configure: make buildsystem-set CPPFLAGS non-overridable

we temporarily store all buildsystem-set conditionals into
OUR_CPPFLAGS and write it into config.mak as an addition to eventually
user-supplied CPPFLAGS. this should prevent crucial things we set from
being overwritten by a user that has CPPFLAGS exported.

fixes #142

Makefile

@@ -25,7 +25,7 @@ GENH = src/version.h
 CFLAGS  += -Wall -O0 -g -std=c99 -D_GNU_SOURCE -pipe
 NO_AS_NEEDED = -Wl,--no-as-needed
 LIBDL   = -ldl
-LDFLAGS = -shared -fPIC $(NO_AS_NEEDED) $(LIBDL) -lpthread
+LDFLAGS = -fPIC $(NO_AS_NEEDED) $(LIBDL) -lpthread
 INC     = 
 PIC     = -fPIC
 AR      = $(CROSS_COMPILE)ar
@@ -82,7 +82,7 @@ src/version.o: src/version.h
 
 $(LDSO_PATHNAME): $(LOBJS)
 	$(CC) $(LDFLAGS) $(LD_SET_SONAME)$(LDSO_PATHNAME) $(USER_LDFLAGS) \
-		-o $@ $(LOBJS)
+		-shared -o $@ $(LOBJS)
 
 $(ALL_TOOLS): $(OBJS)
 	$(CC) src/main.o src/common.o $(USER_LDFLAGS) -o $(PXCHAINS)

configure

@@ -1,6 +1,18 @@
 #!/bin/sh
 
 prefix=/usr/local
+OUR_CPPFLAGS=
+
+# Get a temporary filename
+i=0
+set -C
+while : ; do i=$(($i+1))
+tmpc="./conf$$-$PPID-$i.c"
+2>|/dev/null > "$tmpc" && break
+test "$i" -gt 50 && fail "$0: cannot create temporary file $tmpc"
+done
+set +C
+trap 'rm "$tmpc"' EXIT INT QUIT TERM HUP
 
 ismac() {
 	uname -s | grep Darwin >/dev/null
@@ -20,14 +32,12 @@ isopenbsd() {
 
 check_compile() {
 	printf "checking %s ... " "$1"
-	local tmp=$(mktemp)
-	printf "$3" > "$tmp".c
+	printf "$3" > "$tmpc"
 	local res=0
-	$CC $CPPFLAGS $2 $CFLAGS -c "$tmp".c -o "$tmp".o >/dev/null 2>&1 \
+	$CC $OUR_CPPFLAGS $CPPFLAGS $2 $CFLAGS -c "$tmpc" -o /dev/null >/dev/null 2>&1 \
 	|| res=1
-	rm -f "$tmp".c "$tmp".o
 	test x$res = x0 && \
-	{ printf "yes\n" ; test x"$2" = x || CPPFLAGS="$CPPFLAGS $2" ; } \
+	{ printf "yes\n" ; test x"$2" = x || OUR_CPPFLAGS="$OUR_CPPFLAGS $2" ; } \
 	|| printf "no\n"
 	return $res
 }
@@ -35,20 +45,19 @@ check_compile() {
 check_define() {
 	printf "checking whether \$CC defines %s ... " "$1"
 	local res=1
-	$CC $CPPFLAGS $CFLAGS -dM -E - </dev/null | grep "$1" >/dev/null && res=0
+	$CC $OUR_CPPFLAGS $CPPFLAGS $CFLAGS -dM -E - </dev/null | grep "$1" >/dev/null && res=0
 	test x$res = x0 && printf "yes\n" || printf "no\n"
 	return $res
 }
 
 check_compile_run() {
 	printf "checking %s ... " "$1"
-	local tmp=$(mktemp)
-	printf "$2" > "$tmp".c
+	printf "$2" > "$tmpc"
 	local res=0
-	$CC $CPPFLAGS $CFLAGS "$tmp".c -o "$tmp".out >/dev/null 2>&1 \
+	$CC $OUR_CPPFLAGS $CPPFLAGS $CFLAGS "$tmpc" -o "$tmpc".out >/dev/null 2>&1 \
 	|| res=1
-	test x$res = x0 && { "$tmp".out || res=1 ; }
-	rm -f "$tmp".c "$tmp".o "$tmp".out
+	test x$res = x0 && { "$tmpc".out || res=1 ; }
+	rm -f "$tmpc".out
 	test x$res = x0 && printf "yes\n" || printf "no\n"
 	return $res
 }
@@ -135,7 +144,7 @@ check_compile 'whether netinet/in.h defines __u6_addr.__u6_addr16' \
 check_define __OpenBSD__ && \
 check_compile_run 'whether OpenBSDs fclose() (illegally) calls close()' \
 '#include <stdio.h>\n#include<stdlib.h>\nint close(int x){exit(0);}int main(){fclose(stdin);return 1;}' && \
-CPPFLAGS="$CPPFLAGS -DBROKEN_FCLOSE"
+OUR_CPPFLAGS="$OUR_CPPFLAGS -DBROKEN_FCLOSE"
 
