properly handle non-blocking mode of socket

addressing #171
2026-05-13 17:03:07 +08:00 · 2017-05-04 03:04:21 +01:00
8 changed files with 72 additions and 146 deletions
@@ -30,7 +30,6 @@ INC     =
 PIC     = -fPIC
 AR      = $(CROSS_COMPILE)ar
 RANLIB  = $(CROSS_COMPILE)ranlib
-SOCKET_LIBS =

 LDSO_SUFFIX = so
 LD_SET_SONAME = -Wl,-soname=
@@ -83,7 +82,7 @@ src/version.o: src/version.h

 $(LDSO_PATHNAME): $(LOBJS)
 	$(CC) $(LDFLAGS) $(LD_SET_SONAME)$(LDSO_PATHNAME) $(USER_LDFLAGS) \
-		-shared -o $@ $(LOBJS) $(SOCKET_LIBS)
+		-shared -o $@ $(LOBJS)

 $(ALL_TOOLS): $(OBJS)
 	$(CC) src/main.o src/common.o $(USER_LDFLAGS) -o $(PXCHAINS)
@@ -1,4 +1,4 @@
-ProxyChains-NG ver 4.13 README
+ProxyChains-NG ver 4.12 README
 =============================

  ProxyChains is a UNIX program, that hooks network-related libc functions
@@ -52,12 +52,6 @@ ProxyChains-NG ver 4.13 README

 Changelog:
 ----------
-Version 4.13
- fix robustness of DNS lookup thread and a segfault
- fix socks5 user/pass auth on non-conforming servers
- fix memory leak
- add support for Solaris
-
 Version 4.12
 - fix several build issues
  - for MAC
@@ -1 +1 @@
-4.13
+4.12
@@ -14,6 +14,22 @@ done
 set +C
 trap 'rm "$tmpc"' EXIT INT QUIT TERM HUP

+ismac() {
+	uname -s | grep Darwin >/dev/null
+}
+
+isx86_64() {
+	uname -m | grep -i X86_64 >/dev/null
+}
+
+isbsd() {
+	uname -s | grep BSD >/dev/null
+}
+
+isopenbsd() {
+	uname -s | grep OpenBSD >/dev/null
+}
+
 check_compile() {
 	printf "checking %s ... " "$1"
 	printf "$3" > "$tmpc"
@@ -46,19 +62,6 @@ check_compile_run() {
 	return $res
 }

-check_link_silent() {
-	printf "$2" > "$tmpc"
-	$CC $OUR_CPPFLAGS $CPPFLAGS $1 $CFLAGS "$tmpc" -o /dev/null >/dev/null 2>&1
-}
-
-check_link() {
-	printf "checking %s ... " "$1"
-	local res=0
-	check_link_silent "$2" "$3" || res=1
-	test x$res = x0 && printf "yes\n" || printf "no\n"
-	return $res
-}
-
 usage() {
 	echo "supported arguments"
 	echo "--prefix=/path            default: $prefix"
@@ -70,7 +73,7 @@ usage() {
 	echo "--ignore-cve              default: no"
 	echo "	if set to yes ignores CVE-2015-3887 and makes it possible"
 	echo "	to preload from current dir (insecure)"
-	echo "--fat-binary : build for both i386 and x86_64 architectures on 64-bit Macs"
+	ismac && isx86_64 && echo "--fat-binary : build for both i386 and x86_64 architectures on 64-bit Macs"
 	echo "--help : show this text"
 	exit 1
 }
@@ -130,40 +133,20 @@ if [ -z "$CC" ] ; then
 	CC=cc
 fi

-echo > config.mak
-
-bsd_detected=false
-isbsd() {
-	$bsd_detected
-}
-mac_detected=false
-ismac() {
-	$mac_detected
-}
-mac_64=false
-ismac64() {
-	$mac_64
-}
-solaris_detected=false
-issolaris() {
-	$solaris_detected
+check_compile 'whether netinet/in.h defines s6_addr16' "" \
+'#include <netinet/in.h>\nint main(int a, char**c){struct in6_addr x={.s6_addr32[0]=a};return x.s6_addr16[0]; }' \
+|| {
+check_compile 'whether netinet/in.h defines __u6_addr.__u6_addr16' \
+'-Ds6_addr16=__u6_addr.__u6_addr16 -Ds6_addr32=__u6_addr.__u6_addr32' \
+'#include <netinet/in.h>\nint main(int a, char**c){struct in6_addr x={.s6_addr32[0]=a};return x.s6_addr16[0]; }'
 }

-check_define __APPLE__ && {
-	mac_detected=true
-	check_define __x86_64__ && mac_64=true
-}
-check_define __FreeBSD__ && bsd_detected=true
-check_define __OpenBSD__ && {
-bsd_detected=true
-echo "CFLAGS+=-DIS_OPENBSD">>config.mak
+check_define __OpenBSD__ && \
 check_compile_run 'whether OpenBSDs fclose() (illegally) calls close()' \
 '#include <stdio.h>\n#include<stdlib.h>\nint close(int x){exit(0);}int main(){fclose(stdin);return 1;}' && \
 OUR_CPPFLAGS="$OUR_CPPFLAGS -DBROKEN_FCLOSE"
-}
-check_define __sun && check_define __SVR4 && solaris_detected=true

-echo "CC=$CC">>config.mak
+echo "CC=$CC">config.mak
 [ -z "$CPPFLAGS" ] || echo "CPPFLAGS=$CPPFLAGS">>config.mak
 [ -z "$CFLAGS" ] || echo "USER_CFLAGS=$CFLAGS">>config.mak
 [ -z "$LDFLAGS" ] || echo "USER_LDFLAGS=$LDFLAGS">>config.mak
@@ -175,38 +158,22 @@ echo includedir=$includedir>>config.mak
 echo sysconfdir=$sysconfdir>>config.mak
 [ "$ignore_cve" = "no" ] && echo "CPPFLAGS+= -DSUPER_SECURE">>config.mak
 [ -z "$OUR_CPPFLAGS" ] || echo "CPPFLAGS+= $OUR_CPPFLAGS" >>config.mak
-
-check_link "whether we can use -Wl,--no-as-needed" "-Wl,--no-as-needed" \
-"int main() { return 0; }" || echo NO_AS_NEEDED= >> config.mak
-
-LD_SONAME_FLAG=
-printf "checking what's the option to use in linker to set library name ... "
-for o in --soname -h -soname -install_name; do
-	check_link_silent "-shared -Wl,$o,libconftest.so" "void test_func(int a) {}" && LD_SONAME_FLAG=$o && break
-done
-if [ -z "$LD_SONAME_FLAG" ]; then
-	printf '\ncannot find an option to set library name\n'
-	exit 1
-fi
-echo "$LD_SONAME_FLAG"
-echo "LD_SET_SONAME = -Wl,$LD_SONAME_FLAG," >> config.mak
-
 make_cmd=make
 if ismac ; then
+	echo NO_AS_NEEDED=>>config.mak
 	echo LDSO_SUFFIX=dylib>>config.mak
 	echo MAC_CFLAGS+=-DIS_MAC=1>>config.mak
-	if ismac64 && [ "$fat_binary" = 1 ] ; then
+	if isx86_64 && [ "$fat_binary" = 1 ] ; then
 		echo "Configuring a fat binary for i386 and x86_64"
 		echo MAC_CFLAGS+=-arch i386 -arch x86_64>>config.mak
 		echo LDFLAGS+=-arch i386 -arch x86_64>>config.mak
 	fi
+	echo LD_SET_SONAME=-Wl,-install_name,>>config.mak
 elif isbsd ; then
 	echo LIBDL=>>config.mak
 	echo "CFLAGS+=-DIS_BSD">>config.mak
+	isopenbsd && echo "CFLAGS+=-DIS_OPENBSD">>config.mak
 	make_cmd=gmake
-elif issolaris; then
-	echo "CFLAGS+=-DIS_SOLARIS -D__EXTENSIONS__" >> config.mak
-	echo "SOCKET_LIBS=-lsocket -lnsl" >> config.mak
 fi

 echo "Done, now run $make_cmd && $make_cmd install"
@@ -1,8 +1,3 @@
-#undef _GNU_SOURCE
-#define _GNU_SOURCE
-#undef _POSIX_C_SOURCE
-#define _DARWIN_C_SOURCE
-#include <limits.h>
 #include <pthread.h>
 #include <unistd.h>
 #include <fcntl.h>
@@ -14,7 +9,6 @@
 #include <stdint.h>
 #include <stddef.h>
 #include <errno.h>
-#include <sys/mman.h>
 #include "allocator_thread.h"
 #include "debug.h"
 #include "ip_type.h"
@@ -40,8 +34,9 @@ static void *dumpstring(char* s, size_t len) {
 	return p;
 }

