[tor-commits] [torsocks/master] Fix: remove gethostent() usage

dgoulet at torproject.org dgoulet at torproject.org
Fri Apr 4 22:40:27 UTC 2014 

commit 6f8237cc1a7d2d4592734707de0a188eb79ed0af
Author: David Goulet <dgoulet at ev0ke.net>
Date:   Sat Feb 8 12:34:54 2014 -0500

    Fix: remove gethostent() usage
    
    Torsocks should not allow any local file resolution for external
    hostname (not localhost stuff). Furthermore, gethostent() could do LDAP
    listing thus clearly UNSAFE here.
    
    This patch removes the use of gethostent() and replace it with the new
    utils function that only resolves the hostname against localhost
    hardcoded value.
    
    Signed-off-by: David Goulet <dgoulet at ev0ke.net>
---
 src/lib/torsocks.c |   40 ++++------------------------------------
 1 file changed, 4 insertions(+), 36 deletions(-)

diff --git a/src/lib/torsocks.c b/src/lib/torsocks.c
index d97a598..fbb091e 100644
--- a/src/lib/torsocks.c
+++ b/src/lib/torsocks.c
@@ -320,40 +320,6 @@ error:
 }
 
 /*
- * Lookup the local host table (usually /etc/hosts) for a given hostname.
- *
- * If found, ip_addr is populated and 0 is returned.
- * If NOT found, -1 is return and ip_addr is untouched.
- */
-static int hosts_file_resolve(const char *hostname, uint32_t *ip_addr)
-{
-	int ret;
-	struct hostent *host;
-
-	assert(hostname);
-	assert(ip_addr);
-
-	DBG("Looking in local host table for %s", hostname);
-
-	/* Query the local host table if the hostname is present. */
-	while ((host = gethostent()) != NULL) {
-		if (strncasecmp(hostname, host->h_name, strlen(hostname)) == 0) {
-			/* IP is found, copying and returning success. */
-			memcpy(ip_addr, host->h_addr_list[0], sizeof(uint32_t));
-			ret = 0;
-			goto end;
-		}
-	}
-
-	/* Not found. */
-	ret = -1;
-
-end:
-	endhostent();
-	return ret;
-}
-
-/*
  * Initiate a SOCK5 connection to the Tor network using the given connection.
  * The socks5 API will use the torsocks configuration object to find the tor
  * daemon.
@@ -401,8 +367,10 @@ int tsocks_tor_resolve(const char *hostname, uint32_t *ip_addr)
 	assert(hostname);
 	assert(ip_addr);
 
-	ret = hosts_file_resolve(hostname, ip_addr);
-	if (!ret) {
+	ret = utils_localhost_resolve(hostname, AF_INET, ip_addr,
+			sizeof(uint32_t));
+	if (ret) {
+		/* Found to be a localhost name. */
 		goto end;
 	}

More information about the tor-commits mailing list