if an ipv4-mapped ipv6 address is detected, the ip is converted
into v4 format because it may actually be one of our remote dns ips.
it was reported that a program called "maven", when getting handed our
fake ips in the remote dns subnet, converts the ip to v6 prior to calling
connect():
[proxychains] Strict chain ... 127.0.0.1:1080 ... ::ffff:224.0.0.1:443
<--socket error or timeout!
fixes#77
only basic testing was done (with 2 socks5 proxies listening on ::1)
but seems to work as intended.
ipv6 support for the hostsreader (/etc/hosts) is not implemented so far.
since "user" always points to a statically allocated string buffer,
the test for if(user)... was bogus.
use ulen instead.
this bug should only be visible on socks servers that require auth
if username was not passed, so it was probably not really an issue.
the allocatorthread got pointers to RAM which were reallocated
behind the back, and if realloc() couldn't grow in-place, lead
to segfaults in applications that do a lot of DNS-lookups such
as webbrowsers.
closes#66closes#31
thanks to @ravomavain for tracking down the issue.
working directly with the passed variables could lead to bugs when
some lines in the hosts file aren't well-formed and the loop is taken
several times while the buf vars are already modified.
the hostentdb introduced between 4.2 and 4.3
(via af5c6f0c6a )
had several issues:
- it caused breakage on FreeBSD and was commented out there
- prevented usage of the hostdb when proxy_dns was turned off
(issue #42)
- required dynamic memory allocation which was accessed from several
threads
- wouldnt reflect changes to the hosts file made during program run
the only sensible solution is to remove the hostentdb and replace it
with a home-grown hosts parser (we can't use gethostent() since
that would mess up the gethostent()-state from different threads).
the new parser used here is deliberately held simple and only meant
to provide the user with means to reference hardcoded ipv4 addresses
via his hosts file.
fixes#42
some broken programs like pulseaudio rely on LD_PRELOAD hacks to function,
if we just override the environment variable, those will stop working.
simplified version of patch suggested by @hexchain
closes#35
the strncpy function is both dangerous and slow.
dangerous because it doesn't do what the naive programmer expects
(bounded strcpy), and slow because it pads the entire bufsize
with zeroes.
sys/poll.h is a glibc legacy alias for poll.h.
the latter is specified by POSIX, the former not.
on glibc one of them just includes the other so it doesnt hurt.
it is generally invalid to use a DNS name since DNS subsystem
is only available once connected to the proxy; because
DNS is done server-side.
closes#19
if a configuration file can be accessed by proxychains but there is a
mandatory access control (or other) block on the target appication's
ability to read that file, fopen() creates a NULL pointer that will
cause a segfault in fgets().
closes#17
Signed-off-by: mancha <mancha1@hush.com>
this bug was fixed shortly before 2.14 release, so we checked for that.
however some distros decided to backport this fix to earlier versions,
breaking our compiletime check.
http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=e4ecafe004b3d4270b3a9dace8f970047400ed38
the portable solution is to stick the function into a separate comilation
unit that does not see the glibc prototype.
closes#7
the central dns resolver function proxy_gethostbyname() used
to iterate over the gethostent() db (/etc/hosts) on each dns
request.
since this is not threadsafe, we synchronized access to it
previously using mutexes. the parsing of this file is slow,
and blocking all threads to do it even moreso.
since gethostent_r() is only available on a few platforms,
i decided to read the hostent db once and then use a quick
in-memory lookup on further usage.
+ some further refactoring.