-static pthread_mutex_t *internal_ips_lock;
-static internal_ip_lookup_table *internal_ips;
+pthread_mutex_t internal_ips_lock;
+internal_ip_lookup_table *internal_ips = NULL;
+internal_ip_lookup_table internal_ips_buf;

 uint32_t index_from_internal_ip(ip_type4 internalip) {
 	PFUNC();
@@ -156,6 +151,7 @@ struct at_msghdr {
 };

 static pthread_t allocator_thread;
+static pthread_attr_t allocator_thread_attr;
 int req_pipefd[2];
 int resp_pipefd[2];

@@ -280,7 +276,7 @@ static void* threadfunc(void* x) {

 ip_type4 at_get_ip_for_host(char* host, size_t len) {
 	ip_type4 readbuf;
-	MUTEX_LOCK(internal_ips_lock);
+	MUTEX_LOCK(&internal_ips_lock);
 	if(len > MSG_LEN_MAX) goto inv;
 	struct at_msghdr msg = {.msgtype = ATM_GETIP, .datalen = len + 1 };
 	if(sendmessage(ATD_SERVER, &msg, host) &&
@@ -289,21 +285,19 @@ ip_type4 at_get_ip_for_host(char* host, size_t len) {
 		inv:
 		readbuf = ip_type_invalid.addr.v4;
 	}
-	assert(msg.msgtype == ATM_GETIP);
-	MUTEX_UNLOCK(internal_ips_lock);
+	MUTEX_UNLOCK(&internal_ips_lock);
 	return readbuf;
 }

 size_t at_get_host_for_ip(ip_type4 ip, char* readbuf) {
 	struct at_msghdr msg = {.msgtype = ATM_GETNAME, .datalen = sizeof(ip_type4) };
 	size_t res = 0;
-	MUTEX_LOCK(internal_ips_lock);
+	MUTEX_LOCK(&internal_ips_lock);
 	if(sendmessage(ATD_SERVER, &msg, &ip) && getmessage(ATD_CLIENT, &msg, readbuf)) {
 		if((ptrdiff_t) msg.datalen <= 0) res = 0;
 		else res = msg.datalen - 1;
 	}
-	assert(msg.msgtype == ATM_GETNAME);
-	MUTEX_UNLOCK(internal_ips_lock);
+	MUTEX_UNLOCK(&internal_ips_lock);
 	return res;
 }

@@ -315,33 +309,18 @@ static void initpipe(int* fds) {
 	}
 }

-#ifndef MAX
-#define MAX(x, y) ((x) > (y) ? (x) : (y))
-#endif
-
-#if !defined(PTHREAD_STACK_MIN) || defined(__APPLE__)
-/* MAC says its min is 8KB, but then crashes in our face. thx hunkOLard */
-#define PTHREAD_STACK_MIN 64*1024
-#endif
-
 /* initialize with pointers to shared memory. these will
 * be used to place responses and arguments */
 void at_init(void) {
 	PFUNC();
-	void *shm = mmap(0, 4096, PROT_WRITE|PROT_READ, MAP_ANON|MAP_SHARED, -1, 0);
-	assert(shm);
-	internal_ips_lock = shm;
-	internal_ips = (void*)((char*)shm + 2048);
-
-	MUTEX_INIT(internal_ips_lock);
+	MUTEX_INIT(&internal_ips_lock);
+	internal_ips = &internal_ips_buf;
 	memset(internal_ips, 0, sizeof *internal_ips);
 	initpipe(req_pipefd);
 	initpipe(resp_pipefd);
-	pthread_attr_t allocator_thread_attr;
 	pthread_attr_init(&allocator_thread_attr);
-	pthread_attr_setstacksize(&allocator_thread_attr, MAX(16 * 1024, PTHREAD_STACK_MIN));
+	pthread_attr_setstacksize(&allocator_thread_attr, 16 * 1024);
 	pthread_create(&allocator_thread, &allocator_thread_attr, threadfunc, 0);
-	pthread_attr_destroy(&allocator_thread_attr);
 }

 void at_close(void) {
@@ -353,5 +332,6 @@ void at_close(void) {
 	close(req_pipefd[1]);
 	close(resp_pipefd[0]);
 	close(resp_pipefd[1]);
-	MUTEX_DESTROY(internal_ips_lock);
+	pthread_attr_destroy(&allocator_thread_attr);
+	MUTEX_DESTROY(&internal_ips_lock);
 }
@@ -154,10 +154,19 @@ static int timed_connect(int sock, const struct sockaddr *addr, socklen_t len) {

 	pfd[0].fd = sock;
 	pfd[0].events = POLLOUT;
-	fcntl(sock, F_SETFL, O_NONBLOCK);
+	int flags = fcntl(sock, F_GETFL, 0);
+	/* put socket temporarily into nonblocking mode so we can enforce
+	 * the timeout. */
+	if(!(flags & O_NONBLOCK))
+		fcntl(sock, F_SETFL, flags | O_NONBLOCK);
 	ret = true_connect(sock, addr, len);
 	PDEBUG("\nconnect ret=%d\n", ret);
-	
+
+	/* if the socket was already non-blocking, we assume the app takes
+	 * care of handling the timeouts itself. */
+	if(flags & O_NONBLOCK)
+		return ret;
+
 	if(ret == -1 && errno == EINPROGRESS) {
 		ret = poll_retry(pfd, 1, tcp_connect_time_out);
 		PDEBUG("\npoll ret=%d\n", ret);
@@ -181,7 +190,7 @@ static int timed_connect(int sock, const struct sockaddr *addr, socklen_t len) {
 			ret = -1;
 	}

-	fcntl(sock, F_SETFL, !O_NONBLOCK);
+	fcntl(sock, F_SETFL, flags);
 	return ret;
 }

@@ -350,15 +359,12 @@ static int tunnel_to(int sock, ip_type ip, unsigned short port, proxy_type pt, c

 				if(2 != read_n_bytes(sock, in, 2))
 					goto err;
-	/* according to RFC 1929 the version field for the user/pass auth sub-
-	   negotiation should be 1, which is kinda counter-intuitive, so there
-	   are some socks5 proxies that return 5 instead. other programs like
-	   curl work fine when the version is 5, so let's do the same and accept
-	   either of them. */
-				if(!(in[0] == 5 || in[0] == 1))
-					goto err;
-				if(in[1] != 0)
-					return BLOCKED;
+				if(in[0] != 1 || in[1] != 0) {
+					if(in[0] != 1)
+						goto err;
+					else
+						return BLOCKED;
+				}
 			}
 			int buff_iter = 0;
 			buff[buff_iter++] = 5;	// version
@@ -790,8 +796,8 @@ void proxy_freeaddrinfo(struct addrinfo *res) {
 	free(res);
 }

-#if defined(IS_MAC) || defined(IS_OPENBSD) || defined(IS_SOLARIS)
-#if defined(IS_OPENBSD) || defined(IS_SOLARIS) /* OpenBSD and Solaris has its own incompatible getservbyname_r */
+#if defined(IS_MAC) || defined(IS_OPENBSD)
+#ifdef IS_OPENBSD /* OpenBSD has its own incompatible getservbyname_r */
 #define getservbyname_r mygetservbyname_r
 #endif
 /* getservbyname on mac is using thread local storage, so we dont need mutex 
@@ -833,10 +839,7 @@ int proxy_getaddrinfo(const char *node, const char *service, const struct addrin
 	if(node && !inet_aton(node, &((struct sockaddr_in *) &space->sockaddr_space)->sin_addr)) {
 		/* some folks (nmap) use getaddrinfo() with AI_NUMERICHOST to check whether a string
 		   containing a numeric ip was passed. we must return failure in that case. */
-		if(hints && (hints->ai_flags & AI_NUMERICHOST)) {
-			free(space);
-			return EAI_NONAME;
-		}
+		if(hints && (hints->ai_flags & AI_NUMERICHOST)) return EAI_NONAME;
 		hp = proxy_gethostbyname(node, &ghdata);
 		if(hp)
 			memcpy(&((struct sockaddr_in *) &space->sockaddr_space)->sin_addr,
@@ -45,12 +45,6 @@
 #define     SOCKFAMILY(x)     (satosin(x)->sin_family)
 #define     MAX_CHAIN 512

