1
0
mirror of https://github.com/rofl0r/proxychains-ng synced 2025-01-08 22:22:52 +08:00

Compare commits

..

8 Commits

Author SHA1 Message Date
hc-syn
04f66223a4 adapt to chain_step signature change 2024-07-18 14:42:52 +02:00
hc-syn
2b40ffa7f8 merge master commits 2024-07-18 14:32:46 +02:00
rofl0r
821249f22a add new --fat-binary-m2 option
this enables arm64e in the proxychains4 binary additionally to the
injected library, which already did so with the -m1 option.

closes #569
2024-06-13 12:21:16 +00:00
rofl0r
fffd2532ad fix wrong prototype of freeaddrinfo_t
closes #557
2024-03-14 20:11:58 +00:00
rofl0r
282ac7dd02 release 4.17 2024-01-21 17:28:35 +00:00
rofl0r
1d0bc349eb fix potential double-close of file descriptors
in case of an error condition, both start_chain() and chain_step()
were closing the fd to be acted upon, without setting it to -1,
and the function calling them would close them again.

this could affect multi-threaded applications that opened new fds
between the first and the second close, invalidating those fds
in the targeted app.

patch loosely based on report and PR by @jhfrontz.

closes #542
2024-01-02 14:45:25 +00:00
Guilherme Janczak
0279dda939
OpenBSD: use ':' as LD_PRELOAD separator (#538)
LD_PRELOAD documentation added in 1998 talks about colon as
separator, and apparently space no longer works.
2023-12-09 12:59:53 +00:00
wzy
d5cc80ae16
Fix zsh install location (#532)
Reported: https://github.com/NixOS/nixpkgs/pull/222667#issuecomment-1713238866
2023-12-02 21:28:35 +00:00
7 changed files with 61 additions and 31 deletions

View File

@ -12,7 +12,7 @@ prefix = /usr/local/
includedir = $(prefix)/include includedir = $(prefix)/include
libdir = $(prefix)/lib libdir = $(prefix)/lib
sysconfdir = $(prefix)/etc sysconfdir = $(prefix)/etc
zshcompletiondir = $(prefix)/share/zsh/site_functions zshcompletiondir = $(prefix)/share/zsh/site-functions
OBJS = src/common.o src/main.o OBJS = src/common.o src/main.o

11
README
View File

@ -1,4 +1,4 @@
ProxyChains-NG ver 4.16 README ProxyChains-NG ver 4.17 README
============================= =============================
ProxyChains is a UNIX program, that hooks network-related libc functions ProxyChains is a UNIX program, that hooks network-related libc functions
@ -52,6 +52,15 @@ ProxyChains-NG ver 4.16 README
Changelog: Changelog:
---------- ----------
Version 4.17
- add hook for close_range function, fixing newer versions of openssh
- fat-binary-m1 option for mac
- fix DNS error handling in proxy_dns_old
- simplify init code
- fix openbsd preloading
- fix double-close in multithreaded apps
- various improvements to configure script
Version 4.16 Version 4.16
- fix regression in configure script linker flag detection - fix regression in configure script linker flag detection
- remove 10 year old workaround for wrong glibc getnameinfo signature - remove 10 year old workaround for wrong glibc getnameinfo signature

View File

@ -1 +1 @@
4.16 4.17

12
configure vendored
View File

@ -87,6 +87,7 @@ usage() {
echo " to preload from current dir (possibly insecure, but handy)" echo " to preload from current dir (possibly insecure, but handy)"
echo "--fat-binary : build for both i386 and x86_64 architectures on 64-bit Macs" echo "--fat-binary : build for both i386 and x86_64 architectures on 64-bit Macs"
echo "--fat-binary-m1 : build for both arm64e and x86_64 architectures on M1 Macs" echo "--fat-binary-m1 : build for both arm64e and x86_64 architectures on M1 Macs"
echo "--fat-binary-m2 : build for arm64, arm64e and x86_64 architectures on M2+ Macs"
echo "--hookmethod=dlsym|dyld hook method for osx. default: auto" echo "--hookmethod=dlsym|dyld hook method for osx. default: auto"
echo " if OSX >= 12 is detected, dyld method will be used if auto." echo " if OSX >= 12 is detected, dyld method will be used if auto."
echo "--help : show this text" echo "--help : show this text"
@ -102,6 +103,7 @@ spliteq() {
fat_binary= fat_binary=
fat_binary_m1= fat_binary_m1=
fat_binary_m2=
ignore_cve=no ignore_cve=no
hookmethod=auto hookmethod=auto
@ -118,6 +120,7 @@ parsearg() {
--hookmethod=*) hookmethod=`spliteq $1`;; --hookmethod=*) hookmethod=`spliteq $1`;;
--fat-binary) fat_binary=1;; --fat-binary) fat_binary=1;;
--fat-binary-m1) fat_binary_m1=1;; --fat-binary-m1) fat_binary_m1=1;;
--fat-binary-m2) fat_binary_m2=1;;
--help) usage;; --help) usage;;
esac esac
} }
@ -289,6 +292,12 @@ if ismac ; then
echo "FAT_LDFLAGS=-arch arm64 -arch arm64e -arch x86_64">>config.mak echo "FAT_LDFLAGS=-arch arm64 -arch arm64e -arch x86_64">>config.mak
echo "FAT_BIN_LDFLAGS=-arch arm64 -arch x86_64">>config.mak echo "FAT_BIN_LDFLAGS=-arch arm64 -arch x86_64">>config.mak
fi fi
if [ "$fat_binary_m2" = 1 ] ; then
echo "Configuring a fat binary for arm64[e] and x86_64"
echo "MAC_CFLAGS+=-arch arm64 -arch arm64e -arch x86_64">>config.mak
echo "FAT_LDFLAGS=-arch arm64 -arch arm64e -arch x86_64">>config.mak
echo "FAT_BIN_LDFLAGS=-arch arm64 -arch arm64e -arch x86_64">>config.mak
fi
elif isbsd ; then elif isbsd ; then
echo LIBDL=>>config.mak echo LIBDL=>>config.mak
echo "CFLAGS+=-DIS_BSD">>config.mak echo "CFLAGS+=-DIS_BSD">>config.mak
@ -302,3 +311,6 @@ elif ishaiku ; then
fi fi
echo "Done, now run $make_cmd && $make_cmd install" echo "Done, now run $make_cmd && $make_cmd install"
if [ "$fat_binary_m2" = 1 ] ; then
echo "Don't forget to run csrutil disable and sudo nvram boot-args=-arm64e_preview_abi"
fi

View File

@ -985,8 +985,10 @@ static int start_chain(int *fd, proxy_data * pd, char *begin_mark) {
error1: error1:
proxychains_write_log(TP " timeout\n"); proxychains_write_log(TP " timeout\n");
error: error:
if(*fd != -1) if(*fd != -1) {
true_close(*fd); true_close(*fd);
*fd = -1;
}
return SOCKET_ERROR; return SOCKET_ERROR;
} }
@ -1044,9 +1046,9 @@ static unsigned int calc_alive(proxy_data * pd, unsigned int proxy_count) {
} }
static int chain_step(int ns, proxy_data * pfrom, proxy_data * pto) { static int chain_step(int *ns, proxy_data * pfrom, proxy_data * pto) {
int retcode = -1; int retcode = -1;
char *hostname; char *hostname, *errmsg = 0;
char hostname_buf[MSG_LEN_MAX]; char hostname_buf[MSG_LEN_MAX];
char ip_buf[INET6_ADDRSTRLEN]; char ip_buf[INET6_ADDRSTRLEN];
int v6 = pto->ip.is_v6; int v6 = pto->ip.is_v6;
@ -1060,31 +1062,34 @@ static int chain_step(int ns, proxy_data * pfrom, proxy_data * pto) {
usenumericip: usenumericip:
if(!inet_ntop(v6?AF_INET6:AF_INET,pto->ip.addr.v6,ip_buf,sizeof ip_buf)) { if(!inet_ntop(v6?AF_INET6:AF_INET,pto->ip.addr.v6,ip_buf,sizeof ip_buf)) {
pto->ps = DOWN_STATE; pto->ps = DOWN_STATE;
proxychains_write_log("<--ip conversion error!\n"); errmsg = "<--ip conversion error!\n";
true_close(ns); retcode = SOCKET_ERROR;
return SOCKET_ERROR; goto err;
} }
hostname = ip_buf; hostname = ip_buf;
} }
proxychains_write_log(TP " %s:%d ", hostname, htons(pto->port)); proxychains_write_log(TP " %s:%d ", hostname, htons(pto->port));
retcode = tunnel_to(ns, pto->ip, pto->port, pfrom->pt, pfrom->user, pfrom->pass); retcode = tunnel_to(*ns, pto->ip, pto->port, pfrom->pt, pfrom->user, pfrom->pass);
switch (retcode) { switch (retcode) {
case SUCCESS: case SUCCESS:
pto->ps = BUSY_STATE; pto->ps = BUSY_STATE;
break; break;
case BLOCKED: case BLOCKED:
pto->ps = BLOCKED_STATE; pto->ps = BLOCKED_STATE;
proxychains_write_log("<--denied\n"); errmsg = "<--denied\n";
true_close(ns); goto err;
break;
case SOCKET_ERROR: case SOCKET_ERROR:
pto->ps = DOWN_STATE; pto->ps = DOWN_STATE;
proxychains_write_log("<--socket error or timeout!\n"); errmsg = "<--socket error or timeout!\n";
true_close(ns); goto err;
break;
} }
return retcode; return retcode;
err:
if(errmsg) proxychains_write_log(errmsg);
if(*ns != -1) true_close(*ns);
*ns = -1;
return retcode;
} }
int connect_proxy_chain(int sock, ip_type target_ip, int connect_proxy_chain(int sock, ip_type target_ip,
@ -1120,7 +1125,7 @@ int connect_proxy_chain(int sock, ip_type target_ip,
p2 = select_proxy(FIFOLY, pd, proxy_count, &offset); p2 = select_proxy(FIFOLY, pd, proxy_count, &offset);
if(!p2) if(!p2)
break; break;
if(SUCCESS != chain_step(ns, p1, p2)) { if(SUCCESS != chain_step(&ns, p1, p2)) {
PDEBUG("GOTO AGAIN 1\n"); PDEBUG("GOTO AGAIN 1\n");
goto again; goto again;
} }
@ -1129,7 +1134,7 @@ int connect_proxy_chain(int sock, ip_type target_ip,
//proxychains_write_log(TP); //proxychains_write_log(TP);
p3->ip = target_ip; p3->ip = target_ip;
p3->port = target_port; p3->port = target_port;
if(SUCCESS != chain_step(ns, p1, p3)) if(SUCCESS != chain_step(&ns, p1, p3))
goto error; goto error;
break; break;
@ -1167,7 +1172,7 @@ int connect_proxy_chain(int sock, ip_type target_ip,
/* Try from the beginning to where we started */ /* Try from the beginning to where we started */
offset = 0; offset = 0;
continue; continue;
} else if(SUCCESS != chain_step(ns, p1, p2)) { } else if(SUCCESS != chain_step(&ns, p1, p2)) {
PDEBUG("GOTO AGAIN 1\n"); PDEBUG("GOTO AGAIN 1\n");
goto again; goto again;
} else } else
@ -1179,7 +1184,7 @@ int connect_proxy_chain(int sock, ip_type target_ip,
p3->port = target_port; p3->port = target_port;
proxychains_proxy_offset = offset+1; proxychains_proxy_offset = offset+1;
PDEBUG("pd_offset = %d, curr_len = %d\n", proxychains_proxy_offset, curr_len); PDEBUG("pd_offset = %d, curr_len = %d\n", proxychains_proxy_offset, curr_len);
if(SUCCESS != chain_step(ns, p1, p3)) if(SUCCESS != chain_step(&ns, p1, p3))
goto error; goto error;
break; break;
@ -1197,7 +1202,7 @@ int connect_proxy_chain(int sock, ip_type target_ip,
while(offset < proxy_count) { while(offset < proxy_count) {
if(!(p2 = select_proxy(FIFOLY, pd, proxy_count, &offset))) if(!(p2 = select_proxy(FIFOLY, pd, proxy_count, &offset)))
break; break;
if(SUCCESS != chain_step(ns, p1, p2)) { if(SUCCESS != chain_step(&ns, p1, p2)) {
PDEBUG("chain_step failed\n"); PDEBUG("chain_step failed\n");
goto error_strict; goto error_strict;
} }
@ -1206,7 +1211,7 @@ int connect_proxy_chain(int sock, ip_type target_ip,
//proxychains_write_log(TP); //proxychains_write_log(TP);
p3->ip = target_ip; p3->ip = target_ip;
p3->port = target_port; p3->port = target_port;
if(SUCCESS != chain_step(ns, p1, p3)) if(SUCCESS != chain_step(&ns, p1, p3))
goto error; goto error;
break; break;
@ -1222,7 +1227,7 @@ int connect_proxy_chain(int sock, ip_type target_ip,
while(++curr_len < max_chain) { while(++curr_len < max_chain) {
if(!(p2 = select_proxy(RANDOMLY, pd, proxy_count, &offset))) if(!(p2 = select_proxy(RANDOMLY, pd, proxy_count, &offset)))
goto error_more; goto error_more;
if(SUCCESS != chain_step(ns, p1, p2)) { if(SUCCESS != chain_step(&ns, p1, p2)) {
PDEBUG("GOTO AGAIN 2\n"); PDEBUG("GOTO AGAIN 2\n");
goto again; goto again;
} }
@ -1231,7 +1236,7 @@ int connect_proxy_chain(int sock, ip_type target_ip,
//proxychains_write_log(TP); //proxychains_write_log(TP);
p3->ip = target_ip; p3->ip = target_ip;
p3->port = target_port; p3->port = target_port;
if(SUCCESS != chain_step(ns, p1, p3)) if(SUCCESS != chain_step(&ns, p1, p3))
goto error; goto error;
} }
@ -1305,7 +1310,7 @@ int add_node_to_chain(proxy_data * pd, udp_relay_chain * chain){
} }
// Connect to the rest of the chain // Connect to the rest of the chain
while(tmp->next != NULL){ while(tmp->next != NULL){
if(SUCCESS != chain_step(new_node->tcp_sockfd, &(tmp->pd), &(tmp->next->pd))){ if(SUCCESS != chain_step(&(new_node->tcp_sockfd), &(tmp->pd), &(tmp->next->pd))){
PDEBUG("chain step failed\n"); PDEBUG("chain step failed\n");
new_node->tcp_sockfd = -1; new_node->tcp_sockfd = -1;
goto err; goto err;