 echo CC?=$CC>config.mak
 [ -z "$CPPFLAGS" ] || echo CPPFLAGS?=$CPPFLAGS>>config.mak
@@ -147,7 +156,8 @@ echo bindir=$bindir>>config.mak
 echo libdir=$libdir>>config.mak
 echo includedir=$includedir>>config.mak
 echo sysconfdir=$sysconfdir>>config.mak
-[ "$ignore_cve" = "no" ] && echo CPPFLAGS+= -DSUPER_SECURE>>config.mak
+[ "$ignore_cve" = "no" ] && echo "CPPFLAGS+= -DSUPER_SECURE">>config.mak
+[ -z "$OUR_CPPFLAGS" ] || echo "CPPFLAGS+= $OUR_CPPFLAGS" >>config.mak
 make_cmd=make
 if ismac ; then
 	echo NO_AS_NEEDED=>>config.mak

src/core.c

@@ -464,7 +464,7 @@ static proxy_data *select_proxy(select_type how, proxy_data * pd, unsigned int p
 		case RANDOMLY:
 			do {
 				k++;
-				i = 0 + (unsigned int) (proxy_count * 1.0 * rand() / (RAND_MAX + 1.0));
+				i = rand() % proxy_count;
 			} while(pd[i].ps != PLAY_STATE && k < proxy_count * 100);
 			break;
 		case FIFOLY:

src/ip_type.c

@@ -1,5 +1,5 @@
 #include "ip_type.h"
 
 const ip_type ip_type_invalid = { .addr.v4.as_int = -1 };
-const ip_type ip_type_localhost = { .addr.v4 = {127, 0, 0, 1} };
+const ip_type ip_type_localhost = { .addr.v4.octet = {127, 0, 0, 1} };
 

src/libproxychains.c

@@ -93,7 +93,7 @@ static void* load_sym(char* symname, void* proxyfunc) {
 
 #define INIT() init_lib_wrapper(__FUNCTION__)
 
-#define SETUP_SYM(X) do { true_ ## X = load_sym( # X, X ); } while(0)
+#define SETUP_SYM(X) do { if (! true_ ## X ) true_ ## X = load_sym( # X, X ); } while(0)
 
 #include "allocator_thread.h"
 
@@ -110,6 +110,9 @@ static void setup_hooks(void) {
 	SETUP_SYM(close);
 }
 
+static int close_fds[16];
+static int close_fds_cnt = 0;
+
 static void do_init(void) {
 	srand(time(NULL));
 	core_initialize();
@@ -123,6 +126,8 @@ static void do_init(void) {
 
 	setup_hooks();
 
+	while(close_fds_cnt) true_close(close_fds[--close_fds_cnt]);
+
 	init_l = 1;
 }
 
@@ -280,6 +285,10 @@ static void get_chain_data(proxy_data * pd, unsigned int *proxy_count, chain_typ
 					char *pc;
 					int len;
 					pc = strchr(buff, '=');
+					if(!pc) {
+						fprintf(stderr, "error: missing equals sign '=' in chain_len directive.\n");
+						exit(1);
+					}
 					len = atoi(++pc);
 					proxychains_max_chain = (len ? len : 1);
 				} else if(strstr(buff, "quiet_mode")) {
@@ -304,12 +313,18 @@ static void get_chain_data(proxy_data * pd, unsigned int *proxy_count, chain_typ
 /*******  HOOK FUNCTIONS  *******/
 
 int close(int fd) {
-	INIT();
+	if(!init_l) {
+		if(close_fds_cnt>=(sizeof close_fds/sizeof close_fds[0])) goto err;
+		close_fds[close_fds_cnt++] = fd;
+		errno = 0;
+		return 0;
+	}
 	/* prevent rude programs (like ssh) from closing our pipes */
 	if(fd != req_pipefd[0]  && fd != req_pipefd[1] &&
 	   fd != resp_pipefd[0] && fd != resp_pipefd[1]) {
 		return true_close(fd);
 	}
+	err:
 	errno = EBADF;
 	return -1;
 }