Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Please unblock package tinyproxy [ Reason ] Two flaws have been discovered recently by other Debian users: + [ Unit 193 ] + * d/p/0001_fix-segfault-with-socks4.patch: + + Grab an upstream patch to fix a segfault when using socks4 with + tor. (Closes: #990434). -> This issue has been during the past week by Unit 193 and tinyproxy upstream. This allows using tinyproxy as http-proxy on top of a local tor SOCKS4 proxy. + [ Mike Gabriel ] + * debian/tinyproxy.service: + + Use KillMode=process (instead of the default 'control-group'). The main + tinyproxy process will stop all its workers if a SIGTERM signal is + received. This avoids SIGTERM racing situation where the tinyproxy main + process and systemd are trying to kill tinyproxy's workers simultaneously. + (Closes: #968322). Situations have been observed where tinyproxy exits with exitcode 2 on systemd's normal SIGTERM signal being sent on service stop. Using KillMode=process which only terminates the main tinyproxy process (instead of attempting to kill all children, as well) resolves this problem. [ Impact ] Tinyproxy would not be usable on top of a local tor SOCKS4 proxy. [ Tests ] Manual tests. [ Risks ] If something has been missed, tinyproxy might fail for people and a regression fix would be needed. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing [ Other info ] None. unblock tinyproxy/1.10.0-5
diff -Nru tinyproxy-1.10.0/debian/changelog tinyproxy-1.10.0/debian/changelog --- tinyproxy-1.10.0/debian/changelog 2020-01-21 11:14:47.000000000 +0100 +++ tinyproxy-1.10.0/debian/changelog 2021-07-02 12:25:46.000000000 +0200 @@ -1,3 +1,20 @@ +tinyproxy (1.10.0-5) unstable; urgency=medium + + [ Unit 193 ] + * d/p/0001_fix-segfault-with-socks4.patch: + + Grab an upstream patch to fix a segfault when using socks4 with + tor. (Closes: #990434). + + [ Mike Gabriel ] + * debian/tinyproxy.service: + + Use KillMode=process (instead of the default 'control-group'). The main + tinyproxy process will stop all its workers if a SIGTERM signal is + received. This avoids SIGTERM racing situation where the tinyproxy main + process and systemd are trying to kill tinyproxy's workers simultaneously. + (Closes: #968322). + + -- Mike Gabriel <sunwea...@debian.org> Fri, 02 Jul 2021 12:25:46 +0200 + tinyproxy (1.10.0-4) unstable; urgency=medium * debian/tinyproxy.init: diff -Nru tinyproxy-1.10.0/debian/patches/0001_fix-segfault-with-socks4.patch tinyproxy-1.10.0/debian/patches/0001_fix-segfault-with-socks4.patch --- tinyproxy-1.10.0/debian/patches/0001_fix-segfault-with-socks4.patch 1970-01-01 01:00:00.000000000 +0100 +++ tinyproxy-1.10.0/debian/patches/0001_fix-segfault-with-socks4.patch 2021-07-02 12:22:48.000000000 +0200 @@ -0,0 +1,51 @@ +From 7ea9f80d3f31c85a4729854b47977e282632e6ed Mon Sep 17 00:00:00 2001 +From: rofl0r <rof...@users.noreply.github.com> +Date: Fri, 25 Jun 2021 02:43:00 +0100 +Subject: [PATCH] fix segfault in socks4 upstream with unresolvable hostname + +using a socks4 tor upstream with an .onion url resulted in +gethostbyname() returning NULL and a subsequent segfault. +not only did the code not check the return value of gethostbyname(), +that resolver API itself isn't threadsafe. + +as pure SOCKS4 supports only IPv4 addresses, and the main SOCKS4 +user to this date is tor, we just use SOCKS4a unconditionally and +pass the hostname to the proxy without trying to do any local name +resolving. + +i suspect in 2021 almost all SOCKS4 proxy servers in existence use +SOCKS4a extension, but should i be wrong on this, i prefer issue +reports to show up and implement plain SOCKS4 fallback only when +i see it is actually used in practice. +--- + src/reqs.c | 12 +++++++----- + 1 file changed, 7 insertions(+), 5 deletions(-) + +--- a/src/reqs.c 2021-06-25 01:00:13.026080096 -0400 ++++ b/src/reqs.c 2021-06-25 01:00:13.026080096 -0400 +@@ -1287,7 +1287,6 @@ + unsigned short port; + size_t ulen, passlen; + +- struct hostent *host; + struct upstream *cur_upstream = connptr->upstream_proxy; + + ulen = cur_upstream->ua.user ? strlen(cur_upstream->ua.user) : 0; +@@ -1304,10 +1303,13 @@ + buff[1] = 1; /* connect command */ + port = htons(request->port); + memcpy(&buff[2], &port, 2); /* dest port */ +- host = gethostbyname(request->host); +- memcpy(&buff[4], host->h_addr_list[0], 4); /* dest ip */ +- buff[8] = 0; /* user */ +- if (9 != safe_write(connptr->server_fd, buff, 9)) ++ memcpy(&buff[4], "\0\0\0\1" /* socks4a fake ip */ ++ "\0" /* user */, 5); ++ len = strlen(request->host); ++ if(len>255) ++ return -1; ++ memcpy(&buff[9], request->host, len+1); ++ if (9+len+1 != safe_write(connptr->server_fd, buff, 9+len+1)) + return -1; + if (8 != safe_read(connptr->server_fd, buff, 8)) + return -1; diff -Nru tinyproxy-1.10.0/debian/patches/series tinyproxy-1.10.0/debian/patches/series --- tinyproxy-1.10.0/debian/patches/series 2018-09-04 14:58:13.000000000 +0200 +++ tinyproxy-1.10.0/debian/patches/series 2021-07-02 12:22:48.000000000 +0200 @@ -1,3 +1,4 @@ 1001_fix-select.patch 1002_fix-ftbfs-on-Hurd.patch 1003_fix-rereading-filter-conf-when-unprivileged.patch +0001_fix-segfault-with-socks4.patch diff -Nru tinyproxy-1.10.0/debian/tinyproxy.service tinyproxy-1.10.0/debian/tinyproxy.service --- tinyproxy-1.10.0/debian/tinyproxy.service 2018-09-04 14:58:13.000000000 +0200 +++ tinyproxy-1.10.0/debian/tinyproxy.service 2021-07-02 12:25:46.000000000 +0200 @@ -9,6 +9,9 @@ ExecStart=/usr/bin/tinyproxy $FLAGS PIDFile=/run/tinyproxy/tinyproxy.pid PrivateDevices=yes +KillMode=process +KillSignal=SIGTERM +TimeoutStopSec=20 [Install] WantedBy=multi-user.target