-#ifdef IS_SOLARIS
-#undef connect
-int __xnet_connect(int sock, const struct sockaddr *addr, unsigned int len);
-connect_t true___xnet_connect;
-#endif
-
 close_t true_close;
 connect_t true_connect;
 gethostbyname_t true_gethostbyname;
@@ -114,9 +108,6 @@ static void setup_hooks(void) {
 	SETUP_SYM(gethostbyaddr);
 	SETUP_SYM(getnameinfo);
 	SETUP_SYM(close);
-#ifdef IS_SOLARIS
-	SETUP_SYM(__xnet_connect);
-#endif
 }

 static int close_fds[16];
@@ -338,7 +329,8 @@ int close(int fd) {
 	return -1;
 }
 static int is_v4inv6(const struct in6_addr *a) {
-	return !memcmp(a->s6_addr, "\0\0\0\0\0\0\0\0\0\0\xff\xff", 12);
+	return a->s6_addr32[0] == 0 && a->s6_addr32[1] == 0 &&
+	       a->s6_addr16[4] == 0 && a->s6_addr16[5] == 0xffff;
 }
 int connect(int sock, const struct sockaddr *addr, unsigned int len) {
 	INIT();
@@ -368,7 +360,7 @@ int connect(int sock, const struct sockaddr *addr, unsigned int len) {
 	           : ntohs(((struct sockaddr_in6 *) addr)->sin6_port);
 	struct in_addr v4inv6;
 	if(v6 && is_v4inv6(p_addr_in6)) {
-		memcpy(&v4inv6.s_addr, &p_addr_in6->s6_addr[12], 4);
+		memcpy(&v4inv6.s_addr, &p_addr_in6->s6_addr32[3], 4);
 		v6 = dest_ip.is_v6 = 0;
 		p_addr_in = &v4inv6;
 	}
@@ -408,12 +400,6 @@ int connect(int sock, const struct sockaddr *addr, unsigned int len) {
 	return ret;
 }

-#ifdef IS_SOLARIS
-int __xnet_connect(int sock, const struct sockaddr *addr, unsigned int len) {
-	return connect(sock, addr, len);
-}
-#endif
-
 static struct gethostbyname_data ghbndata;
 struct hostent *gethostbyname(const char *name) {
 	INIT();
@@ -469,7 +455,7 @@ int pc_getnameinfo(const struct sockaddr *sa, socklen_t salen,
 			unsigned scopeid = 0;
 			if(v6) {
 				if(is_v4inv6(&((struct sockaddr_in6*)sa)->sin6_addr)) {
-					memcpy(v4inv6buf, &((struct sockaddr_in6*)sa)->sin6_addr.s6_addr[12], 4);
+					memcpy(v4inv6buf, &((struct sockaddr_in6*)sa)->sin6_addr.s6_addr32[3], 4);
 					ip = v4inv6buf;
 					v6 = 0;
 				} else
@@ -8,9 +8,9 @@
 ***************************************************************************/

 #undef _POSIX_C_SOURCE
-#define _POSIX_C_SOURCE 200112L
+#define _POSIX_C_SOURCE 200809L
 #undef _XOPEN_SOURCE
-#define _XOPEN_SOURCE 600
+#define _XOPEN_SOURCE 700
 #include <stdio.h>
 #include <unistd.h>
 #include <stdlib.h>
@@ -72,9 +72,6 @@ int main(int argc, char *argv[]) {
 	size_t i;
 	const char *prefix = NULL;

-	if(argc == 2 && !strcmp(argv[1], "--help"))
-		return usage(argv);
-
 	for(i = 0; i < MAX_COMMANDLINE_FLAGS; i++) {
 		if(start_argv < argc && argv[start_argv][0] == '-') {
 			if(argv[start_argv][1] == 'q') {
@@ -1 +1 @@
 .13
 .12