diff options
author | Sam Thursfield <sam.thursfield@codethink.co.uk> | 2015-01-28 10:45:54 +0000 |
---|---|---|
committer | Sam Thursfield <sam.thursfield@codethink.co.uk> | 2015-01-28 10:45:54 +0000 |
commit | 7e14b949c50e3c5c1caca38521328902940effc5 (patch) | |
tree | dad14dbbfdb2627cd2036bf50d3ab3b250e5f196 /admin | |
parent | a34dda6aca0b37dbe5f3f3ec88f8bf785705538c (diff) | |
download | infrastructure-7e14b949c50e3c5c1caca38521328902940effc5.tar.gz |
Test for CVE-2015-0235 (GHOST)
Diffstat (limited to 'admin')
-rw-r--r-- | admin/cve-2015-0235-ghost.c | 40 | ||||
-rw-r--r-- | admin/test-cve-2015-0235-ghost.yml | 18 |
2 files changed, 58 insertions, 0 deletions
diff --git a/admin/cve-2015-0235-ghost.c b/admin/cve-2015-0235-ghost.c new file mode 100644 index 00000000..3615ff57 --- /dev/null +++ b/admin/cve-2015-0235-ghost.c @@ -0,0 +1,40 @@ +/* From http://www.openwall.com/lists/oss-security/2015/01/27/9 */ + +#include <netdb.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <errno.h> + +#define CANARY "in_the_coal_mine" + +struct { + char buffer[1024]; + char canary[sizeof(CANARY)]; +} temp = { "buffer", CANARY }; + +int main(void) { + struct hostent resbuf; + struct hostent *result; + int herrno; + int retval; + + /*** strlen (name) = size_needed - sizeof (*host_addr) - sizeof (*h_addr_ptrs) - 1; ***/ + size_t len = sizeof(temp.buffer) - 16*sizeof(unsigned char) - 2*sizeof(char *) - 1; + char name[sizeof(temp.buffer)]; + memset(name, '0', len); + name[len] = '\0'; + + retval = gethostbyname_r(name, &resbuf, temp.buffer, sizeof(temp.buffer), &result, &herrno); + + if (strcmp(temp.canary, CANARY) != 0) { + puts("vulnerable"); + exit(EXIT_SUCCESS); + } + if (retval == ERANGE) { + puts("not vulnerable"); + exit(EXIT_SUCCESS); + } + puts("should not happen"); + exit(EXIT_FAILURE); +} diff --git a/admin/test-cve-2015-0235-ghost.yml b/admin/test-cve-2015-0235-ghost.yml new file mode 100644 index 00000000..6090eb2b --- /dev/null +++ b/admin/test-cve-2015-0235-ghost.yml @@ -0,0 +1,18 @@ +# Test systems for CVE-2015-0235 GHOST +# +# http://www.openwall.com/lists/oss-security/2015/01/27/9 +--- +- hosts: all + gather_facts: False + tasks: + - name: copy in the cve-2015-0235-ghost-x86-64 test program + copy: src=cve-2015-0235-ghost-x86-64 dest=~ mode=755 + + - name: run the test program + command: ~/cve-2015-0235-ghost-x86-64 + register: test_output + + - debug: var=test_output.stdout_lines + + - name: remove test program again + file: path=~/cve-2015-0235-ghost-x86-64 state=absent |