1 /*
2  * Copyright (C) 2014 - David Goulet <dgoulet@ev0ke.net>
3  *
4  * This program is free software; you can redistribute it and/or modify it
5  * under the terms of the GNU General Public License, version 2 only, as
6  * published by the Free Software Foundation.
7  *
8  * This program is distributed in the hope that it will be useful, but WITHOUT
9  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
10  * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
11  * more details.
12  *
13  * You should have received a copy of the GNU General Public License along with
14  * this program; if not, write to the Free Software Foundation, Inc., 51
15  * Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
16  */
17 
18 #include <assert.h>
19 
20 #include <common/utils.h>
21 
22 #include "torsocks.h"
23 
TSOCKS_LIBC_DECL(listen,LIBC_LISTEN_RET_TYPE,LIBC_LISTEN_SIG)24 TSOCKS_LIBC_DECL(listen, LIBC_LISTEN_RET_TYPE, LIBC_LISTEN_SIG)
25 
26 /*
27  * Torsocks call for listen(2).
28  */
29 LIBC_LISTEN_RET_TYPE tsocks_listen(LIBC_LISTEN_SIG)
30 {
31 	int ret;
32 	socklen_t addrlen;
33 	struct sockaddr sa;
34 
35 	if (tsocks_config.allow_inbound) {
36 		/* Allowed by the user so directly go to the libc. */
37 		goto libc_call;
38 	}
39 
40 	addrlen = sizeof(sa);
41 
42 	ret = getsockname(sockfd, &sa, &addrlen);
43 	if (ret < 0) {
44 		PERROR("[listen] getsockname");
45 		goto error;
46 	}
47 
48 	/*
49 	 * Listen () on a Unix socket is allowed else we are going to try to match
50 	 * it on INET localhost socket.
51 	 */
52 	if (sa.sa_family == AF_UNIX) {
53 		goto libc_call;
54 	}
55 
56 	/* Inbound localhost connections are allowed. */
57 	ret = utils_sockaddr_is_localhost(&sa);
58 	if (!ret) {
59 		/*
60 		 * Listen is completely denied here since this means that the
61 		 * application can accept inbound connections on non localhost that are
62 		 * obviously NOT handled by the Tor network thus reject this call.
63 		 */
64 		DBG("[listen] Non localhost inbound connection are not allowed.");
65 		errno = EPERM;
66 		goto error;
67 	}
68 
69 libc_call:
70 	DBG("[listen] Passing listen fd %d to libc", sockfd);
71 	return tsocks_libc_listen(LIBC_LISTEN_ARGS);
72 
73 error:
74 	return -1;
75 }
76 
77 /*
78  * Libc hijacked symbol listen(2).
79  */
80 LIBC_LISTEN_DECL
81 {
82 	if (!tsocks_libc_listen) {
83 		tsocks_initialize();
84 		tsocks_libc_listen = tsocks_find_libc_symbol(
85 				LIBC_LISTEN_NAME_STR, TSOCKS_SYM_EXIT_NOT_FOUND);
86 	}
87 
88 	return tsocks_listen(LIBC_LISTEN_ARGS);
89 }
90