need a path to the net */ - pick_server(&config, &path, &(connaddr->sin_addr), ntohs(connaddr->sin_port)); - - show_msg(MSGDEBUG, "Picked server %s for connection\n", - (path->address ? path->address : "(Not Provided)")); - if (path->address == NULL) { - if (path == &(config.defaultserver)) - show_msg(MSGERR, "Connection needs to be made " - "via default server but " - "the default server has not " - "been specified\n"); - else - show_msg(MSGERR, "Connection needs to be made " - "via path specified at line " - "%d in configuration file but " - "the server has not been " - "specified for this path\n", - path->lineno); - } else if ((res = resolve_ip(path->address, 0, HOSTNAMES)) == -1) { - show_msg(MSGERR, "The SOCKS server (%s) listed in the configuration " - "file which needs to be used for this connection " - "is invalid\n", path->address); - } else { - /* Construct the addr for the socks server */ - server_address.sin_family = AF_INET; /* host byte order */ - server_address.sin_addr.s_addr = res; - server_address.sin_port = htons(path->port); - bzero(&(server_address.sin_zero), 8); - - /* Complain if this server isn't on a localnet */ - if (is_local(&config, &server_address.sin_addr)) { - show_msg(MSGERR, "SOCKS server %s (%s) is not on a local subnet!\n", - path->address, inet_ntoa(server_address.sin_addr)); - } else - gotvalidserver = 1; - } + /* Ok, so its not local, we need a path to the net */ + pick_server(&config, &path, &(connaddr->sin_addr), ntohs(connaddr->sin_port)); - /* If we haven't found a valid server we return connection refused */ - if (!gotvalidserver || - !(newconn = new_socks_request(__fd, connaddr, &server_address, path))) { - errno = ECONNREFUSED; - return(-1); - } else { - /* Now we call the main function to handle the connect. */ - rc = handle_request(newconn); - /* If the request completed immediately it mustn't have been - * a non blocking socket, in this case we don't need to know - * about this socket anymore. */ - if ((newconn->state == FAILED) || (newconn->state == DONE)) - kill_socks_request(newconn); - errno = rc; - return((rc ? -1 : 0)); - } + show_msg(MSGDEBUG, "Picked server %s for connection\n", + (path->address ? path->address : "(Not Provided)")); + if (path->address == NULL) { + if (path == &(config.defaultserver)) + show_msg(MSGERR, "Connection needs to be made " + "via default server but " + "the default server has not " + "been specified\n"); + else + show_msg(MSGERR, "Connection needs to be made " + "via path specified at line " + "%d in configuration file but " + "the server has not been " + "specified for this path\n", + path->lineno); + } else if ((res = resolve_ip(path->address, 0, HOSTNAMES)) == -1) { + show_msg(MSGERR, "The SOCKS server (%s) listed in the configuration " + "file which needs to be used for this connection " + "is invalid\n", path->address); + } else { + /* Construct the addr for the socks server */ + server_address.sin_family = AF_INET; /* host byte order */ + server_address.sin_addr.s_addr = res; + server_address.sin_port = htons(path->port); + bzero(&(server_address.sin_zero), 8); + + /* Complain if this server isn't on a localnet */ + if (is_local(&config, &server_address.sin_addr)) { + show_msg(MSGERR, "SOCKS server %s (%s) is not on a local subnet!\n", + path->address, inet_ntoa(server_address.sin_addr)); + } else + gotvalidserver = 1; + } + + /* If we haven't found a valid server we return connection refused */ + if (!gotvalidserver || + !(newconn = new_socks_request(__fd, connaddr, &server_address, path))) { + errno = ECONNREFUSED; + return(-1); + } else { + /* Now we call the main function to handle the connect. */ + rc = handle_request(newconn); + /* If the request completed immediately it mustn't have been + * a non blocking socket, in this case we don't need to know + * about this socket anymore. */ + if ((newconn->state == FAILED) || (newconn->state == DONE)) + kill_socks_request(newconn); + errno = rc; + return((rc ? -1 : 0)); + } } - int tsocks_select_guts(SELECT_SIGNATURE, int (*original_select)(SELECT_SIGNATURE)) { int nevents = 0; @@ -501,14 +496,14 @@ int tsocks_select_guts(SELECT_SIGNATURE, int (*original_select)(SELECT_SIGNATURE fd_set mywritefds, myreadfds, myexceptfds; /* If we're not currently managing any requests we can just - * leave here */ + * leave here */ if (!requests) { show_msg(MSGDEBUG, "No requests waiting, calling real select\n"); return(original_select(n, readfds, writefds, exceptfds, timeout)); } if (!tsocks_init_complete) { - tsocks_init(); + tsocks_init(); } show_msg(MSGDEBUG, "Intercepted call to select with %d fds, " @@ -517,16 +512,16 @@ int tsocks_select_guts(SELECT_SIGNATURE, int (*original_select)(SELECT_SIGNATURE for (conn = requests; conn != NULL; conn = conn->next) { if ((conn->state == FAILED) || (conn->state == DONE)) - continue; + continue; conn->selectevents = 0; show_msg(MSGDEBUG, "Checking requests for socks enabled socket %d\n", - conn->sockid); + conn->sockid); conn->selectevents |= (writefds ? (FD_ISSET(conn->sockid, writefds) ? WRITE : 0) : 0); conn->selectevents |= (readfds ? (FD_ISSET(conn->sockid, readfds) ? READ : 0) : 0); conn->selectevents |= (exceptfds ? (FD_ISSET(conn->sockid, exceptfds) ? EXCEPT : 0) : 0); if (conn->selectevents) { - show_msg(MSGDEBUG, "Socket %d was set for events\n", conn->sockid); - monitoring = 1; + show_msg(MSGDEBUG, "Socket %d was set for events\n", conn->sockid); + monitoring = 1; } } @@ -544,125 +539,125 @@ int tsocks_select_guts(SELECT_SIGNATURE, int (*original_select)(SELECT_SIGNATURE do { /* Copy the clients fd events, we'll change them as we wish */ if (readfds) - memcpy(&myreadfds, readfds, sizeof(myreadfds)); + memcpy(&myreadfds, readfds, sizeof(myreadfds)); else - FD_ZERO(&myreadfds); + FD_ZERO(&myreadfds); if (writefds) - memcpy(&mywritefds, writefds, sizeof(mywritefds)); + memcpy(&mywritefds, writefds, sizeof(mywritefds)); else - FD_ZERO(&mywritefds); + FD_ZERO(&mywritefds); if (exceptfds) - memcpy(&myexceptfds, exceptfds, sizeof(myexceptfds)); + memcpy(&myexceptfds, exceptfds, sizeof(myexceptfds)); else - FD_ZERO(&myexceptfds); + FD_ZERO(&myexceptfds); /* Now enable our sockets for the events WE want to hear about */ for (conn = requests; conn != NULL; conn = conn->next) { - if ((conn->state == FAILED) || (conn->state == DONE) || - (conn->selectevents == 0)) - continue; - /* We always want to know about socket exceptions */ - FD_SET(conn->sockid, &myexceptfds); - /* If we're waiting for a connect or to be able to send - * on a socket we want to get write events */ - if ((conn->state == SENDING) || (conn->state == CONNECTING)) - FD_SET(conn->sockid,&mywritefds); - else - FD_CLR(conn->sockid,&mywritefds); - /* If we're waiting to receive data we want to get - * read events */ - if (conn->state == RECEIVING) - FD_SET(conn->sockid,&myreadfds); - else - FD_CLR(conn->sockid,&myreadfds); + if ((conn->state == FAILED) || (conn->state == DONE) || + (conn->selectevents == 0)) + continue; + /* We always want to know about socket exceptions */ + FD_SET(conn->sockid, &myexceptfds); + /* If we're waiting for a connect or to be able to send + * on a socket we want to get write events */ + if ((conn->state == SENDING) || (conn->state == CONNECTING)) + FD_SET(conn->sockid,&mywritefds); + else + FD_CLR(conn->sockid,&mywritefds); + /* If we're waiting to receive data we want to get + * read events */ + if (conn->state == RECEIVING) + FD_SET(conn->sockid,&myreadfds); + else + FD_CLR(conn->sockid,&myreadfds); } nevents = original_select(n, &myreadfds, &mywritefds, &myexceptfds, timeout); /* If there were no events we must have timed out or had an error */ if (nevents <= 0) - break; + break; /* Loop through all the sockets we're monitoring and see if * any of them have had events */ for (conn = requests; conn != NULL; conn = nextconn) { - nextconn = conn->next; - if ((conn->state == FAILED) || (conn->state == DONE)) - continue; - show_msg(MSGDEBUG, "Checking socket %d for events\n", conn->sockid); - /* Clear all the events on the socket (if any), we'll reset - * any that are necessary later. */ - setevents = 0; - if (FD_ISSET(conn->sockid, &mywritefds)) { - nevents--; - setevents |= WRITE; - show_msg(MSGDEBUG, "Socket had write event\n"); - FD_CLR(conn->sockid, &mywritefds); - } - if (FD_ISSET(conn->sockid, &myreadfds)) { - nevents--; - setevents |= READ; - show_msg(MSGDEBUG, "Socket had write event\n"); - FD_CLR(conn->sockid, &myreadfds); - } - if (FD_ISSET(conn->sockid, &myexceptfds)) { - nevents--; - setevents |= EXCEPT; - show_msg(MSGDEBUG, "Socket had except event\n"); - FD_CLR(conn->sockid, &myexceptfds); - } + nextconn = conn->next; + if ((conn->state == FAILED) || (conn->state == DONE)) + continue; + show_msg(MSGDEBUG, "Checking socket %d for events\n", conn->sockid); + /* Clear all the events on the socket (if any), we'll reset + * any that are necessary later. */ + setevents = 0; + if (FD_ISSET(conn->sockid, &mywritefds)) { + nevents--; + setevents |= WRITE; + show_msg(MSGDEBUG, "Socket had write event\n"); + FD_CLR(conn->sockid, &mywritefds); + } + if (FD_ISSET(conn->sockid, &myreadfds)) { + nevents--; + setevents |= READ; + show_msg(MSGDEBUG, "Socket had write event\n"); + FD_CLR(conn->sockid, &myreadfds); + } + if (FD_ISSET(conn->sockid, &myexceptfds)) { + nevents--; + setevents |= EXCEPT; + show_msg(MSGDEBUG, "Socket had except event\n"); + FD_CLR(conn->sockid, &myexceptfds); + } - if (!setevents) { - show_msg(MSGDEBUG, "No events on socket %d\n", conn->sockid); - continue; - } + if (!setevents) { + show_msg(MSGDEBUG, "No events on socket %d\n", conn->sockid); + continue; + } - if (setevents & EXCEPT) { - conn->state = FAILED; - } else { - rc = handle_request(conn); - } - /* If the connection hasn't failed or completed there is nothing - * to report to the client */ - if ((conn->state != FAILED) && - (conn->state != DONE)) - continue; - - /* Ok, the connection is completed, for good or for bad. We now - * hand back the relevant events to the caller. We don't delete the - * connection though since the caller should call connect() to - * check the status, we delete it then */ - - if (conn->state == FAILED) { - /* Damn, the connection failed. Whatever the events the socket - * was selected for we flag */ - if (conn->selectevents & EXCEPT) { - FD_SET(conn->sockid, &myexceptfds); - nevents++; - } - if (conn->selectevents & READ) { - FD_SET(conn->sockid, &myreadfds); - nevents++; - } - if (conn->selectevents & WRITE) { - FD_SET(conn->sockid, &mywritefds); - nevents++; - } - /* We should use setsockopt to set the SO_ERROR errno for this - * socket, but this isn't allowed for some silly reason which - * leaves us a bit hamstrung. - * We don't delete the request so that hopefully we can - * return the error on the socket if they call connect() on it */ - } else { - /* The connection is done, if the client selected for - * writing we can go ahead and signal that now (since the socket must - * be ready for writing), otherwise we'll just let the select loop - * come around again (since we can't flag it for read, we don't know - * if there is any data to be read and can't be bothered checking) */ - if (conn->selectevents & WRITE) { - FD_SET(conn->sockid, &mywritefds); - nevents++; - } - } + if (setevents & EXCEPT) { + conn->state = FAILED; + } else { + rc = handle_request(conn); + } + /* If the connection hasn't failed or completed there is nothing + * to report to the client */ + if ((conn->state != FAILED) && + (conn->state != DONE)) + continue; + + /* Ok, the connection is completed, for good or for bad. We now + * hand back the relevant events to the caller. We don't delete the + * connection though since the caller should call connect() to + * check the status, we delete it then */ + + if (conn->state == FAILED) { + /* Damn, the connection failed. Whatever the events the socket + * was selected for we flag */ + if (conn->selectevents & EXCEPT) { + FD_SET(conn->sockid, &myexceptfds); + nevents++; + } + if (conn->selectevents & READ) { + FD_SET(conn->sockid, &myreadfds); + nevents++; + } + if (conn->selectevents & WRITE) { + FD_SET(conn->sockid, &mywritefds); + nevents++; + } + /* We should use setsockopt to set the SO_ERROR errno for this + * socket, but this isn't allowed for some silly reason which + * leaves us a bit hamstrung. + * We don't delete the request so that hopefully we can + * return the error on the socket if they call connect() on it */ + } else { + /* The connection is done, if the client selected for + * writing we can go ahead and signal that now (since the socket must + * be ready for writing), otherwise we'll just let the select loop + * come around again (since we can't flag it for read, we don't know + * if there is any data to be read and can't be bothered checking) */ + if (conn->selectevents & WRITE) { + FD_SET(conn->sockid, &mywritefds); + nevents++; + } + } } } while (nevents == 0); @@ -693,9 +688,9 @@ int tsocks_poll_guts(POLL_SIGNATURE, int (*original_poll)(POLL_SIGNATURE)) if (!requests) return(original_poll(ufds, nfds, timeout)); - if (!tsocks_init_complete) { + if (!tsocks_init_complete) { tsocks_init(); - } + } show_msg(MSGDEBUG, "Intercepted call to poll with %d fds, " "0x%08x timeout %d\n", nfds, ufds, timeout); @@ -707,7 +702,7 @@ int tsocks_poll_guts(POLL_SIGNATURE, int (*original_poll)(POLL_SIGNATURE)) * in */ for (i = 0; i < nfds; i++) { if (!