circlecloud
/
proxychains-ng
mirror of https://github.com/rofl0r/proxychains-ng
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
proxychains-ng/src/allocator_thread.c

361 lines
8.4 KiB
C
Raw Normal View History

allocator_thread: use bigger stacksize for Mac OS X
2017-12-15 13:15:13 +00:00
#undef _GNU_SOURCE
#define _GNU_SOURCE
#undef _POSIX_C_SOURCE
allocator_thread.c: define _DARWIN_C_SOURCE so we get MAP_ANON https://github.com/nneonneo/osx-10.9-opensource/blob/master/xnu-2422.1.72/bsd/sys/mman.h#L142 https://opensource.apple.com/source/xnu/xnu-344/bsd/sys/mman.h
2017-12-21 16:30:17 +00:00
#define _DARWIN_C_SOURCE
allocator_thread: use bigger stacksize for Mac OS X
2017-12-15 13:15:13 +00:00
#include <limits.h>
failed attempt to use shared memory for the ip <-> dns mapping this is in order to get irssi, which forks for DNS lookups, and similar programs, to work as intended. in a previous attempt i learned that shared memory created in a child process is not visible to the parent; in this attempt i spin off a thread from the parent which listens on a pipe and manages the shared memory allocation from the parent address-space. however this doesnt work as expected: memory allocated in the parent after the child forked is not visi- ble to the child as well. so what happens is: irssi starts a child process, the thread allocs memory and hands it to the child, the child attempts to write and segfaults. however irssi doesnt crash. since now the memory is already allocated, doing the dns lookup again will succeed. i.e. the dns lookup works now in irssi by luck. all but the first dns lookups will suceed. however this is not good enough for me to be satisfied, i commit this only for documentation purposes.
2012-11-07 15:49:14 +00:00
#include <pthread.h>
#include <unistd.h>
#include <fcntl.h>
#include <stdlib.h>
#include <stdio.h>
#include <sys/select.h>
#include <assert.h>
preliminary first fork-safe version instead of allocating memory in the child, we now use the allocator thread to do all the necessary allocations himself. additionally we provide a clean API to query the ip <-> dns mapping. these functions connect via a pipe to the allocator thread, and exchange messages. further cleanup is needed, but it seems to work so far. thread-safety is not yet guaranteed. closes #1
2012-11-07 19:11:14 +00:00
#include <string.h>
#include <stdint.h>
use mutexes also to protect the pipe communication wasn't threadsafe before.
2012-11-07 20:11:03 +00:00
#include <stddef.h>
hook close() to prevent rude programs like ssh to close our pipes those pipes are needed to talk with the dns-name allocator thread. closes #9
2013-01-21 00:54:45 +00:00
#include <errno.h>
allocator_thread: fix segfault with weechat 2.0 it was reported that weechat 2.0 on ubuntu 16.04 LTS x86_64 segfaulted like this: 4 0x00007f6bf0e7e0c0 in __stack_chk_fail () at stack_chk_fail.c:28 5 0x00007f6bf2536bce in at_get_ip_for_host (host=0x339c4d0 "abcdefghijklmnop.onion", len=22) at src/allocator_thread.c:290 readbuf = {octet = "irc.", as_int = 778269289} msg = {msgtype = ATM_GETNAME, datalen = 13} what happened was that weechat forked, thus got its own private copy of the VM and thus a private copy of the mutex which should prevent parallel use of at_get_ip_for_host() & friends. therefore the following race was possible: - process A writes a message of type ATM_GETIP into the server pipe - process B writes a message of type ATM_GETNAME into the server pipe - process A write transaction is finished, and goes into receive mode - server thread reads process B's message and responds with a ATM_GETNAME msg - process A reads the response which was intended for process B into the 4 byte ip address buffer, but ATM_GETNAME are much larger than ATM_GETIP responses, resulting in stack corruption. to prevent this issue, the storage of the mutex must reside in shared memory, which we achieve via mmap. alternatively, shm_open() or sysvipc shm stuff could be used. the former requires the mmap call to happen before the fork, the latter not, however the shm would require a named object in /dev/shm (which requires generating a unique name per proxychains instance, and subsequent cleanup). so in the end, the mmap is easier to deal with, and we can be reasonably certain that our constructor is being run before the hooked application forks.
2017-12-19 00:10:13 +00:00
#include <sys/mman.h>
preliminary first fork-safe version instead of allocating memory in the child, we now use the allocator thread to do all the necessary allocations himself. additionally we provide a clean API to query the ip <-> dns mapping. these functions connect via a pipe to the allocator thread, and exchange messages. further cleanup is needed, but it seems to work so far. thread-safety is not yet guaranteed. closes #1
2012-11-07 19:11:14 +00:00
#include "allocator_thread.h"
failed attempt to use shared memory for the ip <-> dns mapping this is in order to get irssi, which forks for DNS lookups, and similar programs, to work as intended. in a previous attempt i learned that shared memory created in a child process is not visible to the parent; in this attempt i spin off a thread from the parent which listens on a pipe and manages the shared memory allocation from the parent address-space. however this doesnt work as expected: memory allocated in the parent after the child forked is not visi- ble to the child as well. so what happens is: irssi starts a child process, the thread allocs memory and hands it to the child, the child attempts to write and segfaults. however irssi doesnt crash. since now the memory is already allocated, doing the dns lookup again will succeed. i.e. the dns lookup works now in irssi by luck. all but the first dns lookups will suceed. however this is not good enough for me to be satisfied, i commit this only for documentation purposes.
2012-11-07 15:49:14 +00:00
#include "debug.h"
preliminary first fork-safe version instead of allocating memory in the child, we now use the allocator thread to do all the necessary allocations himself. additionally we provide a clean API to query the ip <-> dns mapping. these functions connect via a pipe to the allocator thread, and exchange messages. further cleanup is needed, but it seems to work so far. thread-safety is not yet guaranteed. closes #1
2012-11-07 19:11:14 +00:00
#include "ip_type.h"
#include "mutex.h"
replace hostent lookup with better performing in-memory copy. the central dns resolver function proxy_gethostbyname() used to iterate over the gethostent() db (/etc/hosts) on each dns request. since this is not threadsafe, we synchronized access to it previously using mutexes. the parsing of this file is slow, and blocking all threads to do it even moreso. since gethostent_r() is only available on a few platforms, i decided to read the hostent db once and then use a quick in-memory lookup on further usage. + some further refactoring.
2012-11-08 00:18:19 +00:00
#include "hash.h"
allocator_thread: rework message sending structures simplify code by adding a new at_msg struct that contains both the message header and the message body. this allow e.g. atomic writes of the whole message instead of doing it in 2 steps. unfortunately reads still have to be done in at least 2 steps, since there are no atomicity guarantees[0]. additionally the message header shrunk from 8 to 4 bytes. [0]: https://stackoverflow.com/questions/14661708/under-what-conditions-are-pipe-reads-atomic
2020-09-20 16:06:37 +00:00
#include "remotedns.h"
preliminary first fork-safe version instead of allocating memory in the child, we now use the allocator thread to do all the necessary allocations himself. additionally we provide a clean API to query the ip <-> dns mapping. these functions connect via a pipe to the allocator thread, and exchange messages. further cleanup is needed, but it seems to work so far. thread-safety is not yet guaranteed. closes #1
2012-11-07 19:11:14 +00:00
/* stuff for our internal translation table */
typedef struct {
uint32_t hash;
char* string;
} string_hash_tuple;
typedef struct {
uint32_t counter;
uint32_t capa;
string_hash_tuple** list;
} internal_ip_lookup_table;
fix segfault in DNS mapping lookup code the allocatorthread got pointers to RAM which were reallocated behind the back, and if realloc() couldn't grow in-place, lead to segfaults in applications that do a lot of DNS-lookups such as webbrowsers. closes #66 closes #31 thanks to @ravomavain for tracking down the issue.
2015-06-06 10:41:36 +00:00
static void *dumpstring(char* s, size_t len) {
char* p = malloc(len);
if(p) memcpy(p, s, len);
return p;
}
allocator_thread: fix segfault with weechat 2.0 it was reported that weechat 2.0 on ubuntu 16.04 LTS x86_64 segfaulted like this: 4 0x00007f6bf0e7e0c0 in __stack_chk_fail () at stack_chk_fail.c:28 5 0x00007f6bf2536bce in at_get_ip_for_host (host=0x339c4d0 "abcdefghijklmnop.onion", len=22) at src/allocator_thread.c:290 readbuf = {octet = "irc.", as_int = 778269289} msg = {msgtype = ATM_GETNAME, datalen = 13} what happened was that weechat forked, thus got its own private copy of the VM and thus a private copy of the mutex which should prevent parallel use of at_get_ip_for_host() & friends. therefore the following race was possible: - process A writes a message of type ATM_GETIP into the server pipe - process B writes a message of type ATM_GETNAME into the server pipe - process A write transaction is finished, and goes into receive mode - server thread reads process B's message and responds with a ATM_GETNAME msg - process A reads the response which was intended for process B into the 4 byte ip address buffer, but ATM_GETNAME are much larger than ATM_GETIP responses, resulting in stack corruption. to prevent this issue, the storage of the mutex must reside in shared memory, which we achieve via mmap. alternatively, shm_open() or sysvipc shm stuff could be used. the former requires the mmap call to happen before the fork, the latter not, however the shm would require a named object in /dev/shm (which requires generating a unique name per proxychains instance, and subsequent cleanup). so in the end, the mmap is easier to deal with, and we can be reasonably certain that our constructor is being run before the hooked application forks.
2017-12-19 00:10:13 +00:00
static pthread_mutex_t *internal_ips_lock;
static internal_ip_lookup_table *internal_ips;
preliminary first fork-safe version instead of allocating memory in the child, we now use the allocator thread to do all the necessary allocations himself. additionally we provide a clean API to query the ip <-> dns mapping. these functions connect via a pipe to the allocator thread, and exchange messages. further cleanup is needed, but it seems to work so far. thread-safety is not yet guaranteed. closes #1
2012-11-07 19:11:14 +00:00
preliminary ipv6 support only basic testing was done (with 2 socks5 proxies listening on ::1) but seems to work as intended. ipv6 support for the hostsreader (/etc/hosts) is not implemented so far.
2015-08-10 15:59:31 +00:00
uint32_t index_from_internal_ip(ip_type4 internalip) {
preliminary first fork-safe version instead of allocating memory in the child, we now use the allocator thread to do all the necessary allocations himself. additionally we provide a clean API to query the ip <-> dns mapping. these functions connect via a pipe to the allocator thread, and exchange messages. further cleanup is needed, but it seems to work so far. thread-safety is not yet guaranteed. closes #1
2012-11-07 19:11:14 +00:00
PFUNC();
preliminary ipv6 support only basic testing was done (with 2 socks5 proxies listening on ::1) but seems to work as intended. ipv6 support for the hostsreader (/etc/hosts) is not implemented so far.
2015-08-10 15:59:31 +00:00
ip_type4 tmp = internalip;
preliminary first fork-safe version instead of allocating memory in the child, we now use the allocator thread to do all the necessary allocations himself. additionally we provide a clean API to query the ip <-> dns mapping. these functions connect via a pipe to the allocator thread, and exchange messages. further cleanup is needed, but it seems to work so far. thread-safety is not yet guaranteed. closes #1
2012-11-07 19:11:14 +00:00
uint32_t ret;
ret = tmp.octet[3] + (tmp.octet[2] << 8) + (tmp.octet[1] << 16);
ret -= 1;
return ret;
}
preliminary ipv6 support only basic testing was done (with 2 socks5 proxies listening on ::1) but seems to work as intended. ipv6 support for the hostsreader (/etc/hosts) is not implemented so far.
2015-08-10 15:59:31 +00:00
char *string_from_internal_ip(ip_type4 internalip) {
preliminary first fork-safe version instead of allocating memory in the child, we now use the allocator thread to do all the necessary allocations himself. additionally we provide a clean API to query the ip <-> dns mapping. these functions connect via a pipe to the allocator thread, and exchange messages. further cleanup is needed, but it seems to work so far. thread-safety is not yet guaranteed. closes #1
2012-11-07 19:11:14 +00:00
PFUNC();
char *res = NULL;
uint32_t index = index_from_internal_ip(internalip);
if(index < internal_ips->counter)
res = internal_ips->list[index]->string;
return res;
}
extern unsigned int remote_dns_subnet;
preliminary ipv6 support only basic testing was done (with 2 socks5 proxies listening on ::1) but seems to work as intended. ipv6 support for the hostsreader (/etc/hosts) is not implemented so far.
2015-08-10 15:59:31 +00:00
ip_type4 make_internal_ip(uint32_t index) {
ip_type4 ret;
preliminary first fork-safe version instead of allocating memory in the child, we now use the allocator thread to do all the necessary allocations himself. additionally we provide a clean API to query the ip <-> dns mapping. these functions connect via a pipe to the allocator thread, and exchange messages. further cleanup is needed, but it seems to work so far. thread-safety is not yet guaranteed. closes #1
2012-11-07 19:11:14 +00:00
index++; // so we can start at .0.0.1
if(index > 0xFFFFFF)
get rid of ip_type.c
2020-09-23 16:00:16 +00:00
return IPT4_INVALID;
preliminary first fork-safe version instead of allocating memory in the child, we now use the allocator thread to do all the necessary allocations himself. additionally we provide a clean API to query the ip <-> dns mapping. these functions connect via a pipe to the allocator thread, and exchange messages. further cleanup is needed, but it seems to work so far. thread-safety is not yet guaranteed. closes #1
2012-11-07 19:11:14 +00:00
ret.octet[0] = remote_dns_subnet & 0xFF;
ret.octet[1] = (index & 0xFF0000) >> 16;
ret.octet[2] = (index & 0xFF00) >> 8;
ret.octet[3] = index & 0xFF;
return ret;
}
preliminary ipv6 support only basic testing was done (with 2 socks5 proxies listening on ::1) but seems to work as intended. ipv6 support for the hostsreader (/etc/hosts) is not implemented so far.
2015-08-10 15:59:31 +00:00
static ip_type4 ip_from_internal_list(char* name, size_t len) {
preliminary first fork-safe version instead of allocating memory in the child, we now use the allocator thread to do all the necessary allocations himself. additionally we provide a clean API to query the ip <-> dns mapping. these functions connect via a pipe to the allocator thread, and exchange messages. further cleanup is needed, but it seems to work so far. thread-safety is not yet guaranteed. closes #1
2012-11-07 19:11:14 +00:00
uint32_t hash = dalias_hash((char *) name);
size_t i;
preliminary ipv6 support only basic testing was done (with 2 socks5 proxies listening on ::1) but seems to work as intended. ipv6 support for the hostsreader (/etc/hosts) is not implemented so far.
2015-08-10 15:59:31 +00:00
ip_type4 res;
preliminary first fork-safe version instead of allocating memory in the child, we now use the allocator thread to do all the necessary allocations himself. additionally we provide a clean API to query the ip <-> dns mapping. these functions connect via a pipe to the allocator thread, and exchange messages. further cleanup is needed, but it seems to work so far. thread-safety is not yet guaranteed. closes #1
2012-11-07 19:11:14 +00:00
void* new_mem;
// see if we already have this dns entry saved.
if(internal_ips->counter) {
for(i = 0; i < internal_ips->counter; i++) {
if(internal_ips->list[i]->hash == hash && !strcmp(name, internal_ips->list[i]->string)) {
res = make_internal_ip(i);
PDEBUG("got cached ip for %s\n", name);
goto have_ip;
}
}
}
// grow list if needed.
if(internal_ips->capa < internal_ips->counter + 1) {
PDEBUG("realloc\n");
new_mem = realloc(internal_ips->list, (internal_ips->capa + 16) * sizeof(void *));
if(new_mem) {
internal_ips->capa += 16;
internal_ips->list = new_mem;
} else {
oom:
PDEBUG("out of mem\n");
goto err_plus_unlock;
}
}
res = make_internal_ip(internal_ips->counter);
get rid of ip_type.c
2020-09-23 16:00:16 +00:00
if(res.as_int == IPT4_INVALID.as_int)
preliminary first fork-safe version instead of allocating memory in the child, we now use the allocator thread to do all the necessary allocations himself. additionally we provide a clean API to query the ip <-> dns mapping. these functions connect via a pipe to the allocator thread, and exchange messages. further cleanup is needed, but it seems to work so far. thread-safety is not yet guaranteed. closes #1
2012-11-07 19:11:14 +00:00
goto err_plus_unlock;
string_hash_tuple tmp = { 0 };
replace hostent lookup with better performing in-memory copy. the central dns resolver function proxy_gethostbyname() used to iterate over the gethostent() db (/etc/hosts) on each dns request. since this is not threadsafe, we synchronized access to it previously using mutexes. the parsing of this file is slow, and blocking all threads to do it even moreso. since gethostent_r() is only available on a few platforms, i decided to read the hostent db once and then use a quick in-memory lookup on further usage. + some further refactoring.
2012-11-08 00:18:19 +00:00
new_mem = dumpstring((char*) &tmp, sizeof(string_hash_tuple));
preliminary first fork-safe version instead of allocating memory in the child, we now use the allocator thread to do all the necessary allocations himself. additionally we provide a clean API to query the ip <-> dns mapping. these functions connect via a pipe to the allocator thread, and exchange messages. further cleanup is needed, but it seems to work so far. thread-safety is not yet guaranteed. closes #1
2012-11-07 19:11:14 +00:00
if(!new_mem)
goto oom;
PDEBUG("creating new entry %d for ip of %s\n", (int) internal_ips->counter, name);
internal_ips->list[internal_ips->counter] = new_mem;
internal_ips->list[internal_ips->counter]->hash = hash;
allocator_thread.c: whitespace cleanup
2019-02-28 13:32:57 +00:00
allocator_thread: rework message sending structures simplify code by adding a new at_msg struct that contains both the message header and the message body. this allow e.g. atomic writes of the whole message instead of doing it in 2 steps. unfortunately reads still have to be done in at least 2 steps, since there are no atomicity guarantees[0]. additionally the message header shrunk from 8 to 4 bytes. [0]: https://stackoverflow.com/questions/14661708/under-what-conditions-are-pipe-reads-atomic
2020-09-20 16:06:37 +00:00
new_mem = dumpstring((char*) name, len);
allocator_thread.c: whitespace cleanup
2019-02-28 13:32:57 +00:00
preliminary first fork-safe version instead of allocating memory in the child, we now use the allocator thread to do all the necessary allocations himself. additionally we provide a clean API to query the ip <-> dns mapping. these functions connect via a pipe to the allocator thread, and exchange messages. further cleanup is needed, but it seems to work so far. thread-safety is not yet guaranteed. closes #1
2012-11-07 19:11:14 +00:00
if(!new_mem) {
internal_ips->list[internal_ips->counter] = 0;
goto oom;
}
internal_ips->list[internal_ips->counter]->string = new_mem;
internal_ips->counter += 1;
have_ip:
return res;
err_plus_unlock:
allocator_thread.c: whitespace cleanup
2019-02-28 13:32:57 +00:00
preliminary first fork-safe version instead of allocating memory in the child, we now use the allocator thread to do all the necessary allocations himself. additionally we provide a clean API to query the ip <-> dns mapping. these functions connect via a pipe to the allocator thread, and exchange messages. further cleanup is needed, but it seems to work so far. thread-safety is not yet guaranteed. closes #1
2012-11-07 19:11:14 +00:00
PDEBUG("return err\n");
get rid of ip_type.c
2020-09-23 16:00:16 +00:00
return IPT4_INVALID;
preliminary first fork-safe version instead of allocating memory in the child, we now use the allocator thread to do all the necessary allocations himself. additionally we provide a clean API to query the ip <-> dns mapping. these functions connect via a pipe to the allocator thread, and exchange messages. further cleanup is needed, but it seems to work so far. thread-safety is not yet guaranteed. closes #1
2012-11-07 19:11:14 +00:00
}
/* stuff for communication with the allocator thread */
failed attempt to use shared memory for the ip <-> dns mapping this is in order to get irssi, which forks for DNS lookups, and similar programs, to work as intended. in a previous attempt i learned that shared memory created in a child process is not visible to the parent; in this attempt i spin off a thread from the parent which listens on a pipe and manages the shared memory allocation from the parent address-space. however this doesnt work as expected: memory allocated in the parent after the child forked is not visi- ble to the child as well. so what happens is: irssi starts a child process, the thread allocs memory and hands it to the child, the child attempts to write and segfaults. however irssi doesnt crash. since now the memory is already allocated, doing the dns lookup again will succeed. i.e. the dns lookup works now in irssi by luck. all but the first dns lookups will suceed. however this is not good enough for me to be satisfied, i commit this only for documentation purposes.
2012-11-07 15:49:14 +00:00
preliminary first fork-safe version instead of allocating memory in the child, we now use the allocator thread to do all the necessary allocations himself. additionally we provide a clean API to query the ip <-> dns mapping. these functions connect via a pipe to the allocator thread, and exchange messages. further cleanup is needed, but it seems to work so far. thread-safety is not yet guaranteed. closes #1
2012-11-07 19:11:14 +00:00
enum at_direction {
ATD_SERVER = 0,
ATD_CLIENT,
ATD_MAX,
};
failed attempt to use shared memory for the ip <-> dns mapping this is in order to get irssi, which forks for DNS lookups, and similar programs, to work as intended. in a previous attempt i learned that shared memory created in a child process is not visible to the parent; in this attempt i spin off a thread from the parent which listens on a pipe and manages the shared memory allocation from the parent address-space. however this doesnt work as expected: memory allocated in the parent after the child forked is not visi- ble to the child as well. so what happens is: irssi starts a child process, the thread allocs memory and hands it to the child, the child attempts to write and segfaults. however irssi doesnt crash. since now the memory is already allocated, doing the dns lookup again will succeed. i.e. the dns lookup works now in irssi by luck. all but the first dns lookups will suceed. however this is not good enough for me to be satisfied, i commit this only for documentation purposes.
2012-11-07 15:49:14 +00:00
static pthread_t allocator_thread;
hook close() to prevent rude programs like ssh to close our pipes those pipes are needed to talk with the dns-name allocator thread. closes #9
2013-01-21 00:54:45 +00:00
int req_pipefd[2];
int resp_pipefd[2];
failed attempt to use shared memory for the ip <-> dns mapping this is in order to get irssi, which forks for DNS lookups, and similar programs, to work as intended. in a previous attempt i learned that shared memory created in a child process is not visible to the parent; in this attempt i spin off a thread from the parent which listens on a pipe and manages the shared memory allocation from the parent address-space. however this doesnt work as expected: memory allocated in the parent after the child forked is not visi- ble to the child as well. so what happens is: irssi starts a child process, the thread allocs memory and hands it to the child, the child attempts to write and segfaults. however irssi doesnt crash. since now the memory is already allocated, doing the dns lookup again will succeed. i.e. the dns lookup works now in irssi by luck. all but the first dns lookups will suceed. however this is not good enough for me to be satisfied, i commit this only for documentation purposes.
2012-11-07 15:49:14 +00:00
preliminary first fork-safe version instead of allocating memory in the child, we now use the allocator thread to do all the necessary allocations himself. additionally we provide a clean API to query the ip <-> dns mapping. these functions connect via a pipe to the allocator thread, and exchange messages. further cleanup is needed, but it seems to work so far. thread-safety is not yet guaranteed. closes #1
2012-11-07 19:11:14 +00:00
static int wait_data(int readfd) {
PFUNC();
failed attempt to use shared memory for the ip <-> dns mapping this is in order to get irssi, which forks for DNS lookups, and similar programs, to work as intended. in a previous attempt i learned that shared memory created in a child process is not visible to the parent; in this attempt i spin off a thread from the parent which listens on a pipe and manages the shared memory allocation from the parent address-space. however this doesnt work as expected: memory allocated in the parent after the child forked is not visi- ble to the child as well. so what happens is: irssi starts a child process, the thread allocs memory and hands it to the child, the child attempts to write and segfaults. however irssi doesnt crash. since now the memory is already allocated, doing the dns lookup again will succeed. i.e. the dns lookup works now in irssi by luck. all but the first dns lookups will suceed. however this is not good enough for me to be satisfied, i commit this only for documentation purposes.
2012-11-07 15:49:14 +00:00
fd_set fds;
FD_ZERO(&fds);
FD_SET(readfd, &fds);
int ret;
preliminary first fork-safe version instead of allocating memory in the child, we now use the allocator thread to do all the necessary allocations himself. additionally we provide a clean API to query the ip <-> dns mapping. these functions connect via a pipe to the allocator thread, and exchange messages. further cleanup is needed, but it seems to work so far. thread-safety is not yet guaranteed. closes #1
2012-11-07 19:11:14 +00:00
while((ret = select(readfd+1, &fds, NULL, NULL, NULL)) <= 0) {
if(ret < 0) {
hook close() to prevent rude programs like ssh to close our pipes those pipes are needed to talk with the dns-name allocator thread. closes #9
2013-01-21 00:54:45 +00:00
int e = errno;
if(e == EINTR) continue;
#ifdef __GLIBC__
char emsg[1024];
char* x = strerror_r(errno, emsg, sizeof emsg);
dprintf(2, "select2: %s\n", x);
#endif
preliminary first fork-safe version instead of allocating memory in the child, we now use the allocator thread to do all the necessary allocations himself. additionally we provide a clean API to query the ip <-> dns mapping. these functions connect via a pipe to the allocator thread, and exchange messages. further cleanup is needed, but it seems to work so far. thread-safety is not yet guaranteed. closes #1
2012-11-07 19:11:14 +00:00
return 0;
}
}
return 1;
}
allocator_thread.c: handle EINTR case when reading/writing pipe data addressing #163
2017-02-23 01:08:03 +00:00
static int trywrite(int fd, void* buf, size_t bytes) {
ssize_t ret;
unsigned char *out = buf;
again:
ret = write(fd, out, bytes);
switch(ret) {
case -1:
if(errno == EINTR) goto again;
case 0:
return 0;
default:
if(ret == bytes || !bytes) return 1;
out += ret;
bytes -= ret;
goto again;
}
}
allocator_thread: rework message sending structures simplify code by adding a new at_msg struct that contains both the message header and the message body. this allow e.g. atomic writes of the whole message instead of doing it in 2 steps. unfortunately reads still have to be done in at least 2 steps, since there are no atomicity guarantees[0]. additionally the message header shrunk from 8 to 4 bytes. [0]: https://stackoverflow.com/questions/14661708/under-what-conditions-are-pipe-reads-atomic
2020-09-20 16:06:37 +00:00
static int sendmessage(enum at_direction dir, struct at_msg *msg) {
preliminary first fork-safe version instead of allocating memory in the child, we now use the allocator thread to do all the necessary allocations himself. additionally we provide a clean API to query the ip <-> dns mapping. these functions connect via a pipe to the allocator thread, and exchange messages. further cleanup is needed, but it seems to work so far. thread-safety is not yet guaranteed. closes #1
2012-11-07 19:11:14 +00:00
static int* destfd[ATD_MAX] = { [ATD_SERVER] = &req_pipefd[1], [ATD_CLIENT] = &resp_pipefd[1] };
allocator_thread: rework message sending structures simplify code by adding a new at_msg struct that contains both the message header and the message body. this allow e.g. atomic writes of the whole message instead of doing it in 2 steps. unfortunately reads still have to be done in at least 2 steps, since there are no atomicity guarantees[0]. additionally the message header shrunk from 8 to 4 bytes. [0]: https://stackoverflow.com/questions/14661708/under-what-conditions-are-pipe-reads-atomic
2020-09-20 16:06:37 +00:00
assert(msg->h.datalen <= MSG_LEN_MAX);
int ret = trywrite(*destfd[dir], msg, sizeof (msg->h)+msg->h.datalen);
assert(msg->h.datalen <= MSG_LEN_MAX);
preliminary first fork-safe version instead of allocating memory in the child, we now use the allocator thread to do all the necessary allocations himself. additionally we provide a clean API to query the ip <-> dns mapping. these functions connect via a pipe to the allocator thread, and exchange messages. further cleanup is needed, but it seems to work so far. thread-safety is not yet guaranteed. closes #1
2012-11-07 19:11:14 +00:00
return ret;
}
allocator_thread.c: handle EINTR case when reading/writing pipe data addressing #163
2017-02-23 01:08:03 +00:00
static int tryread(int fd, void* buf, size_t bytes) {
ssize_t ret;
unsigned char *out = buf;
again:
ret = read(fd, out, bytes);
switch(ret) {
case -1:
if(errno == EINTR) goto again;
case 0:
return 0;
default:
if(ret == bytes || !bytes) return 1;
out += ret;
bytes -= ret;
goto again;
}
}
allocator_thread: rework message sending structures simplify code by adding a new at_msg struct that contains both the message header and the message body. this allow e.g. atomic writes of the whole message instead of doing it in 2 steps. unfortunately reads still have to be done in at least 2 steps, since there are no atomicity guarantees[0]. additionally the message header shrunk from 8 to 4 bytes. [0]: https://stackoverflow.com/questions/14661708/under-what-conditions-are-pipe-reads-atomic
2020-09-20 16:06:37 +00:00
static int readmsg(int fd, struct at_msg *msg) {
int ret = tryread(fd, msg, sizeof(msg->h));
if(ret != 1) return ret;
return tryread(fd, &msg->m, msg->h.datalen);
}
allocator_thread.c: handle EINTR case when reading/writing pipe data addressing #163
2017-02-23 01:08:03 +00:00
allocator_thread: rework message sending structures simplify code by adding a new at_msg struct that contains both the message header and the message body. this allow e.g. atomic writes of the whole message instead of doing it in 2 steps. unfortunately reads still have to be done in at least 2 steps, since there are no atomicity guarantees[0]. additionally the message header shrunk from 8 to 4 bytes. [0]: https://stackoverflow.com/questions/14661708/under-what-conditions-are-pipe-reads-atomic
2020-09-20 16:06:37 +00:00
static int getmessage(enum at_direction dir, struct at_msg *msg) {
preliminary first fork-safe version instead of allocating memory in the child, we now use the allocator thread to do all the necessary allocations himself. additionally we provide a clean API to query the ip <-> dns mapping. these functions connect via a pipe to the allocator thread, and exchange messages. further cleanup is needed, but it seems to work so far. thread-safety is not yet guaranteed. closes #1
2012-11-07 19:11:14 +00:00
static int* readfd[ATD_MAX] = { [ATD_SERVER] = &req_pipefd[0], [ATD_CLIENT] = &resp_pipefd[0] };
allocator_thread.c: handle EINTR case when reading/writing pipe data addressing #163
2017-02-23 01:08:03 +00:00
ssize_t ret;
preliminary first fork-safe version instead of allocating memory in the child, we now use the allocator thread to do all the necessary allocations himself. additionally we provide a clean API to query the ip <-> dns mapping. these functions connect via a pipe to the allocator thread, and exchange messages. further cleanup is needed, but it seems to work so far. thread-safety is not yet guaranteed. closes #1
2012-11-07 19:11:14 +00:00
if((ret = wait_data(*readfd[dir]))) {
allocator_thread: rework message sending structures simplify code by adding a new at_msg struct that contains both the message header and the message body. this allow e.g. atomic writes of the whole message instead of doing it in 2 steps. unfortunately reads still have to be done in at least 2 steps, since there are no atomicity guarantees[0]. additionally the message header shrunk from 8 to 4 bytes. [0]: https://stackoverflow.com/questions/14661708/under-what-conditions-are-pipe-reads-atomic
2020-09-20 16:06:37 +00:00
if(!readmsg(*readfd[dir], msg))
allocator_thread.c: handle EINTR case when reading/writing pipe data addressing #163
2017-02-23 01:08:03 +00:00
return 0;
allocator_thread: rework message sending structures simplify code by adding a new at_msg struct that contains both the message header and the message body. this allow e.g. atomic writes of the whole message instead of doing it in 2 steps. unfortunately reads still have to be done in at least 2 steps, since there are no atomicity guarantees[0]. additionally the message header shrunk from 8 to 4 bytes. [0]: https://stackoverflow.com/questions/14661708/under-what-conditions-are-pipe-reads-atomic
2020-09-20 16:06:37 +00:00
assert(msg->h.datalen <= MSG_LEN_MAX);
preliminary first fork-safe version instead of allocating memory in the child, we now use the allocator thread to do all the necessary allocations himself. additionally we provide a clean API to query the ip <-> dns mapping. these functions connect via a pipe to the allocator thread, and exchange messages. further cleanup is needed, but it seems to work so far. thread-safety is not yet guaranteed. closes #1
2012-11-07 19:11:14 +00:00
}
return ret;
}
static void* threadfunc(void* x) {
(void) x;
int ret;
allocator_thread: rework message sending structures simplify code by adding a new at_msg struct that contains both the message header and the message body. this allow e.g. atomic writes of the whole message instead of doing it in 2 steps. unfortunately reads still have to be done in at least 2 steps, since there are no atomicity guarantees[0]. additionally the message header shrunk from 8 to 4 bytes. [0]: https://stackoverflow.com/questions/14661708/under-what-conditions-are-pipe-reads-atomic
2020-09-20 16:06:37 +00:00
struct at_msg msg;
while((ret = getmessage(ATD_SERVER, &msg))) {
switch(msg.h.msgtype) {
preliminary first fork-safe version instead of allocating memory in the child, we now use the allocator thread to do all the necessary allocations himself. additionally we provide a clean API to query the ip <-> dns mapping. these functions connect via a pipe to the allocator thread, and exchange messages. further cleanup is needed, but it seems to work so far. thread-safety is not yet guaranteed. closes #1
2012-11-07 19:11:14 +00:00
case ATM_GETIP:
/* client wants an ip for a DNS name. iterate our list and check if we have an existing entry.
* if not, create a new one. */
allocator_thread: rework message sending structures simplify code by adding a new at_msg struct that contains both the message header and the message body. this allow e.g. atomic writes of the whole message instead of doing it in 2 steps. unfortunately reads still have to be done in at least 2 steps, since there are no atomicity guarantees[0]. additionally the message header shrunk from 8 to 4 bytes. [0]: https://stackoverflow.com/questions/14661708/under-what-conditions-are-pipe-reads-atomic
2020-09-20 16:06:37 +00:00
msg.m.ip = ip_from_internal_list(msg.m.host, msg.h.datalen);
msg.h.datalen = sizeof(ip_type4);
preliminary first fork-safe version instead of allocating memory in the child, we now use the allocator thread to do all the necessary allocations himself. additionally we provide a clean API to query the ip <-> dns mapping. these functions connect via a pipe to the allocator thread, and exchange messages. further cleanup is needed, but it seems to work so far. thread-safety is not yet guaranteed. closes #1
2012-11-07 19:11:14 +00:00
break;
case ATM_GETNAME: {
allocator_thread: rework message sending structures simplify code by adding a new at_msg struct that contains both the message header and the message body. this allow e.g. atomic writes of the whole message instead of doing it in 2 steps. unfortunately reads still have to be done in at least 2 steps, since there are no atomicity guarantees[0]. additionally the message header shrunk from 8 to 4 bytes. [0]: https://stackoverflow.com/questions/14661708/under-what-conditions-are-pipe-reads-atomic
2020-09-20 16:06:37 +00:00
char *host = string_from_internal_ip(msg.m.ip);
preliminary first fork-safe version instead of allocating memory in the child, we now use the allocator thread to do all the necessary allocations himself. additionally we provide a clean API to query the ip <-> dns mapping. these functions connect via a pipe to the allocator thread, and exchange messages. further cleanup is needed, but it seems to work so far. thread-safety is not yet guaranteed. closes #1
2012-11-07 19:11:14 +00:00
if(host) {
size_t l = strlen(host);
allocator_thread: rework message sending structures simplify code by adding a new at_msg struct that contains both the message header and the message body. this allow e.g. atomic writes of the whole message instead of doing it in 2 steps. unfortunately reads still have to be done in at least 2 steps, since there are no atomicity guarantees[0]. additionally the message header shrunk from 8 to 4 bytes. [0]: https://stackoverflow.com/questions/14661708/under-what-conditions-are-pipe-reads-atomic
2020-09-20 16:06:37 +00:00
assert(l+1 < MSG_LEN_MAX);
memcpy(msg.m.host, host, l + 1);
msg.h.datalen = l + 1;
} else {
msg.h.datalen = 0;
preliminary first fork-safe version instead of allocating memory in the child, we now use the allocator thread to do all the necessary allocations himself. additionally we provide a clean API to query the ip <-> dns mapping. these functions connect via a pipe to the allocator thread, and exchange messages. further cleanup is needed, but it seems to work so far. thread-safety is not yet guaranteed. closes #1
2012-11-07 19:11:14 +00:00
}
break;
failed attempt to use shared memory for the ip <-> dns mapping this is in order to get irssi, which forks for DNS lookups, and similar programs, to work as intended. in a previous attempt i learned that shared memory created in a child process is not visible to the parent; in this attempt i spin off a thread from the parent which listens on a pipe and manages the shared memory allocation from the parent address-space. however this doesnt work as expected: memory allocated in the parent after the child forked is not visi- ble to the child as well. so what happens is: irssi starts a child process, the thread allocs memory and hands it to the child, the child attempts to write and segfaults. however irssi doesnt crash. since now the memory is already allocated, doing the dns lookup again will succeed. i.e. the dns lookup works now in irssi by luck. all but the first dns lookups will suceed. however this is not good enough for me to be satisfied, i commit this only for documentation purposes.
2012-11-07 15:49:14 +00:00
}
preliminary first fork-safe version instead of allocating memory in the child, we now use the allocator thread to do all the necessary allocations himself. additionally we provide a clean API to query the ip <-> dns mapping. these functions connect via a pipe to the allocator thread, and exchange messages. further cleanup is needed, but it seems to work so far. thread-safety is not yet guaranteed. closes #1
2012-11-07 19:11:14 +00:00
case ATM_EXIT:
return 0;
default:
abort();
failed attempt to use shared memory for the ip <-> dns mapping this is in order to get irssi, which forks for DNS lookups, and similar programs, to work as intended. in a previous attempt i learned that shared memory created in a child process is not visible to the parent; in this attempt i spin off a thread from the parent which listens on a pipe and manages the shared memory allocation from the parent address-space. however this doesnt work as expected: memory allocated in the parent after the child forked is not visi- ble to the child as well. so what happens is: irssi starts a child process, the thread allocs memory and hands it to the child, the child attempts to write and segfaults. however irssi doesnt crash. since now the memory is already allocated, doing the dns lookup again will succeed. i.e. the dns lookup works now in irssi by luck. all but the first dns lookups will suceed. however this is not good enough for me to be satisfied, i commit this only for documentation purposes.
2012-11-07 15:49:14 +00:00
}
allocator_thread: rework message sending structures simplify code by adding a new at_msg struct that contains both the message header and the message body. this allow e.g. atomic writes of the whole message instead of doing it in 2 steps. unfortunately reads still have to be done in at least 2 steps, since there are no atomicity guarantees[0]. additionally the message header shrunk from 8 to 4 bytes. [0]: https://stackoverflow.com/questions/14661708/under-what-conditions-are-pipe-reads-atomic
2020-09-20 16:06:37 +00:00
ret = sendmessage(ATD_CLIENT, &msg);
failed attempt to use shared memory for the ip <-> dns mapping this is in order to get irssi, which forks for DNS lookups, and similar programs, to work as intended. in a previous attempt i learned that shared memory created in a child process is not visible to the parent; in this attempt i spin off a thread from the parent which listens on a pipe and manages the shared memory allocation from the parent address-space. however this doesnt work as expected: memory allocated in the parent after the child forked is not visi- ble to the child as well. so what happens is: irssi starts a child process, the thread allocs memory and hands it to the child, the child attempts to write and segfaults. however irssi doesnt crash. since now the memory is already allocated, doing the dns lookup again will succeed. i.e. the dns lookup works now in irssi by luck. all but the first dns lookups will suceed. however this is not good enough for me to be satisfied, i commit this only for documentation purposes.
2012-11-07 15:49:14 +00:00
}
return 0;
}
use mutexes also to protect the pipe communication wasn't threadsafe before.
2012-11-07 20:11:03 +00:00
/* API to access the internal ip mapping */
preliminary ipv6 support only basic testing was done (with 2 socks5 proxies listening on ::1) but seems to work as intended. ipv6 support for the hostsreader (/etc/hosts) is not implemented so far.
2015-08-10 15:59:31 +00:00
ip_type4 at_get_ip_for_host(char* host, size_t len) {
ip_type4 readbuf;
allocator_thread: fix segfault with weechat 2.0 it was reported that weechat 2.0 on ubuntu 16.04 LTS x86_64 segfaulted like this: 4 0x00007f6bf0e7e0c0 in __stack_chk_fail () at stack_chk_fail.c:28 5 0x00007f6bf2536bce in at_get_ip_for_host (host=0x339c4d0 "abcdefghijklmnop.onion", len=22) at src/allocator_thread.c:290 readbuf = {octet = "irc.", as_int = 778269289} msg = {msgtype = ATM_GETNAME, datalen = 13} what happened was that weechat forked, thus got its own private copy of the VM and thus a private copy of the mutex which should prevent parallel use of at_get_ip_for_host() & friends. therefore the following race was possible: - process A writes a message of type ATM_GETIP into the server pipe - process B writes a message of type ATM_GETNAME into the server pipe - process A write transaction is finished, and goes into receive mode - server thread reads process B's message and responds with a ATM_GETNAME msg - process A reads the response which was intended for process B into the 4 byte ip address buffer, but ATM_GETNAME are much larger than ATM_GETIP responses, resulting in stack corruption. to prevent this issue, the storage of the mutex must reside in shared memory, which we achieve via mmap. alternatively, shm_open() or sysvipc shm stuff could be used. the former requires the mmap call to happen before the fork, the latter not, however the shm would require a named object in /dev/shm (which requires generating a unique name per proxychains instance, and subsequent cleanup). so in the end, the mmap is easier to deal with, and we can be reasonably certain that our constructor is being run before the hooked application forks.
2017-12-19 00:10:13 +00:00
MUTEX_LOCK(internal_ips_lock);
preliminary first fork-safe version instead of allocating memory in the child, we now use the allocator thread to do all the necessary allocations himself. additionally we provide a clean API to query the ip <-> dns mapping. these functions connect via a pipe to the allocator thread, and exchange messages. further cleanup is needed, but it seems to work so far. thread-safety is not yet guaranteed. closes #1
2012-11-07 19:11:14 +00:00
if(len > MSG_LEN_MAX) goto inv;
allocator_thread: rework message sending structures simplify code by adding a new at_msg struct that contains both the message header and the message body. this allow e.g. atomic writes of the whole message instead of doing it in 2 steps. unfortunately reads still have to be done in at least 2 steps, since there are no atomicity guarantees[0]. additionally the message header shrunk from 8 to 4 bytes. [0]: https://stackoverflow.com/questions/14661708/under-what-conditions-are-pipe-reads-atomic
2020-09-20 16:06:37 +00:00
struct at_msg msg = {.h.msgtype = ATM_GETIP, .h.datalen = len + 1 };
memcpy(msg.m.host, host, len+1);
if(sendmessage(ATD_SERVER, &msg) &&
getmessage(ATD_CLIENT, &msg)) readbuf = msg.m.ip;
use mutexes also to protect the pipe communication wasn't threadsafe before.
2012-11-07 20:11:03 +00:00
else {
inv:
get rid of ip_type.c
2020-09-23 16:00:16 +00:00
readbuf = IPT4_INVALID;
use mutexes also to protect the pipe communication wasn't threadsafe before.
2012-11-07 20:11:03 +00:00
}
allocator_thread: rework message sending structures simplify code by adding a new at_msg struct that contains both the message header and the message body. this allow e.g. atomic writes of the whole message instead of doing it in 2 steps. unfortunately reads still have to be done in at least 2 steps, since there are no atomicity guarantees[0]. additionally the message header shrunk from 8 to 4 bytes. [0]: https://stackoverflow.com/questions/14661708/under-what-conditions-are-pipe-reads-atomic
2020-09-20 16:06:37 +00:00
assert(msg.h.msgtype == ATM_GETIP);
allocator_thread: fix segfault with weechat 2.0 it was reported that weechat 2.0 on ubuntu 16.04 LTS x86_64 segfaulted like this: 4 0x00007f6bf0e7e0c0 in __stack_chk_fail () at stack_chk_fail.c:28 5 0x00007f6bf2536bce in at_get_ip_for_host (host=0x339c4d0 "abcdefghijklmnop.onion", len=22) at src/allocator_thread.c:290 readbuf = {octet = "irc.", as_int = 778269289} msg = {msgtype = ATM_GETNAME, datalen = 13} what happened was that weechat forked, thus got its own private copy of the VM and thus a private copy of the mutex which should prevent parallel use of at_get_ip_for_host() & friends. therefore the following race was possible: - process A writes a message of type ATM_GETIP into the server pipe - process B writes a message of type ATM_GETNAME into the server pipe - process A write transaction is finished, and goes into receive mode - server thread reads process B's message and responds with a ATM_GETNAME msg - process A reads the response which was intended for process B into the 4 byte ip address buffer, but ATM_GETNAME are much larger than ATM_GETIP responses, resulting in stack corruption. to prevent this issue, the storage of the mutex must reside in shared memory, which we achieve via mmap. alternatively, shm_open() or sysvipc shm stuff could be used. the former requires the mmap call to happen before the fork, the latter not, however the shm would require a named object in /dev/shm (which requires generating a unique name per proxychains instance, and subsequent cleanup). so in the end, the mmap is easier to deal with, and we can be reasonably certain that our constructor is being run before the hooked application forks.
2017-12-19 00:10:13 +00:00
MUTEX_UNLOCK(internal_ips_lock);
use mutexes also to protect the pipe communication wasn't threadsafe before.
2012-11-07 20:11:03 +00:00
return readbuf;
preliminary first fork-safe version instead of allocating memory in the child, we now use the allocator thread to do all the necessary allocations himself. additionally we provide a clean API to query the ip <-> dns mapping. these functions connect via a pipe to the allocator thread, and exchange messages. further cleanup is needed, but it seems to work so far. thread-safety is not yet guaranteed. closes #1
2012-11-07 19:11:14 +00:00
}
preliminary ipv6 support only basic testing was done (with 2 socks5 proxies listening on ::1) but seems to work as intended. ipv6 support for the hostsreader (/etc/hosts) is not implemented so far.
2015-08-10 15:59:31 +00:00
size_t at_get_host_for_ip(ip_type4 ip, char* readbuf) {
allocator_thread: rework message sending structures simplify code by adding a new at_msg struct that contains both the message header and the message body. this allow e.g. atomic writes of the whole message instead of doing it in 2 steps. unfortunately reads still have to be done in at least 2 steps, since there are no atomicity guarantees[0]. additionally the message header shrunk from 8 to 4 bytes. [0]: https://stackoverflow.com/questions/14661708/under-what-conditions-are-pipe-reads-atomic
2020-09-20 16:06:37 +00:00
struct at_msg msg = {.h.msgtype = ATM_GETNAME, .h.datalen = sizeof(ip_type4), .m.ip = ip };
use mutexes also to protect the pipe communication wasn't threadsafe before.
2012-11-07 20:11:03 +00:00
size_t res = 0;
allocator_thread: fix segfault with weechat 2.0 it was reported that weechat 2.0 on ubuntu 16.04 LTS x86_64 segfaulted like this: 4 0x00007f6bf0e7e0c0 in __stack_chk_fail () at stack_chk_fail.c:28 5 0x00007f6bf2536bce in at_get_ip_for_host (host=0x339c4d0 "abcdefghijklmnop.onion", len=22) at src/allocator_thread.c:290 readbuf = {octet = "irc.", as_int = 778269289} msg = {msgtype = ATM_GETNAME, datalen = 13} what happened was that weechat forked, thus got its own private copy of the VM and thus a private copy of the mutex which should prevent parallel use of at_get_ip_for_host() & friends. therefore the following race was possible: - process A writes a message of type ATM_GETIP into the server pipe - process B writes a message of type ATM_GETNAME into the server pipe - process A write transaction is finished, and goes into receive mode - server thread reads process B's message and responds with a ATM_GETNAME msg - process A reads the response which was intended for process B into the 4 byte ip address buffer, but ATM_GETNAME are much larger than ATM_GETIP responses, resulting in stack corruption. to prevent this issue, the storage of the mutex must reside in shared memory, which we achieve via mmap. alternatively, shm_open() or sysvipc shm stuff could be used. the former requires the mmap call to happen before the fork, the latter not, however the shm would require a named object in /dev/shm (which requires generating a unique name per proxychains instance, and subsequent cleanup). so in the end, the mmap is easier to deal with, and we can be reasonably certain that our constructor is being run before the hooked application forks.
2017-12-19 00:10:13 +00:00
MUTEX_LOCK(internal_ips_lock);
allocator_thread: rework message sending structures simplify code by adding a new at_msg struct that contains both the message header and the message body. this allow e.g. atomic writes of the whole message instead of doing it in 2 steps. unfortunately reads still have to be done in at least 2 steps, since there are no atomicity guarantees[0]. additionally the message header shrunk from 8 to 4 bytes. [0]: https://stackoverflow.com/questions/14661708/under-what-conditions-are-pipe-reads-atomic
2020-09-20 16:06:37 +00:00
if(sendmessage(ATD_SERVER, &msg) && getmessage(ATD_CLIENT, &msg)) {
if((int16_t) msg.h.datalen <= 0) res = 0;
else {
memcpy(readbuf, msg.m.host, msg.h.datalen);
res = msg.h.datalen - 1;
}
use mutexes also to protect the pipe communication wasn't threadsafe before.
2012-11-07 20:11:03 +00:00
}
allocator_thread: rework message sending structures simplify code by adding a new at_msg struct that contains both the message header and the message body. this allow e.g. atomic writes of the whole message instead of doing it in 2 steps. unfortunately reads still have to be done in at least 2 steps, since there are no atomicity guarantees[0]. additionally the message header shrunk from 8 to 4 bytes. [0]: https://stackoverflow.com/questions/14661708/under-what-conditions-are-pipe-reads-atomic
2020-09-20 16:06:37 +00:00
assert(msg.h.msgtype == ATM_GETNAME);
allocator_thread: fix segfault with weechat 2.0 it was reported that weechat 2.0 on ubuntu 16.04 LTS x86_64 segfaulted like this: 4 0x00007f6bf0e7e0c0 in __stack_chk_fail () at stack_chk_fail.c:28 5 0x00007f6bf2536bce in at_get_ip_for_host (host=0x339c4d0 "abcdefghijklmnop.onion", len=22) at src/allocator_thread.c:290 readbuf = {octet = "irc.", as_int = 778269289} msg = {msgtype = ATM_GETNAME, datalen = 13} what happened was that weechat forked, thus got its own private copy of the VM and thus a private copy of the mutex which should prevent parallel use of at_get_ip_for_host() & friends. therefore the following race was possible: - process A writes a message of type ATM_GETIP into the server pipe - process B writes a message of type ATM_GETNAME into the server pipe - process A write transaction is finished, and goes into receive mode - server thread reads process B's message and responds with a ATM_GETNAME msg - process A reads the response which was intended for process B into the 4 byte ip address buffer, but ATM_GETNAME are much larger than ATM_GETIP responses, resulting in stack corruption. to prevent this issue, the storage of the mutex must reside in shared memory, which we achieve via mmap. alternatively, shm_open() or sysvipc shm stuff could be used. the former requires the mmap call to happen before the fork, the latter not, however the shm would require a named object in /dev/shm (which requires generating a unique name per proxychains instance, and subsequent cleanup). so in the end, the mmap is easier to deal with, and we can be reasonably certain that our constructor is being run before the hooked application forks.
2017-12-19 00:10:13 +00:00
MUTEX_UNLOCK(internal_ips_lock);
use mutexes also to protect the pipe communication wasn't threadsafe before.
2012-11-07 20:11:03 +00:00
return res;
preliminary first fork-safe version instead of allocating memory in the child, we now use the allocator thread to do all the necessary allocations himself. additionally we provide a clean API to query the ip <-> dns mapping. these functions connect via a pipe to the allocator thread, and exchange messages. further cleanup is needed, but it seems to work so far. thread-safety is not yet guaranteed. closes #1
2012-11-07 19:11:14 +00:00
}
failed attempt to use shared memory for the ip <-> dns mapping this is in order to get irssi, which forks for DNS lookups, and similar programs, to work as intended. in a previous attempt i learned that shared memory created in a child process is not visible to the parent; in this attempt i spin off a thread from the parent which listens on a pipe and manages the shared memory allocation from the parent address-space. however this doesnt work as expected: memory allocated in the parent after the child forked is not visi- ble to the child as well. so what happens is: irssi starts a child process, the thread allocs memory and hands it to the child, the child attempts to write and segfaults. however irssi doesnt crash. since now the memory is already allocated, doing the dns lookup again will succeed. i.e. the dns lookup works now in irssi by luck. all but the first dns lookups will suceed. however this is not good enough for me to be satisfied, i commit this only for documentation purposes.
2012-11-07 15:49:14 +00:00
static void initpipe(int* fds) {
allocator_thread.c: set O_CLOEXEC/FD_CLOEXEC for pipes, fix #273. In proxychains, we create pipes and use them internally. If exec() is called by the program we run, the pipes opened previously are never closed, causing a file descriptor leak may eventually crash the program. This commit calls fcntl() to set FD_CLOEXEC flags on pipes. AFAIK there's no race condition on pipe creation, but we still prefer to call the newer pipe2() with O_CLOEXEC if it's supported by the system, due to its advantage of atomic operation, which prevents potential race conditions in the future. Signed-off-by: Tom Li <tomli@tomli.me>
2018-12-25 15:22:48 +00:00
int retval;
#ifdef HAVE_PIPE2
retval = pipe2(fds, O_CLOEXEC);
#else
retval = pipe(fds);
if(retval == 0) {
fcntl(fds[0], F_SETFD, FD_CLOEXEC);
fcntl(fds[1], F_SETFD, FD_CLOEXEC);
}
#endif
if(retval == -1) {
failed attempt to use shared memory for the ip <-> dns mapping this is in order to get irssi, which forks for DNS lookups, and similar programs, to work as intended. in a previous attempt i learned that shared memory created in a child process is not visible to the parent; in this attempt i spin off a thread from the parent which listens on a pipe and manages the shared memory allocation from the parent address-space. however this doesnt work as expected: memory allocated in the parent after the child forked is not visi- ble to the child as well. so what happens is: irssi starts a child process, the thread allocs memory and hands it to the child, the child attempts to write and segfaults. however irssi doesnt crash. since now the memory is already allocated, doing the dns lookup again will succeed. i.e. the dns lookup works now in irssi by luck. all but the first dns lookups will suceed. however this is not good enough for me to be satisfied, i commit this only for documentation purposes.
2012-11-07 15:49:14 +00:00
perror("pipe");
exit(1);
}
}
allocator_thread: use bigger stacksize for Mac OS X
2017-12-15 13:15:13 +00:00
#ifndef MAX
#define MAX(x, y) ((x) > (y) ? (x) : (y))
#endif
#if !defined(PTHREAD_STACK_MIN) || defined(__APPLE__)
/* MAC says its min is 8KB, but then crashes in our face. thx hunkOLard */
#define PTHREAD_STACK_MIN 64*1024
#endif
failed attempt to use shared memory for the ip <-> dns mapping this is in order to get irssi, which forks for DNS lookups, and similar programs, to work as intended. in a previous attempt i learned that shared memory created in a child process is not visible to the parent; in this attempt i spin off a thread from the parent which listens on a pipe and manages the shared memory allocation from the parent address-space. however this doesnt work as expected: memory allocated in the parent after the child forked is not visi- ble to the child as well. so what happens is: irssi starts a child process, the thread allocs memory and hands it to the child, the child attempts to write and segfaults. however irssi doesnt crash. since now the memory is already allocated, doing the dns lookup again will succeed. i.e. the dns lookup works now in irssi by luck. all but the first dns lookups will suceed. however this is not good enough for me to be satisfied, i commit this only for documentation purposes.
2012-11-07 15:49:14 +00:00
/* initialize with pointers to shared memory. these will
* be used to place responses and arguments */
preliminary first fork-safe version instead of allocating memory in the child, we now use the allocator thread to do all the necessary allocations himself. additionally we provide a clean API to query the ip <-> dns mapping. these functions connect via a pipe to the allocator thread, and exchange messages. further cleanup is needed, but it seems to work so far. thread-safety is not yet guaranteed. closes #1
2012-11-07 19:11:14 +00:00
void at_init(void) {
failed attempt to use shared memory for the ip <-> dns mapping this is in order to get irssi, which forks for DNS lookups, and similar programs, to work as intended. in a previous attempt i learned that shared memory created in a child process is not visible to the parent; in this attempt i spin off a thread from the parent which listens on a pipe and manages the shared memory allocation from the parent address-space. however this doesnt work as expected: memory allocated in the parent after the child forked is not visi- ble to the child as well. so what happens is: irssi starts a child process, the thread allocs memory and hands it to the child, the child attempts to write and segfaults. however irssi doesnt crash. since now the memory is already allocated, doing the dns lookup again will succeed. i.e. the dns lookup works now in irssi by luck. all but the first dns lookups will suceed. however this is not good enough for me to be satisfied, i commit this only for documentation purposes.
2012-11-07 15:49:14 +00:00
PFUNC();
allocator_thread: fix segfault with weechat 2.0 it was reported that weechat 2.0 on ubuntu 16.04 LTS x86_64 segfaulted like this: 4 0x00007f6bf0e7e0c0 in __stack_chk_fail () at stack_chk_fail.c:28 5 0x00007f6bf2536bce in at_get_ip_for_host (host=0x339c4d0 "abcdefghijklmnop.onion", len=22) at src/allocator_thread.c:290 readbuf = {octet = "irc.", as_int = 778269289} msg = {msgtype = ATM_GETNAME, datalen = 13} what happened was that weechat forked, thus got its own private copy of the VM and thus a private copy of the mutex which should prevent parallel use of at_get_ip_for_host() & friends. therefore the following race was possible: - process A writes a message of type ATM_GETIP into the server pipe - process B writes a message of type ATM_GETNAME into the server pipe - process A write transaction is finished, and goes into receive mode - server thread reads process B's message and responds with a ATM_GETNAME msg - process A reads the response which was intended for process B into the 4 byte ip address buffer, but ATM_GETNAME are much larger than ATM_GETIP responses, resulting in stack corruption. to prevent this issue, the storage of the mutex must reside in shared memory, which we achieve via mmap. alternatively, shm_open() or sysvipc shm stuff could be used. the former requires the mmap call to happen before the fork, the latter not, however the shm would require a named object in /dev/shm (which requires generating a unique name per proxychains instance, and subsequent cleanup). so in the end, the mmap is easier to deal with, and we can be reasonably certain that our constructor is being run before the hooked application forks.
2017-12-19 00:10:13 +00:00
void *shm = mmap(0, 4096, PROT_WRITE|PROT_READ, MAP_ANON|MAP_SHARED, -1, 0);
assert(shm);
internal_ips_lock = shm;
internal_ips = (void*)((char*)shm + 2048);
MUTEX_INIT(internal_ips_lock);
preliminary first fork-safe version instead of allocating memory in the child, we now use the allocator thread to do all the necessary allocations himself. additionally we provide a clean API to query the ip <-> dns mapping. these functions connect via a pipe to the allocator thread, and exchange messages. further cleanup is needed, but it seems to work so far. thread-safety is not yet guaranteed. closes #1
2012-11-07 19:11:14 +00:00
memset(internal_ips, 0, sizeof *internal_ips);
failed attempt to use shared memory for the ip <-> dns mapping this is in order to get irssi, which forks for DNS lookups, and similar programs, to work as intended. in a previous attempt i learned that shared memory created in a child process is not visible to the parent; in this attempt i spin off a thread from the parent which listens on a pipe and manages the shared memory allocation from the parent address-space. however this doesnt work as expected: memory allocated in the parent after the child forked is not visi- ble to the child as well. so what happens is: irssi starts a child process, the thread allocs memory and hands it to the child, the child attempts to write and segfaults. however irssi doesnt crash. since now the memory is already allocated, doing the dns lookup again will succeed. i.e. the dns lookup works now in irssi by luck. all but the first dns lookups will suceed. however this is not good enough for me to be satisfied, i commit this only for documentation purposes.
2012-11-07 15:49:14 +00:00
initpipe(req_pipefd);
initpipe(resp_pipefd);
allocator_thread: use bigger stacksize for Mac OS X
2017-12-15 13:15:13 +00:00
pthread_attr_t allocator_thread_attr;
failed attempt to use shared memory for the ip <-> dns mapping this is in order to get irssi, which forks for DNS lookups, and similar programs, to work as intended. in a previous attempt i learned that shared memory created in a child process is not visible to the parent; in this attempt i spin off a thread from the parent which listens on a pipe and manages the shared memory allocation from the parent address-space. however this doesnt work as expected: memory allocated in the parent after the child forked is not visi- ble to the child as well. so what happens is: irssi starts a child process, the thread allocs memory and hands it to the child, the child attempts to write and segfaults. however irssi doesnt crash. since now the memory is already allocated, doing the dns lookup again will succeed. i.e. the dns lookup works now in irssi by luck. all but the first dns lookups will suceed. however this is not good enough for me to be satisfied, i commit this only for documentation purposes.
2012-11-07 15:49:14 +00:00
pthread_attr_init(&allocator_thread_attr);
allocator_thread: use bigger stacksize for Mac OS X
2017-12-15 13:15:13 +00:00
pthread_attr_setstacksize(&allocator_thread_attr, MAX(16 * 1024, PTHREAD_STACK_MIN));
failed attempt to use shared memory for the ip <-> dns mapping this is in order to get irssi, which forks for DNS lookups, and similar programs, to work as intended. in a previous attempt i learned that shared memory created in a child process is not visible to the parent; in this attempt i spin off a thread from the parent which listens on a pipe and manages the shared memory allocation from the parent address-space. however this doesnt work as expected: memory allocated in the parent after the child forked is not visi- ble to the child as well. so what happens is: irssi starts a child process, the thread allocs memory and hands it to the child, the child attempts to write and segfaults. however irssi doesnt crash. since now the memory is already allocated, doing the dns lookup again will succeed. i.e. the dns lookup works now in irssi by luck. all but the first dns lookups will suceed. however this is not good enough for me to be satisfied, i commit this only for documentation purposes.
2012-11-07 15:49:14 +00:00
pthread_create(&allocator_thread, &allocator_thread_attr, threadfunc, 0);
allocator_thread: use bigger stacksize for Mac OS X
2017-12-15 13:15:13 +00:00
pthread_attr_destroy(&allocator_thread_attr);
failed attempt to use shared memory for the ip <-> dns mapping this is in order to get irssi, which forks for DNS lookups, and similar programs, to work as intended. in a previous attempt i learned that shared memory created in a child process is not visible to the parent; in this attempt i spin off a thread from the parent which listens on a pipe and manages the shared memory allocation from the parent address-space. however this doesnt work as expected: memory allocated in the parent after the child forked is not visi- ble to the child as well. so what happens is: irssi starts a child process, the thread allocs memory and hands it to the child, the child attempts to write and segfaults. however irssi doesnt crash. since now the memory is already allocated, doing the dns lookup again will succeed. i.e. the dns lookup works now in irssi by luck. all but the first dns lookups will suceed. however this is not good enough for me to be satisfied, i commit this only for documentation purposes.
2012-11-07 15:49:14 +00:00
}
void at_close(void) {
PFUNC();
const int msg = ATM_EXIT;
write(req_pipefd[1], &msg, sizeof(int));
pthread_join(allocator_thread, NULL);
close(req_pipefd[0]);
close(req_pipefd[1]);
close(resp_pipefd[0]);
close(resp_pipefd[1]);
allocator_thread: fix segfault with weechat 2.0 it was reported that weechat 2.0 on ubuntu 16.04 LTS x86_64 segfaulted like this: 4 0x00007f6bf0e7e0c0 in __stack_chk_fail () at stack_chk_fail.c:28 5 0x00007f6bf2536bce in at_get_ip_for_host (host=0x339c4d0 "abcdefghijklmnop.onion", len=22) at src/allocator_thread.c:290 readbuf = {octet = "irc.", as_int = 778269289} msg = {msgtype = ATM_GETNAME, datalen = 13} what happened was that weechat forked, thus got its own private copy of the VM and thus a private copy of the mutex which should prevent parallel use of at_get_ip_for_host() & friends. therefore the following race was possible: - process A writes a message of type ATM_GETIP into the server pipe - process B writes a message of type ATM_GETNAME into the server pipe - process A write transaction is finished, and goes into receive mode - server thread reads process B's message and responds with a ATM_GETNAME msg - process A reads the response which was intended for process B into the 4 byte ip address buffer, but ATM_GETNAME are much larger than ATM_GETIP responses, resulting in stack corruption. to prevent this issue, the storage of the mutex must reside in shared memory, which we achieve via mmap. alternatively, shm_open() or sysvipc shm stuff could be used. the former requires the mmap call to happen before the fork, the latter not, however the shm would require a named object in /dev/shm (which requires generating a unique name per proxychains instance, and subsequent cleanup). so in the end, the mmap is easier to deal with, and we can be reasonably certain that our constructor is being run before the hooked application forks.
2017-12-19 00:10:13 +00:00
MUTEX_DESTROY(internal_ips_lock);
failed attempt to use shared memory for the ip <-> dns mapping this is in order to get irssi, which forks for DNS lookups, and similar programs, to work as intended. in a previous attempt i learned that shared memory created in a child process is not visible to the parent; in this attempt i spin off a thread from the parent which listens on a pipe and manages the shared memory allocation from the parent address-space. however this doesnt work as expected: memory allocated in the parent after the child forked is not visi- ble to the child as well. so what happens is: irssi starts a child process, the thread allocs memory and hands it to the child, the child attempts to write and segfaults. however irssi doesnt crash. since now the memory is already allocated, doing the dns lookup again will succeed. i.e. the dns lookup works now in irssi by luck. all but the first dns lookups will suceed. however this is not good enough for me to be satisfied, i commit this only for documentation purposes.
2012-11-07 15:49:14 +00:00
}