public
d / p.c
Created

popen-leaks

  • Download Gist
p.c
C
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
#include <stdio.h>
 
int main(){
/* foo for leak */
FILE *foo = fopen("foo", "r");
if (!foo)
return 1;
char buf[256];
/* read one byte */
if (!fread(buf, 1, 1, foo))
return 2;
FILE *pipe = popen("ruby r.rb", "r");
if (!pipe)
return 3;
char *s;
while (s = fgets(buf, sizeof(buf), pipe)) {
printf("%s", buf);
}
if (!feof(pipe))
return 4;
fclose(foo);
pclose(pipe);
return 0;
}
r.rb
Ruby
1 2 3 4 5 6 7 8 9 10 11 12 13
#!/usr/bin/env ruby
 
# finds all open file descriptors
 
3.upto(4096) do |i|
begin
if io = IO::new(i)
puts i
io.close
end
rescue ArgumentError, Errno::EBADF
end
end

Please sign in to comment on this gist.

Something went wrong with that request. Please try again.