(conn = find_socks_request(ufds[i].fd, 0))) - continue; + continue; show_msg(MSGDEBUG, "Have event checks for socks enabled socket %d\n", conn->sockid); conn->selectevents = ufds[i].events; @@ -749,7 +744,7 @@ int tsocks_poll_guts(POLL_SIGNATURE, int (*original_poll)(POLL_SIGNATURE)) nevents = original_poll(ufds, nfds, timeout); /* If there were no events we must have timed out or had an error */ if (nevents <= 0) - break; + break; /* Loop through all the sockets we're monitoring and see if * any of them have had events */ @@ -800,25 +795,25 @@ int tsocks_poll_guts(POLL_SIGNATURE, int (*original_poll)(POLL_SIGNATURE)) continue; /* Ok, the connection is completed, for good or for bad. We now - * hand back the relevant events to the caller. We don't delete the - * connection though since the caller should call connect() to - * check the status, we delete it then */ + * hand back the relevant events to the caller. We don't delete the + * connection though since the caller should call connect() to + * check the status, we delete it then */ if (conn->state == FAILED) { /* Damn, the connection failed. Just copy back the error events - * from the poll call, error events are always valid even if not - * requested by the client */ + * from the poll call, error events are always valid even if not + * requested by the client */ /* We should use setsockopt to set the SO_ERROR errno for this - * socket, but this isn't allowed for some silly reason which - * leaves us a bit hamstrung. - * We don't delete the request so that hopefully we can - * return the error on the socket if they call connect() on it */ + * socket, but this isn't allowed for some silly reason which + * leaves us a bit hamstrung. + * We don't delete the request so that hopefully we can + * return the error on the socket if they call connect() on it */ } else { /* The connection is done, if the client polled for - * writing we can go ahead and signal that now (since the socket must - * be ready for writing), otherwise we'll just let the select loop - * come around again (since we can't flag it for read, we don't know - * if there is any data to be read and can't be bothered checking) */ + * writing we can go ahead and signal that now (since the socket must + * be ready for writing), otherwise we'll just let the select loop + * come around again (since we can't flag it for read, we don't know + * if there is any data to be read and can't be bothered checking) */ if (conn->selectevents & POLLOUT) { setevents |= POLLOUT; nevents++; @@ -832,8 +827,7 @@ int tsocks_poll_guts(POLL_SIGNATURE, int (*original_poll)(POLL_SIGNATURE)) /* Now restore the events polled in each of the blocks */ for (i = 0; i < nfds; i++) { if (!(conn = find_socks_request(ufds[i].fd, 1))) - continue; - + continue; ufds[i].events = conn->selectevents; } @@ -874,7 +868,7 @@ int tsocks_close_guts(CLOSE_SIGNATURE, int (*original_close)(CLOSE_SIGNATURE)) if ((conn = find_socks_request(fd, 1))) { show_msg(MSGDEBUG, "Call to close() received on file descriptor " "%d which is a connection request of status %d\n", - conn->sockid, conn->state); + conn->sockid, conn->state); kill_socks_request(conn); } @@ -966,10 +960,10 @@ static void kill_socks_request(struct connreq *conn) requests = conn->next; else { for (connnode = requests; connnode != NULL; connnode = connnode->next) { - if (connnode->next == conn) { - connnode->next = conn->next; - break; - } + if (connnode->next == conn) { + connnode->next = conn->next; + break; + } } } @@ -1005,8 +999,8 @@ static int handle_request(struct connreq *conn) (conn->state != DONE) && (i++ < 20)) { show_msg(MSGDEBUG, "In request handle loop for socket %d, " - "current state of request is %d\n", conn->sockid, - conn->state); + "current state of request is %d\n", conn->sockid, + conn->state); switch(conn->state) { case UNSTARTED: case CONNECTING: @@ -1062,7 +1056,6 @@ static int handle_request(struct connreq *conn) rc = read_socksv5_connect(conn); break; } - conn->err = errno; } @@ -1071,7 +1064,7 @@ static int handle_request(struct connreq *conn) conn->sockid); show_msg(MSGDEBUG, "Handle loop completed for socket %d in state %d, " - "returning %d\n", conn->sockid, conn->state, rc); + "returning %d\n", conn->sockid, conn->state, rc); return(rc); } @@ -1081,24 +1074,24 @@ static int connect_server(struct connreq *conn) /* Connect this socket to the socks server */ show_msg(MSGDEBUG, "Connecting to %s port %d\n", - inet_ntoa(conn->serveraddr.sin_addr), ntohs(conn->serveraddr.sin_port)); + inet_ntoa(conn->serveraddr.sin_addr), ntohs(conn->serveraddr.sin_port)); rc = realconnect(conn->sockid, (CONNECT_SOCKARG) &(conn->serveraddr), - sizeof(conn->serveraddr)); + sizeof(conn->serveraddr)); show_msg(MSGDEBUG, "Connect returned %d, errno is %d\n", rc, errno); if (rc && errno == EISCONN) { rc = 0; show_msg(MSGDEBUG, "Socket %d already connected to SOCKS server\n", conn->sockid); conn->state = CONNECTED; - } else if (rc) { + } else if (rc) { if (errno != EINPROGRESS) { - show_msg(MSGERR, "Error %d attempting to connect to SOCKS " - "server (%s)\n", errno, strerror(errno)); - conn->state = FAILED; + show_msg(MSGERR, "Error %d attempting to connect to SOCKS " + "server (%s)\n", errno, strerror(errno)); + conn->state = FAILED; } else { - show_msg(MSGDEBUG, "Connection in progress\n"); - conn->state = CONNECTING; + show_msg(MSGDEBUG, "Connection in progress\n"); + conn->state = CONNECTING; } } else { show_msg(MSGDEBUG, "Socket %d connected to SOCKS server\n", conn->sockid); @@ -1305,16 +1298,16 @@ static int recv_buffer(struct connreq *conn) rc = recv(conn->sockid, conn->buffer + conn->datadone, conn->datalen - conn->datadone, 0); if (rc > 0) { - conn->datadone += rc; - rc = 0; + conn->datadone += rc; + rc = 0; } else if (rc == 0) { - show_msg(MSGDEBUG, "Peer has shutdown but we only read %d of %d bytes.\n", - conn->datadone, conn->datalen); - rc = ENOTCONN; /* ENOTCONN seems like the most fitting error message */ + show_msg(MSGDEBUG, "Peer has shutdown but we only read %d of %d bytes.