diff --git a/README b/README index 6d06a90..609df58 100644 --- a/README +++ b/README @@ -1,4 +1,4 @@ -ProxyBound v5.0 +ProxyBound v5.1 =============== ProxyBound is a UNIX program, that hooks network-related libc functions @@ -37,6 +37,9 @@ Install: Changelog: ========== + Version 5.1: + - leak lock feature (send sendto sendmsg) + Version 5.0: - Initial leak lock feature - Code cleaning diff --git a/src/core.h b/src/core.h index 06d7bf5..d6229d4 100644 --- a/src/core.h +++ b/src/core.h @@ -126,7 +126,7 @@ extern gethostbyaddr_t true_gethostbyaddr; typedef ssize_t (*send_t)(int, const void *, size_t, int); typedef ssize_t (*sendto_t)(int, const void *, size_t, int, const struct sockaddr, socklen_t); -typedef ssize_t (*sendmsg_t)(int, const struct msghdr, int); +typedef ssize_t (*sendmsg_t)(int, const struct msghdr *, int); extern send_t true_send; extern sendto_t true_sendto; diff --git a/src/libproxybound.c b/src/libproxybound.c index d2f9c1c..22dd0ac 100644 --- a/src/libproxybound.c +++ b/src/libproxybound.c @@ -121,9 +121,9 @@ static void do_init(void) { SETUP_SYM(gethostbyaddr); SETUP_SYM(getnameinfo); - //SETUP_SYM(send); - //SETUP_SYM(sendto); - //SETUP_SYM(sendmsg); + SETUP_SYM(send); + SETUP_SYM(sendto); + SETUP_SYM(sendmsg); init_l = 1; } @@ -453,24 +453,66 @@ int connect(int sock, const struct sockaddr *addr, socklen_t len) { errno = ECONNREFUSED; return ret; } -/* -ssize_t sendto(int sockfd, const void *buf, size_t len, int flags, const struct sockaddr *dest_addr, socklen_t addrlen) { - return true_sendto(sockfd, buf, len, flags, *dest_addr, addrlen); - //return 0; -} +//Already handled in connect ? ssize_t send(int sockfd, const void *buf, size_t len, int flags) { return true_send(sockfd, buf, len, flags); //return 0; } - ssize_t sendmsg(int sockfd, const struct msghdr *msg, int flags) { return true_sendmsg(sockfd, msg, flags); + //ssize_t ret; + //ret = true_sendmsg(sockfd, msg, flags); + //return ret; //return 0; -}*/ +} -//ssize_t send(int sockfd, const void *buf, size_t len, int flags) {} +ssize_t sendto(int sockfd, const void *buf, size_t len, int flags, const struct sockaddr *dest_addr, socklen_t addrlen) { + //return true_sendto(sockfd, buf, len, flags, *dest_addr, addrlen); + //return 0; + + struct sockaddr_in *connaddr; + int sock_type = -1; + unsigned int sock_type_len = sizeof(sock_type); + + PDEBUG("got sendto request\n\n"); + + /* If the real connect doesn't exist, we're stuffed */ + if (true_sendto == NULL) { + PDEBUG("unresolved symbol: sendto\n\n"); + return(-1); + } + + connaddr = (struct sockaddr_in *) dest_addr; + + /* Get the type of the socket */ + getsockopt(sockfd, SOL_SOCKET, SO_TYPE, (void *) &sock_type, &sock_type_len); + + PDEBUG("sendto: sin_family: %i\n\n", connaddr->sin_family); + PDEBUG("sendto: sockopt: %i\n\n", sock_type); + + /* If this a UDP socket with a non-local destination address */ + /* then we refuse it, since it is probably a DNS request */ + if (sock_type == SOCK_DGRAM) { + PDEBUG("sendto: is on a udp stream\n\n"); + + char ip[256]; + struct in_addr *p_addr_in; + + p_addr_in = &((struct sockaddr_in *) connaddr)->sin_addr; + inet_ntop(AF_INET, p_addr_in, ip, sizeof(ip)); + + if (!(ip[0] == '1') && (ip[1] == '2') && (ip[2] == '7') && (ip[3] == '.')) + PDEBUG("sendto: is on a udp stream with a non-local destination, may be a DNS request: rejecting.\n\n"); + else + return (ssize_t) true_sendto(sockfd, buf, len, flags, *dest_addr, addrlen); + + return -1; + } + return (ssize_t) true_sendto(sockfd, buf, len, flags, *dest_addr, addrlen); + //return true_sendto(sockfd, buf, len, flags, *dest_addr, addrlen); +} //TODO: DNS LEAK: OTHER RESOLVER FUNCTION //=======================================