The Samba-Bugzilla – Attachment 17990 Details for
Bug 15426
clidfs.c do_connect() missing a "return" after a cli_shutdown() call
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
fake smb server that triggers a use-after-free in smbclient
smc1b.c (text/x-csrc), 1.27 KB, created by
Robert Morris
on 2023-07-20 14:41:26 UTC
(
hide
)
Description:
fake smb server that triggers a use-after-free in smbclient
Filename:
MIME Type:
Creator:
Robert Morris
Created:
2023-07-20 14:41:26 UTC
Size:
1.27 KB
patch
obsolete
>#include <stdio.h> >#include <string.h> >#include <stdlib.h> >#include <unistd.h> >#include <sys/socket.h> >#include <sys/time.h> >#include <sys/types.h> >#include <sys/ioctl.h> >#include <netinet/in.h> >#include <sys/wait.h> >#include <sys/resource.h> >#include <arpa/inet.h> >#include <assert.h> >#include <ctype.h> >#include <fcntl.h> >#include <signal.h> > > >int s = -1; > >int >readn(void *bufx, int n) >{ > char *buf = bufx; > while(n > 0){ > int cc = read(s, buf, n); > if(cc <= 0) > return -1; > n -= cc; > buf += cc; > } > return 0; >} > >int >readmsg(void *bufx) >{ > unsigned char *buf = bufx; > if(readn(buf, 4) < 0) > return -1; > int n = (buf[2] << 8) | buf[3]; > if(readn(buf+4, n) < 0) > return -1; > return n + 4; >} > > >int >main() >{ > signal(SIGPIPE, SIG_IGN); > > struct sockaddr_in sin; > memset(&sin, 0, sizeof(sin)); > sin.sin_family = AF_INET; > sin.sin_port = htons(445); // SMB over TCP > > int ss = socket(AF_INET, SOCK_STREAM, 0); > int yes = 1; > setsockopt(ss, SOL_SOCKET, SO_REUSEADDR, &yes, sizeof(yes)); > if(bind(ss, (struct sockaddr *)&sin, sizeof(sin)) < 0){ > perror("bind"); > exit(1); > } > listen(ss, 10); > > socklen_t sinlen = sizeof(sin); > s = accept(ss, (struct sockaddr *)&sin, &sinlen); > if(s < 0){ > perror("accept"); > exit(1); > } > close(ss); > > sleep(100); >}
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 15426
: 17990 |
18066