\n", + conn->datadone, conn->datalen); + rc = ENOTCONN; /* ENOTCONN seems like the most fitting error message */ } else { - if (errno != EWOULDBLOCK) - show_msg(MSGDEBUG, "Read failed, %s\n", strerror(errno)); - rc = errno; + if (errno != EWOULDBLOCK) + show_msg(MSGDEBUG, "Read failed, %s\n", strerror(errno)); + rc = errno; } } @@ -1322,7 +1315,7 @@ static int recv_buffer(struct connreq *conn) conn->state = conn->nextstate; show_msg(MSGDEBUG, "Received %d bytes of %d bytes expected, return code is %d\n", - conn->datadone, conn->datalen, rc); + conn->datadone, conn->datalen, rc); return(rc); } @@ -1389,7 +1382,7 @@ static int read_socksv5_method(struct connreq *conn) conn->state = SENDING; conn->nextstate = SENTV5AUTH; conn->datadone = 0; - } else + } else return(send_socksv5_connect(conn)); return(0); @@ -1445,7 +1438,6 @@ static int read_socksv5_connect(struct connreq *conn) return(ECONNABORTED); } } - conn->state = DONE; return(0); @@ -1479,7 +1471,6 @@ static int read_socksv4_req(struct connreq *conn) return(ECONNREFUSED); } } - conn->state = DONE; return(0); @@ -1491,15 +1482,15 @@ int res_init(void) int rc; if (!realres_init) { - if ((realres_init = dlsym(RTLD_NEXT, "res_init")) == NULL) - LOAD_ERROR("res_init", MSGERR); + if ((realres_init = dlsym(RTLD_NEXT, "res_init")) == NULL) + LOAD_ERROR("res_init", MSGERR); } show_msg(MSGDEBUG, "Got res_init request\n"); /* See comment in close() */ if (!tsocks_init_complete) { - tsocks_init(); + tsocks_init(); } if (realres_init == NULL) { @@ -1509,9 +1500,9 @@ int res_init(void) /* Call normal res_init */ rc = realres_init(); - /* Force using TCP protocol for DNS queries */ - _res.options |= RES_USEVC; - return(rc); + /* Force using TCP protocol for DNS queries */ + _res.options |= RES_USEVC; + return(rc); } int EXPAND_GUTS_NAME(res_query)(RES_QUERY_SIGNATURE, int (*original_res_query)(RES_QUERY_SIGNATURE)) @@ -1519,15 +1510,15 @@ int EXPAND_GUTS_NAME(res_query)(RES_QUERY_SIGNATURE, int (*original_res_query)(R int rc; if (!original_res_query) { - if ((original_res_query = dlsym(RTLD_NEXT, "res_query")) == NULL) - LOAD_ERROR("res_query", MSGERR); + if ((original_res_query = dlsym(RTLD_NEXT, "res_query")) == NULL) + LOAD_ERROR("res_query", MSGERR); } show_msg(MSGDEBUG, "Got res_query request\n"); /* See comment in close() */ if (!tsocks_init_complete) { - tsocks_init(); + tsocks_init(); } if (original_res_query == NULL) { @@ -1538,7 +1529,7 @@ int EXPAND_GUTS_NAME(res_query)(RES_QUERY_SIGNATURE, int (*original_res_query)(R /* Ensure we force using TCP for DNS queries by calling res_init above if it has not already been called.*/ if (!(_res.options & RES_INIT) || !(_res.options & RES_USEVC)) - res_init(); + res_init(); /* Call normal res_query */ rc = original_res_query(dname, class, type, answer, anslen); @@ -1559,7 +1550,7 @@ int EXPAND_GUTS_NAME(res_querydomain)(RES_QUERYDOMAIN_SIGNATURE, int (*original_ /* See comment in close() */ if (!tsocks_init_complete) { - tsocks_init(); + tsocks_init(); } if (original_res_querydomain == NULL) { @@ -1570,7 +1561,7 @@ int EXPAND_GUTS_NAME(res_querydomain)(RES_QUERYDOMAIN_SIGNATURE, int (*original_ /* Ensure we force using TCP for DNS queries by calling res_init above if it has not already been called.*/ if (!(_res.options & RES_INIT) || !(_res.options & RES_USEVC)) - res_init(); + res_init(); /* Call normal res_querydomain */ rc = original_res_querydomain(name, domain, class, type, answer, anslen); @@ -1583,15 +1574,15 @@ int EXPAND_GUTS_NAME(res_search)(RES_SEARCH_SIGNATURE, int (*original_res_search int rc; if (!original_res_search) { - if ((original_res_search = dlsym(RTLD_NEXT, "res_search")) == NULL) - LOAD_ERROR("res_search", MSGERR); + if ((original_res_search = dlsym(RTLD_NEXT, "res_search")) == NULL) + LOAD_ERROR("res_search", MSGERR); } show_msg(MSGDEBUG, "Got res_search request\n"); /* See comment in close() */ if (!tsocks_init_complete) { - tsocks_init(); + tsocks_init(); } if (original_res_search == NULL) { @@ -1602,7 +1593,7 @@ int EXPAND_GUTS_NAME(res_search)(RES_SEARCH_SIGNATURE, int (*original_res_search /* Ensure we force using TCP for DNS queries by calling res_init above if it has not already been called.*/ if (!(_res.options & RES_INIT) || !(_res.options & RES_USEVC)) - res_init(); + res_init(); /* Call normal res_search */ rc = original_res_search(dname, class, type, answer, anslen); @@ -1615,15 +1606,15 @@ int EXPAND_GUTS_NAME(res_send)(RES_SEND_SIGNATURE, int (*original_res_send)(RES_ int rc; if (!original_res_send) { - if ((original_res_send = dlsym(RTLD_NEXT, "res_send")) == NULL) - LOAD_ERROR("res_send", MSGERR); + if ((original_res_send = dlsym(RTLD_NEXT, "res_send")) == NULL) + LOAD_ERROR("res_send", MSGERR); } show_msg(MSGDEBUG, "Got res_send request\n"); /* See comment in close() */ if (!tsocks_init_complete) { - tsocks_init(); + tsocks_init(); } if (original_res_send == NULL) { @@ -1634,7 +1625,7 @@ int EXPAND_GUTS_NAME(res_send)(RES_SEND_SIGNATURE, int (*original_res_send)(RES_ /* Ensure we force using TCP for DNS queries by calling res_init above if it has not already been called.*/ if (!(_res.options & RES_INIT) || !(_res.options & RES_USEVC)) - res_init(); + res_init(); /* Call normal res_send */ rc = original_res_send(msg, msglen, answer, anslen); @@ -1666,7 +1657,7 @@ static int deadpool_init(void) struct hostent *tsocks_gethostbyname_guts(GETHOSTBYNAME_SIGNATURE, struct hostent *(*original_gethostbyname)(GETHOSTBYNAME_SIGNATURE)) { - if(pool) { + if (pool) { return our_gethostbyname(pool, name); } else { return original_gethostbyname(name); @@ -1675,7 +1666,7 @@ struct hostent *tsocks_gethostbyname_guts(GETHOSTBYNAME_SIGNATURE, struct hosten struct hostent *tsocks_gethostbyaddr_guts(GETHOSTBYADDR_SIGNATURE, struct hostent *(*original_gethostbyaddr)(GETHOSTBYADDR_SIGNATURE)) { - if(pool) { + if (pool) { return our_gethostbyaddr(pool, addr, len, type); } else { return original_gethostbyaddr(addr, len, type); @@ -1684,7 +1675,7 @@ struct hostent *tsocks_gethostbyaddr_guts(GETHOSTBYADDR_SIGNATURE, struct hosten int tsocks_getaddrinfo_guts(GETADDRINFO_SIGNATURE, int (*original_getaddrinfo)(GETADDRINFO_SIGNATURE)) { - if(pool) { + if (pool) { return our_getaddrinfo(pool, node, service, hints, res); } else { return original_getaddrinfo(node, service, hints, res); @@ -1693,7 +1684,7 @@ int tsocks_getaddrinfo_guts(GETADDRINFO_SIGNATURE, int (*original_getaddrinfo)(G struct hostent *tsocks_getipnodebyname_guts(GETIPNODEBYNAME_SIGNATURE, struct hostent *(*original_getipnodebyname)(GETIPNODEBYNAME_SIGNATURE)) { - if(pool) { + if (pool) { return our_getipnodebyname(pool, name, af, flags, error_num); } else { return original_getipnodebyname(name, af, flags, error_num); @@ -1709,7 +1700,7 @@ ssize_t tsocks_sendto_guts(SENDTO_SIGNATURE, ssize_t (*original_sendto)(SENDTO_S /* See comment in close() */ if (!tsocks_init_complete) { - tsocks_init(); + tsocks_init(); } /* If the real connect doesn't exist, we're stuffed */ @@ -1758,7 +1749,7 @@ ssize_t tsocks_sendmsg_guts(SENDMSG_SIGNATURE, ssize_t (*original_sendmsg)(SENDM /* See comment in close() */ if (!tsocks_init_complete) { - tsocks_init(); + tsocks_init(); } /* If the real connect doesn't exist, we're stuffed */

1 0

[torsocks/osx] Style cleanup
by hoganrobert＠torproject.org 23 Oct '11

23 Oct '11

commit 827e823c8019bbc0e3696e3b4c80133b75a61a6e Author: Robert Hogan <robert(a)roberthogan.net> Date: Mon Sep 20 20:14:54 2010 +0100 Style cleanup No brackets for single-statement conditionals --- src/tsocks.c | 111 ++++++++++++++++++++------------------------------------- 1 files changed, 39 insertions(+), 72 deletions(-) diff --git a/src/tsocks.c b/src/tsocks.c index 2bd21fd..3773bb0 100644 --- a/src/tsocks.c +++ b/src/tsocks.c @@ -184,9 +184,8 @@ void tsocks_init(void) pthread_mutex_lock(&tsocks_init_mutex); /* We only need to be called once */ - if (tsocks_init_complete) { + if (tsocks_init_complete) return; - } /* Not strictly true yet, but prevents us getting called while still in progress.*/ /* This has been observed on Snow Leopard for instance. */ @@ -289,9 +288,8 @@ static int get_config () /* Determine the location of the config file */ #ifdef ALLOW_ENV_CONFIG - if (!suid) { + if (!suid) conffile = getenv("TORSOCKS_CONF_FILE"); - } #endif /* Read in the config file */ @@ -332,9 +330,8 @@ int tsocks_connect_guts(CONNECT_SIGNATURE, int (*original_connect)(CONNECT_SIGNA struct connreq *newconn; /* See comment in close() */ - if (!tsocks_init_complete) { + if (!tsocks_init_complete) tsocks_init(); - } /* If the real connect doesn't exist, we're stuffed */ if (original_connect == NULL) { @@ -502,9 +499,8 @@ int tsocks_select_guts(SELECT_SIGNATURE, int (*original_select)(SELECT_SIGNATURE return(original_select(n, readfds, writefds, exceptfds, timeout)); } - if (!tsocks_init_complete) { + if (!tsocks_init_complete) tsocks_init(); - } show_msg(MSGDEBUG, "Intercepted call to select with %d fds, " "0x%08x 0x%08x 0x%08x, timeout %08x\n", n, @@ -611,11 +607,11 @@ int tsocks_select_guts(SELECT_SIGNATURE, int (*original_select)(SELECT_SIGNATURE continue; } - if (setevents & EXCEPT) { + if (setevents & EXCEPT) conn->state = FAILED; - } else { + else rc = handle_request(conn); - } + /* If the connection hasn't failed or completed there is nothing * to report to the client */ if ((conn->state != FAILED) && @@ -688,9 +684,8 @@ int tsocks_poll_guts(POLL_SIGNATURE, int (*original_poll)(POLL_SIGNATURE)) if (!requests) return(original_poll(ufds, nfds, timeout)); - if (!tsocks_init_complete) { + if (!tsocks_init_complete) tsocks_init(); - } show_msg(MSGDEBUG, "Intercepted call to poll with %d fds, " "0x%08x timeout %d\n", nfds, ufds, timeout); @@ -850,9 +845,8 @@ int tsocks_close_guts(CLOSE_SIGNATURE, int (*original_close)(CLOSE_SIGNATURE)) loading symbols now. This is a workaround for a problem I don't really understand and have only encountered when using torsocks with svn on Fedora 10, so definitely a hack. */ - if (!tsocks_init_complete) { + if (!tsocks_init_complete) tsocks_init(); - } if (original_close == NULL) { show_msg(MSGERR, "Unresolved symbol: close\n"); @@ -898,9 +892,8 @@ int tsocks_getpeername_guts(GETPEERNAME_SIGNATURE, int rc; /* See comment in close() */ - if (!tsocks_init_complete) { + if (!tsocks_init_complete) tsocks_init(); - } if (original_getpeername == NULL) { show_msg(MSGERR, "Unresolved symbol: getpeername\n"); @@ -1107,14 +1100,12 @@ static int send_socks_request(struct connreq *conn) if (conn->path->type == 4) { char *name = get_pool_entry(pool, &(conn->connaddr.sin_addr)); - if(name != NULL) { + if(name != NULL) rc = send_socksv4a_request(conn,name); - } else { + else rc = send_socksv4_request(conn); - } - } else { + } else rc = send_socksv5_method(conn); - } return(rc); } @@ -1237,9 +1228,8 @@ static int send_socksv5_connect(struct connreq *conn) name = get_pool_entry(pool, &(conn->connaddr.sin_addr)); if(name != NULL) { namelen = strlen(name); - if(namelen > 255) { /* "Can't happen" */ + if(namelen > 255) /* "Can't happen" */ name = NULL; - } } if(name != NULL) { show_msg(MSGDEBUG, "send_socksv5_connect: found it!\n"); @@ -1481,17 +1471,14 @@ int res_init(void) { int rc; - if (!realres_init) { - if ((realres_init = dlsym(RTLD_NEXT, "res_init")) == NULL) - LOAD_ERROR("res_init", MSGERR); - } + if (!realres_init && ((realres_init = dlsym(RTLD_NEXT, "res_init")) == NULL)) + LOAD_ERROR("res_init", MSGERR); show_msg(MSGDEBUG, "Got res_init request\n"); /* See comment in close() */ - if (!tsocks_init_complete) { + if (!tsocks_init_complete) tsocks_init(); - } if (realres_init == NULL) { show_msg(MSGERR, "Unresolved symbol: res_init\n"); @@ -1509,17 +1496,14 @@ int EXPAND_GUTS_NAME(res_query)(RES_QUERY_SIGNATURE, int (*original_res_query)(R { int rc; - if (!original_res_query) { - if ((original_res_query = dlsym(RTLD_NEXT, "res_query")) == NULL) - LOAD_ERROR("res_query", MSGERR); - } + if (!original_res_query && ((original_res_query = dlsym(RTLD_NEXT, "res_query")) == NULL)) + LOAD_ERROR("res_query", MSGERR); show_msg(MSGDEBUG, "Got res_query request\n"); /* See comment in close() */ - if (!tsocks_init_complete) { + if (!tsocks_init_complete) tsocks_init(); - } if (original_res_query == NULL) { show_msg(MSGERR, "Unresolved symbol: res_query\n"); @@ -1541,17 +1525,15 @@ int EXPAND_GUTS_NAME(res_querydomain)(RES_QUERYDOMAIN_SIGNATURE, int (*original_ { int rc; - if (!original_res_querydomain) { - if ((original_res_querydomain = dlsym(RTLD_NEXT, "res_querydomain")) == NULL) - LOAD_ERROR("res_querydoimain", MSGERR); - } + if (!original_res_querydomain && + ((original_res_querydomain = dlsym(RTLD_NEXT, "res_querydomain")) == NULL)) + LOAD_ERROR("res_querydoimain", MSGERR); show_msg(MSGDEBUG, "Got res_querydomain request\n"); /* See comment in close() */ - if (!tsocks_init_complete) { + if (!tsocks_init_complete) tsocks_init(); - } if (original_res_querydomain == NULL) { show_msg(MSGERR, "Unresolved symbol: res_querydomain\n"); @@ -1573,17 +1555,15 @@ int EXPAND_GUTS_NAME(res_search)(RES_SEARCH_SIGNATURE, int (*original_res_search { int rc; - if (!original_res_search) { - if ((original_res_search = dlsym(RTLD_NEXT, "res_search")) == NULL) + if (!original_res_search && + ((original_res_search = dlsym(RTLD_NEXT, "res_search")) == NULL)) LOAD_ERROR("res_search", MSGERR); - } show_msg(MSGDEBUG, "Got res_search request\n"); /* See comment in close() */ - if (!tsocks_init_complete) { + if (!tsocks_init_complete) tsocks_init(); - } if (original_res_search == NULL) { show_msg(MSGERR, "Unresolved symbol: res_search\n"); @@ -1605,17 +1585,14 @@ int EXPAND_GUTS_NAME(res_send)(RES_SEND_SIGNATURE, int (*original_res_send)(RES_ { int rc; - if (!original_res_send) { - if ((original_res_send = dlsym(RTLD_NEXT, "res_send")) == NULL) + if (!original_res_send && ((original_res_send = dlsym(RTLD_NEXT, "res_send")) == NULL)) LOAD_ERROR("res_send", MSGERR); - } show_msg(MSGDEBUG, "Got res_send request\n"); /* See comment in close() */ - if (!tsocks_init_complete) { + if (!tsocks_init_complete) tsocks_init(); - } if (original_res_send == NULL) { show_msg(MSGERR, "Unresolved symbol: res_send\n"); @@ -1657,38 +1634,30 @@ static int deadpool_init(void) struct hostent *tsocks_gethostbyname_guts(GETHOSTBYNAME_SIGNATURE, struct hostent *(*original_gethostbyname)(GETHOSTBYNAME_SIGNATURE)) { - if (pool) { + if (pool) return our_gethostbyname(pool, name); - } else { - return original_gethostbyname(name); - } + return original_gethostbyname(name); } struct hostent *tsocks_gethostbyaddr_guts(GETHOSTBYADDR_SIGNATURE, struct hostent *(*original_gethostbyaddr)(GETHOSTBYADDR_SIGNATURE)) { - if (pool) { + if (pool) return our_gethostbyaddr(pool, addr, len, type); - } else { - return original_gethostbyaddr(addr, len, type); - } + return original_gethostbyaddr(addr, len, type); } int tsocks_getaddrinfo_guts(GETADDRINFO_SIGNATURE, int (*original_getaddrinfo)(GETADDRINFO_SIGNATURE)) { - if (pool) { + if (pool) return our_getaddrinfo(pool, node, service, hints, res); - } else { - return original_getaddrinfo(node, service, hints, res); - } + return original_getaddrinfo(node, service, hints, res); } struct hostent *tsocks_getipnodebyname_guts(GETIPNODEBYNAME_SIGNATURE, struct hostent *(*original_getipnodebyname)(GETIPNODEBYNAME_SIGNATURE)) { - if (pool) { + if (pool) return our_getipnodebyname(pool, name, af, flags, error_num); - } else { - return original_getipnodebyname(name, af, flags, error_num); - } + return original_getipnodebyname(name, af, flags, error_num); } ssize_t tsocks_sendto_guts(SENDTO_SIGNATURE, ssize_t (*original_sendto)(SENDTO_SIGNATURE)) @@ -1699,9 +1668,8 @@ ssize_t tsocks_sendto_guts(SENDTO_SIGNATURE, ssize_t (*original_sendto)(SENDTO_S unsigned int sock_domain_len = sizeof(sock_domain); /* See comment in close() */ - if (!tsocks_init_complete) { + if (!tsocks_init_complete) tsocks_init(); - } /* If the real connect doesn't exist, we're stuffed */ if (original_sendto == NULL) { @@ -1748,9 +1716,8 @@ ssize_t tsocks_sendmsg_guts(SENDMSG_SIGNATURE, ssize_t (*original_sendmsg)(SENDM unsigned int sock_domain_len = sizeof(sock_domain); /* See comment in close() */ - if (!tsocks_init_complete) { + if (!tsocks_init_complete) tsocks_init(); - } /* If the real connect doesn't exist, we're stuffed */ if (original_sendmsg == NULL) {

1 0

[torsocks/osx] Update Changelog for v1.1 release
by hoganrobert＠torproject.org 23 Oct '11

23 Oct '11

commit fda06ecbfe4894a07a3d202748803b313da35d6a Author: Robert Hogan <robert(a)roberthogan.net> Date: Sat Dec 11 16:28:08 2010 +0000 Update Changelog for v1.1 release --- ChangeLog | 176 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 files changed, 176 insertions(+), 0 deletions(-) diff --git a/ChangeLog b/ChangeLog index 15d1b17..7000880 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,179 @@ +Torsocks 1.1 +2010-12-12 Robert Hogan <robert(a)roberthogan.net> + o Handle wildcard addresses in getaddrinfo calls. Reported by Mike Perry. + + o Move the address inspection to the end of sendmsg() and sendto() + so that we can exit early if the socket is not SOCK_STREAM (i.e. + tcp). + + o Exit if Tor DNS is disabled. + Exit with an error code if Tor DNS is disabled in the configuration + or if we cannot reserve the deadpool address space for .onion + addresses. + + o Always print error messages. + + o Allow error logging by default. + + o Style cleanup: + No brackets for single-statement conditionals + Whitespace fixes in tsocks.c + Remove torsocks.kdevelop + Remove non-free RFC and replace with link. + o Remove USE_TOR_DNS compile guard + This is a leftover from the tsocks days. We always want this option + enabled. + + o Only enable debug output for debug builds + Debug output was printing on release builds and getting suppressed + on debug builds - which is the wrong way round! + + o Make a global variable less generic + Exporting a global variable called 'progname' is not a good + idea if you are a library. Exporting global variables at all + is probably a bad idea. + For now, make the name less generic - it was causing crashes + when torsocks was used with dig. + Part of the fix for: + http://code.google.com/p/torsocks/issues/detail?id=15 + + o Use socket rather than address to determine connection type + In sendmsg() and sendto() we were inspecting the sock_addr_t + structure to determine if the connection was Internet or not. + Since msg->msg_name is an optional value in sendmsg() and + sendto() this could result in crashes because we weren't ensuring + it was non-null. + Since it's optional we should have been inspecting the SO_DOMAIN + of the connection's socket anyway - it will always be there. + Part of the fix for: + http://code.google.com/p/torsocks/issues/detail?id=15 + + o Major refactor of symbol hooking + Patch by alex(a)ohmantics.net + Make torsocks fully compatible with Snow Leopard OSX. + Slim down the symbol hooking code considerably. + Alex's notes: + "http://developer.apple.com/mac/library/releasenotes/Darwin/SymbolVariantsRe…. + don't have the $UNIX2003 variants. For working 10.6 support, we'll need to + conditionalize the UNIX2003 variants off when compiling for 64-bit." + + o Improve compile-time detection of the res* family of system calls + Some platforms need to explicitly include resolv.h so cater for + that. + Thanks to SwissTorExit for reporting and debugging assistance. + + o Do our best to ensure tsocks_init is called only once. + + o Build fix for BSD. + Support presence of res_query in libc rather than libresolve. + +Torsocks 1.0-epsilon +2009-11-01 Robert Hogan <robert(a)roberthogan.net> + + o Manpage syntax fixes from Patrick Matthäi <pmatthaei(a)debian.org> + + o Clarify use of the configuration file. + + Amend the default behaviour to work as summarized below and updated the + manual pages to make the default behaviour obvious to users. + + "By default, torsocks will assume that it should connect to the SOCKS proxy + running at 127.0.0.1 on port 9050. This is the default address and port for + Tor's socks server on most installations. + + In order to use a configuration file, you must set the environment variable + TORSOCKS_CONF_FILE with the location of the file. + + If TORSOCKS_CONF_FILE is not set, torsocks will attempt to read the configuration + file at @CONFDIR@/torsocks.conf. If that file cannot be read, torsocks will + use sensible defaults for most Tor installations, i.e. it will assume that + you want to use a SOCKS proxy running at 127.0.0.1 (localhost) on port 9050." + + o Fix compilation in 64-bit OSX. + + o Mac OSX compatibility in tsocks.c + Original Patch from Alex Rosenberg <alex(a)ohmantics.com> + + 1. Hook OSX-specific syscalls + ----------------------------- + Mac OXS has a number of variants of each syscall. This patch adds + hooks for the following OSX variants: + + select() : select_unix2003() + select_nocancel() + select_darwinextsn_nocancel() + select_darwinextsn() + + poll(), connect(), sendmsg(), sendto(), close(): *_unix2003(), + *_nocancel() + getpeername(): *_unix2003() + + 2. Add Hooking Macros + -------------------- + Move the symbol loading and checking out to macros of the form + [syscall]_PATCH: + + PATCH_SELECT, PATCH_CONNECT, PATCH_CLOSE, PATCH_POLL, + PATCH_GETPEERNAME, PATCH_SENDTO, PATCH_SENDMSG + + Rename the syshooks to functions of the form *_guts(). + + 3. Miscellaneous + ---------------- + Add NONSTD_SOURCE define for Mac OSX.Defining _NONSTD_SOURCE + causes library and kernel calls to behave as closely + to Mac OS X 10.3's library and kernel calls as possible. + + Use socklen_t instead of int. + + Move get_environment() and get_config() to tsocks_init(), + rather than calling adhoc in the syscalls. + + Differentiate between EISCONN and EINPROGRESS errors in + connect(). + + Original Patch from Alex Rosenberg <alex(a)ohmantics.com> + http://code.google.com/p/torsocks/issues/detail?id=2#c11 + + o Patch torsocks.in for Mac OSX + Patch from alexr(a)ohmantics.com + Mac OSX uses the DYLD_INSERT_LIBRARIES and DYLD_FORCE_FLAT_NAMESPACE + environment variables to enable/perform syscall-hooking. Also, on + Mac OSX dynamically linked libraries use the '*.dylib' extension + rather than '*.so'. Alex's patches for torsocks.in and configure.in + ensure that we use the appropriate values for Max OSX. Ideally, we + wouldn't export DYLD_FORCE_FLAT_NAMESPACE on non-Mac OSX platforms + but it is harmless to do so. We'll leave that for another day. + The patch also fixes up the sed reg-exp to interpret the 'echo + DYLD_INSERT_LIBRARIES' output as well as that from LD_PRELOAD. + + o Whitespace cleanup in parser.c + + o Add linker checks for Mac OSX. Patch from alexr(a)ohmantics.com + + o Move MAP_ANONYMOUS to common.h + + o LD_PRELOAD is ignored for binaries where setuid/gid is used. As used, + torsocks doesn't detect this, which means that it provides a false sense + of security when running these types of executables. + Added logic that detects setuid/setgid programs and fails early with an + error message. + Further reorganized the file to simplify flow and improve command line + argument handling. + Patch by Marcus Griep <marcus(a)griep.us> + + o remove aclocal.m4 + + o BSD build patch from grarpamp. See http://code.google.com/p/torsocks/issues/detail?id=4. + + o Replace TSOCKS_* environment variables with TORSOCKS_* equivalents as per man page. + + o Remove superfluous include. + + o Fix compilcation on Mac OSX. See http://code.google.com/p/torsocks/issues/detail?id=2 + + o Expand reject message for UDP and ICMP requests + Torsocks 1.0-delta 2009-02-XX Robert Hogan <robert(a)roberthogan.net> o Fix segfault when address supplied for getaddrinfo is null. Reported by Mike Perry.

1 0

[torsocks/osx] Exit if Tor DNS is disabled
by hoganrobert＠torproject.org 23 Oct '11

23 Oct '11

commit 965ae344734bd97c26d657719e72d99fc86bfa01 Author: Robert Hogan <robert(a)roberthogan.net> Date: Mon Sep 20 20:44:46 2010 +0100 Exit if Tor DNS is disabled Exit with an error code if Tor DNS is disabled in the configuration or if we cannot reserve the deadpool address space for .onion addresses. --- src/tsocks.c | 44 ++++++++++++++++++++++++++------------------ 1 files changed, 26 insertions(+), 18 deletions(-) diff --git a/src/tsocks.c b/src/tsocks.c index 80f7b9c..40b7e11 100644 --- a/src/tsocks.c +++ b/src/tsocks.c @@ -180,7 +180,6 @@ void tsocks_init(void) (error)?error:"not found"); \ dlerror(); \ } - pthread_mutex_lock(&tsocks_init_mutex); /* We only need to be called once */ @@ -245,7 +244,11 @@ void tsocks_init(void) #endif /* Unfortunately, we can't do this lazily because otherwise our mmap'd area won't be shared across fork()s. */ - deadpool_init(); + if (!deadpool_init()) { + show_msg(MSGERR, "Fatal error: exiting\n"); + exit(1); + } + tsocks_init_complete=1; pthread_mutex_unlock(&tsocks_init_mutex); @@ -1608,23 +1611,28 @@ int EXPAND_GUTS_NAME(res_send)(RES_SEND_SIGNATURE, int (*original_res_send)(RES_ static int deadpool_init(void) { - if(!pool) { - get_environment(); - get_config(); - if(config.tordns_enabled) { - pool = init_pool( - config.tordns_cache_size, - config.tordns_deadpool_range->localip, - config.tordns_deadpool_range->localnet, - config.defaultserver.address, - config.defaultserver.port - ); - if(!pool) { - show_msg(MSGERR, "failed to initialize deadpool: tordns disabled\n"); - } - } + if (pool) + return 1; + + if (!config.tordns_enabled) { + show_msg(MSGERR, "Tor DNS is disabled. Check your configuration.\n"); + return 0; + } + + get_environment(); + get_config(); + pool = init_pool(config.tordns_cache_size, + config.tordns_deadpool_range->localip, + config.tordns_deadpool_range->localnet, + config.defaultserver.address, + config.defaultserver.port); + + if (!pool) { + show_msg(MSGERR, "Could not initialize reserved addresses for " + ".onion addresses. Torsocks will not work properly.\n"); + return 0; } - return 0; + return 1; } struct hostent *tsocks_gethostbyname_guts(GETHOSTBYNAME_SIGNATURE, struct hostent *(*original_gethostbyname)(GETHOSTBYNAME_SIGNATURE))

1 0

[torsocks/osx] Partially revert commit c8c6c60b.
by hoganrobert＠torproject.org 23 Oct '11

23 Oct '11

commit 1e4e20b1bbed7d2e3b8b4d60420a746a0615f1af Author: Robert Hogan <robert(a)roberthogan.net> Date: Mon Sep 20 22:38:58 2010 +0100 Partially revert commit c8c6c60b. The SO_DOMAIN socket() option is Linux only. So revert to inspecting the sock_addr_t in sendmsg() and sendto() but ensure it is non-null before doing so. Move the address inspection to the end of sendmsg() and sendto() so that we can exit early if the socket is not SOCK_STREAM (i.e. tcp). --- src/tsocks.c | 55 +++++++++++++++++++++++-------------------------------- 1 files changed, 23 insertions(+), 32 deletions(-) diff --git a/src/tsocks.c b/src/tsocks.c index 40b7e11..02e21fc 100644 --- a/src/tsocks.c +++ b/src/tsocks.c @@ -1667,14 +1667,13 @@ ssize_t tsocks_sendto_guts(SENDTO_SIGNATURE, ssize_t (*original_sendto)(SENDTO_S { int sock_type = -1; unsigned int sock_type_len = sizeof(sock_type); - int sock_domain = -1; - unsigned int sock_domain_len = sizeof(sock_domain); + struct sockaddr_in *connaddr; /* See comment in close() */ if (!tsocks_init_complete) tsocks_init(); - /* If the real connect doesn't exist, we're stuffed */ + /* If the real sendto doesn't exist, we're stuffed */ if (original_sendto == NULL) { show_msg(MSGERR, "Unresolved symbol: sendto\n"); return(-1); @@ -1682,17 +1681,6 @@ ssize_t tsocks_sendto_guts(SENDTO_SIGNATURE, ssize_t (*original_sendto)(SENDTO_S show_msg(MSGDEBUG, "Got sendto request\n"); - /* Get the domain of the socket */ - getsockopt(s, SOL_SOCKET, SO_DOMAIN, - (void *) &sock_domain, &sock_domain_len); - - /* If this isn't an INET socket we can't handle it, just call the real - connect now */ - if ((sock_domain != PF_INET)) { - show_msg(MSGDEBUG, "Connection isn't an Internet socket ignoring\n"); - return (ssize_t) original_sendto(s, buf, len, flags, to, tolen); - } - /* Get the type of the socket */ getsockopt(s, SOL_SOCKET, SO_TYPE, (void *) &sock_type, &sock_type_len); @@ -1707,22 +1695,29 @@ ssize_t tsocks_sendto_guts(SENDTO_SIGNATURE, ssize_t (*original_sendto)(SENDTO_S return -1; } - return (ssize_t) original_sendto(s, buf, len, flags, to, tolen); + connaddr = (struct sockaddr_in *) to; + + /* If there is no address in 'to', sendto will only work if we + already allowed the socket to connect(), so we let it through. + Likewise if the socket is not an Internet connection. */ + if (connaddr && (connaddr->sin_family != AF_INET)) { + show_msg(MSGDEBUG, "Connection isn't an Internet socket ignoring\n"); + } + return (ssize_t) original_sendto(s, buf, len, flags, to, tolen); } ssize_t tsocks_sendmsg_guts(SENDMSG_SIGNATURE, ssize_t (*original_sendmsg)(SENDMSG_SIGNATURE)) { int sock_type = -1; unsigned int sock_type_len = sizeof(sock_type); - int sock_domain = -1; - unsigned int sock_domain_len = sizeof(sock_domain); + struct sockaddr_in *connaddr; /* See comment in close() */ if (!tsocks_init_complete) tsocks_init(); - /* If the real connect doesn't exist, we're stuffed */ + /* If the real sendmsg doesn't exist, we're stuffed */ if (original_sendmsg == NULL) { show_msg(MSGERR, "Unresolved symbol: sendmsg\n"); return(-1); @@ -1730,31 +1725,27 @@ ssize_t tsocks_sendmsg_guts(SENDMSG_SIGNATURE, ssize_t (*original_sendmsg)(SENDM show_msg(MSGDEBUG, "Got sendmsg request\n"); - /* Get the domain of the socket */ - getsockopt(s, SOL_SOCKET, SO_DOMAIN, - (void *) &sock_domain, &sock_domain_len); - - /* If this isn't an INET socket we can't handle it, just call the real - connect now */ - if ((sock_domain != PF_INET)) { - show_msg(MSGDEBUG, "Connection isn't an Internet socket ignoring\n"); - return (ssize_t) original_sendmsg(s, msg, flags); - } - /* Get the type of the socket */ getsockopt(s, SOL_SOCKET, SO_TYPE, (void *) &sock_type, &sock_type_len); show_msg(MSGDEBUG, "sockopt: %i\n", sock_type); - /* If this a UDP socket then we refuse it, since it is probably a DNS - request */ if ((sock_type != SOCK_STREAM)) { show_msg(MSGERR, "sendmsg: Connection is a UDP or ICMP stream, may be a " - "DNS request or other form of leak: rejecting.\n"); + "DNS request or other form of leak: rejecting.\n"); return -1; } + connaddr = (struct sockaddr_in *) msg->msg_name; + + /* If there is no address in msg_name, sendmsg will only work if we + already allowed the socket to connect(), so we let it through. + Likewise if the socket is not an Internet connection. */ + if (connaddr && (connaddr->sin_family != AF_INET)) { + show_msg(MSGDEBUG, "Connection isn't an Internet socket\n"); + } + return (ssize_t) original_sendmsg(s, msg, flags); }

1 0

[torsocks/osx] Use @libdir@ instead of @prefix@ in src/Makefile.am
by hoganrobert＠torproject.org 23 Oct '11

23 Oct '11

commit 917fc9b824e665aaa10ce0d4b986ff41b666e151 Author: Robert Hogan <robert(a)roberthogan.net> Date: Sun Dec 12 14:18:56 2010 +0000 Use @libdir@ instead of @prefix@ in src/Makefile.am Patch from Hicham Haouari. Fixes build for Fedora 64-bit. --- src/Makefile.am | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/src/Makefile.am b/src/Makefile.am index d5d1239..f0ae121 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1,7 +1,7 @@ # Makefile used by configure to create real Makefile LIBS = -ldl -lc -lresolv -libdir = @prefix@/lib/torsocks +libdir = @libdir@/torsocks # Install helper programs #bin_PROGRAMS = validateconf inspectsocks saveme

1 0

[torsocks/osx] Always print error messages.
by hoganrobert＠torproject.org 23 Oct '11

23 Oct '11

commit dfaf9e799092d1b901270b7492ab727739d60898 Author: Robert Hogan <robert(a)roberthogan.net> Date: Mon Sep 20 20:19:46 2010 +0100 Always print error messages. Allow error logging by default. --- configure.in | 4 ---- src/tsocks.c | 7 +------ 2 files changed, 1 insertions(+), 10 deletions(-) diff --git a/configure.in b/configure.in index 9d8a1e2..9a41cf1 100644 --- a/configure.in +++ b/configure.in @@ -189,10 +189,6 @@ if test "${enable_oldmethod}" = "yes"; then oldmethod="yes" fi -if test "x${enable_debug}" != "x"; then - AC_DEFINE([ALLOW_MSG_OUTPUT],[],[Description]) -fi - AC_DEFINE([HOSTNAMES],[0],[Description]) if test "x${enable_hostnames}" = "xyes"; then diff --git a/src/tsocks.c b/src/tsocks.c index 3773bb0..80f7b9c 100644 --- a/src/tsocks.c +++ b/src/tsocks.c @@ -255,24 +255,19 @@ void tsocks_init(void) static int get_environment() { static int done = 0; -#ifdef ALLOW_MSG_OUTPUT int loglevel = MSGERR; char *logfile = NULL; char *env; -#endif + if (done) return(0); /* Determine the logging level */ -#ifndef ALLOW_MSG_OUTPUT - set_log_options(-1, (char *)stderr, 0); -#else if ((env = getenv("TORSOCKS_DEBUG"))) loglevel = atoi(env); if (((env = getenv("TORSOCKS_DEBUG_FILE"))) && !suid) logfile = env; set_log_options(loglevel, logfile, 1); -#endif done = 1;

1 0