Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Original nipper-ng processPrivilage implementation (CVE-2019-17424)
/* Original nipper-ng processPrivilage implementation */
/* struct used later in the code */
struct ciscoCommand
{
int parts;
char part[40][128];
};
void processPrivilage(
char *line /* data pointed to by @line is user controlled */,
struct nipperConfig *nipper)
{
// Variables...
struct privilageLevels *privilagePointer = 0;
struct ciscoCommand command;
char tempString[sizeof(line)];
// Debug
if (nipper->debugMode == true)
{
printf("Privilage Line: %s\n", line);
}
// Is this the first privilage
if (nipper->ios->privilage == 0)
{
// Create storage for enable...
privilagePointer = malloc(sizeof(struct privilageLevels));
memset(privilagePointer, 0, sizeof(struct privilageLevels));
// Sort out pointers...
privilagePointer->next = nipper->ios->privilage;
nipper->ios->privilage = privilagePointer;
}
else
{
// Get last privilage
privilagePointer = nipper->ios->privilage;
while (privilagePointer->next != 0)
privilagePointer = privilagePointer->next;
// Create structure
privilagePointer->next = malloc(sizeof(struct privilageLevels));
memset(privilagePointer->next, 0, sizeof(struct privilageLevels));
privilagePointer = privilagePointer->next;
// Init
privilagePointer->next = 0;
}
// Init
command = splitLine(line);
/* the splitLine function fills @command (of type struct ciscoCommand)
with the first 120 chars of the first 40 words from @line, and correctly
sets @command.parts to the number of words it stored in array @command.part
*/
strcpy(tempString, "");
// Privilage Level
privilagePointer->level = atoi(command.part[3]);
// Command Access
int loop;
for (loop = 4; loop < command.parts; loop++)
{
sprintf(tempString, "%s %s", tempString, command.part[loop]);
}
strncpy(privilagePointer->command, tempString, sizeof(privilagePointer->command));
}
@guywhataguy

This comment has been minimized.

Copy link
Owner Author

guywhataguy commented Oct 20, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.