View File

@ -155,7 +155,7 @@ typedef int (*close_range_t)(unsigned, unsigned, int);
typedef void (*uv_close_t)(uv_handle_t* , uv_close_cb); typedef void (*uv_close_t)(uv_handle_t* , uv_close_cb);
typedef int (*connect_t)(int, const struct sockaddr *, socklen_t); typedef int (*connect_t)(int, const struct sockaddr *, socklen_t);
typedef struct hostent* (*gethostbyname_t)(const char *); typedef struct hostent* (*gethostbyname_t)(const char *);
typedef int (*freeaddrinfo_t)(struct addrinfo *); typedef void (*freeaddrinfo_t)(struct addrinfo *);
typedef struct hostent *(*gethostbyaddr_t) (const void *, socklen_t, int); typedef struct hostent *(*gethostbyaddr_t) (const void *, socklen_t, int);
typedef int (*getaddrinfo_t)(const char *, const char *, const struct addrinfo *, typedef int (*getaddrinfo_t)(const char *, const char *, const struct addrinfo *,

View File

@ -135,16 +135,20 @@ int main(int argc, char *argv[]) {
if(!quiet) if(!quiet)
fprintf(stderr, LOG_PREFIX "preloading %s/%s\n", prefix, dll_name); fprintf(stderr, LOG_PREFIX "preloading %s/%s\n", prefix, dll_name);
#if defined(IS_MAC) || defined(IS_OPENBSD)
#define LD_PRELOAD_SEP ":"
#else
/* Dynlinkers for Linux and most BSDs seem to support space
as LD_PRELOAD separator, with colon added only recently.
We use the old syntax for maximum compat */
#define LD_PRELOAD_SEP " "
#endif
#ifdef IS_MAC #ifdef IS_MAC
putenv("DYLD_FORCE_FLAT_NAMESPACE=1"); putenv("DYLD_FORCE_FLAT_NAMESPACE=1");
#define LD_PRELOAD_ENV "DYLD_INSERT_LIBRARIES" #define LD_PRELOAD_ENV "DYLD_INSERT_LIBRARIES"
#define LD_PRELOAD_SEP ":"
#else #else
#define LD_PRELOAD_ENV "LD_PRELOAD" #define LD_PRELOAD_ENV "LD_PRELOAD"
/* all historic implementations of BSD and linux dynlinkers seem to support
space as LD_PRELOAD separator, with colon added only recently.
we use the old syntax for maximum compat */
#define LD_PRELOAD_SEP " "
#endif #endif
char *old_val = getenv(LD_PRELOAD_ENV); char *old_val = getenv(LD_PRELOAD_ENV);
snprintf(buf, sizeof(buf), LD_PRELOAD_ENV "=%s/%s%s%s", snprintf(buf, sizeof(buf), LD_PRELOAD_ENV "=%s/%s%s%s",