Lunar: > David Goulet: > > Now the issue was detected with firefox which uses a custom malloc hook > > meaning that it handles its own memory allocation. This hook uses mmap() > > that firefox redefines to be a direct syscall(__NR_mmap, ...) and > > remember that this symbol is hijacked by torsocks. > > [â] > > It's a bit of a catch 22 because torsocks is basically looking for the > > libc syscall symbol but then it gets call inside that lookup code > > path... > > Wouldn't one way out be to also hook malloc to use a > static buffer until dlsym() is done? The code snippet in the following > answer is doing just that: > <http://stackoverflow.com/a/10008252> Mehâ scratch that. It looks like defining calloc() in libtorsocks.so is not enough to have our own function called. Not sure why. With the attached patch, at least we panic cleanly. -- Lunar <lunar@xxxxxxxxxxxxxx>
diff --git a/src/lib/syscall.c b/src/lib/syscall.c index 0edd460..d520c0a 100644 --- a/src/lib/syscall.c +++ b/src/lib/syscall.c @@ -17,6 +17,8 @@ #include <assert.h> #include <stdarg.h> +#include <stdlib.h> +#include <stdio.h> #include <common/log.h> @@ -112,6 +114,19 @@ LIBC_SYSCALL_DECL LIBC_SYSCALL_RET_TYPE ret; va_list args; +#if defined(SYS_mmap) || defined(SYS_mmap2) + if (NULL == tsocks_libc_syscall) { + switch (__number) { + case SYS_mmap: +#ifdef SYS_mmap2 + case SYS_mmap2: +#endif + fprintf(stderr, "Panic! mmap has been called before we had our hands on the real syscall()\n"); + exit(EXIT_FAILURE); + break; + } + } +#endif /* Find symbol if not already set. Exit if not found. */ tsocks_libc_syscall = tsocks_find_libc_symbol(LIBC_SYSCALL_NAME_STR, TSOCKS_SYM_EXIT_NOT_FOUND);
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ tor-dev mailing list tor-dev@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev