search

namecoin / heteronculous-horklump

Go port of Heteronculous (ptrace-based proxy leak detector). Outreachy project.
GNU General Public License v3.0
7 stars 3 forks source link

Possible thread-safety issues with authData #44

Closed JeremyRand closed 1 year ago

JeremyRand commented 1 year ago

I think there may be some thread-safety issues with the authData global.

This line seems like it will potentially be called from multiple threads if the tracee is multithreaded:

https://github.com/robertmin1/heteronculous-horklump/blob/fe0fa005b074e0464c856940333eee02e874ae57/main.go#L415

I don't see why we need to call it multiple times to begin with -- can't we simply call it once, before the tracer even spawns the tracee?

These lines also seem like they could corrupt the cfg contents if a race happens:

https://github.com/robertmin1/heteronculous-horklump/blob/fe0fa005b074e0464c856940333eee02e874ae57/main.go#L423-L425

Is there a reason we need to store the randomly selected user+pass in cfg here? It seems like using a local variable inside Socksify should be fine.

robertmin1 commented 1 year ago

In case the user passed their own user+pass details, that was the main reason for cfg there. I will just store the data in a local variable

robertmin1 commented 1 year ago

Using local variables instead, also calling initializeAuthData() once before tracing begins.