On 30 Oct (12:28:19), Lunar wrote:
> Lunar:
> > David Goulet:
> > > Now the issue was detected with firefox which uses a custom malloc hook
> > > meaning that it handles its own memory allocation. This hook uses mmap()
> > > that firefox redefines to be a direct syscall(__NR_mmap, ...) and
> > > remember that this symbol is hijacked by torsocks.
> > > [â]
> > > It's a bit of a catch 22 because torsocks is basically looking for the
> > > libc syscall symbol but then it gets call inside that lookup code
> > > path...
> >
> > Wouldn't one way out be to also hook malloc to use a
> > static buffer until dlsym() is done? The code snippet in the following
> > answer is doing just that:
> > <http://stackoverflow.com/a/10008252>
>
> Mehâ scratch that. It looks like defining calloc() in libtorsocks.so is
> not enough to have our own function called. Not sure why.
>
> With the attached patch, at least we panic cleanly.
Ok, I manage to make it work with Firefox. The fix is to simply handle
mmap/munmap inside the torsocks syscall code. This allows torsocks to
find the syscall symbol from the libc and work well afterwards. This
works because the firefox mmap() redefinition is not applied in
libtorsocks thus we can call directly the mmap() symbol linked to the
libc.
However, and a BIG however, this is a special fix for specific case
where memory allocation is handle by the application AND syscall() is
used. It will not cover the broader issue of using other syscall within
a malloc hook for instance.
After two days, I only see that solution for now as a "working fix" for
application that use syscall() directly for their memory allocation.
Thoughts?
Cheers!
David
>
> --
> Lunar <lunar@xxxxxxxxxxxxxx>
> diff --git a/src/lib/syscall.c b/src/lib/syscall.c
> index 0edd460..d520c0a 100644
> --- a/src/lib/syscall.c
> +++ b/src/lib/syscall.c
> @@ -17,6 +17,8 @@
>
> #include <assert.h>
> #include <stdarg.h>
> +#include <stdlib.h>
> +#include <stdio.h>
>
> #include <common/log.h>
>
> @@ -112,6 +114,19 @@ LIBC_SYSCALL_DECL
> LIBC_SYSCALL_RET_TYPE ret;
> va_list args;
>
> +#if defined(SYS_mmap) || defined(SYS_mmap2)
> + if (NULL == tsocks_libc_syscall) {
> + switch (__number) {
> + case SYS_mmap:
> +#ifdef SYS_mmap2
> + case SYS_mmap2:
> +#endif
> + fprintf(stderr, "Panic! mmap has been called before we had our hands on the real syscall()\n");
> + exit(EXIT_FAILURE);
> + break;
> + }
> + }
> +#endif
> /* Find symbol if not already set. Exit if not found. */
> tsocks_libc_syscall = tsocks_find_libc_symbol(LIBC_SYSCALL_NAME_STR,
> TSOCKS_SYM_EXIT_NOT_FOUND);
> _______________________________________________
> tor-dev mailing list
> tor-dev@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ tor-dev mailing list tor-dev@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev