release 4.10

the allocatorthread got pointers to RAM which were reallocated
behind the back, and if realloc() couldn't grow in-place, lead
to segfaults in applications that do a lot of DNS-lookups such
as webbrowsers.

closes #66
closes #31

thanks to @ravomavain for tracking down the issue.

.gitignore

@@ -1,3 +1,6 @@
+proxychains4
+*.bz2
+*.xz
 *.o
 *.so
 *.la
@@ -8,6 +11,7 @@
 *.out
 *~
 *.patch
+version.h
 
 # Autoconf stuff 
 libtool

AUTHORS

@@ -6,13 +6,17 @@ netcreature@users.sourceforge.net
 main.c, remote-dns, thread safety, bugfixes, build system, 
 cleanups, mac support
 rofl0r.
-https://github.com/rofl0r/proxychains
+https://github.com/rofl0r/proxychains-ng
 
 localnet, bugfixes
 jianing yang.
 https://github.com/jianingy/proxychains
 https://sourceforge.net/projects/proxychains/forums/forum/644747/topic/3498696
 
+round-robin
+crass.
+https://github.com/crass/proxychains-ng
+
 poll_retry (fixes for signal handling)
 colin cross.
 https://sourceforge.net/projects/proxychains/forums/forum/644747/topic/2367923

COPYING

@@ -1,8 +1,8 @@
 		    GNU GENERAL PUBLIC LICENSE
 		       Version 2, June 1991
 
- Copyright (C) 1989, 1991 Free Software Foundation, Inc.
-                          675 Mass Ave, Cambridge, MA 02139, USA
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
  Everyone is permitted to copy and distribute verbatim copies
  of this license document, but changing it is not allowed.
 

Makefile

@@ -15,10 +15,12 @@ sysconfdir=$(prefix)/etc
 
 SRCS = $(sort $(wildcard src/*.c))
 OBJS = $(SRCS:.c=.o)
-LOBJS = src/nameinfo.o src/legacy.o \
-        src/core.o src/common.o src/libproxychains.o src/shm.o \
-        src/allocator_thread.o src/ip_type.o src/stringdump.o \
-        src/hostentdb.o src/hash.o src/debug.o
+LOBJS = src/nameinfo.o src/version.o \
+        src/core.o src/common.o src/libproxychains.o \
+        src/allocator_thread.o src/ip_type.o \
+        src/hostsreader.o src/hash.o src/debug.o
+
+GENH = src/version.h
 
 CFLAGS  += -Wall -O0 -g -std=c99 -D_GNU_SOURCE -pipe
 NO_AS_NEEDED = -Wl,--no-as-needed
@@ -31,7 +33,7 @@ RANLIB  = $(CROSS_COMPILE)ranlib
 
 LDSO_SUFFIX = so
 LD_SET_SONAME = -Wl,-soname=
-INSTALL_FLAGS = -D -m
+INSTALL = ./tools/install.sh
 
 LDSO_PATHNAME = libproxychains4.$(LDSO_SUFFIX)
 
@@ -39,6 +41,7 @@ SHARED_LIBS = $(LDSO_PATHNAME)
 ALL_LIBS = $(SHARED_LIBS)
 PXCHAINS = proxychains4
 ALL_TOOLS = $(PXCHAINS)
+ALL_CONFIGS = src/proxychains.conf
 
 -include config.mak
 
@@ -48,28 +51,41 @@ CFLAGS_MAIN=-DLIB_DIR=\"$(libdir)\" -DSYSCONFDIR=\"$(sysconfdir)\" -DDLL_NAME=\"
 
 all: $(ALL_LIBS) $(ALL_TOOLS)
 
-install-config:
-	install -d $(DESTDIR)$(sysconfdir)
-	install $(INSTALL_FLAGS) 644 src/proxychains.conf $(DESTDIR)$(sysconfdir)/
+install: install-libs install-tools
 
-install: 
-	install -d $(DESTDIR)$(bindir)/ $(DESTDIR)$(libdir)/
-	install $(INSTALL_FLAGS) 755 $(ALL_TOOLS) $(DESTDIR)$(bindir)/
-	install $(INSTALL_FLAGS) 644 $(ALL_LIBS) $(DESTDIR)$(libdir)/
+$(DESTDIR)$(bindir)/%: %
+	$(INSTALL) -D -m 755 $< $@
+
+$(DESTDIR)$(libdir)/%: %
+	$(INSTALL) -D -m 644 $< $@
+
+$(DESTDIR)$(sysconfdir)/%: src/%
+	$(INSTALL) -D -m 644 $< $@
+
+install-libs: $(ALL_LIBS:%=$(DESTDIR)$(libdir)/%)
+install-tools: $(ALL_TOOLS:%=$(DESTDIR)$(bindir)/%)
+install-config: $(ALL_CONFIGS:src/%=$(DESTDIR)$(sysconfdir)/%)
 
 clean:
 	rm -f $(ALL_LIBS)
 	rm -f $(ALL_TOOLS)
 	rm -f $(OBJS)
+	rm -f $(GENH)
+
+src/version.h: $(wildcard VERSION .git)
+	printf '#define VERSION "%s"\n' "$$(sh tools/version.sh)" > $@
+
+src/version.o: src/version.h
 
 %.o: %.c
-	$(CC) $(CFLAGS) $(CFLAGS_MAIN) $(INC) $(PIC) -c -o $@ $<
+	$(CC) $(CPPFLAGS) $(CFLAGS) $(CFLAGS_MAIN) $(INC) $(PIC) -c -o $@ $<
 
 $(LDSO_PATHNAME): $(LOBJS)
-	$(CC) $(LDFLAGS) $(LD_SET_SONAME)$(LDSO_PATHNAME) -o $@ $(LOBJS)
+	$(CC) $(LDFLAGS) $(LD_SET_SONAME)$(LDSO_PATHNAME) $(USER_LDFLAGS) \
+		-o $@ $(LOBJS)
 
 $(ALL_TOOLS): $(OBJS)
-	$(CC) src/main.o src/common.o -o $(PXCHAINS)
+	$(CC) src/main.o src/common.o $(USER_LDFLAGS) -o $(PXCHAINS)
 
 
-.PHONY: all clean install install-config
+.PHONY: all clean install install-config install-libs install-tools

README

@@ -1,4 +1,4 @@
-ProxyChains-NG ver 4.8 README
+ProxyChains-NG ver 4.10 README
 =============================
 
   ProxyChains is a UNIX program, that hooks network-related libc functions
@@ -52,20 +52,38 @@ ProxyChains-NG ver 4.8 README
 
 Changelog:
 ----------
+Version 4.10
+- fix regression in linking order with custom LDFLAGS
+- fix segfault in DNS mapping code in programs with > ~400 different lookups
+
+Version 4.9
+- fix a security issue CVE-2015-3887
+- add sendto hook to handle MSG_FASTOPEN flag
+- replace problematic hostentdb with hostsreader
+- fix compilation on OpenBSD (although doesn't work there)
+
+Version 4.8.1:
+- fix regression in 4.8 install-config Makefile target
+
 Version 4.8:
 - fix for odd cornercase where getaddrinfo was used with AI_NUMERICHOST
   to test for a numeric ip instead of resolving it (fixes nmap).
+- allow usage with programs that rely on LD_PRELOAD themselves
+- reject wrong entries in config file
+- print version number on startup
 
 Version 4.7:
-- new round_robin chaintype by crazz.
+- new round_robin chaintype by crass.
 - fix bug with lazy allocation when GCC constructor was not used.
 - new configure flag --fat-binary to create a "fat" binary/library on OS X
 - return EBADF rather than EINTR in close hook. 
   it's legal for a program to retry close() calls when they receive
   EINTR, which could cause an infinite loop, as seen in chromium.
+
 Version 4.6:
 - some cosmetic fixes to Makefile, fix a bug when non-numeric ip was
-  user as proxy server address.
+  used as proxy server address.
+
 Version 4.5:
 - hook close() to prevent OpenSSH from messing with internal infrastructure.
   this caused ssh client to segfault when proxified.

VERSION

@@ -0,0 +1 @@
+4.10

configure

@@ -14,6 +14,10 @@ isbsd() {
 	uname -s | grep BSD >/dev/null
 }
 
+isopenbsd() {
+	uname -s | grep OpenBSD >/dev/null
+}
+
 usage() {
 	echo "supported arguments"
 	echo "--prefix=/path 		default: $prefix"
@@ -22,6 +26,9 @@ usage() {
 	echo "--libdir=/path		default: $prefix/lib"
 	echo "--includedir=/path	default: $prefix/include"
 	echo "--sysconfdir=/path	default: $prefix/etc"
+	echo "--ignore-cve		default: no"
+	echo "	if set to yes ignores CVE-2015-3887 and makes it possible"
+	echo "	to preload from current dir (insecure)"
 	ismac && isx86_64 && echo "--fat-binary : build for both i386 and x86_64 architectures on 64-bit Macs"
 	echo "--help : show this text"
 	exit 1
@@ -35,7 +42,7 @@ spliteq() {
 }
 
 fat_binary=
-
+ignore_cve=no
 parsearg() {
 	case "$1" in
 	--prefix=*) prefix=`spliteq $1`;;
@@ -44,6 +51,8 @@ parsearg() {
 	--libdir=*) libdir=`spliteq $1`;;
 	--includedir=*) includedir=`spliteq $1`;;
 	--sysconfdir=*) sysconfdir=`spliteq $1`;;
+	--ignore-cve) ignore_cve=1;;
+	--ignore-cve=*) ignore_cve=`spliteq $1`;;
 	--fat-binary) fat_binary=1;;
 	--help) usage;;
 	esac
@@ -83,12 +92,15 @@ fi
 echo CC?=$CC>config.mak
 [ -z "$CPPFLAGS" ] || echo CPPFLAGS?=$CPPFLAGS>>config.mak
 [ -z "$CFLAGS" ] || echo USER_CFLAGS?=$CFLAGS>>config.mak
+[ -z "$LDFLAGS" ] || echo USER_LDFLAGS?=$LDFLAGS>>config.mak
 echo prefix=$prefix>>config.mak
 echo exec_prefix=$exec_prefix>>config.mak
 echo bindir=$bindir>>config.mak
 echo libdir=$libdir>>config.mak
 echo includedir=$includedir>>config.mak
 echo sysconfdir=$sysconfdir>>config.mak
+[ "$ignore_cve" = "no" ] && echo CPPFLAGS+= -DSUPER_SECURE>>config.mak
+make_cmd=make
 if ismac ; then
 	echo NO_AS_NEEDED=>>config.mak
 	echo LDSO_SUFFIX=dylib>>config.mak
@@ -99,11 +111,11 @@ if ismac ; then
 		echo LDFLAGS+=-arch i386 -arch x86_64>>config.mak
 	fi
 	echo LD_SET_SONAME=-Wl,-install_name,>>config.mak
-	echo INSTALL_FLAGS=-m>>config.mak
 elif isbsd ; then
 	echo LIBDL=>>config.mak
 	echo "CFLAGS+=-DIS_BSD">>config.mak
-	echo INSTALL_FLAGS=-m>>config.mak
+	isopenbsd && echo "CFLAGS+=-DIS_OPENBSD">>config.mak
+	make_cmd=gmake
 fi
 
-echo "Done, now run make && make install"
+echo "Done, now run $make_cmd && $make_cmd install"

src/allocator_thread.c

@@ -10,12 +10,10 @@
 #include <stddef.h>
 #include <errno.h>
 #include "allocator_thread.h"
-#include "shm.h"
 #include "debug.h"
 #include "ip_type.h"
 #include "mutex.h"
 #include "hash.h"
-#include "stringdump.h"
 
 /* stuff for our internal translation table */
 
@@ -30,6 +28,12 @@ typedef struct {
 	string_hash_tuple** list;
 } internal_ip_lookup_table;
 
+static void *dumpstring(char* s, size_t len) {
+	char* p = malloc(len);
+	if(p) memcpy(p, s, len);
+	return p;
+}
+
 pthread_mutex_t internal_ips_lock;
 internal_ip_lookup_table *internal_ips = NULL;
 internal_ip_lookup_table internal_ips_buf;

src/common.c

@@ -59,7 +59,7 @@ char *get_config_path(char* default_path, char* pbuf, size_t bufsize) {
 	char *path = default_path;
 	if(check_path(path))
 		goto have;
-	
+
 	// priority 1: env var PROXYCHAINS_CONF_FILE
 	path = getenv(PROXYCHAINS_CONF_FILE_ENV_VAR);
 	if(check_path(path))
@@ -88,10 +88,10 @@ char *get_config_path(char* default_path, char* pbuf, size_t bufsize) {
 	path = "/etc/" PROXYCHAINS_CONF_FILE;
 	if(check_path(path))
 		goto have;
-	
+
 	perror("couldnt find configuration file");
 	exit(1);
-	
+
 	return NULL;
 	have:
 	return path;

src/core.c

@@ -37,7 +37,6 @@
 
 #include "core.h"
 #include "common.h"
-#include "shm.h"
 #include "allocator_thread.h"
 
 extern int tcp_read_time_out;
@@ -719,11 +718,7 @@ int connect_proxy_chain(int sock, ip_type target_ip,
 	return -1;
 }
 
-#include "hostentdb.h"
-struct hostent_list hl;
-
 void core_initialize(void) {
-	hdb_init(&hl);
 }
 
 void core_unload(void) {
@@ -734,6 +729,7 @@ static void gethostbyname_data_setstring(struct gethostbyname_data* data, char*
 	data->hostent_space.h_name = data->addr_name;
 }
 
+extern ip_type hostsreader_get_numeric_ip_for_name(const char* name);
 struct hostent *proxy_gethostbyname(const char *name, struct gethostbyname_data* data) {
 	PFUNC();
 	char buff[256];
@@ -758,10 +754,8 @@ struct hostent *proxy_gethostbyname(const char *name, struct gethostbyname_data*
 		goto retname;
 	}
 
-	memset(buff, 0, sizeof(buff));
-
 	// this iterates over the "known hosts" db, usually /etc/hosts
-	ip_type hdb_res = hdb_get(&hl, (char*) name);
+	ip_type hdb_res = hostsreader_get_numeric_ip_for_name(name);
 	if(hdb_res.as_int != ip_type_invalid.as_int) {
 		data->resolved_addr = hdb_res.as_int;
 		goto retname;
@@ -790,8 +784,12 @@ void proxy_freeaddrinfo(struct addrinfo *res) {
 	free(res);
 }
 
-#ifdef IS_MAC
-/* getservbyname on mac is using thread local storage, so we dont need mutex */
+#if defined(IS_MAC) || defined(IS_OPENBSD)
+#ifdef IS_OPENBSD /* OpenBSD has its own incompatible getservbyname_r */
+#define getservbyname_r mygetservbyname_r
+#endif
+/* getservbyname on mac is using thread local storage, so we dont need mutex 
+   TODO: check if the same applies to OpenBSD */
 static int getservbyname_r(const char* name, const char* proto, struct servent* result_buf, 
 			   char* buf, size_t buflen, struct servent** result) {
 	PFUNC();
@@ -847,7 +845,7 @@ int proxy_getaddrinfo(const char *node, const char *service, const struct addrin
 
 	p->ai_addr = &space->sockaddr_space;
 	if(node)
-		strncpy(space->addr_name, node, sizeof(space->addr_name));
+		snprintf(space->addr_name, sizeof(space->addr_name), "%s", node);
 	p->ai_canonname = space->addr_name;
 	p->ai_next = NULL;
 	p->ai_family = space->sockaddr_space.sa_family = AF_INET;
@@ -858,6 +856,9 @@ int proxy_getaddrinfo(const char *node, const char *service, const struct addrin
 		p->ai_flags = hints->ai_flags;
 		p->ai_protocol = hints->ai_protocol;
 	} else {
+#ifndef AI_V4MAPPED
+#define AI_V4MAPPED 0
+#endif
 		p->ai_flags = (AI_V4MAPPED | AI_ADDRCONFIG);
 	}
 

src/core.h

@@ -95,6 +95,10 @@ typedef int (*getaddrinfo_t)(const char *, const char *, const struct addrinfo *
 typedef int (*getnameinfo_t) (const struct sockaddr *, socklen_t, char *, 
 			      socklen_t, char *, socklen_t, int);
 
+typedef ssize_t (*sendto_t) (int sockfd, const void *buf, size_t len, int flags,
+			     const struct sockaddr *dest_addr, socklen_t addrlen);
+
+
 
 extern connect_t true_connect;
 extern gethostbyname_t true_gethostbyname;

src/hostentdb.c

@@ -1,63 +0,0 @@
-#include <stdint.h>
-#include <string.h>
-#include <netdb.h>
-#include <stdlib.h>
-#include <netinet/in.h>
-#include <sys/socket.h>
-
-#include "ip_type.h"
-#include "hash.h"
-#include "stringdump.h"
-#include "hostentdb.h"
-#include "common.h"
-#include "debug.h"
-
-#define STEP 16
-static void hdb_add(struct hostent_list* hl, char* host, ip_type ip) {
-	if(hl->count +1 > hl->capa) {
-		void * nu = realloc(hl->entries, (hl->capa + STEP) * sizeof(struct hostent_entry));
-		if(!nu) return;
-		hl->entries = nu;
-		hl->capa += STEP;
-	}
-	struct hostent_entry *h = &hl->entries[hl->count];
-	h->hash = dalias_hash(host);
-	h->ip.as_int = ip.as_int;
-	h->str = dumpstring(host, strlen(host) + 1); 
-	if(h->str) hl->count++;
-}
-
-static void hdb_fill(struct hostent_list *hl) {
-#ifndef IS_BSD
-	struct hostent* hp;
-	while((hp = gethostent()))
-		if(hp->h_addrtype == AF_INET && hp->h_length == sizeof(in_addr_t)) {
-			hdb_add(hl, hp->h_name, (ip_type) { .as_int = *((in_addr_t*)(hp->h_addr_list[0])) });
-		}
-#else
-	/* FreeBSD hangs on gethostent(). since this feature is not crucial, we just do nothing */
-	(void) hl;
-#endif
-}
-
-void hdb_init(struct hostent_list *hl) {
-	memset(hl, 0, sizeof *hl);
-	hdb_fill(hl);
-}
-
-ip_type hdb_get(struct hostent_list *hl, char* host) {
-	size_t i;
-	PFUNC();
-	uint32_t hash = dalias_hash(host);
-	for(i = 0; i < hl->count; i++) {
-		if(hl->entries[i].hash == hash && !strcmp(hl->entries[i].str, host)) {
-		#ifdef DEBUG
-			char ipbuf[16];
-			pc_stringfromipv4(hl->entries[i].ip.octet, ipbuf);
-			PDEBUG("got ip %s for hostent entry %s\n", ipbuf, host);
-		#endif
-			return hl->entries[i].ip;
-		}
-	}
-	return ip_type_invalid;
-}

src/hostentdb.h

@@ -1,23 +0,0 @@
-#ifndef HOSTENTDB_H
-#define HOSTENTDB_H
-
-#include "ip_type.h"
-#include <unistd.h>
-
-struct hostent_entry {
-	uint32_t hash;
-	ip_type ip;
-	char* str;
-};
-
-struct hostent_list {
-	size_t count;
-	size_t capa;
-	struct hostent_entry *entries;
-};
-
-void hdb_init(struct hostent_list *hl);
-ip_type hdb_get(struct hostent_list *hl, char* host);
-
-//RcB: DEP "hostendb.c"
-#endif

src/hostsreader.c

@@ -0,0 +1,121 @@
+#include <stdio.h>
+#include <ctype.h>
+#include <string.h>
+
+/*
+   simple reader for /etc/hosts
+   it only supports comments, blank lines and lines consisting of an ipv4 hostname pair.
+   this is required so we can return entries from the host db without messing up the
+   non-thread-safe state of libc's gethostent().
+
+*/
+
+struct hostsreader {
+	FILE *f;
+	char* ip, *name;
+};
+
+int hostsreader_open(struct hostsreader *ctx) {
+	if(!(ctx->f = fopen("/etc/hosts", "r"))) return 0;
+	return 1;
+}
+
+void hostsreader_close(struct hostsreader *ctx) {
+	fclose(ctx->f);
+}
+
+static int isnumericipv4(const char* ipstring);
+int hostsreader_get(struct hostsreader *ctx, char* buf, size_t bufsize) {
+	while(1) {
+		if(!fgets(buf, bufsize, ctx->f)) return 0;
+		if(*buf == '#') continue;
+		char *p = buf;
+		size_t l = bufsize;
+		ctx->ip = p;
+		while(*p && !isspace(*p) && l) {
+			p++;
+			l--;
+		}
+		if(!l || !*p || p == ctx->ip) continue;
+		*p = 0;
+		p++;
+		while(*p && isspace(*p) && l) {
+			p++;
+			l--;
+		}
+		if(!l || !*p) continue;
+		ctx->name = buf;
+		while(*p && !isspace(*p) && l) {
+			p++;
+			l--;
+		}
+		if(!l || !*p) continue;
+		*p = 0;
+		if(isnumericipv4(ctx->ip)) return 1;
+	}
+}
+
+char* hostsreader_get_ip_for_name(const char* name, char* buf, size_t bufsize) {
+	struct hostsreader ctx;
+	char *res = 0;
+	if(!hostsreader_open(&ctx)) return 0;
+	while(hostsreader_get(&ctx, buf, bufsize)) {
+		if(!strcmp(ctx.name, name)) {
+			res = ctx.ip;
+			break;
+		}
+	}
+	hostsreader_close(&ctx);
+	return res;
+}
+
+#include "ip_type.h"
+#include <netinet/in.h>
+#include <sys/socket.h>
+#include <arpa/inet.h>
+ip_type hostsreader_get_numeric_ip_for_name(const char* name) {
+	char *hres;
+	char buf[320];
+	if((hres = hostsreader_get_ip_for_name(name, buf, sizeof buf))) {
+		struct in_addr c;
+		inet_aton(hres, &c);
+		ip_type res;
+		memcpy(res.octet, &c.s_addr, 4);
+		return res;
+	} else return ip_type_invalid;
+}
+
+#ifdef HOSTSREADER_TEST
+int main() {
+	char buf[256];
+	char * ret = hostsreader_get_ip_for_name("goo", buf, sizeof buf);
+	printf("%s\n", ret ? ret : "null");
+}
+#endif
+
+/* isnumericipv4() taken from libulz */
+static int isnumericipv4(const char* ipstring) {
+	size_t x = 0, n = 0, d = 0;
+	int wasdot = 0;
+	while(1) {
+		switch(ipstring[x]) {
+			case 0: goto done;
+			case '.':
+				if(!n || wasdot) return 0;
+				d++;
+				wasdot = 1;
+				break;
+			case '0': case '1': case '2': case '3': case '4':
+			case '5': case '6': case '7': case '8': case '9':
+				n++;
+				wasdot = 0;
+				break;
+			default:
+				return 0;
+		}
+		x++;
+	}
+	done:
+	if(d == 3 && n >= 4 && n <= 12) return 1;
+	return 0;
+}

src/legacy.c

@@ -1,481 +0,0 @@
-int __res_ninit() {
-	return 0;
-}
-
-void __pthread_register_cancel(void* p) {
-
-}
-
-void __pthread_unregister_cancel(void *p) {
-
-}
-
-#include <setjmp.h>
-int __sigsetjmp(sigjmp_buf buf, int save) {
-	return sigsetjmp(buf, save);
-}
-
-static __thread void* thread_arg;
-static __thread int (*thread_compar)(const void*, const void*, void*);
-static int my_thread_compare_func(const void* a, const void* b) {
-	return thread_compar(a, b, thread_arg);
-}
-#include <stddef.h>
-#include <stdlib.h>
-void qsort_r(void* base, size_t nmemb, size_t size, int (*compar)(const void*, const void*, void*), void *arg) {
-	thread_arg = arg;
-	thread_compar = compar;
-	return qsort(base, nmemb, size, my_thread_compare_func);
-}
-
-int backtrace(void **buffer, int size) {
-	return 0;
-}
-
-char **backtrace_symbols(void *const *buffer, int size) {
-	return 0;
-}
-
-#include <pthread.h>
-int __register_atfork(void (*prepare) (void), void (*parent) (void), void (*child) (void), void * __dso_handle) {
-	return pthread_atfork(prepare, parent, child);
-}
-
-#define _GNU_SOURCE
-#include <poll.h>
-#include <setjmp.h>
-#include <stdarg.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/socket.h>
-#include <syslog.h>
-#include <unistd.h>
-#include <wchar.h>
-
-__attribute((noreturn)) void __chk_fail(void)
-{
-	write(2, "buffer overflow detected\n", 25);
-	abort();
-}
-
-int __asprintf_chk(char **s, int flag, const char *fmt, ...)
-{
-	va_list ap;
-	int r;
-	va_start(ap,fmt);
-	r = vasprintf(s, fmt, ap);
-	va_end(ap);
-	return r;
-}
-
-size_t __confstr_chk(int name, char *buf, size_t len, size_t size)
-{
-	return confstr(name, buf, len);
-}
-
-int __dprintf_chk(int fd, int flag, const char *fmt, ...)
-{
-	va_list ap;
-	int r;
-	va_start(ap,fmt);
-	r = vdprintf(fd, fmt, ap);
-	va_end(ap);
-	return r;
-}
-
-char *__fgets_chk(char *s, size_t size, int n, FILE *f)
-{
-	return fgets(s, n, f);
-}
-
-char *__fgets_unlocked_chk(char *s, size_t size, int n, FILE *f)
-{
-	return fgets_unlocked(s, n, f);
-}
-
-wchar_t *__fgetws_chk(wchar_t *s, size_t size, int n, FILE *f)
-{
-	return fgetws(s, n, f);
-}
-
-wchar_t *fgetws_unlocked(wchar_t *, int, FILE *);
-
-wchar_t *__fgetws_unlocked_chk(wchar_t *s, size_t size, int n, FILE *f)
-{
-	return fgetws_unlocked(s, n, f);
-}
-
-int __fprintf_chk(FILE *f, int flag, const char *fmt, ...)
-{
-	va_list ap;
-	int r;
-	va_start(ap,fmt);
-	r = vfprintf(f, fmt, ap);
-	va_end(ap);
-	return r;
-}
-
-int __fwprintf_chk(FILE *f, int flag, const wchar_t *fmt, ...)
-{
-	va_list ap;
-	int r;
-	va_start(ap,fmt);
-	r = vfwprintf(f, fmt, ap);
-	va_end(ap);
-	return r;
-}
-
-size_t __fread_chk(void *p, size_t size, size_t sz, size_t n, FILE *f)
-{
-	return fread(p, sz, n, f);
-}
-
-size_t __fread_unlocked_chk(void *p, size_t size, size_t sz, size_t n, FILE *f)
-{
-	return fread_unlocked(p, sz, n, f);
-}
-
-char *__getcwd_chk(char *buf, size_t len, size_t size)
-{
-	return getcwd(buf, len);
-}
-
-int __getdomainname_chk(char *buf, size_t len, size_t size)
-{
-	return getdomainname(buf, len);
-}
-
-int __getgroups_chk(int n, gid_t *list, size_t listlen)
-{
-	return getgroups(n, list);
-}
-
-int __gethostname_chk(char *buf, size_t len, size_t size)
-{
-	return gethostname(buf, len);
-}
-
-int __getlogin_r_chk(char *buf, size_t len, size_t size)
-{
-	return getlogin_r(buf, len);
-}
-
-char *__gets_chk(char *buf, size_t size)
-{
-	return gets(buf);
-}
-
-__attribute((noreturn)) void __longjmp_chk(jmp_buf buf, int v)
-{
-	longjmp(buf, v);
-}
-
-size_t __mbsnrtowcs_chk(wchar_t *dst, const char **src, size_t n, size_t len, mbstate_t *st, size_t dstsize)
-{
-	return mbsnrtowcs(dst, src, n, len, st);
-}
-
-size_t __mbsrtowcs_chk(wchar_t *dst, const char **src, size_t len, mbstate_t *st, size_t dstsize)
-{
-	return mbsrtowcs(dst, src, len, st);
-}
-
-size_t __mbstowcs_chk(wchar_t *dst, const char *src, size_t len, size_t dstsize)
-{
-	return mbstowcs(dst, src, len);
-}
-
-void *__memcpy_chk(void *dst, void *src, size_t len, size_t dstsize)
-{
-	return memcpy(dst, src, len);
-}
-
-void *__mempcpy_chk(void *dst, void *src, size_t len, size_t dstsize)
-{
-	return mempcpy(dst, src, len);
-}
-
-void *__memmove_chk(void *dst, void *src, size_t len, size_t dstsize)
-{
-	return memmove(dst, src, len);
-}
-
-void *__memset_chk(void *s, int c, size_t n, size_t size)
-{
-	return memset(s, c, n);
-}
-
-int __poll_chk(struct pollfd *fds, nfds_t n, int timeout, size_t fdslen)
-{
-	return poll(fds, n, timeout);
-}
-
-int __ppoll_chk(struct pollfd *fds, nfds_t n, const struct timespec *timeout, const sigset_t *mask, size_t fdslen)
-{
-	return ppoll(fds, n, timeout, mask);
-}
-
-ssize_t __pread_chk(int fd, void *buf, size_t n, off_t off, size_t bufsize)
-{
-	return pread(fd, buf, n, off);
-}
-
-#undef weak_alias
-#define weak_alias(old, new) \
-        extern __typeof(old) new __attribute__((weak, alias(#old)))
-
-weak_alias(__pread_chk, __pread64_chk);
-
-int __printf_chk(int flag, const char *fmt, ...)
-{
-	va_list ap;
-	int r;
-	va_start(ap,fmt);
-	r = vprintf(fmt, ap);
-	va_end(ap);
-	return r;
-}
-
-int __ptsname_r_chk(int fd, char *buf, size_t len, size_t size)
-{
-	return ptsname_r(fd, buf, len);
-}
-
-ssize_t __read_chk(int fd, void *buf, size_t n, size_t bufsize)
-{
-	return read(fd, buf, n);
-}
-
-ssize_t __readlinkat_chk(int fd, const char *path, void *buf, size_t n, size_t bufsize)
-{
-	return readlinkat(fd, path, buf, n);
-}
-
-ssize_t __readlink_chk(const char *path, void *buf, size_t n, size_t bufsize)
-{
-	return readlink(path, buf, n);
-}
-
-char *__realpath_chk(const char *name, char *resolved, size_t resolvedsize)
-{
-	return realpath(name, resolved);
-}
-
-ssize_t __recv_chk(int fd, void *buf, size_t n, size_t bufsize, int flags)
-{
-	return recv(fd, buf, n, flags);
-}
-
-ssize_t __recvfrom_chk(int fd, void *buf, size_t n, size_t bufsize, int flags, struct sockaddr *addr, socklen_t *addrlen)
-{
-	return recvfrom(fd, buf, n, flags, addr, addrlen);
-}
-
-int __sprintf_chk(char *s, int flag, size_t size, const char *fmt, ...)
-{
-	va_list ap;
-	int r;
-	va_start(ap,fmt);
-	r = vsprintf(s, fmt, ap);
-	va_end(ap);
-	return r;
-}
-
-int __snprintf_chk(char *s, size_t n, int flag, size_t size, const char *fmt, ...)
-{
-	va_list ap;
-	int r;
-	va_start(ap,fmt);
-	r = vsnprintf(s, n, fmt, ap);
-	va_end(ap);
-	return r;
-}
-
-char *__stpcpy_chk(char *dst, const char *src, size_t dstsize)
-{
-	return stpcpy(dst, src);
-}
-char *__stpncpy_chk(char *dst, const char *src, size_t n, size_t dstsize)
-{
-	return stpncpy(dst, src, n);
-}
-
-char *__strcat_chk(char *dst, const char *src, size_t dstsize)
-{
-	return strcat(dst, src);
-}
-
-char *__strcpy_chk(char *dst, const char *src, size_t dstsize)
-{
-	return strcpy(dst, src);
-}
-
-char *__strncat_chk(char *dst, const char *src, size_t n, size_t dstsize)
-{
-	return strncat(dst, src, n);
-}
-
-char *__strncpy_chk(char *dst, const char *src, size_t n, size_t dstsize)
-{
-	return strncpy(dst, src, n);
-}
-
-int __swprintf_chk(wchar_t *s, size_t n, int flag, size_t size, const wchar_t *fmt, ...)
-{
-	va_list ap;
-	int r;
-	va_start(ap,fmt);
-	r = vswprintf(s, n, fmt, ap);
-	va_end(ap);
-	return r;
-}
-
-void __syslog_chk(int pri, int flag, const char *fmt, ...)
-{
-	va_list ap;
-	va_start(ap, fmt);
-	vsyslog(pri, fmt, ap);
-	va_end(ap);
-}
-
-int __ttyname_r_chk(int fd, char *buf, size_t len, size_t size)
-{
-	return ttyname_r(fd, buf, len);
-}
-
-int __vasprintf_chk(char **s, int flag, const char *fmt, va_list ap)
-{
-	return vasprintf(s, fmt, ap);
-}
-
-int __vdprintf_chk(int fd, int flag, const char *fmt, va_list ap)
-{
-	return vdprintf(fd, fmt, ap);
-}
-
-int __vfprintf_chk(FILE *f, int flag, const char *fmt, va_list ap)
-{
-	return vfprintf(f, fmt, ap);
-}
-
-int __vfwprintf_chk(FILE *f, int flag, const wchar_t *fmt, va_list ap)
-{
-	return vfwprintf(f, fmt, ap);
-}
-
-int __vprintf_chk(int flag, const char *fmt, va_list ap)
-{
-	return vprintf(fmt, ap);
-}
-
-int __vsnprintf_chk(char *s, size_t n, int flag, size_t size, const char *fmt, va_list ap)
-{
-	return vsnprintf(s, n, fmt, ap);
-}
-
-int __vsprintf_chk(char *s, int flag, size_t size, const char *fmt, va_list ap)
-{
-	return vsprintf(s, fmt, ap);
-}
-
-int __vswprintf_chk(wchar_t *s, size_t n, int flag, size_t size, const wchar_t *fmt, va_list ap)
-{
-	return vswprintf(s, n, fmt, ap);
-}
-
-void __vsyslog_chk(int pri, int flag, const char *fmt, va_list ap)
-{
-	vsyslog(pri, fmt, ap);
-}
-
-int __vwprintf_chk(int flag, const wchar_t *fmt, va_list ap)
-{
-	return vwprintf(fmt, ap);
-}
-
-wchar_t *__wcpcpy_chk(wchar_t *dst, const wchar_t *src, size_t dstsize)
-{
-	return wcpcpy(dst, src);
-}
-
-wchar_t *__wcpncpy_chk(wchar_t *dst, const wchar_t *src, size_t n, size_t dstsize)
-{
-	return wcpncpy(dst, src, n);
-}
-
-size_t __wcrtomb_chk(char *s, wchar_t c, mbstate_t *st, size_t size)
-{
-	return wcrtomb(s, c, st);
-}
-
-wchar_t *__wcscat_chk(wchar_t *dst, const wchar_t *src, size_t dstlen)
-{
-	return wcscat(dst, src);
-}
-
-wchar_t *__wcscpy_chk(wchar_t *dst, const wchar_t *src, size_t dstlen)
-{
-	return wcscpy(dst, src);
-}
-
-wchar_t *__wcsncat_chk(wchar_t *dst, const wchar_t *src, size_t n, size_t dstlen)
-{
-	return wcsncat(dst, src, n);
-}
-
-wchar_t *__wcsncpy_chk(wchar_t *dst, const wchar_t *src, size_t n, size_t dstlen)
-{
-	return wcsncpy(dst, src, n);
-}
-
-size_t __wcsnrtombs_chk(char *dst, const wchar_t **src, size_t n, size_t len, mbstate_t *st, size_t dstsize)
-{
-	return wcsnrtombs(dst, src, n, len, st);
-}
-
-size_t __wcsrtombs_chk(char *dst, const wchar_t **src, size_t len, mbstate_t *st, size_t dstsize)
-{
-	return wcsrtombs(dst, src, len, st);
-}
-
-size_t __wcstombs_chk(char *dst, const wchar_t *src, size_t len, size_t dstsize)
-{
-	return wcstombs(dst, src, len);
-}
-
-int __wctomb_chk(char *s, wchar_t c, size_t size)
-{
-	return wctomb(s, c);
-}
-
-wchar_t *__wmemcpy_chk(wchar_t *dst, const wchar_t *src, size_t n, size_t dstlen)
-{
-	return wmemcpy(dst, src, n);
-}
-
-wchar_t *__wmemmove_chk(wchar_t *dst, const wchar_t *src, size_t n, size_t dstlen)
-{
-	return wmemmove(dst, src, n);
-}
-
-wchar_t *__wmempcpy_chk(wchar_t *dst, const wchar_t *src, size_t n, size_t dstlen)
-{
-	return mempcpy(dst, src, n*sizeof*src);
-}
-
-wchar_t *__wmemset_chk(wchar_t *s, wchar_t c, size_t n, size_t slen)
-{
-	return wmemset(s, c, n);
-}
-
-int __wprintf_chk(int flag, const wchar_t *fmt, ...)
-{
-	va_list ap;
-	int r;
-	va_start(ap,fmt);
-	r = vwprintf(fmt, ap);
-	va_end(ap);
-	return r;
-}
-

src/libproxychains.c

@@ -52,6 +52,7 @@ getaddrinfo_t true_getaddrinfo;
 freeaddrinfo_t true_freeaddrinfo;
 getnameinfo_t true_getnameinfo;
 gethostbyaddr_t true_gethostbyaddr;
+sendto_t true_sendto;
 
 int tcp_read_time_out;
 int tcp_connect_time_out;
@@ -76,7 +77,7 @@ static inline void get_chain_data(proxy_data * pd, unsigned int *proxy_count, ch
 static void* load_sym(char* symname, void* proxyfunc) {
 
 	void *funcptr = dlsym(RTLD_NEXT, symname);
-	
+
 	if(!funcptr) {
 		fprintf(stderr, "Cannot load symbol '%s' %s\n", symname, dlerror());
 		exit(1);
@@ -94,30 +95,30 @@ static void* load_sym(char* symname, void* proxyfunc) {
 
 #define SETUP_SYM(X) do { true_ ## X = load_sym( # X, X ); } while(0)
 
-#include "shm.h"
 #include "allocator_thread.h"
-#include "stringdump.h"
+
+const char *proxychains_get_version(void);
 
 static void do_init(void) {
 	srand(time(NULL));
-	dumpstring_init(); // global string garbage can
 	core_initialize();
 	at_init();
-	
+
 	/* read the config file */
 	get_chain_data(proxychains_pd, &proxychains_proxy_count, &proxychains_ct);
 	DUMP_PROXY_CHAIN(proxychains_pd, proxychains_proxy_count);
 
-	proxychains_write_log(LOG_PREFIX "DLL init\n");
-	
+	proxychains_write_log(LOG_PREFIX "DLL init: proxychains-ng %s\n", proxychains_get_version());
+
 	SETUP_SYM(connect);
+	SETUP_SYM(sendto);
 	SETUP_SYM(gethostbyname);
 	SETUP_SYM(getaddrinfo);
 	SETUP_SYM(freeaddrinfo);
 	SETUP_SYM(gethostbyaddr);
 	SETUP_SYM(getnameinfo);
 	SETUP_SYM(close);
-	
+
 	init_l = 1;
 }
 
@@ -168,7 +169,7 @@ static void get_chain_data(proxy_data * pd, unsigned int *proxy_count, chain_typ
 	tcp_read_time_out = 4 * 1000;
 	tcp_connect_time_out = 10 * 1000;
 	*ct = DYNAMIC_TYPE;
-	
+
 	env = get_config_path(getenv(PROXYCHAINS_CONF_FILE_ENV_VAR), buff, sizeof(buff));
 	if( ( file = fopen(env, "r") ) == NULL )
 	{
@@ -186,13 +187,18 @@ static void get_chain_data(proxy_data * pd, unsigned int *proxy_count, chain_typ
 			if(list) {
 				if(count >= MAX_CHAIN)
 					break;
-				
+
 				memset(&pd[count], 0, sizeof(proxy_data));
 
 				pd[count].ps = PLAY_STATE;
 				port_n = 0;
 
-				sscanf(buff, "%s %s %d %s %s", type, host, &port_n, pd[count].user, pd[count].pass);
+				int ret = sscanf(buff, "%s %s %d %s %s", type, host, &port_n, pd[count].user, pd[count].pass);
+				if(ret < 3 || ret == EOF) {
+					inv:
+					fprintf(stderr, "error: invalid item in proxylist section: %s", buff);
+					exit(1);
+				}
 
 				in_addr_t host_ip = inet_addr(host);
 				if(host_ip == INADDR_NONE) {
@@ -209,7 +215,7 @@ static void get_chain_data(proxy_data * pd, unsigned int *proxy_count, chain_typ
 				} else if(!strcmp(type, "socks5")) {
 					pd[count].pt = SOCKS5_TYPE;
 				} else
-					continue;
+					goto inv;
 
 				if(pd[count].ip.as_int && port_n && pd[count].ip.as_int != (uint32_t) - 1)
 					count++;
@@ -291,6 +297,10 @@ static void get_chain_data(proxy_data * pd, unsigned int *proxy_count, chain_typ
 		}
 	}
 	fclose(file);
+	if(!count) {
+		fprintf(stderr, "error: no valid proxy found in config\n");
+		exit(1);
+	}
 	*proxy_count = count;
 	proxychains_got_chain_data = 1;
 }
@@ -407,15 +417,15 @@ void freeaddrinfo(struct addrinfo *res) {
 	return;
 }
 
-int pc_getnameinfo(const struct sockaddr *sa, socklen_t salen, 
-	           char *host, socklen_t hostlen, char *serv, 
+int pc_getnameinfo(const struct sockaddr *sa, socklen_t salen,
+	           char *host, socklen_t hostlen, char *serv,
 	           socklen_t servlen, int flags)
 {
 	char ip_buf[16];
 	int ret = 0;
 
 	INIT();
-	
+
 	PFUNC();
 
 	if(!proxychains_resolver) {
@@ -468,3 +478,20 @@ struct hostent *gethostbyaddr(const void *addr, socklen_t len, int type) {
 	}
 	return NULL;
 }
+
+#ifndef MSG_FASTOPEN
+#   define MSG_FASTOPEN 0x20000000
+#endif
+
+ssize_t sendto(int sockfd, const void *buf, size_t len, int flags,
+	       const struct sockaddr *dest_addr, socklen_t addrlen) {
+	if (flags & MSG_FASTOPEN) {
+		if (!connect(sockfd, dest_addr, addrlen) && errno != EINPROGRESS) {
+			return -1;
+		}
+		dest_addr = NULL;
+		addrlen = 0;
+		flags &= ~MSG_FASTOPEN;
+	}
+	return true_sendto(sockfd, buf, len, flags, dest_addr, addrlen);
+}

src/main.c

@@ -33,7 +33,9 @@ static const char *dll_name = DLL_NAME;
 
 static char own_dir[256];
 static const char *dll_dirs[] = {
+#ifndef SUPER_SECURE /* CVE-2015-3887 */
 	".",
+#endif
 	own_dir,
 	LIB_DIR,
 	"/lib",
@@ -48,7 +50,11 @@ static void set_own_dir(const char *argv0) {
 	while(l && argv0[l - 1] != '/')
 		l--;
 	if(l == 0)
+#ifdef SUPER_SECURE
+		memcpy(own_dir, "/dev/null/", 11);
+#else
 		memcpy(own_dir, ".", 2);
+#endif
 	else {
 		memcpy(own_dir, argv0, l - 1);
 		own_dir[l] = 0;
@@ -89,7 +95,7 @@ int main(int argc, char *argv[]) {
 
 	/* check if path of config file has not been passed via command line */
 	path = get_config_path(path, pbuf, sizeof(pbuf));
-	
+
 	if(!quiet)
 		fprintf(stderr, LOG_PREFIX "config file found: %s\n", path);
 
@@ -103,7 +109,7 @@ int main(int argc, char *argv[]) {
 	// search DLL
 
 	set_own_dir(argv[0]);
-	
+
 	i = 0;
 
 	while(dll_dirs[i]) {
@@ -122,14 +128,24 @@ int main(int argc, char *argv[]) {
 	if(!quiet)
 		fprintf(stderr, LOG_PREFIX "preloading %s/%s\n", prefix, dll_name);
 
-#ifndef IS_MAC
-	snprintf(buf, sizeof(buf), "LD_PRELOAD=%s/%s", prefix, dll_name);
-	putenv(buf);
-#else
-	snprintf(buf, sizeof(buf), "DYLD_INSERT_LIBRARIES=%s/%s", prefix, dll_name);
-	putenv(buf);
+#ifdef IS_MAC
 	putenv("DYLD_FORCE_FLAT_NAMESPACE=1");
+#define LD_PRELOAD_ENV "DYLD_INSERT_LIBRARIES"
+#define LD_PRELOAD_SEP ":"
+#else
+#define LD_PRELOAD_ENV "LD_PRELOAD"
+/* all historic implementations of BSD and linux dynlinkers seem to support
+   space as LD_PRELOAD separator, with colon added only recently.
+   we use the old syntax for maximum compat */
+#define LD_PRELOAD_SEP " "
 #endif
+	char *old_val = getenv(LD_PRELOAD_ENV);
+	snprintf(buf, sizeof(buf), LD_PRELOAD_ENV "=%s/%s%s%s",
+	         prefix, dll_name,
+	         /* append previous LD_PRELOAD content, if existent */
+	         old_val ? LD_PRELOAD_SEP : "",
+	         old_val ? old_val : "");
+	putenv(buf);
 	execvp(argv[start_argv], &argv[start_argv]);
 	perror("proxychains can't load process....");
 

src/shm.c

@@ -1,53 +0,0 @@
-#include <assert.h>
-#include <string.h>
-#include <limits.h>
-#include <string.h>
-#include <stdlib.h>
-#ifndef PAGE_SIZE
-#define PAGE_SIZE 4096
-#endif
-#include "shm.h"
-#include "debug.h"
-
-#if 0
-#include <sys/mman.h>
-#include <sys/ipc.h>
-#include <sys/shm.h>
-
-/* allocates shared memory which can be accessed from the parent and its childs */
-void *shm_realloc(void* old, size_t old_size, size_t new_size) {
-	//PFUNC();
-	void *nu = mmap(NULL, new_size, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_ANON, -1, 0);
-	if(old) {
-		if(!nu) return NULL;
-		assert(new_size >= old_size);
-		memcpy(nu, old, old_size);
-		munmap(old, old_size);
-	}
-	return nu;
-}
-#endif
-
-void stringpool_init(struct stringpool* sp) {
-	PFUNC();
-	memset(sp, 0, sizeof *sp);
-}
-
-char* stringpool_add(struct stringpool *sp, char* s, size_t len) {
-	//PFUNC();
-	if(len > sp->alloced - sp->used) {
-		size_t newsz = sp->used + len;
-		size_t inc = PAGE_SIZE - (newsz % PAGE_SIZE);
-		newsz += (inc == PAGE_SIZE) ? 0 : inc;
-		void* p = realloc(sp->start, newsz);
-		if(p) {
-			sp->start = p;
-			sp->alloced = newsz;
-		} else 
-			return 0;
-	}
-	char* ret = sp->start + sp->used;
-	memcpy(ret, s, len);
-	sp->used += len;
-	return ret;
-}

src/shm.h

@@ -1,17 +0,0 @@
-#ifndef SHM_H
-#define SHM_H
-#include <unistd.h>
-
-struct stringpool {
-	size_t alloced;
-	size_t used;
-	char* start;
-};
-
-void stringpool_init(struct stringpool* sp);
-char* stringpool_add(struct stringpool *sp, char* s, size_t len);
-#if 0
-void *shm_realloc(void* old, size_t old_size, size_t new_size);
-#endif
-//RcB: DEP "shm.c"
-#endif

src/stringdump.c

@@ -1,13 +0,0 @@
-#include "stringdump.h"
-#include "debug.h"
-
-struct stringpool mem;
-
-char *dumpstring(char* s, size_t len) {
-	PFUNC();
-	return stringpool_add(&mem, s, len);
-}
-
-void dumpstring_init(void) {
-	stringpool_init(&mem);
-}

src/stringdump.h

@@ -1,12 +0,0 @@
-#ifndef STRINGDUMP_H
-#define STRINGDUMP_H
-
-#include "shm.h"
-#include <unistd.h>
-
-char *dumpstring(char* s, size_t len);
-void dumpstring_init(void);
-
-//RcB: DEP "stringdump.h"
-
-#endif

src/version.c

@@ -0,0 +1,6 @@
+#include "version.h"
+static const char version[] = VERSION;
+const char *proxychains_get_version(void) {
+	return version;
+}
+

tests/test_sendto.c

@@ -0,0 +1,66 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <netdb.h>
+
+#ifndef MSG_FASTOPEN
+#   define MSG_FASTOPEN 0x20000000
+#endif
+
+void error(const char *msg)
+{
+	perror(msg);
+	exit(1);
+}
+
+int main(int argc, char *argv[])
+{
+	if (argc < 4) {
+		printf("Usage: %s host port method(connect or sendto)\n", argv[0]);
+		return 1;
+	}
+	const char *hostname = argv[1];
+	const int portno = atoi(argv[2]);
+	const char *method = argv[3];
+	char request[BUFSIZ];
+	sprintf(request, "GET / HTTP/1.0\r\nHost: %s\r\n\r\n", hostname);
+	int sockfd, n;
+	struct sockaddr_in serv_addr;
+	struct hostent *server;
+
+	char buffer[BUFSIZ];
+	sockfd = socket(AF_INET, SOCK_STREAM, 0);
+	if (sockfd < 0) error("ERROR opening socket");
+	server = gethostbyname(hostname);
+	if (server == NULL) {
+		fprintf(stderr, "%s: no such host\n", hostname);
+		return 1;
+	}
+	memset(&serv_addr, 0, sizeof(serv_addr));
+	serv_addr.sin_family = AF_INET;
+	memcpy(&serv_addr.sin_addr.s_addr, server->h_addr, server->h_length);
+	serv_addr.sin_port = htons(portno);
+	if (!strcmp(method, "connect")) {
+	  if (connect(sockfd, (struct sockaddr *)&serv_addr, sizeof(serv_addr)) < 0)
+		  error("connect");
+	  n = send(sockfd, request, strlen(request), 0);
+	} else if (!strcmp(method, "sendto")) {
+	  n = sendto(sockfd, request, strlen(request), MSG_FASTOPEN, (struct sockaddr *)&serv_addr, sizeof(serv_addr));
+	} else {
+	  printf("Unknown method %s\n", method);
+	  return 1;
+	}
+	if (n < 0)
+		 error("send");
+	memset(buffer, 0, BUFSIZ);
+	n = read(sockfd, buffer, BUFSIZ - 1);
+	if (n < 0)
+		 error("ERROR reading from socket");
+	printf("%s\n", buffer);
+	close(sockfd);
+	return 0;
+}

tools/install.sh

@@ -0,0 +1,64 @@
+#!/bin/sh
+#
+# This is an actually-safe install command which installs the new
+# file atomically in the new location, rather than overwriting
+# existing files.
+#
+
+usage() {
+printf "usage: %s [-D] [-l] [-m mode] src dest\n" "$0" 1>&2
+exit 1
+}
+
+mkdirp=
+symlink=
+mode=755
+
+while getopts Dlm: name ; do
+case "$name" in
+D) mkdirp=yes ;;
+l) symlink=yes ;;
+m) mode=$OPTARG ;;
+?) usage ;;
+esac
+done
+shift $(($OPTIND - 1))
+
+test "$#" -eq 2 || usage
+src=$1
+dst=$2
+tmp="$dst.tmp.$$"
+
+case "$dst" in
+*/) printf "%s: %s ends in /\n", "$0" "$dst" 1>&2 ; exit 1 ;;
+esac
+
+set -C
+set -e
+
+if test "$mkdirp" ; then
+umask 022
+case "$2" in
+*/*) mkdir -p "${dst%/*}" ;;
+esac
+fi
+
+trap 'rm -f "$tmp"' EXIT INT QUIT TERM HUP
+
+umask 077
+
+if test "$symlink" ; then
+ln -s "$1" "$tmp"
+else
+cat < "$1" > "$tmp"
+chmod "$mode" "$tmp"
+fi
+
+mv -f "$tmp" "$2"
+test -d "$2" && {
+rm -f "$2/$tmp"
+printf "%s: %s is a directory\n" "$0" "$dst" 1>&2
+exit 1
+}
+
+exit 0

tools/version.sh

@@ -0,0 +1,12 @@
+#!/bin/sh
+
+if test -d .git ; then
+if type git >/dev/null 2>&1 ; then
+git describe --tags --match 'v[0-9]*' 2>/dev/null \
+| sed -e 's/^v//' -e 's/-/-git-/'
+else
+sed 's/$/-git/' < VERSION
+fi
+else
+cat VERSION
+fi