diff options
Diffstat (limited to 'admin/cve-2015-0235-ghost.c')
-rw-r--r-- | admin/cve-2015-0235-ghost.c | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/admin/cve-2015-0235-ghost.c b/admin/cve-2015-0235-ghost.c new file mode 100644 index 00000000..3615ff57 --- /dev/null +++ b/admin/cve-2015-0235-ghost.c @@ -0,0 +1,40 @@ +/* From http://www.openwall.com/lists/oss-security/2015/01/27/9 */ + +#include <netdb.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <errno.h> + +#define CANARY "in_the_coal_mine" + +struct { + char buffer[1024]; + char canary[sizeof(CANARY)]; +} temp = { "buffer", CANARY }; + +int main(void) { + struct hostent resbuf; + struct hostent *result; + int herrno; + int retval; + + /*** strlen (name) = size_needed - sizeof (*host_addr) - sizeof (*h_addr_ptrs) - 1; ***/ + size_t len = sizeof(temp.buffer) - 16*sizeof(unsigned char) - 2*sizeof(char *) - 1; + char name[sizeof(temp.buffer)]; + memset(name, '0', len); + name[len] = '\0'; + + retval = gethostbyname_r(name, &resbuf, temp.buffer, sizeof(temp.buffer), &result, &herrno); + + if (strcmp(temp.canary, CANARY) != 0) { + puts("vulnerable"); + exit(EXIT_SUCCESS); + } + if (retval == ERANGE) { + puts("not vulnerable"); + exit(EXIT_SUCCESS); + } + puts("should not happen"); + exit(EXIT_FAILURE); +} |