[tor-dev] Torsocks 2.x issue - Need eyes on that

Lunar lunar at torproject.org
Wed Oct 30 11:28:19 UTC 2013 

Lunar:
> David Goulet:
> > Now the issue was detected with firefox which uses a custom malloc hook
> > meaning that it handles its own memory allocation. This hook uses mmap()
> > that firefox redefines to be a direct syscall(__NR_mmap, ...) and
> > remember that this symbol is hijacked by torsocks.
> > […]
> > It's a bit of a catch 22 because torsocks is basically looking for the
> > libc syscall symbol but then it gets call inside that lookup code
> > path...
> 
> Wouldn't one way out be to also hook malloc to use a
> static buffer until dlsym() is done? The code snippet in the following
> answer is doing just that:
> <http://stackoverflow.com/a/10008252>

Meh… scratch that. It looks like defining calloc() in libtorsocks.so is
not enough to have our own function called. Not sure why.

With the attached patch, at least we panic cleanly.

-- 
Lunar                                             <lunar at torproject.org>
-------------- next part --------------
diff --git a/src/lib/syscall.c b/src/lib/syscall.c
index 0edd460..d520c0a 100644
--- a/src/lib/syscall.c
+++ b/src/lib/syscall.c
@@ -17,6 +17,8 @@
 
 #include <assert.h>
 #include <stdarg.h>
+#include <stdlib.h>
+#include <stdio.h>
 
 #include <common/log.h>
 
@@ -112,6 +114,19 @@ LIBC_SYSCALL_DECL
 	LIBC_SYSCALL_RET_TYPE ret;
 	va_list args;
 
+#if defined(SYS_mmap) || defined(SYS_mmap2)
+	if (NULL == tsocks_libc_syscall) {
+		switch (__number) {
+		case SYS_mmap:
+#ifdef SYS_mmap2
+		case SYS_mmap2:
+#endif
+			fprintf(stderr, "Panic! mmap has been called before we had our hands on the real syscall()\n");
+			exit(EXIT_FAILURE);
+			break;
+		}
+	}
+#endif
 	/* Find symbol if not already set. Exit if not found. */
 	tsocks_libc_syscall = tsocks_find_libc_symbol(LIBC_SYSCALL_NAME_STR,
 			TSOCKS_SYM_EXIT_NOT_FOUND);
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20131030/716758dc/attachment.sig>

More information about the tor-dev mailing list