On 30 Oct (12:28:19), Lunar wrote:
Lunar:
David Goulet:
Now the issue was detected with firefox which uses a custom malloc hook meaning that it handles its own memory allocation. This hook uses mmap() that firefox redefines to be a direct syscall(__NR_mmap, ...) and remember that this symbol is hijacked by torsocks. […] It's a bit of a catch 22 because torsocks is basically looking for the libc syscall symbol but then it gets call inside that lookup code path...
Wouldn't one way out be to also hook malloc to use a static buffer until dlsym() is done? The code snippet in the following answer is doing just that: http://stackoverflow.com/a/10008252
Meh… scratch that. It looks like defining calloc() in libtorsocks.so is not enough to have our own function called. Not sure why.
With the attached patch, at least we panic cleanly.
Ok, I manage to make it work with Firefox. The fix is to simply handle mmap/munmap inside the torsocks syscall code. This allows torsocks to find the syscall symbol from the libc and work well afterwards. This works because the firefox mmap() redefinition is not applied in libtorsocks thus we can call directly the mmap() symbol linked to the libc.
However, and a BIG however, this is a special fix for specific case where memory allocation is handle by the application AND syscall() is used. It will not cover the broader issue of using other syscall within a malloc hook for instance.
After two days, I only see that solution for now as a "working fix" for application that use syscall() directly for their memory allocation.
Thoughts?
Cheers! David
-- Lunar lunar@torproject.org
diff --git a/src/lib/syscall.c b/src/lib/syscall.c index 0edd460..d520c0a 100644 --- a/src/lib/syscall.c +++ b/src/lib/syscall.c @@ -17,6 +17,8 @@
#include <assert.h> #include <stdarg.h> +#include <stdlib.h> +#include <stdio.h>
#include <common/log.h>
@@ -112,6 +114,19 @@ LIBC_SYSCALL_DECL LIBC_SYSCALL_RET_TYPE ret; va_list args;
+#if defined(SYS_mmap) || defined(SYS_mmap2)
- if (NULL == tsocks_libc_syscall) {
switch (__number) {
case SYS_mmap:
+#ifdef SYS_mmap2
case SYS_mmap2:
+#endif
fprintf(stderr, "Panic! mmap has been called before we had our hands on the real syscall()\n");
exit(EXIT_FAILURE);
break;
}
- }
+#endif /* Find symbol if not already set. Exit if not found. */ tsocks_libc_syscall = tsocks_find_libc_symbol(LIBC_SYSCALL_NAME_STR, TSOCKS_SYM_EXIT_NOT_FOUND);
tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev