Giters

rofl0r / proxychains-ng

proxychains ng (new generation) - a preloader which hooks calls to sockets in dynamically linked programs and redirects it through one or more socks/http proxies. continuation of the unmaintained proxychains project. the sf.net page is currently not updated, use releases from github release page instead.

Home Page:http://sourceforge.net/projects/proxychains-ng/files

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

SIGSEGV when using proxy_dns_daemon and an onion address as a proxy

Footsiefat opened this issue · comments

commented

Setup:
Create a config that uses proxy_dns_daemon and a hidden service as a proxy

proxy_dns_daemon

socks5 	127.0.0.1 9050
socks5	example.onion	1234	Username	Password

Note: proxy_dns_daemon is required due to proxychains proxying a web browser

Error "logs":

stopped 0x7ffff7d2ed94 in pthread_mutex_lock (), reason: SIGSEGV

[#0] 0x7ffff7d2ed94 → pthread_mutex_lock()
[#1] 0x7ffff7f755b5 → at_get_ip_for_host()

proxychains-ng/src/allocator_thread.c

Line 271 in 918855d

MUTEX_LOCK(internal_ips_lock);

Issue seems similar to the following cc7bc89

commented

try whether this change fixes it:

diff --git a/src/libproxychains.c b/src/libproxychains.c
index 575e439..5d5f51e 100644
--- a/src/libproxychains.c
+++ b/src/libproxychains.c
@@ -349,7 +349,7 @@ static void get_chain_data(proxy_data * pd, unsigned int *proxy_count, chain_typ
 					if(*ct == STRICT_TYPE && proxychains_resolver >= DNSLF_RDNS_START && count > 0) {
 						/* we can allow dns hostnames for all but the first proxy in the list if chaintype is strict, as remote lookup can be done */
 						rdns_init(proxychains_resolver);
-						ip_type4 internal_ip = at_get_ip_for_host(host, strlen(host));
+						ip_type4 internal_ip = rdns_get_ip_for_host(host, strlen(host));
 						pd[count].ip.is_v6 = 0;
 						host_ip->addr.v4 = internal_ip;
 						if(internal_ip.as_int == IPT4_INVALID.as_int)
commented

This stops the crash but instead causes it to freeze up. Logs are as follows.

[proxychains] config file found: /home/<username>/<path>/proxychains.conf
[proxychains] preloading /usr/local/lib/libproxychains4.so

Stacktrace:

[#0] 0x7ffff7a90ab1 → cmp rax, 0xfffffffffffff000
[#1] 0x7ffff7f74be8 → init_lib_wrapper(caller=0x7ffff7f79a8e <__FUNCTION__.0> "sendto")
[#2] 0x7ffff7f7767c → sendto(sockfd=0x4, buf=0x7fffffffc6d0, len=0x43, flags=0x0, dest_addr=0x7ffff7fc12a0 <rdns_server>, addrlen=0x10)
[#3] 0x7ffff7f789fc → rdns_daemon_get_ip_for_host(host=0x7fffffffd230 "example.onion", len=0x3e)
[#4] 0x7ffff7f78b81 → rdns_get_ip_for_host(host=0x7fffffffd230 "example.onion", len=0x3e)
[#5] 0x7ffff7f7556b → get_chain_data(pd=0x7ffff7f7c640 <proxychains_pd>, proxy_count=0x7ffff7fc0640 <proxychains_proxy_count>, ct=0x7ffff7f7c630 <proxychains_ct>)
[#6] 0x7ffff7f74aa2 → do_init()
[#7] 0x7ffff7a90b17 → xor esi, esi
[#8] 0x7ffff7f74be8 → init_lib_wrapper(caller=0x7ffff7f79a28 <__FUNCTION__.12> "gcc_init")
[#9] 0x7ffff7f74bfe → gcc_init()

It seems to be locking up on this exact line

proxychains-ng/src/rdns.c

Line 42 in 918855d

sendto(fd, &msg, sizeof(msg.h)+len+1, 0, (void*)&rdns_server, sizeof(rdns_server));

Note: when using just tor it connects to proxychains4-daemon and asks for ifconfig.me but when adding the onion service into the chain proxychains4-daemon does not get connected to

commented

Note: It freezes the first time due to it trying to resolve 127.0.0.1 through rdns_daemon

I added a if-statement to use the old method if it is trying to resolve 127.0.0.1 although unfortunately it still freezes up on example.onion

commented

There may be an issue with rdns_daemon_get_ip_for_host not resolving domains correctly due to it never connecting to the proxychains4-daemon (ncat -l 127.0.0.1 1053 -u -vvv for testing)