Torsocks getpeername() is broken for .onion addresses
When I connect to a .onion host with ssh using torsocks, ssh connects to the host and completes authentication but then it aborts with this error:
get_sock_port: getnameinfo NI_NUMERICSERV failed: ai_family not supported
I built torsocks with additional debug messages and found that the failure is due to a bug in torsocks. Ssh calls getpeername() to map the onion IP cookie address it was given by torsocks back to a hostname, and tsocks_getpeername() at getpeername.c:60 returns the sockaddr struct from the connection table expecting it to contain the onion IP cookie. But that struct is actually all 0's because when the connection entry for a .onion address is created in tsocks_connect() at connect.c:162, the address passed to connection_create is null instead of the onion IP cookie address.
Here's a patch to pass the onion IP cookie address to connection_create() instead of null. With this patch, the ssh connection to a .onion host works.
--- src/lib/connect.c.orig
+++ src/lib/connect.c
@@ -156,10 +156,11 @@
onion_pool_unlock(&tsocks_onion_pool);
if (on_entry) {
/*
- * Create a connection without a destination address since we will set
+ * Create a connection with the onion IP cookie since getpeername()
+ * might need it, and set connection domain and hostname to use
* the onion address name found before.
*/
- new_conn = connection_create(sockfd, NULL);
+ new_conn = connection_create(sockfd, addr);
if (!new_conn) {
errno = ENOMEM;
goto error;
Trac:
Username: Torsocks_user