[tor-commits] [torsocks/master] Add recvmsg() FD passing check
dgoulet at torproject.org
dgoulet at torproject.org
Fri Apr 4 22:40:25 UTC 2014
commit eecc1152a9c86459081711240991991de2b24204
Author: David Goulet <dgoulet at ev0ke.net>
Date: Wed Aug 7 11:17:54 2013 -0400
Add recvmsg() FD passing check
Signed-off-by: David Goulet <dgoulet at ev0ke.net>
---
TODO | 2 +-
src/lib/Makefile.am | 2 +-
src/lib/recv.c | 100 +++++++++++++++++++++++++++++++++++++++++++++++++++
src/lib/torsocks.h | 13 +++++++
4 files changed, 115 insertions(+), 2 deletions(-)
diff --git a/TODO b/TODO
index ad99fc2..fdd2365 100644
--- a/TODO
+++ b/TODO
@@ -1,7 +1,7 @@
Version 2.0
-----------
* Support res_* API
-* Get sendmsg FD passing on Unix socket and for TCP socket, clean exit
+* Check recvmmsg() FD passing on Unix socket and for TCP socket, clean exit
* Deny ICMP
* Support the complete list of dangerous syscall number with syscall()
diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am
index 0fe0233..f445c01 100644
--- a/src/lib/Makefile.am
+++ b/src/lib/Makefile.am
@@ -12,7 +12,7 @@ lib_LTLIBRARIES = libtorsocks.la
libtorsocks_la_SOURCES = torsocks.c torsocks.h \
connect.c gethostbyname.c getaddrinfo.c close.c \
- getpeername.c socket.c syscall.c socketpair.c
+ getpeername.c socket.c syscall.c socketpair.c recv.c
libtorsocks_la_LIBADD = \
$(top_builddir)/src/common/libcommon.la \
diff --git a/src/lib/recv.c b/src/lib/recv.c
new file mode 100644
index 0000000..9a70dd3
--- /dev/null
+++ b/src/lib/recv.c
@@ -0,0 +1,100 @@
+/*
+ * Copyright (C) 2013 - David Goulet <dgoulet at ev0ke.net>
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License, version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 51
+ * Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include <assert.h>
+#include <stdlib.h>
+
+#include <common/log.h>
+
+#include "torsocks.h"
+
+/*
+ * Torsocks call for recvmsg(2)
+ *
+ * We only hijack this call to handle the FD passing between process on Unix
+ * socket. If an INET/INET6 socket is recevied, we stop everything because at
+ * that point we can't guarantee traffic going through Tor.
+ */
+LIBC_RECVMSG_RET_TYPE tsocks_recvmsg(LIBC_RECVMSG_SIG)
+{
+ int fd;
+ ssize_t ret = 0;
+ char dummy, recv_fd[CMSG_SPACE(sizeof(fd))];
+ struct iovec iov[1];
+ struct cmsghdr *cmsg;
+ struct msghdr msg;
+
+ memset(&msg, 0, sizeof(msg));
+
+ /* Prepare to receive the structures */
+ iov[0].iov_base = &dummy;
+ iov[0].iov_len = 1;
+ msg.msg_iov = iov;
+ msg.msg_iovlen = 1;
+ msg.msg_control = recv_fd;
+ msg.msg_controllen = sizeof(recv_fd);
+
+ do {
+ /* Just peek the data to inspect the payload for fd. */
+ ret = tsocks_libc_recvmsg(__sockfd, &msg, MSG_PEEK);
+ } while (ret < 0 && errno == EINTR);
+
+ cmsg = CMSG_FIRSTHDR(&msg);
+ if (!cmsg) {
+ goto end;
+ }
+
+ /*
+ * Detecting FD passing, the next snippet of code will check if we get a
+ * inet/inet6 socket. If so, everything stops immediately before going
+ * further.
+ */
+ if (cmsg->cmsg_type == SCM_RIGHTS || cmsg->cmsg_level == SOL_SOCKET) {
+ socklen_t optlen;
+ int sock_dom;
+
+ memcpy(&fd, CMSG_DATA(cmsg), sizeof(fd));
+
+ /* Get socket domain. */
+ optlen = sizeof(sock_dom);
+ ret = getsockopt(fd, SOL_SOCKET, SO_DOMAIN, &sock_dom, &optlen);
+ if (ret < 0) {
+ /* Use the getsockopt() errno value. */
+ goto end;
+ }
+
+ if (sock_dom == AF_INET || sock_dom == AF_INET6) {
+ ERR("[recvmsg] Inet socket passing detected. Aborting everything! "
+ "A non Tor socket could be used thus leaking information.");
+ exit(EXIT_FAILURE);
+ }
+ }
+
+end:
+ return tsocks_libc_recvmsg(LIBC_RECVMSG_ARGS);
+}
+
+/*
+ * Libc hijacked symbol recvmsg(2).
+ */
+LIBC_RECVMSG_DECL
+{
+ /* Find symbol if not already set. Exit if not found. */
+ tsocks_libc_recvmsg = tsocks_find_libc_symbol(LIBC_RECVMSG_NAME_STR,
+ TSOCKS_SYM_EXIT_NOT_FOUND);
+ return tsocks_recvmsg(LIBC_RECVMSG_ARGS);
+}
diff --git a/src/lib/torsocks.h b/src/lib/torsocks.h
index 953446b..65edeba 100644
--- a/src/lib/torsocks.h
+++ b/src/lib/torsocks.h
@@ -161,6 +161,14 @@ struct hostent **__result, int *__h_errnop
int __sockfd, struct sockaddr *__addr, socklen_t *__addrlen
#define LIBC_GETPEERNAME_ARGS __sockfd, __addr, __addrlen
+#define LIBC_RECVMSG_NAME recvmsg
+#define LIBC_RECVMSG_NAME_STR XSTR(LIBC_RECVMSG_NAME)
+#define LIBC_RECVMSG_RET_TYPE ssize_t
+#define LIBC_RECVMSG_SIG \
+ int __sockfd, struct msghdr *__msg, int __flags
+#define LIBC_RECVMSG_ARGS \
+ __sockfd, __msg, __flags
+
#else
#error "OS not supported."
#endif /* __linux__ , __FreeBSD__, __darwin__ */
@@ -191,6 +199,11 @@ TSOCKS_DECL(connect, LIBC_CONNECT_RET_TYPE, LIBC_CONNECT_SIG)
#define LIBC_CONNECT_DECL \
LIBC_CONNECT_RET_TYPE LIBC_CONNECT_NAME(LIBC_CONNECT_SIG)
+/* recvmsg(2) */
+TSOCKS_LIBC_DECL(recvmsg, LIBC_RECVMSG_RET_TYPE, LIBC_RECVMSG_SIG)
+#define LIBC_RECVMSG_DECL \
+ LIBC_RECVMSG_RET_TYPE LIBC_RECVMSG_NAME(LIBC_RECVMSG_SIG)
+
/* socket(2) */
TSOCKS_LIBC_DECL(socket, LIBC_SOCKET_RET_TYPE, LIBC_SOCKET_SIG)
TSOCKS_DECL(socket, LIBC_SOCKET_RET_TYPE, LIBC_SOCKET_SIG)
More information about the tor-commits
mailing list