0c9e8df91c
git-subtree-dir: Security Research and Development with LLVM - Andrew Reiter git-subtree-mainline: aa7a9fc1e16c3c5be7ba312c4b4e37775e005101 git-subtree-split: 0605b5174c2bc286d3e95d6c0df620800bef96c7
38 строки
744 B
C
38 строки
744 B
C
/*
|
|
* NSDL002
|
|
*
|
|
* Naive Sensitive Data Leak 002
|
|
*
|
|
*/
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
#include <string.h>
|
|
#include <unistd.h>
|
|
#include <sys/types.h>
|
|
#include <sys/socket.h>
|
|
#include <netdb.h>
|
|
|
|
void
|
|
leaks_passwd(unsigned lookup)
|
|
{
|
|
char *p;
|
|
struct addrinfo hints, *result;
|
|
|
|
p = getpass("enter passwd: ");
|
|
/* l.v. p is now tainted with sensitive data */
|
|
memset(&hints, 0, sizeof(struct addrinfo));
|
|
hints.ai_family = AF_UNSPEC;
|
|
hints.ai_socktype = SOCK_DGRAM;
|
|
hints.ai_flags = 0;
|
|
hints.ai_protocol = 0;
|
|
/* leak password via getaddrinfo() DNS lookup. contrived af. */
|
|
memset(p, 0, strlen(p)); // XXX :PpPp
|
|
(void)getaddrinfo(p, "http", &hints, &result);
|
|
}
|
|
int
|
|
main(int argc, char **argv)
|
|
{
|
|
leaks_passwd(random());
|
|
return 0;
|
|
}
|