release 4.10

the allocatorthread got pointers to RAM which were reallocated
behind the back, and if realloc() couldn't grow in-place, lead
to segfaults in applications that do a lot of DNS-lookups such
as webbrowsers.

closes #66
closes #31

thanks to @ravomavain for tracking down the issue.

.gitignore

@@ -1,3 +1,6 @@
+proxychains4
+*.bz2
+*.xz
 *.o
 *.so
 *.la
@@ -8,6 +11,7 @@
 *.out
 *~
 *.patch
+version.h
 
 # Autoconf stuff 
 libtool

AUTHORS

@@ -6,13 +6,17 @@ netcreature@users.sourceforge.net
 main.c, remote-dns, thread safety, bugfixes, build system, 
 cleanups, mac support
 rofl0r.
-https://github.com/rofl0r/proxychains
+https://github.com/rofl0r/proxychains-ng
 
 localnet, bugfixes
 jianing yang.
 https://github.com/jianingy/proxychains
 https://sourceforge.net/projects/proxychains/forums/forum/644747/topic/3498696
 
+round-robin
+crass.
+https://github.com/crass/proxychains-ng
+
 poll_retry (fixes for signal handling)
 colin cross.
 https://sourceforge.net/projects/proxychains/forums/forum/644747/topic/2367923

COPYING

@@ -1,8 +1,8 @@
 		    GNU GENERAL PUBLIC LICENSE
 		       Version 2, June 1991
 
- Copyright (C) 1989, 1991 Free Software Foundation, Inc.
-                          675 Mass Ave, Cambridge, MA 02139, USA
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
  Everyone is permitted to copy and distribute verbatim copies
  of this license document, but changing it is not allowed.
 

ChangeLog

@@ -1,65 +0,0 @@
-ProxyChains version history (public releases)
-====================
-
-ver 3.1
-
-changed:
-	* dns resolver script fix
-	* prototypes in core.h
-
--------------------------------------------------------------------------
-ver 3.0
-
-added:
-	* new feature - DNS from behind proxy
-	* proxyresolv - stand alone command
-	* proxychains.conf - new option to enable/disable DNS support
-
-changed:
-	* bugfixes in core lib
-	* fixed strict chain
-	* fixed random chain
-	* output text
-	* autotools fix 
-
--------------------------------------------------------------------------
-ver 2.1
-	* bugfuxes
-
--------------------------------------------------------------------------
-ver 2.0
-	* major core rewrite
-	* new config options
-
--------------------------------------------------------------------------
-
-ver 1.8.2
-	* minor bugfixes
-	* improved compilation on FreeBSD & OpenBSD sysems.
-	* improved compilation on Sun Solaris systems .
-	* cross platform (UNIX) issues
-
--------------------------------------------------------------------------
-
-ver 1.8.0
-
-added:
-	* Socks5 protocol
-	* Socks4 protocol
-	* HTTP proxy auth basic
-	* Socks4 user auth
-	* Socks5 user/pass auth
-	* more chain options (random, strict, dynamic )
-	* configurable timeout for TCP connect.
-	* configurable timeout for TCP read.
-	* INSTALL file (explains how to install properly)
-
-changed:
-	* configuration file entries (proxychains.conf)
-	* configuration file lookup
-
--------------------------------------------------------------------------
-
-ver 0.0.1
-	* TCP calls interception
-	* HTTP CONNECT proxy protocol.

Makefile

@@ -15,12 +15,17 @@ sysconfdir=$(prefix)/etc
 
 SRCS = $(sort $(wildcard src/*.c))
 OBJS = $(SRCS:.c=.o)
-LOBJS = src/core.o src/common.o src/libproxychains.o src/shm.o \
-        src/allocator_thread.o src/ip_type.o src/stringdump.o \
-        src/hostentdb.o src/hash.o
+LOBJS = src/nameinfo.o src/version.o \
+        src/core.o src/common.o src/libproxychains.o \
+        src/allocator_thread.o src/ip_type.o \
+        src/hostsreader.o src/hash.o src/debug.o
+
+GENH = src/version.h
 
 CFLAGS  += -Wall -O0 -g -std=c99 -D_GNU_SOURCE -pipe
-LDFLAGS = -shared -fPIC -Wl,--no-as-needed -ldl -lpthread
+NO_AS_NEEDED = -Wl,--no-as-needed
+LIBDL   = -ldl
+LDFLAGS = -shared -fPIC $(NO_AS_NEEDED) $(LIBDL) -lpthread
 INC     = 
 PIC     = -fPIC
 AR      = $(CROSS_COMPILE)ar
@@ -28,9 +33,7 @@ RANLIB  = $(CROSS_COMPILE)ranlib
 
 LDSO_SUFFIX = so
 LD_SET_SONAME = -Wl,-soname=
-INSTALL_FLAGS = -D -m
-
--include config.mak
+INSTALL = ./tools/install.sh
 
 LDSO_PATHNAME = libproxychains4.$(LDSO_SUFFIX)
 
@@ -38,7 +41,9 @@ SHARED_LIBS = $(LDSO_PATHNAME)
 ALL_LIBS = $(SHARED_LIBS)
 PXCHAINS = proxychains4
 ALL_TOOLS = $(PXCHAINS)
+ALL_CONFIGS = src/proxychains.conf
 
+-include config.mak
 
 CFLAGS+=$(USER_CFLAGS) $(MAC_CFLAGS)
 CFLAGS_MAIN=-DLIB_DIR=\"$(libdir)\" -DSYSCONFDIR=\"$(sysconfdir)\" -DDLL_NAME=\"$(LDSO_PATHNAME)\"
@@ -46,28 +51,41 @@ CFLAGS_MAIN=-DLIB_DIR=\"$(libdir)\" -DSYSCONFDIR=\"$(sysconfdir)\" -DDLL_NAME=\"
 
 all: $(ALL_LIBS) $(ALL_TOOLS)
 
-install-config:
-	install -d $(DESTDIR)/$(sysconfdir)
-	install $(INSTALL_FLAGS) 644 src/proxychains.conf $(DESTDIR)/$(sysconfdir)/
+install: install-libs install-tools
 
-install: 
-	install -d $(DESTDIR)/$(bindir)/ $(DESTDIR)/$(libdir)/
-	install $(INSTALL_FLAGS) 755 $(ALL_TOOLS) $(DESTDIR)/$(bindir)/
-	install $(INSTALL_FLAGS) 644 $(ALL_LIBS) $(DESTDIR)/$(libdir)/
+$(DESTDIR)$(bindir)/%: %
+	$(INSTALL) -D -m 755 $< $@
+
+$(DESTDIR)$(libdir)/%: %
+	$(INSTALL) -D -m 644 $< $@
+
+$(DESTDIR)$(sysconfdir)/%: src/%
+	$(INSTALL) -D -m 644 $< $@
+
+install-libs: $(ALL_LIBS:%=$(DESTDIR)$(libdir)/%)
+install-tools: $(ALL_TOOLS:%=$(DESTDIR)$(bindir)/%)
+install-config: $(ALL_CONFIGS:src/%=$(DESTDIR)$(sysconfdir)/%)
 
 clean:
 	rm -f $(ALL_LIBS)
 	rm -f $(ALL_TOOLS)
 	rm -f $(OBJS)
+	rm -f $(GENH)
+
+src/version.h: $(wildcard VERSION .git)
+	printf '#define VERSION "%s"\n' "$$(sh tools/version.sh)" > $@
+
+src/version.o: src/version.h
 
 %.o: %.c
-	$(CC) $(CFLAGS) $(CFLAGS_MAIN) $(INC) $(PIC) -c -o $@ $<
+	$(CC) $(CPPFLAGS) $(CFLAGS) $(CFLAGS_MAIN) $(INC) $(PIC) -c -o $@ $<
 
 $(LDSO_PATHNAME): $(LOBJS)
-	$(CC) $(LDFLAGS) $(LD_SET_SONAME)$(LDSO_PATHNAME) -o $@ $(LOBJS)
+	$(CC) $(LDFLAGS) $(LD_SET_SONAME)$(LDSO_PATHNAME) $(USER_LDFLAGS) \
+		-o $@ $(LOBJS)
 
 $(ALL_TOOLS): $(OBJS)
-	$(CC) src/main.o src/common.o -o $(PXCHAINS)
+	$(CC) src/main.o src/common.o $(USER_LDFLAGS) -o $(PXCHAINS)
 
 
-.PHONY: all clean install
+.PHONY: all clean install install-config install-libs install-tools

README

@@ -1,33 +1,96 @@
-ProxyChains ver 4.3 README
-==========================
+ProxyChains-NG ver 4.10 README
+=============================
 
   ProxyChains is a UNIX program, that hooks network-related libc functions
-  in dynamically linked programs via a preloaded DLL and redirects the
-  connections through SOCKS4a/5 or HTTP proxies.
+  in DYNAMICALLY LINKED programs via a preloaded DLL (dlsym(), LD_PRELOAD)
+  and redirects the connections through SOCKS4a/5 or HTTP proxies.
+  It supports TCP only (no UDP/ICMP etc).
+
+  The way it works is basically a HACK; so it is possible that it doesn't
+  work with your program, especially when it's a script, or starts 
+  numerous processes like background daemons or uses dlopen() to load
+  "modules" (bug in glibc dynlinker).
+  It should work with simple compiled (C/C++) dynamically linked programs
+  though.
+
+  If your program doesn't work with proxychains, consider using an 
+  iptables based solution instead; this is much more robust.
+
+  Supported Platforms: Linux, BSD, Mac.
+
 
 *********** ATTENTION ***********
 
-  this program works only on dynamically linked programs.
-  also both proxychains and the program to call must use
-  the same dynamic linker (i.e. same libc).
-  why ? because in order to hook to libc functions like
-  connect(), dynamic loader facilities are used, namely
-  dl_sym() and LD_PRELOAD.
+  this program can be used to circumvent censorship.
+  doing so can be VERY DANGEROUS in certain countries.
 
-*********************************
+  ALWAYS MAKE SURE THAT PROXYCHAINS WORKS AS EXPECTED
+  BEFORE USING IT FOR ANYTHING SERIOUS.
+
+  this involves both the program and the proxy that you're going to
+  use.
+
+  for example, you can connect to some "what is my ip" service
+  like ifconfig.me to make sure that it's not using your real ip.
+
+  ONLY USE PROXYCHAINS IF YOU KNOW WHAT YOU'RE DOING.
+
+  THE AUTHORS AND MAINTAINERS OF PROXYCHAINS DO NOT TAKE ANY 
+  RESPONSIBILITY FOR ANY ABUSE OR MISUSE OF THIS SOFTWARE AND 
+  THE RESULTING CONSEQUENCES.
 
 *** Installation ***
 
   # needs a working C compiler, preferably gcc
-  ./configure
+  ./configure --prefix=/usr --sysconfdir=/etc
   make
   [optional] sudo make install
+  [optional] sudo make install-config (installs proxychains.conf)
 
   if you dont install, you can use proxychains from the build directory
   like this: ./proxychains4 -f src/proxychains.conf telnet google.com 80
 
 Changelog:
 ----------
+Version 4.10
+- fix regression in linking order with custom LDFLAGS
+- fix segfault in DNS mapping code in programs with > ~400 different lookups
+
+Version 4.9
+- fix a security issue CVE-2015-3887
+- add sendto hook to handle MSG_FASTOPEN flag
+- replace problematic hostentdb with hostsreader
+- fix compilation on OpenBSD (although doesn't work there)
+
+Version 4.8.1:
+- fix regression in 4.8 install-config Makefile target
+
+Version 4.8:
+- fix for odd cornercase where getaddrinfo was used with AI_NUMERICHOST
+  to test for a numeric ip instead of resolving it (fixes nmap).
+- allow usage with programs that rely on LD_PRELOAD themselves
+- reject wrong entries in config file
+- print version number on startup
+
+Version 4.7:
+- new round_robin chaintype by crass.
+- fix bug with lazy allocation when GCC constructor was not used.
+- new configure flag --fat-binary to create a "fat" binary/library on OS X
+- return EBADF rather than EINTR in close hook. 
+  it's legal for a program to retry close() calls when they receive
+  EINTR, which could cause an infinite loop, as seen in chromium.
+
+Version 4.6:
+- some cosmetic fixes to Makefile, fix a bug when non-numeric ip was
+  used as proxy server address.
+
+Version 4.5:
+- hook close() to prevent OpenSSH from messing with internal infrastructure.
+  this caused ssh client to segfault when proxified.
+
+Version 4.4:
+- FreeBSD port
+- fixes some installation issues on Debian and Mac.
 
 Version 4.3:
 - fixes programs that do dns-lookups in child processes (fork()ed),
@@ -78,10 +141,9 @@ Some cool features:
 	random order from the list ( user defined length of chain ).
 	exact order  (as they appear in the list )
 	dynamic order (smart exclude dead proxies from chain)
-* You can use it with any TCP client application, even network scanners
-	yes, yes - you can make portscan via proxy (or chained proxies)
-	for example with Nmap scanner by fyodor (www.insecire.org/nmap).
-	proxychains nmap -sT -PO -p 80 -iR  (find some webservers through proxy)
+* You can use it with most TCP client applications, possibly even network 
+	scanners, as long as they use standard libc functionality.
+	pcap based scanning does not work.
 * You can use it with servers, like squid, sendmail, or whatever.
 * DNS resolving through proxy.
 
@@ -90,13 +152,13 @@ Configuration:
 --------------
 
 proxychains looks for config file in following order:
-1)	file listed in environment variable ${PROXYCHAINS_CONF_FILE} or
+1)	file listed in environment variable PROXYCHAINS_CONF_FILE or
 	provided as a -f argument to proxychains script or binary.
 2)	./proxychains.conf
 3)	$(HOME)/.proxychains/proxychains.conf
-4)	/etc/proxychains.conf  **
+4)	$(sysconfdir)/proxychains.conf  **
 
-**see more in /etc/proxychains.conf
+** usually /etc/proxychains.conf
 
 Usage Example:
 
@@ -119,3 +181,12 @@ Usage Example:
 in this example it will resolve targethost.com through proxy(or chained proxies)
 specified by proxychains.conf
 
+Community:
+----------
+#proxychains on irc.freenode.net
+
+Donations:
+----------
+bitcoins donations are welcome - please send to this address:
+1C9LBpuy56veBqw5N33sZMoZW8mwCw3tPh
+

VERSION

@@ -0,0 +1 @@
+4.10

configure

@@ -2,6 +2,22 @@
 
 prefix=/usr/local
 
+ismac() {
+	uname -s | grep Darwin >/dev/null
+}
+
+isx86_64() {
+	uname -m | grep -i X86_64 >/dev/null
+}
+
+isbsd() {
+	uname -s | grep BSD >/dev/null
+}
+
+isopenbsd() {
+	uname -s | grep OpenBSD >/dev/null
+}
+
 usage() {
 	echo "supported arguments"
 	echo "--prefix=/path 		default: $prefix"
@@ -10,6 +26,10 @@ usage() {
 	echo "--libdir=/path		default: $prefix/lib"
 	echo "--includedir=/path	default: $prefix/include"
 	echo "--sysconfdir=/path	default: $prefix/etc"
+	echo "--ignore-cve		default: no"
+	echo "	if set to yes ignores CVE-2015-3887 and makes it possible"
+	echo "	to preload from current dir (insecure)"
+	ismac && isx86_64 && echo "--fat-binary : build for both i386 and x86_64 architectures on 64-bit Macs"
 	echo "--help : show this text"
 	exit 1
 }
@@ -21,6 +41,8 @@ spliteq() {
 	# or echo "$arg" | sed 's/[^=]*=//'
 }
 
+fat_binary=
+ignore_cve=no
 parsearg() {
 	case "$1" in
 	--prefix=*) prefix=`spliteq $1`;;
@@ -29,14 +51,13 @@ parsearg() {
 	--libdir=*) libdir=`spliteq $1`;;
 	--includedir=*) includedir=`spliteq $1`;;
 	--sysconfdir=*) sysconfdir=`spliteq $1`;;
+	--ignore-cve) ignore_cve=1;;
+	--ignore-cve=*) ignore_cve=`spliteq $1`;;
+	--fat-binary) fat_binary=1;;
 	--help) usage;;
 	esac
 }
 
-ismac() {
-	uname -s | grep Darwin
-}
-
 while true ; do
 	case $1 in
 	-*) parsearg "$1"; shift;;
@@ -71,18 +92,30 @@ fi
 echo CC?=$CC>config.mak
 [ -z "$CPPFLAGS" ] || echo CPPFLAGS?=$CPPFLAGS>>config.mak
 [ -z "$CFLAGS" ] || echo USER_CFLAGS?=$CFLAGS>>config.mak
+[ -z "$LDFLAGS" ] || echo USER_LDFLAGS?=$LDFLAGS>>config.mak
 echo prefix=$prefix>>config.mak
 echo exec_prefix=$exec_prefix>>config.mak
 echo bindir=$bindir>>config.mak
 echo libdir=$libdir>>config.mak
 echo includedir=$includedir>>config.mak
 echo sysconfdir=$sysconfdir>>config.mak
+[ "$ignore_cve" = "no" ] && echo CPPFLAGS+= -DSUPER_SECURE>>config.mak
+make_cmd=make
 if ismac ; then
+	echo NO_AS_NEEDED=>>config.mak
 	echo LDSO_SUFFIX=dylib>>config.mak
 	echo MAC_CFLAGS+=-DIS_MAC=1>>config.mak
+	if isx86_64 && [ "$fat_binary" = 1 ] ; then
+		echo "Configuring a fat binary for i386 and x86_64"
+		echo MAC_CFLAGS+=-arch i386 -arch x86_64>>config.mak
+		echo LDFLAGS+=-arch i386 -arch x86_64>>config.mak
+	fi
 	echo LD_SET_SONAME=-Wl,-install_name,>>config.mak
-	echo INSTALL_FLAGS=-m>>config.mak
+elif isbsd ; then
+	echo LIBDL=>>config.mak
+	echo "CFLAGS+=-DIS_BSD">>config.mak
+	isopenbsd && echo "CFLAGS+=-DIS_OPENBSD">>config.mak
+	make_cmd=gmake
 fi
 
-echo done, now run make \&\& make install
-
+echo "Done, now run $make_cmd && $make_cmd install"

src/allocator_thread.c

@@ -8,13 +8,12 @@
 #include <string.h>
 #include <stdint.h>
 #include <stddef.h>
+#include <errno.h>
 #include "allocator_thread.h"
-#include "shm.h"
 #include "debug.h"
 #include "ip_type.h"
 #include "mutex.h"
 #include "hash.h"
-#include "stringdump.h"
 
 /* stuff for our internal translation table */
 
@@ -29,6 +28,12 @@ typedef struct {
 	string_hash_tuple** list;
 } internal_ip_lookup_table;
 
+static void *dumpstring(char* s, size_t len) {
+	char* p = malloc(len);
+	if(p) memcpy(p, s, len);
+	return p;
+}
+
 pthread_mutex_t internal_ips_lock;
 internal_ip_lookup_table *internal_ips = NULL;
 internal_ip_lookup_table internal_ips_buf;
@@ -147,8 +152,8 @@ struct at_msghdr {
 
 static pthread_t allocator_thread;
 static pthread_attr_t allocator_thread_attr;
-static int req_pipefd[2];
-static int resp_pipefd[2];
+int req_pipefd[2];
+int resp_pipefd[2];
 
 static int wait_data(int readfd) {
 	PFUNC();
@@ -158,7 +163,13 @@ static int wait_data(int readfd) {
 	int ret;
 	while((ret = select(readfd+1, &fds, NULL, NULL, NULL)) <= 0) {
 		if(ret < 0) {
-			perror("select2");
+			int e = errno;
+			if(e == EINTR) continue;
+#ifdef __GLIBC__
+			char emsg[1024];
+			char* x = strerror_r(errno, emsg, sizeof emsg);
+			dprintf(2, "select2: %s\n", x);
+#endif
 			return 0;
 		}
 	}

src/allocator_thread.h

@@ -6,10 +6,14 @@
 
 #define MSG_LEN_MAX 256
 
+extern int req_pipefd[2];
+extern int resp_pipefd[2];
+
 void at_init(void);
 void at_close(void);
 size_t at_get_host_for_ip(ip_type ip, char* readbuf);
 ip_type at_get_ip_for_host(char* host, size_t len);
 
 //RcB: DEP "allocator_thread.c"
-#endif
+#endif
+

src/common.c

@@ -3,6 +3,26 @@
 #include <unistd.h>
 #include <stdio.h>
 
+const char *proxy_type_strmap[] = {
+    "http",
+    "socks4",
+    "socks5",
+};
+
+const char *chain_type_strmap[] = {
+    "dynamic_chain",
+    "strict_chain",
+    "random_chain",
+    "round_robin_chain",
+};
+
+const char *proxy_state_strmap[] = {
+    "play",
+    "down",
+    "blocked",
+    "busy",
+};
+
 // stolen from libulz (C) rofl0r
 void pc_stringfromipv4(unsigned char *ip_buf_4_bytes, char *outbuf_16_bytes) {
 	unsigned char *p;
@@ -39,7 +59,7 @@ char *get_config_path(char* default_path, char* pbuf, size_t bufsize) {
 	char *path = default_path;
 	if(check_path(path))
 		goto have;
-	
+
 	// priority 1: env var PROXYCHAINS_CONF_FILE
 	path = getenv(PROXYCHAINS_CONF_FILE_ENV_VAR);
 	if(check_path(path))
@@ -68,10 +88,10 @@ char *get_config_path(char* default_path, char* pbuf, size_t bufsize) {
 	path = "/etc/" PROXYCHAINS_CONF_FILE;
 	if(check_path(path))
 		goto have;
-	
+
 	perror("couldnt find configuration file");
 	exit(1);
-	
+
 	return NULL;
 	have:
 	return path;

src/common.h

@@ -11,6 +11,10 @@
 
 #include <stddef.h>
 
+extern const char *proxy_type_strmap[];
+extern const char *chain_type_strmap[];
+extern const char *proxy_state_strmap[];
+
 char *get_config_path(char* default_path, char* pbuf, size_t bufsize);
 void pc_stringfromipv4(unsigned char *ip_buf_4_bytes, char *outbuf_16_bytes);
 

src/core.c

@@ -27,7 +27,7 @@
 #include <arpa/inet.h>
 #include <sys/types.h>
 #include <sys/socket.h>
-#include <sys/poll.h>
+#include <poll.h>
 #include <sys/wait.h>
 #include <fcntl.h>
 #include <time.h>
@@ -37,12 +37,12 @@
 
 #include "core.h"
 #include "common.h"
-#include "shm.h"
 #include "allocator_thread.h"
 
 extern int tcp_read_time_out;
 extern int tcp_connect_time_out;
 extern int proxychains_quiet_mode;
+extern unsigned int proxychains_proxy_offset;
 extern unsigned int remote_dns_subnet;
 
 static int poll_retry(struct pollfd *fds, nfds_t nfsd, int timeout) {
@@ -267,8 +267,10 @@ static int tunnel_to(int sock, ip_type ip, unsigned short port, proxy_type pt, c
 				}
 
 				// if not ok (200) or response greather than BUFF_SIZE return BLOCKED;
-				if(len == BUFF_SIZE || !(buff[9] == '2' && buff[10] == '0' && buff[11] == '0'))
+				if(len == BUFF_SIZE || !(buff[9] == '2' && buff[10] == '0' && buff[11] == '0')) {
+					PDEBUG("HTTP proxy blocked: buff=\"%s\"\n", buff);
 					return BLOCKED;
+				}
 
 				return SUCCESS;
 			}
@@ -427,6 +429,7 @@ static int tunnel_to(int sock, ip_type ip, unsigned short port, proxy_type pt, c
 #define DT "Dynamic chain"
 #define ST "Strict chain"
 #define RT "Random chain"
+#define RRT "Round Robin chain"
 
 static int start_chain(int *fd, proxy_data * pd, char *begin_mark) {
 	struct sockaddr_in addr;
@@ -554,15 +557,20 @@ int connect_proxy_chain(int sock, ip_type target_ip,
 	proxy_data p4;
 	proxy_data *p1, *p2, *p3;
 	int ns = -1;
+	int rc = -1;
 	unsigned int offset = 0;
 	unsigned int alive_count = 0;
 	unsigned int curr_len = 0;
+	unsigned int curr_pos = 0;
+	unsigned int looped = 0; // went back to start of list in RR mode
 
 	p3 = &p4;
 
 	PFUNC();
 
 	again:
+	rc = -1;
+	DUMP_PROXY_CHAIN(pd, proxy_count);
 
 	switch (ct) {
 		case DYNAMIC_TYPE:
@@ -589,6 +597,52 @@ int connect_proxy_chain(int sock, ip_type target_ip,
 				goto error;
 			break;
 
+		case ROUND_ROBIN_TYPE:
+			alive_count = calc_alive(pd, proxy_count);
+			curr_pos = offset = proxychains_proxy_offset;
+			if(alive_count < max_chain)
+				goto error_more;
+                        PDEBUG("1:rr_offset = %d, curr_pos = %d\n", offset, curr_pos);
+			/* Check from current RR offset til end */
+			for (;rc != SUCCESS;) {
+				if (!(p1 = select_proxy(FIFOLY, pd, proxy_count, &offset))) {
+					/* We've reached the end of the list, go to the start */
+ 					offset = 0;
+					looped++;
+					continue;
+				} else if (looped && rc > 0 && offset >= curr_pos) {
+ 					PDEBUG("GOTO MORE PROXIES 0\n");
+					/* We've gone back to the start and now past our starting position */
+					proxychains_proxy_offset = 0;
+ 					goto error_more;
+ 				}
+ 				PDEBUG("2:rr_offset = %d\n", offset);
+ 				rc=start_chain(&ns, p1, RRT);
+			}
+			/* Create rest of chain using RR */
+			for(curr_len = 1; curr_len < max_chain;) {
+				PDEBUG("3:rr_offset = %d, curr_len = %d, max_chain = %d\n", offset, curr_len, max_chain);
+				p2 = select_proxy(FIFOLY, pd, proxy_count, &offset);
+				if(!p2) {
+					/* Try from the beginning to where we started */
+					offset = 0;
+					continue;
+				} else if(SUCCESS != chain_step(ns, p1, p2)) {
+					PDEBUG("GOTO AGAIN 1\n");
+					goto again;
+				} else
+					p1 = p2;
+				curr_len++;
+			}
+			//proxychains_write_log(TP);
+			p3->ip = target_ip;
+			p3->port = target_port;
+			proxychains_proxy_offset = offset+1;
+			PDEBUG("pd_offset = %d, curr_len = %d\n", proxychains_proxy_offset, curr_len);
+			if(SUCCESS != chain_step(ns, p1, p3))
+				goto error;
+			break;
+
 		case STRICT_TYPE:
 			alive_count = calc_alive(pd, proxy_count);
 			offset = 0;
@@ -664,11 +718,7 @@ int connect_proxy_chain(int sock, ip_type target_ip,
 	return -1;
 }
 
-#include "hostentdb.h"
-struct hostent_list hl;
-
 void core_initialize(void) {
-	hdb_init(&hl);
 }
 
 void core_unload(void) {
@@ -679,6 +729,7 @@ static void gethostbyname_data_setstring(struct gethostbyname_data* data, char*
 	data->hostent_space.h_name = data->addr_name;
 }
 
+extern ip_type hostsreader_get_numeric_ip_for_name(const char* name);
 struct hostent *proxy_gethostbyname(const char *name, struct gethostbyname_data* data) {
 	PFUNC();
 	char buff[256];
@@ -703,10 +754,8 @@ struct hostent *proxy_gethostbyname(const char *name, struct gethostbyname_data*
 		goto retname;
 	}
 
-	memset(buff, 0, sizeof(buff));
-
 	// this iterates over the "known hosts" db, usually /etc/hosts
-	ip_type hdb_res = hdb_get(&hl, (char*) name);
+	ip_type hdb_res = hostsreader_get_numeric_ip_for_name(name);
 	if(hdb_res.as_int != ip_type_invalid.as_int) {
 		data->resolved_addr = hdb_res.as_int;
 		goto retname;
@@ -735,8 +784,12 @@ void proxy_freeaddrinfo(struct addrinfo *res) {
 	free(res);
 }
 
-#ifdef IS_MAC
-/* getservbyname on mac is using thread local storage, so we dont need mutex */
+#if defined(IS_MAC) || defined(IS_OPENBSD)
+#ifdef IS_OPENBSD /* OpenBSD has its own incompatible getservbyname_r */
+#define getservbyname_r mygetservbyname_r
+#endif
+/* getservbyname on mac is using thread local storage, so we dont need mutex 
+   TODO: check if the same applies to OpenBSD */
 static int getservbyname_r(const char* name, const char* proto, struct servent* result_buf, 
 			   char* buf, size_t buflen, struct servent** result) {
 	PFUNC();
@@ -770,8 +823,11 @@ int proxy_getaddrinfo(const char *node, const char *service, const struct addrin
 //      printf("proxy_getaddrinfo node %s service %s\n",node,service);
 	space = calloc(1, sizeof(struct addrinfo_data));
 	if(!space) goto err1;
-	
+
 	if(node && !inet_aton(node, &((struct sockaddr_in *) &space->sockaddr_space)->sin_addr)) {
+		/* some folks (nmap) use getaddrinfo() with AI_NUMERICHOST to check whether a string
+		   containing a numeric ip was passed. we must return failure in that case. */
+		if(hints && (hints->ai_flags & AI_NUMERICHOST)) return EAI_NONAME;
 		hp = proxy_gethostbyname(node, &ghdata);
 		if(hp)
 			memcpy(&((struct sockaddr_in *) &space->sockaddr_space)->sin_addr,
@@ -786,10 +842,10 @@ int proxy_getaddrinfo(const char *node, const char *service, const struct addrin
 
 	*res = p = &space->addrinfo_space;
 	assert((size_t)p == (size_t) space);
-	
+
 	p->ai_addr = &space->sockaddr_space;
 	if(node)
-		strncpy(space->addr_name, node, sizeof(space->addr_name));
+		snprintf(space->addr_name, sizeof(space->addr_name), "%s", node);
 	p->ai_canonname = space->addr_name;
 	p->ai_next = NULL;
 	p->ai_family = space->sockaddr_space.sa_family = AF_INET;
@@ -800,9 +856,12 @@ int proxy_getaddrinfo(const char *node, const char *service, const struct addrin
 		p->ai_flags = hints->ai_flags;
 		p->ai_protocol = hints->ai_protocol;
 	} else {
+#ifndef AI_V4MAPPED
+#define AI_V4MAPPED 0
+#endif
 		p->ai_flags = (AI_V4MAPPED | AI_ADDRCONFIG);
 	}
-	
+
 	goto out;
 	err2:
 	free(space);

src/core.h

@@ -47,8 +47,9 @@ typedef enum {
 typedef enum {
 	DYNAMIC_TYPE,
 	STRICT_TYPE,
-	RANDOM_TYPE}
-chain_type;
+	RANDOM_TYPE,
+	ROUND_ROBIN_TYPE
+} chain_type;
 
 typedef enum {
 	PLAY_STATE,
@@ -82,6 +83,7 @@ int connect_proxy_chain (int sock, ip_type target_ip, unsigned short target_port
 
 void proxychains_write_log(char *str, ...);
 
+typedef int (*close_t)(int);
 typedef int (*connect_t)(int, const struct sockaddr *, socklen_t);
 typedef struct hostent* (*gethostbyname_t)(const char *);
 typedef int (*freeaddrinfo_t)(struct addrinfo *);
@@ -93,6 +95,10 @@ typedef int (*getaddrinfo_t)(const char *, const char *, const struct addrinfo *
 typedef int (*getnameinfo_t) (const struct sockaddr *, socklen_t, char *, 
 			      socklen_t, char *, socklen_t, int);
 
+typedef ssize_t (*sendto_t) (int sockfd, const void *buf, size_t len, int flags,
+			     const struct sockaddr *dest_addr, socklen_t addrlen);
+
+
 
 extern connect_t true_connect;
 extern gethostbyname_t true_gethostbyname;
@@ -123,4 +129,5 @@ void core_unload(void);
 
 //RcB: DEP "core.c"
 //RcB: DEP "libproxychains.c"
-//RcB: LINK "-Wl,--no-as-needed -ldl -lpthread"
+//RcB: LINK "-Wl,--no-as-needed -ldl -lpthread"
+

src/debug.c

@@ -0,0 +1,21 @@
+
+#ifdef DEBUG
+# include "core.h"
+# include "common.h"
+# include "debug.h"
+
+void DUMP_PROXY_CHAIN(proxy_data *pchain, unsigned int count) {
+	char ip_buf[16];
+	for (; count; pchain++, count--) {
+		pc_stringfromipv4(&pchain->ip.octet[0], ip_buf);
+		PDEBUG("[%s] %s %s:%d", proxy_state_strmap[pchain->ps],
+		       proxy_type_strmap[pchain->pt], 
+		       ip_buf, htons(pchain->port));
+		if (*pchain->user || *pchain->pass) {
+			PSTDERR(" [u=%s,p=%s]", pchain->user, pchain->pass);
+		}
+		PSTDERR("\n");
+	}
+}
+
+#endif

src/debug.h

@@ -3,11 +3,18 @@
 
 #ifdef DEBUG
 # include <stdio.h>
-# define PDEBUG(fmt, args...) do { dprintf(2,"DEBUG:"fmt, ## args); } while(0)
+# define PSTDERR(fmt, args...) do { dprintf(2,fmt, ## args); } while(0)
+# define PDEBUG(fmt, args...) PSTDERR("DEBUG:"fmt, ## args)
+
+# include "core.h"
+void DUMP_PROXY_CHAIN(proxy_data *pchain, unsigned int count);
+
 #else
 # define PDEBUG(fmt, args...) do {} while (0)
+# define DUMP_PROXY_CHAIN(args...) do {} while (0)
 #endif
 
 # define PFUNC() do { PDEBUG("pid[%d]:%s\n", getpid(), __FUNCTION__); } while(0)
 
-#endif
+#endif
+

src/hostentdb.c

@@ -1,56 +0,0 @@
-#include <stdint.h>
-#include <string.h>
-#include <netdb.h>
-#include <stdlib.h>
-
-#include "ip_type.h"
-#include "hash.h"
-#include "stringdump.h"
-#include "hostentdb.h"
-#include "common.h"
-#include "debug.h"
-
-#define STEP 16
-static void hdb_add(struct hostent_list* hl, char* host, ip_type ip) {
-	if(hl->count +1 > hl->capa) {
-		void * nu = realloc(hl->entries, (hl->capa + STEP) * sizeof(struct hostent_entry));
-		if(!nu) return;
-		hl->entries = nu;
-		hl->capa += STEP;
-	}
-	struct hostent_entry *h = &hl->entries[hl->count];
-	h->hash = dalias_hash(host);
-	h->ip.as_int = ip.as_int;
-	h->str = dumpstring(host, strlen(host) + 1); 
-	if(h->str) hl->count++;
-}
-
-static void hdb_fill(struct hostent_list *hl) {
-	struct hostent* hp;
-	while((hp = gethostent()))
-		if(hp->h_addrtype == AF_INET && hp->h_length == sizeof(in_addr_t)) {
-			hdb_add(hl, hp->h_name, (ip_type) { .as_int = *((in_addr_t*)(hp->h_addr_list[0])) });
-		}
-}
-
-void hdb_init(struct hostent_list *hl) {
-	memset(hl, 0, sizeof *hl);
-	hdb_fill(hl);
-}
-
-ip_type hdb_get(struct hostent_list *hl, char* host) {
-	size_t i;
-	PFUNC();
-	uint32_t hash = dalias_hash(host);
-	for(i = 0; i < hl->count; i++) {
-		if(hl->entries[i].hash == hash && !strcmp(hl->entries[i].str, host)) {
-		#ifdef DEBUG
-			char ipbuf[16];
-			pc_stringfromipv4(hl->entries[i].ip.octet, ipbuf);
-			PDEBUG("got ip %s for hostent entry %s\n", ipbuf, host);
-		#endif
-			return hl->entries[i].ip;
-		}
-	}
-	return ip_type_invalid;
-}

src/hostentdb.h

@@ -1,23 +0,0 @@
-#ifndef HOSTENTDB_H
-#define HOSTENTDB_H
-
-#include "ip_type.h"
-#include <unistd.h>
-
-struct hostent_entry {
-	uint32_t hash;
-	ip_type ip;
-	char* str;
-};
-
-struct hostent_list {
-	size_t count;
-	size_t capa;
-	struct hostent_entry *entries;
-};
-
-void hdb_init(struct hostent_list *hl);
-ip_type hdb_get(struct hostent_list *hl, char* host);
-
-//RcB: DEP "hostendb.c"
-#endif

src/hostsreader.c

@@ -0,0 +1,121 @@
+#include <stdio.h>
+#include <ctype.h>
+#include <string.h>
+
+/*
+   simple reader for /etc/hosts
+   it only supports comments, blank lines and lines consisting of an ipv4 hostname pair.
+   this is required so we can return entries from the host db without messing up the
+   non-thread-safe state of libc's gethostent().
+
+*/
+
+struct hostsreader {
+	FILE *f;
+	char* ip, *name;
+};
+
+int hostsreader_open(struct hostsreader *ctx) {
+	if(!(ctx->f = fopen("/etc/hosts", "r"))) return 0;
+	return 1;
+}
+
+void hostsreader_close(struct hostsreader *ctx) {
+	fclose(ctx->f);
+}
+
+static int isnumericipv4(const char* ipstring);
+int hostsreader_get(struct hostsreader *ctx, char* buf, size_t bufsize) {
+	while(1) {
+		if(!fgets(buf, bufsize, ctx->f)) return 0;
+		if(*buf == '#') continue;
+		char *p = buf;
+		size_t l = bufsize;
+		ctx->ip = p;
+		while(*p && !isspace(*p) && l) {
+			p++;
+			l--;
+		}
+		if(!l || !*p || p == ctx->ip) continue;
+		*p = 0;
+		p++;
+		while(*p && isspace(*p) && l) {
+			p++;
+			l--;
+		}
+		if(!l || !*p) continue;
+		ctx->name = buf;
+		while(*p && !isspace(*p) && l) {
+			p++;
+			l--;
+		}
+		if(!l || !*p) continue;
+		*p = 0;
+		if(isnumericipv4(ctx->ip)) return 1;
+	}
+}
+
+char* hostsreader_get_ip_for_name(const char* name, char* buf, size_t bufsize) {
+	struct hostsreader ctx;
+	char *res = 0;
+	if(!hostsreader_open(&ctx)) return 0;
+	while(hostsreader_get(&ctx, buf, bufsize)) {
+		if(!strcmp(ctx.name, name)) {
+			res = ctx.ip;
+			break;
+		}
+	}
+	hostsreader_close(&ctx);
+	return res;
+}
+
+#include "ip_type.h"
+#include <netinet/in.h>
+#include <sys/socket.h>
+#include <arpa/inet.h>
+ip_type hostsreader_get_numeric_ip_for_name(const char* name) {
+	char *hres;
+	char buf[320];
+	if((hres = hostsreader_get_ip_for_name(name, buf, sizeof buf))) {
+		struct in_addr c;
+		inet_aton(hres, &c);
+		ip_type res;
+		memcpy(res.octet, &c.s_addr, 4);
+		return res;
+	} else return ip_type_invalid;
+}
+
+#ifdef HOSTSREADER_TEST
+int main() {
+	char buf[256];
+	char * ret = hostsreader_get_ip_for_name("goo", buf, sizeof buf);
+	printf("%s\n", ret ? ret : "null");
+}
+#endif
+
+/* isnumericipv4() taken from libulz */
+static int isnumericipv4(const char* ipstring) {
+	size_t x = 0, n = 0, d = 0;
+	int wasdot = 0;
+	while(1) {
+		switch(ipstring[x]) {
+			case 0: goto done;
+			case '.':
+				if(!n || wasdot) return 0;
+				d++;
+				wasdot = 1;
+				break;
+			case '0': case '1': case '2': case '3': case '4':
+			case '5': case '6': case '7': case '8': case '9':
+				n++;
+				wasdot = 0;
+				break;
+			default:
+				return 0;
+		}
+		x++;
+	}
+	done:
+	if(d == 3 && n >= 4 && n <= 12) return 1;
+	return 0;
+}

src/libproxychains.c

@@ -45,18 +45,21 @@
 #define     SOCKFAMILY(x)     (satosin(x)->sin_family)
 #define     MAX_CHAIN 512
 
+close_t true_close;
 connect_t true_connect;
 gethostbyname_t true_gethostbyname;
 getaddrinfo_t true_getaddrinfo;
 freeaddrinfo_t true_freeaddrinfo;
 getnameinfo_t true_getnameinfo;
 gethostbyaddr_t true_gethostbyaddr;
+sendto_t true_sendto;
 
 int tcp_read_time_out;
 int tcp_connect_time_out;
 chain_type proxychains_ct;
 proxy_data proxychains_pd[MAX_CHAIN];
 unsigned int proxychains_proxy_count = 0;
+unsigned int proxychains_proxy_offset = 0;
 int proxychains_got_chain_data = 0;
 unsigned int proxychains_max_chain = 1;
 int proxychains_quiet_mode = 0;
@@ -74,7 +77,7 @@ static inline void get_chain_data(proxy_data * pd, unsigned int *proxy_count, ch
 static void* load_sym(char* symname, void* proxyfunc) {
 
 	void *funcptr = dlsym(RTLD_NEXT, symname);
-	
+
 	if(!funcptr) {
 		fprintf(stderr, "Cannot load symbol '%s' %s\n", symname, dlerror());
 		exit(1);
@@ -92,28 +95,30 @@ static void* load_sym(char* symname, void* proxyfunc) {
 
 #define SETUP_SYM(X) do { true_ ## X = load_sym( # X, X ); } while(0)
 
-#include "shm.h"
 #include "allocator_thread.h"
-#include "stringdump.h"
+
+const char *proxychains_get_version(void);
 
 static void do_init(void) {
 	srand(time(NULL));
-	dumpstring_init(); // global string garbage can
 	core_initialize();
 	at_init();
-	
+
 	/* read the config file */
 	get_chain_data(proxychains_pd, &proxychains_proxy_count, &proxychains_ct);
+	DUMP_PROXY_CHAIN(proxychains_pd, proxychains_proxy_count);
+
+	proxychains_write_log(LOG_PREFIX "DLL init: proxychains-ng %s\n", proxychains_get_version());
 
-	proxychains_write_log(LOG_PREFIX "DLL init\n");
-	
 	SETUP_SYM(connect);
+	SETUP_SYM(sendto);
 	SETUP_SYM(gethostbyname);
 	SETUP_SYM(getaddrinfo);
 	SETUP_SYM(freeaddrinfo);
 	SETUP_SYM(gethostbyaddr);
 	SETUP_SYM(getnameinfo);
-	
+	SETUP_SYM(close);
+
 	init_l = 1;
 }
 
@@ -164,9 +169,13 @@ static void get_chain_data(proxy_data * pd, unsigned int *proxy_count, chain_typ
 	tcp_read_time_out = 4 * 1000;
 	tcp_connect_time_out = 10 * 1000;
 	*ct = DYNAMIC_TYPE;
-	
+
 	env = get_config_path(getenv(PROXYCHAINS_CONF_FILE_ENV_VAR), buff, sizeof(buff));
-	file = fopen(env, "r");
+	if( ( file = fopen(env, "r") ) == NULL )
+	{
+	        perror("couldnt read configuration file");
+        	exit(1);
+	}
 
 	env = getenv(PROXYCHAINS_QUIET_MODE_ENV_VAR);
 	if(env && *env == '1')
@@ -178,15 +187,25 @@ static void get_chain_data(proxy_data * pd, unsigned int *proxy_count, chain_typ
 			if(list) {
 				if(count >= MAX_CHAIN)
 					break;
-				
+
 				memset(&pd[count], 0, sizeof(proxy_data));
 
 				pd[count].ps = PLAY_STATE;
 				port_n = 0;
 
-				sscanf(buff, "%s %s %d %s %s", type, host, &port_n, pd[count].user, pd[count].pass);
+				int ret = sscanf(buff, "%s %s %d %s %s", type, host, &port_n, pd[count].user, pd[count].pass);
+				if(ret < 3 || ret == EOF) {
+					inv:
+					fprintf(stderr, "error: invalid item in proxylist section: %s", buff);
+					exit(1);
+				}
 
-				pd[count].ip.as_int = (uint32_t) inet_addr(host);
+				in_addr_t host_ip = inet_addr(host);
+				if(host_ip == INADDR_NONE) {
+					fprintf(stderr, "proxy %s has invalid value or is not numeric\n", host);
+					exit(1);
+				}
+				pd[count].ip.as_int = (uint32_t) host_ip;
 				pd[count].port = htons((unsigned short) port_n);
 
 				if(!strcmp(type, "http")) {
@@ -196,7 +215,7 @@ static void get_chain_data(proxy_data * pd, unsigned int *proxy_count, chain_typ
 				} else if(!strcmp(type, "socks5")) {
 					pd[count].pt = SOCKS5_TYPE;
 				} else
-					continue;
+					goto inv;
 
 				if(pd[count].ip.as_int && port_n && pd[count].ip.as_int != (uint32_t) - 1)
 					count++;
@@ -209,6 +228,8 @@ static void get_chain_data(proxy_data * pd, unsigned int *proxy_count, chain_typ
 					*ct = STRICT_TYPE;
 				} else if(strstr(buff, "dynamic_chain")) {
 					*ct = DYNAMIC_TYPE;
+				} else if(strstr(buff, "round_robin_chain")) {
+					*ct = ROUND_ROBIN_TYPE;
 				} else if(strstr(buff, "tcp_read_time_out")) {
 					sscanf(buff, "%s %d", user, &tcp_read_time_out);
 				} else if(strstr(buff, "tcp_connect_time_out")) {
@@ -276,12 +297,27 @@ static void get_chain_data(proxy_data * pd, unsigned int *proxy_count, chain_typ
 		}
 	}
 	fclose(file);
+	if(!count) {
+		fprintf(stderr, "error: no valid proxy found in config\n");
+		exit(1);
+	}
 	*proxy_count = count;
 	proxychains_got_chain_data = 1;
 }
 
 /*******  HOOK FUNCTIONS  *******/
 
+int close(int fd) {
+	INIT();
+	/* prevent rude programs (like ssh) from closing our pipes */
+	if(fd != req_pipefd[0]  && fd != req_pipefd[1] &&
+	   fd != resp_pipefd[0] && fd != resp_pipefd[1]) {
+		return true_close(fd);
+	}
+	errno = EBADF;
+	return -1;
+}
+
 int connect(int sock, const struct sockaddr *addr, unsigned int len) {
 	PFUNC();
 	int socktype = 0, flags = 0, ret = 0;
@@ -381,32 +417,31 @@ void freeaddrinfo(struct addrinfo *res) {
 	return;
 }
 
-// work around a buggy prototype in GLIBC. according to the bugtracker it has been fixed in git at 02 May 2011.
-// 2.14 came out in June 2011 so that should be the first fixed version
-#if defined(__GLIBC__) && (__GLIBC__ < 3) && (__GLIBC_MINOR__ < 14)
-int getnameinfo(const struct sockaddr *sa,
-		socklen_t salen, char *host, socklen_t hostlen, char *serv, socklen_t servlen, unsigned int flags)
-#else
-int getnameinfo(const struct sockaddr *sa,
-		socklen_t salen, char *host, socklen_t hostlen, char *serv, socklen_t servlen, int flags)
-#endif
+int pc_getnameinfo(const struct sockaddr *sa, socklen_t salen,
+	           char *host, socklen_t hostlen, char *serv,
+	           socklen_t servlen, int flags)
 {
 	char ip_buf[16];
 	int ret = 0;
 
 	INIT();
-	
-	PDEBUG("getnameinfo: %s %s\n", host, serv);
+
+	PFUNC();
 
 	if(!proxychains_resolver) {
 		ret = true_getnameinfo(sa, salen, host, hostlen, serv, servlen, flags);
 	} else {
+		if(salen < sizeof(struct sockaddr_in) || SOCKFAMILY(*sa) != AF_INET)
+			return EAI_FAMILY;
 		if(hostlen) {
 			pc_stringfromipv4((unsigned char*) &(SOCKADDR_2(*sa)), ip_buf);
-			strncpy(host, ip_buf, hostlen);
+			if(snprintf(host, hostlen, "%s", ip_buf) >= hostlen)
+				return EAI_OVERFLOW;
+		}
+		if(servlen) {
+			if(snprintf(serv, servlen, "%d", ntohs(SOCKPORT(*sa))) >= servlen)
+				return EAI_OVERFLOW;
 		}
-		if(servlen)
-			snprintf(serv, servlen, "%d", ntohs(SOCKPORT(*sa)));
 	}
 	return ret;
 }
@@ -443,3 +478,20 @@ struct hostent *gethostbyaddr(const void *addr, socklen_t len, int type) {
 	}
 	return NULL;
 }
+
+#ifndef MSG_FASTOPEN
+#   define MSG_FASTOPEN 0x20000000
+#endif
+
+ssize_t sendto(int sockfd, const void *buf, size_t len, int flags,
+	       const struct sockaddr *dest_addr, socklen_t addrlen) {
+	if (flags & MSG_FASTOPEN) {
+		if (!connect(sockfd, dest_addr, addrlen) && errno != EINPROGRESS) {
+			return -1;
+		}
+		dest_addr = NULL;
+		addrlen = 0;
+		flags &= ~MSG_FASTOPEN;
+	}
+	return true_sendto(sockfd, buf, len, flags, dest_addr, addrlen);
+}

src/main.c

@@ -33,7 +33,9 @@ static const char *dll_name = DLL_NAME;
 
 static char own_dir[256];
 static const char *dll_dirs[] = {
+#ifndef SUPER_SECURE /* CVE-2015-3887 */
 	".",
+#endif
 	own_dir,
 	LIB_DIR,
 	"/lib",
@@ -48,7 +50,11 @@ static void set_own_dir(const char *argv0) {
 	while(l && argv0[l - 1] != '/')
 		l--;
 	if(l == 0)
+#ifdef SUPER_SECURE
+		memcpy(own_dir, "/dev/null/", 11);
+#else
 		memcpy(own_dir, ".", 2);
+#endif
 	else {
 		memcpy(own_dir, argv0, l - 1);
 		own_dir[l] = 0;
@@ -89,7 +95,7 @@ int main(int argc, char *argv[]) {
 
 	/* check if path of config file has not been passed via command line */
 	path = get_config_path(path, pbuf, sizeof(pbuf));
-	
+
 	if(!quiet)
 		fprintf(stderr, LOG_PREFIX "config file found: %s\n", path);
 
@@ -103,7 +109,7 @@ int main(int argc, char *argv[]) {
 	// search DLL
 
 	set_own_dir(argv[0]);
-	
+
 	i = 0;
 
 	while(dll_dirs[i]) {
@@ -122,14 +128,24 @@ int main(int argc, char *argv[]) {
 	if(!quiet)
 		fprintf(stderr, LOG_PREFIX "preloading %s/%s\n", prefix, dll_name);
 
-#ifndef IS_MAC
-	snprintf(buf, sizeof(buf), "LD_PRELOAD=%s/%s", prefix, dll_name);
-	putenv(buf);
-#else
-	snprintf(buf, sizeof(buf), "DYLD_INSERT_LIBRARIES=%s/%s", prefix, dll_name);
-	putenv(buf);
+#ifdef IS_MAC
 	putenv("DYLD_FORCE_FLAT_NAMESPACE=1");
+#define LD_PRELOAD_ENV "DYLD_INSERT_LIBRARIES"
+#define LD_PRELOAD_SEP ":"
+#else
+#define LD_PRELOAD_ENV "LD_PRELOAD"
+/* all historic implementations of BSD and linux dynlinkers seem to support
+   space as LD_PRELOAD separator, with colon added only recently.
+   we use the old syntax for maximum compat */
+#define LD_PRELOAD_SEP " "
 #endif
+	char *old_val = getenv(LD_PRELOAD_ENV);
+	snprintf(buf, sizeof(buf), LD_PRELOAD_ENV "=%s/%s%s%s",
+	         prefix, dll_name,
+	         /* append previous LD_PRELOAD content, if existent */
+	         old_val ? LD_PRELOAD_SEP : "",
+	         old_val ? old_val : "");
+	putenv(buf);
 	execvp(argv[start_argv], &argv[start_argv]);
 	perror("proxychains can't load process....");
 

src/nameinfo.c

@@ -0,0 +1,13 @@
+#include <sys/socket.h>
+
+extern int pc_getnameinfo(const void *sa, socklen_t salen, 
+                   char *host, socklen_t hostlen, char *serv, 
+                   socklen_t servlen, int flags);
+
+
+int getnameinfo(const void *sa, socklen_t salen, 
+                   char *host, socklen_t hostlen, char *serv, 
+                   socklen_t servlen, int flags) {
+	return pc_getnameinfo(sa, salen, host, hostlen, serv, servlen, flags);
+}
+

src/proxychains

@@ -1,26 +0,0 @@
-#!/bin/sh
-echo "ProxyChains-3.1 (http://proxychains.sf.net)"
-
-usage() {
-
-	echo "	usage:"
-	echo "		$0 [h] [f config-file] <prog> [args]"
-	exit
-}
-
-if [ $# = 0 ] ; then
-	usage
-fi
-
-if [ $1 = "-h" ]; then
-	usage
-fi
-
-if [ "$1" = "-f" ]; then
-	export PROXYCHAINS_CONF_FILE=$2;
-	shift;
-	shift;
-fi
-
-export LD_PRELOAD=libproxychains.so.3
-exec "$@"

src/proxychains.conf

@@ -22,13 +22,27 @@ strict_chain
 # all proxies must be online to play in chain
 # otherwise EINTR is returned to the app
 #
+#round_robin_chain
+#
+# Round Robin - Each connection will be done via chained proxies
+# of chain_len length
+# all proxies chained in the order as they appear in the list
+# at least one proxy must be online to play in chain
+# (dead proxies are skipped).
+# the start of the current proxy chain is the proxy after the last
+# proxy in the previously invoked proxy chain.
+# if the end of the proxy chain is reached while looking for proxies
+# start at the beginning again.
+# otherwise EINTR is returned to the app
+# These semantics are not guaranteed in a multithreaded environment.
+#
 #random_chain
 #
 # Random - Each connection will be done via random proxy
 # (or proxy chain, see  chain_len) from the list.
 # this option is good to test your IDS :)
 
-# Make sense only if random_chain
+# Make sense only if random_chain or round_robin_chain
 #chain_len = 2
 
 # Quiet mode (no output from library)
@@ -77,9 +91,11 @@ tcp_connect_time_out 8000
 # localnet 192.168.0.0/255.255.0.0
 
 # ProxyList format
-#       type  host  port [user pass]
+#       type  ip  port [user pass]
 #       (values separated by 'tab' or 'blank')
 #
+#       only numeric ipv4 addresses are valid
+#
 #
 #        Examples:
 #

src/proxyresolv

@@ -1,8 +1,10 @@
 #!/bin/sh
-# This script is called by proxychains to resolve DNS names
+# This is a legacy script that uses "dig" to do DNS lookups via TCP.
+# it is not actively maintained since proxychains no longer depends
+# on it. i leave it here as a bonus.
 
 # DNS server used to resolve names
-DNS_SERVER=4.2.2.2
+DNS_SERVER=8.8.8.8
 
 
 if [ $# = 0 ] ; then
@@ -12,5 +14,5 @@ if [ $# = 0 ] ; then
 fi
 
 
-export LD_PRELOAD=libproxychains.so
-dig $1 @$DNS_SERVER +tcp | awk '/A.+[0-9]+\.[0-9]+\.[0-9]/{print $5;}'
+export LD_PRELOAD=libproxychains4.so
+dig $1 @$DNS_SERVER +tcp | awk '/A.?[0-9]+\.[0-9]+\.[0-9]/{print $5;}'

src/shm.c

@@ -1,53 +0,0 @@
-#include <assert.h>
-#include <string.h>
-#include <limits.h>
-#include <string.h>
-#include <stdlib.h>
-#ifndef PAGE_SIZE
-#define PAGE_SIZE 4096
-#endif
-#include "shm.h"
-#include "debug.h"
-
-#if 0
-#include <sys/mman.h>
-#include <sys/ipc.h>
-#include <sys/shm.h>
-
-/* allocates shared memory which can be accessed from the parent and its childs */
-void *shm_realloc(void* old, size_t old_size, size_t new_size) {
-	//PFUNC();
-	void *nu = mmap(NULL, new_size, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_ANON, -1, 0);
-	if(old) {
-		if(!nu) return NULL;
-		assert(new_size >= old_size);
-		memcpy(nu, old, old_size);
-		munmap(old, old_size);
-	}
-	return nu;
-}
-#endif
-
-void stringpool_init(struct stringpool* sp) {
-	PFUNC();
-	memset(sp, 0, sizeof *sp);
-}
-
-char* stringpool_add(struct stringpool *sp, char* s, size_t len) {
-	//PFUNC();
-	if(len > sp->alloced - sp->used) {
-		size_t newsz = sp->used + len;
-		size_t inc = PAGE_SIZE - (newsz % PAGE_SIZE);
-		newsz += (inc == PAGE_SIZE) ? 0 : inc;
-		void* p = realloc(sp->start, newsz);
-		if(p) {
-			sp->start = p;
-			sp->alloced = newsz;
-		} else 
-			return 0;
-	}
-	char* ret = sp->start + sp->used;
-	memcpy(ret, s, len);
-	sp->used += len;
-	return ret;
-}

src/shm.h

@@ -1,17 +0,0 @@
-#ifndef SHM_H
-#define SHM_H
-#include <unistd.h>
-
-struct stringpool {
-	size_t alloced;
-	size_t used;
-	char* start;
-};
-
-void stringpool_init(struct stringpool* sp);
-char* stringpool_add(struct stringpool *sp, char* s, size_t len);
-#if 0
-void *shm_realloc(void* old, size_t old_size, size_t new_size);
-#endif
-//RcB: DEP "shm.c"
-#endif

src/stringdump.c

@@ -1,13 +0,0 @@
-#include "stringdump.h"
-#include "debug.h"
-
-struct stringpool mem;
-
-char *dumpstring(char* s, size_t len) {
-	PFUNC();
-	return stringpool_add(&mem, s, len);
-}
-
-void dumpstring_init(void) {
-	stringpool_init(&mem);
-}

src/stringdump.h

@@ -1,12 +0,0 @@
-#ifndef STRINGDUMP_H
-#define STRINGDUMP_H
-
-#include "shm.h"
-#include <unistd.h>
-
-char *dumpstring(char* s, size_t len);
-void dumpstring_init(void);
-
-//RcB: DEP "stringdump.h"
-
-#endif

src/version.c

@@ -0,0 +1,6 @@
+#include "version.h"
+static const char version[] = VERSION;
+const char *proxychains_get_version(void) {
+	return version;
+}
+

tests/test_getnameinfo.c

@@ -0,0 +1,83 @@
+#include <netdb.h>
+#include <stdio.h>
+#include <string.h>
+#include <assert.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+
+#define     satosin(x)      ((struct sockaddr_in *) &(x))
+#define     SOCKADDR(x)     (satosin(x)->sin_addr.s_addr)
+#define     SOCKADDR_2(x)     (satosin(x)->sin_addr)
+#define     SOCKPORT(x)     (satosin(x)->sin_port)
+#define     SOCKFAMILY(x)     (satosin(x)->sin_family)
+
+int main() {
+	struct sockaddr a = {0}, *sa = &a;
+	char hbuf[NI_MAXHOST], sbuf[NI_MAXSERV];
+	SOCKPORT(a) = htons(80);
+	memcpy(  &( (struct sockaddr_in*) sa ) ->sin_addr   , (char[]) {127,0,0,1}, 4);
+
+	int ret;
+
+	if ((ret = getnameinfo(sa, 0, hbuf, sizeof(hbuf), sbuf,
+	    sizeof(sbuf), NI_NUMERICHOST | NI_NUMERICSERV)) == 0)
+		printf("host=%s, serv=%s\n", hbuf, sbuf);
+	else
+		printf("%s\n", gai_strerror(ret));
+
+	assert(ret == EAI_FAMILY);
+
+	if ((ret = getnameinfo(sa, sizeof a, hbuf, sizeof(hbuf), sbuf,
+	    sizeof(sbuf), NI_NUMERICHOST | NI_NUMERICSERV)) == 0)
+		printf("host=%s, serv=%s\n", hbuf, sbuf);
+	else
+		printf("%s\n", gai_strerror(ret));
+
+	assert(ret == EAI_FAMILY);
+
+	SOCKFAMILY(a) = AF_INET;
+
+	if ((ret = getnameinfo(sa, sizeof a, hbuf, 1, sbuf,
+	    sizeof(sbuf), NI_NUMERICHOST | NI_NUMERICSERV)) == 0)
+		printf("host=%s, serv=%s\n", hbuf, sbuf);
+	else
+		printf("%s\n", gai_strerror(ret));
+
+	assert(ret == EAI_OVERFLOW);
+
+	if ((ret = getnameinfo(sa, sizeof a, hbuf, 0, sbuf,
+	    1, NI_NUMERICHOST | NI_NUMERICSERV)) == 0)
+		printf("host=%s, serv=%s\n", hbuf, sbuf);
+	else
+		printf("%s\n", gai_strerror(ret));
+
+	assert(ret == EAI_OVERFLOW);
+
+	if ((ret = getnameinfo(sa, sizeof a, hbuf, 0, sbuf,
+	    sizeof(sbuf), NI_NUMERICHOST | NI_NUMERICSERV)) == 0)
+		printf("host=%s, serv=%s\n", hbuf, sbuf);
+	else
+		printf("%s\n", gai_strerror(ret));
+
+	assert(ret == 0);
+
+	if ((ret = getnameinfo(sa, sizeof a, hbuf, sizeof hbuf, sbuf,
+	    0, NI_NUMERICHOST | NI_NUMERICSERV)) == 0)
+		printf("host=%s, serv=%s\n", hbuf, sbuf);
+	else
+		printf("%s\n", gai_strerror(ret));
+
+	assert(ret == 0);
+
+
+	if ((ret = getnameinfo(sa, sizeof a, hbuf, sizeof(hbuf), sbuf,
+	    sizeof(sbuf), NI_NUMERICHOST | NI_NUMERICSERV)) == 0)
+		printf("host=%s, serv=%s\n", hbuf, sbuf);
+	else
+		printf("%s\n", gai_strerror(ret));
+
+	assert(ret == 0);
+
+		
+	return 0;
+}

tests/test_sendto.c

@@ -0,0 +1,66 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <netdb.h>
+
+#ifndef MSG_FASTOPEN
+#   define MSG_FASTOPEN 0x20000000
+#endif
+
+void error(const char *msg)
+{
+	perror(msg);
+	exit(1);
+}
+
+int main(int argc, char *argv[])
+{
+	if (argc < 4) {
+		printf("Usage: %s host port method(connect or sendto)\n", argv[0]);
+		return 1;
+	}
+	const char *hostname = argv[1];
+	const int portno = atoi(argv[2]);
+	const char *method = argv[3];
+	char request[BUFSIZ];
+	sprintf(request, "GET / HTTP/1.0\r\nHost: %s\r\n\r\n", hostname);
+	int sockfd, n;
+	struct sockaddr_in serv_addr;
+	struct hostent *server;
+
+	char buffer[BUFSIZ];
+	sockfd = socket(AF_INET, SOCK_STREAM, 0);
+	if (sockfd < 0) error("ERROR opening socket");
+	server = gethostbyname(hostname);
+	if (server == NULL) {
+		fprintf(stderr, "%s: no such host\n", hostname);
+		return 1;
+	}
+	memset(&serv_addr, 0, sizeof(serv_addr));
+	serv_addr.sin_family = AF_INET;
+	memcpy(&serv_addr.sin_addr.s_addr, server->h_addr, server->h_length);
+	serv_addr.sin_port = htons(portno);
+	if (!strcmp(method, "connect")) {
+	  if (connect(sockfd, (struct sockaddr *)&serv_addr, sizeof(serv_addr)) < 0)
+		  error("connect");
+	  n = send(sockfd, request, strlen(request), 0);
+	} else if (!strcmp(method, "sendto")) {
+	  n = sendto(sockfd, request, strlen(request), MSG_FASTOPEN, (struct sockaddr *)&serv_addr, sizeof(serv_addr));
+	} else {
+	  printf("Unknown method %s\n", method);
+	  return 1;
+	}
+	if (n < 0)
+		 error("send");
+	memset(buffer, 0, BUFSIZ);
+	n = read(sockfd, buffer, BUFSIZ - 1);
+	if (n < 0)
+		 error("ERROR reading from socket");
+	printf("%s\n", buffer);
+	close(sockfd);
+	return 0;
+}

tools/install.sh

@@ -0,0 +1,64 @@
+#!/bin/sh
+#
+# This is an actually-safe install command which installs the new
+# file atomically in the new location, rather than overwriting
+# existing files.
+#
+
+usage() {
+printf "usage: %s [-D] [-l] [-m mode] src dest\n" "$0" 1>&2
+exit 1
+}
+
+mkdirp=
+symlink=
+mode=755
+
+while getopts Dlm: name ; do
+case "$name" in
+D) mkdirp=yes ;;
+l) symlink=yes ;;
+m) mode=$OPTARG ;;
+?) usage ;;
+esac
+done
+shift $(($OPTIND - 1))
+
+test "$#" -eq 2 || usage
+src=$1
+dst=$2
+tmp="$dst.tmp.$$"
+
+case "$dst" in
+*/) printf "%s: %s ends in /\n", "$0" "$dst" 1>&2 ; exit 1 ;;
+esac
+
+set -C
+set -e
+
+if test "$mkdirp" ; then
+umask 022
+case "$2" in
+*/*) mkdir -p "${dst%/*}" ;;
+esac
+fi
+
+trap 'rm -f "$tmp"' EXIT INT QUIT TERM HUP
+
+umask 077
+
+if test "$symlink" ; then
+ln -s "$1" "$tmp"
+else
+cat < "$1" > "$tmp"
+chmod "$mode" "$tmp"
+fi
+
+mv -f "$tmp" "$2"
+test -d "$2" && {
+rm -f "$2/$tmp"
+printf "%s: %s is a directory\n" "$0" "$dst" 1>&2
+exit 1
+}
+
+exit 0

tools/version.sh

@@ -0,0 +1,12 @@
+#!/bin/sh
+
+if test -d .git ; then
+if type git >/dev/null 2>&1 ; then
+git describe --tags --match 'v[0-9]*' 2>/dev/null \
+| sed -e 's/^v//' -e 's/-/-git-/'
+else
+sed 's/$/-git/' < VERSION
+fi
+else
+cat VERSION
+fi