properly handle non-blocking mode of socket

addressing #171

Makefile

@@ -25,7 +25,7 @@ GENH = src/version.h
 CFLAGS  += -Wall -O0 -g -std=c99 -D_GNU_SOURCE -pipe
 NO_AS_NEEDED = -Wl,--no-as-needed
 LIBDL   = -ldl
-LDFLAGS = -shared -fPIC $(NO_AS_NEEDED) $(LIBDL) -lpthread
+LDFLAGS = -fPIC $(NO_AS_NEEDED) $(LIBDL) -lpthread
 INC     = 
 PIC     = -fPIC
 AR      = $(CROSS_COMPILE)ar
@@ -82,7 +82,7 @@ src/version.o: src/version.h
 
 $(LDSO_PATHNAME): $(LOBJS)
 	$(CC) $(LDFLAGS) $(LD_SET_SONAME)$(LDSO_PATHNAME) $(USER_LDFLAGS) \
-		-o $@ $(LOBJS)
+		-shared -o $@ $(LOBJS)
 
 $(ALL_TOOLS): $(OBJS)
 	$(CC) src/main.o src/common.o $(USER_LDFLAGS) -o $(PXCHAINS)

README

@@ -1,4 +1,4 @@
-ProxyChains-NG ver 4.11 README
+ProxyChains-NG ver 4.12 README
 =============================
 
   ProxyChains is a UNIX program, that hooks network-related libc functions
@@ -52,6 +52,16 @@ ProxyChains-NG ver 4.11 README
 
 Changelog:
 ----------
+Version 4.12
+- fix several build issues
+  - for MAC
+  - with -pie
+  - with custom CC
+- compatibility fix for some GUI apps (8870140)
+- compatibility fix for some HTTP proxies (cf9a16d)
+- fix several warnings for cleaner build on debian
+- fix random_chain on OSX (0f6b226)
+
 Version 4.11
 - preliminary IPv6 support
 - fixed bug in hostsreader

VERSION

@@ -1 +1 @@
-4.11
+4.12

configure

@@ -1,6 +1,18 @@
 #!/bin/sh
 
 prefix=/usr/local
+OUR_CPPFLAGS=
+
+# Get a temporary filename
+i=0
+set -C
+while : ; do i=$(($i+1))
+tmpc="./conf$$-$PPID-$i.c"
+2>|/dev/null > "$tmpc" && break
+test "$i" -gt 50 && fail "$0: cannot create temporary file $tmpc"
+done
+set +C
+trap 'rm "$tmpc"' EXIT INT QUIT TERM HUP
 
 ismac() {
 	uname -s | grep Darwin >/dev/null
@@ -20,14 +32,12 @@ isopenbsd() {
 
 check_compile() {
 	printf "checking %s ... " "$1"
-	local tmp=$(mktemp)
-	printf "$3" > "$tmp".c
+	printf "$3" > "$tmpc"
 	local res=0
-	$CC $CPPFLAGS $2 $CFLAGS -c "$tmp".c -o "$tmp".o >/dev/null 2>&1 \
+	$CC $OUR_CPPFLAGS $CPPFLAGS $2 $CFLAGS -c "$tmpc" -o /dev/null >/dev/null 2>&1 \
 	|| res=1
-	rm -f "$tmp".c "$tmp".o
 	test x$res = x0 && \
-	{ printf "yes\n" ; test x"$2" = x || CPPFLAGS="$CPPFLAGS $2" ; } \
+	{ printf "yes\n" ; test x"$2" = x || OUR_CPPFLAGS="$OUR_CPPFLAGS $2" ; } \
 	|| printf "no\n"
 	return $res
 }
@@ -35,20 +45,19 @@ check_compile() {
 check_define() {
 	printf "checking whether \$CC defines %s ... " "$1"
 	local res=1
-	$CC $CPPFLAGS $CFLAGS -dM -E - </dev/null | grep "$1" >/dev/null && res=0
+	$CC $OUR_CPPFLAGS $CPPFLAGS $CFLAGS -dM -E - </dev/null | grep "$1" >/dev/null && res=0
 	test x$res = x0 && printf "yes\n" || printf "no\n"
 	return $res
 }
 
 check_compile_run() {
 	printf "checking %s ... " "$1"
-	local tmp=$(mktemp)
-	printf "$2" > "$tmp".c
+	printf "$2" > "$tmpc"
 	local res=0
-	$CC $CPPFLAGS $CFLAGS "$tmp".c -o "$tmp".out >/dev/null 2>&1 \
+	$CC $OUR_CPPFLAGS $CPPFLAGS $CFLAGS "$tmpc" -o "$tmpc".out >/dev/null 2>&1 \
 	|| res=1
-	test x$res = x0 && { "$tmp".out || res=1 ; }
-	rm -f "$tmp".c "$tmp".o "$tmp".out
+	test x$res = x0 && { "$tmpc".out || res=1 ; }
+	rm -f "$tmpc".out
 	test x$res = x0 && printf "yes\n" || printf "no\n"
 	return $res
 }
@@ -135,19 +144,20 @@ check_compile 'whether netinet/in.h defines __u6_addr.__u6_addr16' \
 check_define __OpenBSD__ && \
 check_compile_run 'whether OpenBSDs fclose() (illegally) calls close()' \
 '#include <stdio.h>\n#include<stdlib.h>\nint close(int x){exit(0);}int main(){fclose(stdin);return 1;}' && \
-CPPFLAGS="$CPPFLAGS -DBROKEN_FCLOSE"
+OUR_CPPFLAGS="$OUR_CPPFLAGS -DBROKEN_FCLOSE"
 
-echo CC?=$CC>config.mak
-[ -z "$CPPFLAGS" ] || echo CPPFLAGS?=$CPPFLAGS>>config.mak
-[ -z "$CFLAGS" ] || echo USER_CFLAGS?=$CFLAGS>>config.mak
-[ -z "$LDFLAGS" ] || echo USER_LDFLAGS?=$LDFLAGS>>config.mak
+echo "CC=$CC">config.mak
+[ -z "$CPPFLAGS" ] || echo "CPPFLAGS=$CPPFLAGS">>config.mak
+[ -z "$CFLAGS" ] || echo "USER_CFLAGS=$CFLAGS">>config.mak
+[ -z "$LDFLAGS" ] || echo "USER_LDFLAGS=$LDFLAGS">>config.mak
 echo prefix=$prefix>>config.mak
 echo exec_prefix=$exec_prefix>>config.mak
 echo bindir=$bindir>>config.mak
 echo libdir=$libdir>>config.mak
 echo includedir=$includedir>>config.mak
 echo sysconfdir=$sysconfdir>>config.mak
-[ "$ignore_cve" = "no" ] && echo CPPFLAGS+= -DSUPER_SECURE>>config.mak
+[ "$ignore_cve" = "no" ] && echo "CPPFLAGS+= -DSUPER_SECURE">>config.mak
+[ -z "$OUR_CPPFLAGS" ] || echo "CPPFLAGS+= $OUR_CPPFLAGS" >>config.mak
 make_cmd=make
 if ismac ; then
 	echo NO_AS_NEEDED=>>config.mak

src/allocator_thread.c

@@ -176,24 +176,61 @@ static int wait_data(int readfd) {
 	return 1;
 }
 
+static int trywrite(int fd, void* buf, size_t bytes) {
+	ssize_t ret;
+	unsigned char *out = buf;
+again:
+	ret = write(fd, out, bytes);
+	switch(ret) {
+		case -1:
+			if(errno == EINTR) goto again;
+		case  0:
+			return 0;
+		default:
+			if(ret == bytes || !bytes) return 1;
+			out += ret;
+			bytes -= ret;
+			goto again;
+	}
+}
+
 static int sendmessage(enum at_direction dir, struct at_msghdr *hdr, void* data) {
 	static int* destfd[ATD_MAX] = { [ATD_SERVER] = &req_pipefd[1], [ATD_CLIENT] = &resp_pipefd[1] };
-	int ret = write(*destfd[dir], hdr, sizeof *hdr) == sizeof *hdr;
+	int ret = trywrite(*destfd[dir], hdr, sizeof *hdr);
 	if(ret && hdr->datalen) {
 		assert(hdr->datalen <= MSG_LEN_MAX);
-		ret = write(*destfd[dir], data, hdr->datalen) == hdr->datalen;
+		ret = trywrite(*destfd[dir], data, hdr->datalen);
 	}
 	return ret;
 }
 
+static int tryread(int fd, void* buf, size_t bytes) {
+	ssize_t ret;
+	unsigned char *out = buf;
+again:
+	ret = read(fd, out, bytes);
+	switch(ret) {
+		case -1:
+			if(errno == EINTR) goto again;
+		case  0:
+			return 0;
+		default:
+			if(ret == bytes || !bytes) return 1;
+			out += ret;
+			bytes -= ret;
+			goto again;
+	}
+}
+
 static int getmessage(enum at_direction dir, struct at_msghdr *hdr, void* data) {
 	static int* readfd[ATD_MAX] = { [ATD_SERVER] = &req_pipefd[0], [ATD_CLIENT] = &resp_pipefd[0] };
-	int ret;
+	ssize_t ret;
 	if((ret = wait_data(*readfd[dir]))) {
-		ret = read(*readfd[dir], hdr, sizeof *hdr) == sizeof(*hdr);
+		if(!tryread(*readfd[dir], hdr, sizeof *hdr))
+			return 0;
 		assert(hdr->datalen <= MSG_LEN_MAX);
-		if(ret && hdr->datalen) {
-			ret = read(*readfd[dir], data, hdr->datalen) == hdr->datalen;
+		if(hdr->datalen) {
+			ret = tryread(*readfd[dir], data, hdr->datalen);
 		}
 	}
 	return ret;

src/core.c

@@ -154,10 +154,19 @@ static int timed_connect(int sock, const struct sockaddr *addr, socklen_t len) {
 
 	pfd[0].fd = sock;
 	pfd[0].events = POLLOUT;
-	fcntl(sock, F_SETFL, O_NONBLOCK);
+	int flags = fcntl(sock, F_GETFL, 0);
+	/* put socket temporarily into nonblocking mode so we can enforce
+	 * the timeout. */
+	if(!(flags & O_NONBLOCK))
+		fcntl(sock, F_SETFL, flags | O_NONBLOCK);
 	ret = true_connect(sock, addr, len);
 	PDEBUG("\nconnect ret=%d\n", ret);
-	
+
+	/* if the socket was already non-blocking, we assume the app takes
+	 * care of handling the timeouts itself. */
+	if(flags & O_NONBLOCK)
+		return ret;
+
 	if(ret == -1 && errno == EINPROGRESS) {
 		ret = poll_retry(pfd, 1, tcp_connect_time_out);
 		PDEBUG("\npoll ret=%d\n", ret);
@@ -181,7 +190,7 @@ static int timed_connect(int sock, const struct sockaddr *addr, socklen_t len) {
 			ret = -1;
 	}
 
-	fcntl(sock, F_SETFL, !O_NONBLOCK);
+	fcntl(sock, F_SETFL, flags);
 	return ret;
 }
 
@@ -236,13 +245,15 @@ static int tunnel_to(int sock, ip_type ip, unsigned short port, proxy_type pt, c
 				encode_base_64(src, dst, sizeof(dst));
 			} else dst[0] = 0;
 
+			uint16_t hs_port = ntohs(port);
 			len = snprintf((char *) buff, sizeof(buff),
-			               "CONNECT %s:%d HTTP/1.0\r\n%s%s%s\r\n",
-			                dns_name,  ntohs(port),
+			               "CONNECT %s:%d HTTP/1.0\r\nHost: %s:%d\r\n%s%s%s\r\n",
+			                dns_name, hs_port,
+			                dns_name, hs_port,
 			                ulen ? "Proxy-Authorization: Basic " : dst,
 			                dst, ulen ? "\r\n" : dst);
 
-			if(len != send(sock, buff, len, 0))
+			if(len < 0 || len != send(sock, buff, len, 0))
 				goto err;
 
 			len = 0;
@@ -269,7 +280,7 @@ static int tunnel_to(int sock, ip_type ip, unsigned short port, proxy_type pt, c
 		break;
 		case SOCKS4_TYPE:{
 			if(v6) {
-				proxychains_write_log(LOG_PREFIX "error: SOCKS4 doesnt support ipv6 addresses\n");
+				proxychains_write_log(LOG_PREFIX "error: SOCKS4 doesn't support ipv6 addresses\n");
 				goto err;
 			}
 			buff[0] = 4;	// socks version
@@ -464,7 +475,7 @@ static proxy_data *select_proxy(select_type how, proxy_data * pd, unsigned int p
 		case RANDOMLY:
 			do {
 				k++;
-				i = 0 + (unsigned int) (proxy_count * 1.0 * rand() / (RAND_MAX + 1.0));
+				i = rand() % proxy_count;
 			} while(pd[i].ps != PLAY_STATE && k < proxy_count * 100);
 			break;
 		case FIFOLY:

src/debug.c

@@ -22,4 +22,10 @@ void DUMP_PROXY_CHAIN(proxy_data *pchain, unsigned int count) {
 	}
 }
 
+#else
+
+// Do not allow this translation unit to end up empty
+// for non-DEBUG builds, to satisfy ISO C standards.
+typedef int __appease_iso_compilers__;
+
 #endif

src/ip_type.c

@@ -1,5 +1,5 @@
 #include "ip_type.h"
 
 const ip_type ip_type_invalid = { .addr.v4.as_int = -1 };
-const ip_type ip_type_localhost = { .addr.v4 = {127, 0, 0, 1} };
+const ip_type ip_type_localhost = { .addr.v4.octet = {127, 0, 0, 1} };
 

src/libproxychains.c

@@ -93,7 +93,7 @@ static void* load_sym(char* symname, void* proxyfunc) {
 
 #define INIT() init_lib_wrapper(__FUNCTION__)
 
-#define SETUP_SYM(X) do { true_ ## X = load_sym( # X, X ); } while(0)
+#define SETUP_SYM(X) do { if (! true_ ## X ) true_ ## X = load_sym( # X, X ); } while(0)
 
 #include "allocator_thread.h"
 
@@ -110,6 +110,9 @@ static void setup_hooks(void) {
 	SETUP_SYM(close);
 }
 
+static int close_fds[16];
+static int close_fds_cnt = 0;
+
 static void do_init(void) {
 	srand(time(NULL));
 	core_initialize();
@@ -123,6 +126,8 @@ static void do_init(void) {
 
 	setup_hooks();
 
+	while(close_fds_cnt) true_close(close_fds[--close_fds_cnt]);
+
 	init_l = 1;
 }
 
@@ -229,7 +234,7 @@ static void get_chain_data(proxy_data * pd, unsigned int *proxy_count, chain_typ
 				} else if(strstr(buff, "tcp_connect_time_out")) {
 					sscanf(buff, "%s %d", user, &tcp_connect_time_out);
 				} else if(strstr(buff, "remote_dns_subnet")) {
-					sscanf(buff, "%s %d", user, &remote_dns_subnet);
+					sscanf(buff, "%s %u", user, &remote_dns_subnet);
 					if(remote_dns_subnet >= 256) {
 						fprintf(stderr,
 							"remote_dns_subnet: invalid value. requires a number between 0 and 255.\n");
@@ -280,6 +285,10 @@ static void get_chain_data(proxy_data * pd, unsigned int *proxy_count, chain_typ
 					char *pc;
 					int len;
 					pc = strchr(buff, '=');
+					if(!pc) {
+						fprintf(stderr, "error: missing equals sign '=' in chain_len directive.\n");
+						exit(1);
+					}
 					len = atoi(++pc);
 					proxychains_max_chain = (len ? len : 1);
 				} else if(strstr(buff, "quiet_mode")) {
@@ -304,12 +313,18 @@ static void get_chain_data(proxy_data * pd, unsigned int *proxy_count, chain_typ
 /*******  HOOK FUNCTIONS  *******/
 
 int close(int fd) {
-	INIT();
+	if(!init_l) {
+		if(close_fds_cnt>=(sizeof close_fds/sizeof close_fds[0])) goto err;
+		close_fds[close_fds_cnt++] = fd;
+		errno = 0;
+		return 0;
+	}
 	/* prevent rude programs (like ssh) from closing our pipes */
 	if(fd != req_pipefd[0]  && fd != req_pipefd[1] &&
 	   fd != resp_pipefd[0] && fd != resp_pipefd[1]) {
 		return true_close(fd);
 	}
+	err:
 	errno = EBADF;
 	return -1;
 }
@@ -410,7 +425,7 @@ int getaddrinfo(const char *node, const char *service, const struct addrinfo *hi
 
 void freeaddrinfo(struct addrinfo *res) {
 	INIT();
-	PDEBUG("freeaddrinfo %p \n", res);
+	PDEBUG("freeaddrinfo %p \n", (void *) res);
 
 	if(!proxychains_resolver)
 		true_freeaddrinfo(res);

src/main.c

@@ -24,7 +24,7 @@
 static int usage(char **argv) {
 	printf("\nUsage:\t%s -q -f config_file program_name [arguments]\n"
 	       "\t-q makes proxychains quiet - this overrides the config setting\n"
-	       "\t-f allows to manually specify a configfile to use\n"
+	       "\t-f allows one to manually specify a configfile to use\n"
 	       "\tfor example : proxychains telnet somehost.com\n" "More help in README file\n\n", argv[0]);
 	return EXIT_FAILURE;
 }