[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] [torsocks/master] Deny libc function bind()
commit 554bb9d31e23cb274369a493555623da84a8de79
Author: David Goulet <dgoulet@xxxxxxxxx>
Date: Thu Feb 20 12:16:11 2014 +0000
Deny libc function bind()
Signed-off-by: David Goulet <dgoulet@xxxxxxxxx>
---
src/lib/Makefile.am | 2 +-
src/lib/bind.c | 46 ++++++++++++++++++++++++++++++++++++++++++++++
src/lib/torsocks.h | 13 +++++++++++++
3 files changed, 60 insertions(+), 1 deletion(-)
diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am
index c508733..403fab3 100644
--- a/src/lib/Makefile.am
+++ b/src/lib/Makefile.am
@@ -9,6 +9,6 @@ lib_LTLIBRARIES = libtorsocks.la
libtorsocks_la_SOURCES = torsocks.c torsocks.h \
connect.c gethostbyname.c getaddrinfo.c close.c \
getpeername.c socket.c syscall.c socketpair.c recv.c \
- exit.c accept.c
+ exit.c accept.c bind.c
libtorsocks_la_LIBADD = $(top_builddir)/src/common/libcommon.la
diff --git a/src/lib/bind.c b/src/lib/bind.c
new file mode 100644
index 0000000..3b1ba91
--- /dev/null
+++ b/src/lib/bind.c
@@ -0,0 +1,46 @@
+/*
+ * Copyright (C) 2014 - David Goulet <dgoulet@xxxxxxxxx>
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License, version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 51
+ * Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include <assert.h>
+
+#include "torsocks.h"
+
+TSOCKS_LIBC_DECL(bind, LIBC_BIND_RET_TYPE, LIBC_BIND_SIG)
+
+/*
+ * Torsocks call for bind(2).
+ */
+LIBC_BIND_RET_TYPE tsocks_bind(LIBC_BIND_SIG)
+{
+ DBG("[accept] Syscall denied since inbound connection are not allowed.");
+
+ /*
+ * Bind is completely denied here since this means that the application
+ * can accept inbound connections that are obviously NOT handled by the Tor
+ * network thus reject this call.
+ */
+ errno = EPERM;
+ return -1;
+}
+
+/*
+ * Libc hijacked symbol bind(2).
+ */
+LIBC_BIND_DECL
+{
+ return tsocks_bind(LIBC_BIND_ARGS);
+}
diff --git a/src/lib/torsocks.h b/src/lib/torsocks.h
index 369652c..4dd0281 100644
--- a/src/lib/torsocks.h
+++ b/src/lib/torsocks.h
@@ -177,6 +177,14 @@ struct hostent **result, int *h_errnop
int sockfd, struct sockaddr *addr, socklen_t *addrlen
#define LIBC_ACCEPT_ARGS sockfd, addr, addrlen
+/* bind(2) */
+#define LIBC_BIND_NAME bind
+#define LIBC_BIND_NAME_STR XSTR(LIBC_BIND_NAME)
+#define LIBC_BIND_RET_TYPE int
+#define LIBC_BIND_SIG \
+ int sockfd, const struct sockaddr *addr, socklen_t addrlen
+#define LIBC_BIND_ARGS sockfd, addr, addrlen
+
#else
#error "OS not supported."
#endif /* __GLIBC__ , __FreeBSD__, __darwin__, __NetBSD__ */
@@ -349,6 +357,11 @@ extern TSOCKS_LIBC_DECL(accept4, LIBC_ACCEPT4_RET_TYPE, LIBC_ACCEPT4_SIG)
LIBC_ACCEPT4_NAME(LIBC_ACCEPT4_SIG)
#endif
+/* bind(2) */
+extern TSOCKS_LIBC_DECL(bind, LIBC_BIND_RET_TYPE, LIBC_BIND_SIG)
+#define LIBC_BIND_DECL LIBC_BIND_RET_TYPE \
+ LIBC_BIND_NAME(LIBC_BIND_SIG)
+
/*
* Those are actions to do during the lookup process of libc symbols. For
* instance the connect(2) syscall is essential to Torsocks so the function
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits