gsd
/
zapret
mirror of https://github.com/bol-van/zapret/
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

tpws: fix seccomp tgkill, do not interrupt write pipe

pull/181/head
bol-van 1 year ago
parent
5805b04bba
commit
103419302f
12 changed files with 11 additions and 8 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. BIN
      binaries/aarch64/tpws
  2. BIN
      binaries/arm/tpws
  3. BIN
      binaries/mips32r1-lsb/tpws
  4. BIN
      binaries/mips32r1-msb/tpws
  5. BIN
      binaries/mips64r2-msb/tpws
  6. BIN
      binaries/ppc/tpws
  7. BIN
      binaries/x86/tpws
  8. BIN
      binaries/x86_64/tpws
  9. BIN
      binaries/x86_64/tpws_wsl.tgz
  10. 10
      tpws/resolver.c
  11. 6
      tpws/sec.c
  12. 3
      tpws/tpws_conn.c

BIN
binaries/aarch64/tpws
View File

Binary file not shown.

BIN
binaries/arm/tpws
View File

Binary file not shown.

BIN
binaries/mips32r1-lsb/tpws
View File

Binary file not shown.

BIN
binaries/mips32r1-msb/tpws
View File

Binary file not shown.

BIN
binaries/mips64r2-msb/tpws
View File

Binary file not shown.

BIN
binaries/ppc/tpws
View File

Binary file not shown.

BIN
binaries/x86/tpws
View File

Binary file not shown.

BIN
binaries/x86_64/tpws
View File

Binary file not shown.

BIN
binaries/x86_64/tpws_wsl.tgz
View File

Binary file not shown.

10
tpws/resolver.c
View File

@ -46,6 +46,10 @@ int resolver_thread_count(void)
static void *resolver_thread(void *arg)
{
int r;
sigset_t signal_mask;
sigemptyset(&signal_mask);
sigaddset(&signal_mask, SIG_BREAK);
//printf("resolver_thread %d start\n",syscall(SYS_gettid));
for(;;)
@ -80,14 +84,17 @@ static void *resolver_thread(void *arg)
snprintf(sport,sizeof(sport),"%u",ri->port);
memset(&hints, 0, sizeof(struct addrinfo));
hints.ai_socktype = SOCK_STREAM;
// unfortunately getaddrinfo cannot be interrupted with a signal. we cannot cancel a query
ri->ga_res = getaddrinfo(ri->dom,sport,&hints,&ai);
if (!ri->ga_res)
{
memcpy(&ri->ss, ai->ai_addr, ai->ai_addrlen);
freeaddrinfo(ai);
}
//printf("THREAD %d END JOB %s FIRST=%p\n", syscall(SYS_gettid), ri->dom, TAILQ_FIRST(&resolver.resolve_list));
// never interrupt this
pthread_sigmask(SIG_BLOCK, &signal_mask, NULL);
wr = write(resolver.fd_signal_pipe,&ri,sizeof(void*));
if (wr<0)
{
@ -101,6 +108,7 @@ static void *resolver_thread(void *arg)
fprintf(stderr,"write resolve_pipe : not full write\n");
exit(1000);
}
pthread_sigmask(SIG_UNBLOCK, &signal_mask, NULL);
}
}
}

6
tpws/sec.c
View File

@ -115,12 +115,6 @@ SYS_process_vm_writev,
#ifdef SYS_process_madvise
SYS_process_madvise,
#endif
#ifdef SYS_tkill
SYS_tkill,
#endif
#ifdef SYS_tgkill
SYS_tgkill,
#endif
SYS_kill, SYS_ptrace
};
#define BLOCKED_SYSCALL_COUNT (sizeof(blocked_syscalls)/sizeof(*blocked_syscalls))

3
tpws/tpws_conn.c
View File

@ -705,8 +705,9 @@ bool proxy_mode_connect_remote(const struct sockaddr *sa, tproxy_conn_t *conn, s
bool bConnFooling=true;
if (conn->track.hostname && params.mss)
{
VPRINT("0-phase desync hostlist check")
bConnFooling=HostlistCheck(conn->track.hostname, NULL);
if (!bConnFooling)
VPRINT("0-phase desync hostlist check negative. not acting on this connection.")
}
if ((remote_fd = connect_remote(sa, bConnFooling)) < 0)

Write Preview
Loading…
Cancel
Save