release 4.9

closes #60

README

@@ -1,4 +1,4 @@
-ProxyChains-NG ver 4.8 README
+ProxyChains-NG ver 4.9 README
 =============================
 
   ProxyChains is a UNIX program, that hooks network-related libc functions
@@ -52,6 +52,12 @@ ProxyChains-NG ver 4.8 README
 
 Changelog:
 ----------
+Version 4.9
+- fix a security issue CVE-2015-3887
+- add sendto hook to handle MSG_FASTOPEN flag
+- replace problematic hostentdb with hostsreader
+- fix compilation on OpenBSD (although doesn't work there)
+
 Version 4.8.1:
 - fix regression in 4.8 install-config Makefile target
 

VERSION

@@ -1 +1 @@
-4.8.1
+4.9

configure

@@ -14,6 +14,10 @@ isbsd() {
 	uname -s | grep BSD >/dev/null
 }
 
+isopenbsd() {
+	uname -s | grep OpenBSD >/dev/null
+}
+
 usage() {
 	echo "supported arguments"
 	echo "--prefix=/path 		default: $prefix"
@@ -22,6 +26,9 @@ usage() {
 	echo "--libdir=/path		default: $prefix/lib"
 	echo "--includedir=/path	default: $prefix/include"
 	echo "--sysconfdir=/path	default: $prefix/etc"
+	echo "--ignore-cve		default: no"
+	echo "	if set to yes ignores CVE-2015-3887 and makes it possible"
+	echo "	to preload from current dir (insecure)"
 	ismac && isx86_64 && echo "--fat-binary : build for both i386 and x86_64 architectures on 64-bit Macs"
 	echo "--help : show this text"
 	exit 1
@@ -35,7 +42,7 @@ spliteq() {
 }
 
 fat_binary=
-
+ignore_cve=no
 parsearg() {
 	case "$1" in
 	--prefix=*) prefix=`spliteq $1`;;
@@ -44,6 +51,8 @@ parsearg() {
 	--libdir=*) libdir=`spliteq $1`;;
 	--includedir=*) includedir=`spliteq $1`;;
 	--sysconfdir=*) sysconfdir=`spliteq $1`;;
+	--ignore-cve) ignore_cve=1;;
+	--ignore-cve=*) ignore_cve=`spliteq $1`;;
 	--fat-binary) fat_binary=1;;
 	--help) usage;;
 	esac
@@ -90,6 +99,7 @@ echo bindir=$bindir>>config.mak
 echo libdir=$libdir>>config.mak
 echo includedir=$includedir>>config.mak
 echo sysconfdir=$sysconfdir>>config.mak
+[ "$ignore_cve" = "no" ] && echo CPPFLAGS+= -DSUPER_SECURE>>config.mak
 make_cmd=make
 if ismac ; then
 	echo NO_AS_NEEDED=>>config.mak
@@ -104,6 +114,7 @@ if ismac ; then
 elif isbsd ; then
 	echo LIBDL=>>config.mak
 	echo "CFLAGS+=-DIS_BSD">>config.mak
+	isopenbsd && echo "CFLAGS+=-DIS_OPENBSD">>config.mak
 	make_cmd=gmake
 fi
 

src/core.c

@@ -785,8 +785,12 @@ void proxy_freeaddrinfo(struct addrinfo *res) {
 	free(res);
 }
 
-#ifdef IS_MAC
-/* getservbyname on mac is using thread local storage, so we dont need mutex */
+#if defined(IS_MAC) || defined(IS_OPENBSD)
+#ifdef IS_OPENBSD /* OpenBSD has its own incompatible getservbyname_r */
+#define getservbyname_r mygetservbyname_r
+#endif
+/* getservbyname on mac is using thread local storage, so we dont need mutex 
+   TODO: check if the same applies to OpenBSD */
 static int getservbyname_r(const char* name, const char* proto, struct servent* result_buf, 
 			   char* buf, size_t buflen, struct servent** result) {
 	PFUNC();
@@ -853,6 +857,9 @@ int proxy_getaddrinfo(const char *node, const char *service, const struct addrin
 		p->ai_flags = hints->ai_flags;
 		p->ai_protocol = hints->ai_protocol;
 	} else {
+#ifndef AI_V4MAPPED
+#define AI_V4MAPPED 0
+#endif
 		p->ai_flags = (AI_V4MAPPED | AI_ADDRCONFIG);
 	}
 

src/main.c

@@ -33,7 +33,9 @@ static const char *dll_name = DLL_NAME;
 
 static char own_dir[256];
 static const char *dll_dirs[] = {
+#ifndef SUPER_SECURE /* CVE-2015-3887 */
 	".",
+#endif
 	own_dir,
 	LIB_DIR,
 	"/lib",
@@ -48,7 +50,11 @@ static void set_own_dir(const char *argv0) {
 	while(l && argv0[l - 1] != '/')
 		l--;
 	if(l == 0)
+#ifdef SUPER_SECURE
+		memcpy(own_dir, "/dev/null/", 11);
+#else
 		memcpy(own_dir, ".", 2);
+#endif
 	else {
 		memcpy(own_dir, argv0, l - 1);
 		own_dir[l] = 0;