37 строки
663 B
C
37 строки
663 B
C
/*
|
|
* NSDL001
|
|
*
|
|
* Naive Sensitive Data Leak 001
|
|
*
|
|
*/
|
|
#include <stdio.h>
|
|
#include <string.h>
|
|
#include <unistd.h>
|
|
#include <sys/types.h>
|
|
#include <sys/socket.h>
|
|
#include <netdb.h>
|
|
|
|
void
|
|
leaks_passwd()
|
|
{
|
|
char *p;
|
|
struct addrinfo hints, *result;
|
|
|
|
p = getpass("enter passwd: ");
|
|
/* l.v. p is now tainted with sensitive data */
|
|
memset(&hints, 0, sizeof(struct addrinfo));
|
|
hints.ai_family = AF_UNSPEC;
|
|
hints.ai_socktype = SOCK_DGRAM;
|
|
hints.ai_flags = 0;
|
|
hints.ai_protocol = 0;
|
|
/* leak password via getaddrinfo() DNS lookup. contrived af. */
|
|
(void)getaddrinfo(p, "http", &hints, &result);
|
|
}
|
|
|
|
int
|
|
main(int argc, char **argv)
|
|
{
|
|
leaks_passwd();
|
|
return 0;
|
|
}
|