[tor-commits] [torsocks/master] Lookup symbols in libc in constructor

dgoulet at torproject.org dgoulet at torproject.org
Fri Apr 4 22:40:26 UTC 2014 

commit d0f4415714af4d36f019ba50a3d368e532303010
Author: David Goulet <dgoulet at ev0ke.net>
Date:   Thu Oct 31 15:52:09 2013 -0400

    Lookup symbols in libc in constructor
    
    This is to make sure that before main() we get the libc pointer from the
    system library.
    
    This commit also adds mmap/munmap support for syscall(). A comment in
    lib/syscall.c explains for what specific case this is needed.
    
    Finally, stop looking up symbols that were already looked up in the
    constructor.
    
    Signed-off-by: David Goulet <dgoulet at ev0ke.net>
---
 configure.ac        |  153 ++++++++-------------------------------------------
 src/common/compat.h |   10 ++++
 src/lib/close.c     |    5 +-
 src/lib/connect.c   |    3 -
 src/lib/socket.c    |    3 -
 src/lib/syscall.c   |   70 ++++++++++++++++++++---
 src/lib/torsocks.c  |   39 +++++++++++--
 7 files changed, 132 insertions(+), 151 deletions(-)

diff --git a/configure.ac b/configure.ac
index 6c9c5fd..23fc6c8 100644
--- a/configure.ac
+++ b/configure.ac
@@ -65,26 +65,6 @@ AC_CHECK_FUNCS(strcspn strdup strerror strspn strtol mmap strcasecmp \
 #    in torsocks.c and elsewhere is platform-dependent.
 ##############################################################################
 
-dnl First find the library that contains connect() (obviously
-dnl the most important library for us). Once we've found it
-dnl we chuck it on the end of LIBS, that lib may end up there
-dnl more than once (since we do our search with an empty libs
-dnl list) but that isn't a problem
-OLDLIBS="${LIBS}"
-LIBS=
-CONNECTLIB=
-for LIB in c socket; do
-  AC_CHECK_LIB("${LIB}",connect,[
-    CONNECTLIB="${LIB}"
-    break
-  ],)
-done
-LIBS="${OLDLIBS} -l${CONNECTLIB}"
-if test "${CONNECTLIB}" = ""; then
-  AC_MSG_ERROR('Could not find library containing connect()')
-fi
-
-
 dnl Check for socket
 AC_CHECK_FUNC(socket,, [
   AC_CHECK_LIB(socket, socket,,AC_MSG_ERROR("socket function not found"))])
@@ -131,124 +111,39 @@ case $host in
     ;;
 esac
 
-
-##############################################################################
-# 3. Check if we need to use --enable-oldmethod, regardless of what was
-#    given on the ./configure command line.
-##############################################################################
-
-dnl If we're using gcc here define _GNU_SOURCE
-AC_MSG_CHECKING(for RTLD_NEXT from dlfcn.h)
-AC_EGREP_CPP(yes,
-[
- #include <dlfcn.h>
- #ifdef RTLD_NEXT
-	yes
- #endif
-], [
-  AC_MSG_RESULT(yes)
-], [
-  AC_MSG_RESULT(no)
-  AC_MSG_CHECKING(for RTLD_NEXT from dlfcn.h with _GNU_SOURCE)
-  AC_EGREP_CPP(yes,
-  [
-   #define _GNU_SOURCE
-   #include <dlfcn.h>
-   #ifdef RTLD_NEXT
-	yes
-   #endif
-  ], [
-    AC_MSG_RESULT(yes)
-    AC_DEFINE([USE_GNU_SOURCE],[],[Description])
-  ], [
-    AC_MSG_RESULT(no)
-    AC_DEFINE([USE_OLD_DLSYM],[],[Description])
-    oldmethod="yes"
-  ])   
-])
-
 if test "x${enable_envconf}" = "x"; then
   AC_DEFINE([ALLOW_ENV_CONFIG],[],[Description])
 fi
 
-##############################################################################
-# 3. If --enable-oldmethod was requested, perform the necessary checks
-##############################################################################
+dnl Check that find is available, it should be somehere
+dnl in the path
+AC_CHECK_PROG(FIND, find, find)
+if test "${FIND}" = ""; then
+	AC_MSG_ERROR('find not found in path')
+fi
 
-if test "${enable_oldmethod}" = "yes"; then
-  AC_DEFINE([USE_OLD_DLSYM],[],[Description])
-  oldmethod="yes"
+dnl Find tail, it should always be somewhere in the path
+dnl but for safety's sake
+AC_CHECK_PROG(TAIL, tail, tail)
+if test "${TAIL}" = ""; then
+	AC_MSG_ERROR('tail not found in path')
 fi
 
-dnl If we have to use the old method of overriding connect (i.e no
-dnl RTLD_NEXT) we need to know the location of the library that
-dnl contains connect(), select(), poll() and close()
-if test "${oldmethod}" = "yes"; then
-  dnl We need to find the path to the library, to do
-  dnl this we use find on the usual suspects, i.e /lib and
-  dnl /usr/lib
-
-  dnl Check that find is available, it should be somehere
-  dnl in the path
-  AC_CHECK_PROG(FIND, find, find)
-  if test "${FIND}" = ""; then
-    AC_MSG_ERROR('find not found in path')
-  fi
-
-  dnl Find tail, it should always be somewhere in the path
-  dnl but for safety's sake
-  AC_CHECK_PROG(TAIL, tail, tail)
-  if test "${TAIL}" = ""; then
-    AC_MSG_ERROR('tail not found in path')
-  fi
-
-  dnl Now find the library we need
-  AC_MSG_CHECKING(location of lib${CONNECTLIB}.so)
-  LIBCONNECT=
-  for DIR in '/lib' '/usr/lib'; do
-    if test "${LIBCONNECT}" = ""; then
-      LIBCONNECT=`$FIND $DIR -name "lib${CONNECTLIB}.so.?" 2>/dev/null | $TAIL -1`
-    fi
-  done
-  AC_DEFINE_UNQUOTED([LIBCONNECT],["${LIBCONNECT}"],[Description])
-  if test "${LIBCONNECT}" = ""; then
-     AC_MSG_ERROR("not found!")
-  fi
-
-  AC_MSG_RESULT($LIBCONNECT)
-
-  dnl Now find the resolve library we need
-  AC_MSG_CHECKING(location of libresolv.so)
-  LIBRESOLV=
-  for DIR in '/lib' '/usr/lib'; do
-    if test "${LIBRESOLV}" = ""; then
-      LIBRESOLV=`$FIND $DIR -name "libresolv.so.?" 2>/dev/null | $TAIL -1`
-    fi
-  done
-  AC_DEFINE_UNQUOTED([LIBRESOLV],["${LIBRESOLV}"],[Description])
-  if test "${LIBRESOLV}" = ""; then
-     AC_MSG_ERROR("not found!")
-  fi
-
-  AC_MSG_RESULT($LIBRESOLV)
-
-  dnl close() should be in libc, find it
-  AC_MSG_CHECKING(location of libc.so)
-  LIBC=
-  for DIR in '/lib' '/usr/lib'; do
-    if test "${LIBC}" = ""; then
-      LIBC=`$FIND $DIR -name "libc.so.?" 2>/dev/null | $TAIL -1`
-    fi
-  done
-
-  AC_DEFINE_UNQUOTED([LIBC],["${LIBC}"],[Description])
-  if test "${LIBC}" = ""; then
-     AC_MSG_ERROR("not found!")
-  fi
-
-  AC_MSG_RESULT($LIBC)
+dnl Get libc full system path. Use prefix or some hardcoded standard
+dnl location on Unixish system.
+AC_MSG_CHECKING(location of libc.so)
+for DIR in "$prefix/lib" "$prefix/usr/lib" '/lib' '/usr/lib'; do
+	if test "${LIBC_PATH}" = ""; then
+		LIBC_PATH=`$FIND $DIR -name "libc.so.?" 2>/dev/null | $TAIL -1`
+	fi
+done
+AC_DEFINE_UNQUOTED([LIBC_PATH],["${LIBC_PATH}"],[Description])
+if test "${LIBC_PATH}" = ""; then
+	AC_MSG_ERROR("not found!")
 fi
 
+AC_MSG_RESULT($LIBC_PATH)
+
 ##############################################################################
 # 5. Determine how to preload libtorsocks.so on this system.
 #    On Linux this is with the LD_PRELOAD variable, on OSX
diff --git a/src/common/compat.h b/src/common/compat.h
index 8207fc0..2eacb35 100644
--- a/src/common/compat.h
+++ b/src/common/compat.h
@@ -69,10 +69,18 @@ void tsocks_mutex_unlock(tsocks_mutex_t *m);
 #ifndef __NR_close
 #define __NR_close -1
 #endif
+#ifndef __NR_mmap
+#define __NR_mmap -1
+#endif
+#ifndef __NR_munmap
+#define __NR_munmap -1
+#endif
 
 #define TSOCKS_NR_SOCKET    __NR_socket
 #define TSOCKS_NR_CONNECT   __NR_connect
 #define TSOCKS_NR_CLOSE     __NR_close
+#define TSOCKS_NR_MMAP      __NR_mmap
+#define TSOCKS_NR_MUNMAP    __NR_munmap
 
 #endif /* __linux__ */
 
@@ -84,6 +92,8 @@ void tsocks_mutex_unlock(tsocks_mutex_t *m);
 #define TSOCKS_NR_SOCKET    SYS_socket
 #define TSOCKS_NR_CONNECT   SYS_connect
 #define TSOCKS_NR_CLOSE     SYS_close
+#define TSOCKS_NR_MMAP      SYS_mmap
+#define TSOCKS_NR_MUNMAP    SYS_munmap
 
 #endif /* __FreeBSD__, __FreeBSD_kernel__, __darwin__ */
 
diff --git a/src/lib/close.c b/src/lib/close.c
index 699b93c..b8a6364 100644
--- a/src/lib/close.c
+++ b/src/lib/close.c
@@ -20,6 +20,9 @@
 
 #include "torsocks.h"
 
+/* close(2) */
+TSOCKS_LIBC_DECL(close, LIBC_CLOSE_RET_TYPE, LIBC_CLOSE_SIG)
+
 /*
  * Torsocks call for close(2).
  */
@@ -58,7 +61,5 @@ LIBC_CLOSE_RET_TYPE tsocks_close(LIBC_CLOSE_SIG)
  */
 LIBC_CLOSE_DECL
 {
-	tsocks_libc_close = tsocks_find_libc_symbol(LIBC_CLOSE_NAME_STR,
-			TSOCKS_SYM_EXIT_NOT_FOUND);
 	return tsocks_close(LIBC_CLOSE_ARGS);
 }
diff --git a/src/lib/connect.c b/src/lib/connect.c
index 3d75a94..bc3ac9d 100644
--- a/src/lib/connect.c
+++ b/src/lib/connect.c
@@ -143,8 +143,5 @@ error:
  */
 LIBC_CONNECT_DECL
 {
-	/* Find symbol if not already set. Exit if not found. */
-	tsocks_libc_connect = tsocks_find_libc_symbol(LIBC_CONNECT_NAME_STR,
-			TSOCKS_SYM_EXIT_NOT_FOUND);
 	return tsocks_connect(LIBC_CONNECT_ARGS);
 }
diff --git a/src/lib/socket.c b/src/lib/socket.c
index aa5297e..8a4c0d1 100644
--- a/src/lib/socket.c
+++ b/src/lib/socket.c
@@ -53,8 +53,5 @@ LIBC_SOCKET_RET_TYPE tsocks_socket(LIBC_SOCKET_SIG)
  */
 LIBC_SOCKET_DECL
 {
-	/* Find symbol if not already set. Exit if not found. */
-	tsocks_libc_socket = tsocks_find_libc_symbol(LIBC_SOCKET_NAME_STR,
-			TSOCKS_SYM_EXIT_NOT_FOUND);
 	return tsocks_socket(LIBC_SOCKET_ARGS);
 }
diff --git a/src/lib/syscall.c b/src/lib/syscall.c
index b06e2e3..674ee6e 100644
--- a/src/lib/syscall.c
+++ b/src/lib/syscall.c
@@ -17,6 +17,7 @@
 
 #include <assert.h>
 #include <stdarg.h>
+#include <sys/mman.h>
 
 #include <common/log.h>
 
@@ -25,9 +26,6 @@
 /* syscall(2) */
 TSOCKS_LIBC_DECL(syscall, LIBC_SYSCALL_RET_TYPE, LIBC_SYSCALL_SIG)
 
-/* close(2) */
-TSOCKS_LIBC_DECL(close, LIBC_CLOSE_RET_TYPE, LIBC_CLOSE_SIG)
-
 /*
  * Handle close syscall to be called with tsocks call.
  */
@@ -71,11 +69,45 @@ static LIBC_CONNECT_RET_TYPE handle_connect(va_list args)
 }
 
 /*
+ * Handle mmap(2) syscall.
+ */
+static LIBC_SYSCALL_RET_TYPE handle_mmap(va_list args)
+{
+	void *addr;
+	size_t len;
+	int prot, flags, fd;
+	off_t offset;
+
+	addr = va_arg(args, __typeof__(addr));
+	len = va_arg(args, __typeof__(len));
+	prot = va_arg(args, __typeof__(prot));
+	flags = va_arg(args, __typeof__(flags));
+	fd = va_arg(args, __typeof__(fd));
+	offset = va_arg(args, __typeof__(offset));
+
+	return (LIBC_SYSCALL_RET_TYPE) mmap(addr, len, prot, flags, fd, offset);
+}
+
+/*
+ * Handle munmap(2) syscall.
+ */
+static LIBC_SYSCALL_RET_TYPE handle_munmap(va_list args)
+{
+	void *addr;
+	size_t len;
+
+	addr = va_arg(args, __typeof__(addr));
+	len = va_arg(args, __typeof__(len));
+
+	return (LIBC_SYSCALL_RET_TYPE) munmap(addr, len);
+}
+
+/*
  * Torsocks call for syscall(2)
  */
 LIBC_SYSCALL_RET_TYPE tsocks_syscall(long int __number, va_list args)
 {
-	long int ret;
+	LIBC_SYSCALL_RET_TYPE ret;
 
 	DBG("[syscall] Syscall libc wrapper number %ld called", __number);
 
@@ -89,6 +121,32 @@ LIBC_SYSCALL_RET_TYPE tsocks_syscall(long int __number, va_list args)
 	case TSOCKS_NR_CLOSE:
 		ret = handle_close(args);
 		break;
+	case TSOCKS_NR_MMAP:
+		/*
+		 * The mmap/munmap syscall are handled here for a very specific case so
+		 * buckle up here for the explanation :).
+		 *
+		 * Considering an application that handles its own memory using a
+		 * malloc(2) hook for instance *AND* mmap() is called with syscall(),
+		 * we have to route the call to the libc in order to complete the
+		 * syscall() symbol lookup.
+		 *
+		 * The lookup process of the libdl (using dlsym(3)) calls at some point
+		 * malloc for a temporary buffer so we end up in this torsocks wrapper
+		 * when mmap() is called to create a new memory region for the
+		 * application (remember the malloc hook). When getting here, the libc
+		 * syscall() symbol is NOT yet populated because we are in the lookup
+		 * code path. For this, we directly call mmap/munmap using the libc so
+		 * the lookup can be completed.
+		 *
+		 * This crazy situation is present in Mozilla Firefox which handles its
+		 * own memory using mmap() called by syscall(). Same for munmap().
+		 */
+		ret = handle_mmap(args);
+		break;
+	case TSOCKS_NR_MUNMAP:
+		ret = handle_munmap(args);
+		break;
 	default:
 		/*
 		 * Deny call since we have no idea if this call can leak or not data
@@ -112,10 +170,6 @@ LIBC_SYSCALL_DECL
 	LIBC_SYSCALL_RET_TYPE ret;
 	va_list args;
 
-	/* Find symbol if not already set. Exit if not found. */
-	tsocks_libc_syscall = tsocks_find_libc_symbol(LIBC_SYSCALL_NAME_STR,
-			TSOCKS_SYM_EXIT_NOT_FOUND);
-
 	va_start(args, __number);
 	ret = tsocks_syscall(__number, args);
 	va_end(args);
diff --git a/src/lib/torsocks.c b/src/lib/torsocks.c
index 833a472..55ae98b 100644
--- a/src/lib/torsocks.c
+++ b/src/lib/torsocks.c
@@ -119,12 +119,39 @@ static void init_config(void)
  */
 static void init_libc_symbols(void)
 {
-	tsocks_libc_connect = tsocks_find_libc_symbol(LIBC_CONNECT_NAME_STR,
-			TSOCKS_SYM_EXIT_NOT_FOUND);
-	tsocks_libc_close = tsocks_find_libc_symbol(LIBC_CLOSE_NAME_STR,
-			TSOCKS_SYM_EXIT_NOT_FOUND);
-	tsocks_libc_socket = tsocks_find_libc_symbol(LIBC_SOCKET_NAME_STR,
-			TSOCKS_SYM_EXIT_NOT_FOUND);
+	int ret;
+	void *libc_ptr;
+
+	dlerror();
+	libc_ptr = dlopen(LIBC_PATH, RTLD_LAZY);
+	if (!libc_ptr) {
+		ERR("Unable to dlopen() library " LIBC_PATH "(%s)", dlerror());
+		goto error;
+	}
+
+	dlerror();
+	tsocks_libc_connect = dlsym(libc_ptr, LIBC_CONNECT_NAME_STR);
+	tsocks_libc_close = dlsym(libc_ptr, LIBC_CLOSE_NAME_STR);
+	tsocks_libc_socket = dlsym(libc_ptr, LIBC_SOCKET_NAME_STR);
+	tsocks_libc_syscall = dlsym(libc_ptr, LIBC_SYSCALL_NAME_STR);
+	if (!tsocks_libc_connect || !tsocks_libc_close || !tsocks_libc_socket
+			|| !tsocks_libc_syscall) {
+		ERR("Unable to lookup symbols in " LIBC_PATH "(%s)", dlerror());
+		goto error;
+	}
+
+	ret = dlclose(libc_ptr);
+	if (ret != 0) {
+		ERR("dlclose: %s", dlerror());
+	}
+	return;
+
+error:
+	ret = dlclose(libc_ptr);
+	if (ret != 0) {
+		ERR("dlclose: %s", dlerror());
+	}
+	clean_exit(EXIT_FAILURE);
 }
 
 /*

More information about the tor-commits mailing list