SIGSEGV when using proxy_dns_daemon and an onion address as a proxy

[MrBruz]

Setup: Create a config that uses proxy_dns_daemon and a hidden service as a proxy

proxy_dns_daemon

socks5  127.0.0.1 9050
socks5  example.onion   1234    Username    Password

Note: proxy_dns_daemon is required due to proxychains proxying a web browser

Error "logs":

stopped 0x7ffff7d2ed94 in pthread_mutex_lock (), reason: SIGSEGV

[#0] 0x7ffff7d2ed94 → pthread_mutex_lock()
[#1] 0x7ffff7f755b5 → at_get_ip_for_host()

https://github.com/rofl0r/proxychains-ng/blob/918855deed4684eccc93a95c82fec840569fb334/src/allocator_thread.c#L271

Issue seems similar to the following https://github.com/rofl0r/proxychains-ng/commit/cc7bc891ffd9ed1ebcb61d61f36ed02a0e401504

[rofl0r]

try whether this change fixes it:

diff --git a/src/libproxychains.c b/src/libproxychains.c
index 575e439..5d5f51e 100644
--- a/src/libproxychains.c
+++ b/src/libproxychains.c
@@ -349,7 +349,7 @@ static void get_chain_data(proxy_data * pd, unsigned int *proxy_count, chain_typ
                    if(*ct == STRICT_TYPE && proxychains_resolver >= DNSLF_RDNS_START && count > 0) {
                        /* we can allow dns hostnames for all but the first proxy in the list if chaintype is strict, as remote lookup can be done */
                        rdns_init(proxychains_resolver);
-                       ip_type4 internal_ip = at_get_ip_for_host(host, strlen(host));
+                       ip_type4 internal_ip = rdns_get_ip_for_host(host, strlen(host));
                        pd[count].ip.is_v6 = 0;
                        host_ip->addr.v4 = internal_ip;
                        if(internal_ip.as_int == IPT4_INVALID.as_int)

[MrBruz]

This stops the crash but instead causes it to freeze up. Logs are as follows.

[proxychains] config file found: /home/<username>/<path>/proxychains.conf
[proxychains] preloading /usr/local/lib/libproxychains4.so

Stacktrace:

[#0] 0x7ffff7a90ab1 → cmp rax, 0xfffffffffffff000
[#1] 0x7ffff7f74be8 → init_lib_wrapper(caller=0x7ffff7f79a8e <__FUNCTION__.0> "sendto")
[#2] 0x7ffff7f7767c → sendto(sockfd=0x4, buf=0x7fffffffc6d0, len=0x43, flags=0x0, dest_addr=0x7ffff7fc12a0 <rdns_server>, addrlen=0x10)
[#3] 0x7ffff7f789fc → rdns_daemon_get_ip_for_host(host=0x7fffffffd230 "example.onion", len=0x3e)
[#4] 0x7ffff7f78b81 → rdns_get_ip_for_host(host=0x7fffffffd230 "example.onion", len=0x3e)
[#5] 0x7ffff7f7556b → get_chain_data(pd=0x7ffff7f7c640 <proxychains_pd>, proxy_count=0x7ffff7fc0640 <proxychains_proxy_count>, ct=0x7ffff7f7c630 <proxychains_ct>)
[#6] 0x7ffff7f74aa2 → do_init()
[#7] 0x7ffff7a90b17 → xor esi, esi
[#8] 0x7ffff7f74be8 → init_lib_wrapper(caller=0x7ffff7f79a28 <__FUNCTION__.12> "gcc_init")
[#9] 0x7ffff7f74bfe → gcc_init()

It seems to be locking up on this exact line https://github.com/rofl0r/proxychains-ng/blob/918855deed4684eccc93a95c82fec840569fb334/src/rdns.c#L42

Note: when using just tor it connects to proxychains4-daemon and asks for ifconfig.me but when adding the onion service into the chain proxychains4-daemon does not get connected to

[MrBruz]

Note: It freezes the first time due to it trying to resolve 127.0.0.1 through rdns_daemon

I added a if-statement to use the old method if it is trying to resolve 127.0.0.1 although unfortunately it still freezes up on example.onion

[MrBruz]

There may be an issue with rdns_daemon_get_ip_for_host not resolving domains correctly due to it never connecting to the proxychains4-daemon (ncat -l 127.0.0.1 1053 -u -vvv for testing)