Created
January 31, 2015 12:53
-
-
Save lirazsiri/e8223e7a1f5dc04c4c1f to your computer and use it in GitHub Desktop.
GHOST vulnerability tested
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* ghosttest.c: GHOST vulnerability tester */ | |
/* Credit: http://www.openwall.com/lists/oss-security/2015/01/27/9 */ | |
#include <netdb.h> | |
#include <stdio.h> | |
#include <stdlib.h> | |
#include <string.h> | |
#include <errno.h> | |
#define CANARY "in_the_coal_mine" | |
struct { | |
char buffer[1024]; | |
char canary[sizeof(CANARY)]; | |
} temp = { "buffer", CANARY }; | |
int main(void) { | |
struct hostent resbuf; | |
struct hostent *result; | |
int herrno; | |
int retval; | |
/*** strlen (name) = size_needed - sizeof (*host_addr) - sizeof (*h_addr_ptrs) - 1; ***/ | |
size_t len = sizeof(temp.buffer) - 16*sizeof(unsigned char) - 2*sizeof(char *) - 1; | |
char name[sizeof(temp.buffer)]; | |
memset(name, '0', len); | |
name[len] = '\0'; | |
retval = gethostbyname_r(name, &resbuf, temp.buffer, sizeof(temp.buffer), &result, &herrno); | |
if (strcmp(temp.canary, CANARY) != 0) { | |
puts("vulnerable"); | |
exit(EXIT_SUCCESS); | |
} | |
if (retval == ERANGE) { | |
puts("not vulnerable"); | |
exit(EXIT_SUCCESS); | |
} | |
puts("should not happen"); | |
exit(EXIT_FAILURE); | |
} | |
~ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment