commit 6f8237cc1a7d2d4592734707de0a188eb79ed0af Author: David Goulet dgoulet@ev0ke.net Date: Sat Feb 8 12:34:54 2014 -0500
Fix: remove gethostent() usage
Torsocks should not allow any local file resolution for external hostname (not localhost stuff). Furthermore, gethostent() could do LDAP listing thus clearly UNSAFE here.
This patch removes the use of gethostent() and replace it with the new utils function that only resolves the hostname against localhost hardcoded value.
Signed-off-by: David Goulet dgoulet@ev0ke.net --- src/lib/torsocks.c | 40 ++++------------------------------------ 1 file changed, 4 insertions(+), 36 deletions(-)
diff --git a/src/lib/torsocks.c b/src/lib/torsocks.c index d97a598..fbb091e 100644 --- a/src/lib/torsocks.c +++ b/src/lib/torsocks.c @@ -320,40 +320,6 @@ error: }
/* - * Lookup the local host table (usually /etc/hosts) for a given hostname. - * - * If found, ip_addr is populated and 0 is returned. - * If NOT found, -1 is return and ip_addr is untouched. - */ -static int hosts_file_resolve(const char *hostname, uint32_t *ip_addr) -{ - int ret; - struct hostent *host; - - assert(hostname); - assert(ip_addr); - - DBG("Looking in local host table for %s", hostname); - - /* Query the local host table if the hostname is present. */ - while ((host = gethostent()) != NULL) { - if (strncasecmp(hostname, host->h_name, strlen(hostname)) == 0) { - /* IP is found, copying and returning success. */ - memcpy(ip_addr, host->h_addr_list[0], sizeof(uint32_t)); - ret = 0; - goto end; - } - } - - /* Not found. */ - ret = -1; - -end: - endhostent(); - return ret; -} - -/* * Initiate a SOCK5 connection to the Tor network using the given connection. * The socks5 API will use the torsocks configuration object to find the tor * daemon. @@ -401,8 +367,10 @@ int tsocks_tor_resolve(const char *hostname, uint32_t *ip_addr) assert(hostname); assert(ip_addr);
- ret = hosts_file_resolve(hostname, ip_addr); - if (!ret) { + ret = utils_localhost_resolve(hostname, AF_INET, ip_addr, + sizeof(uint32_t)); + if (ret) { + /* Found to be a localhost name. */ goto end; }
tor-commits@lists.torproject.org
-
dgoulet@torproject.org