poc.c at main - STRLCPY/CVE-2022-27666

ROOT /

poc.c

2216 lines | ISO-8859-1 | 65 KB

Blame Outline

Outline

SLAB_32_OBJS_PER_SLAB

SLAB_32_CPU_PARTIAL

SLAB_1k_OBJS_PER_SLAB

SLAB_1k_CPU_PARTIAL

SLAB_2k_OBJS_PER_SLAB

SLAB_2k_CPU_PARTIAL

SLAB_4k_OBJS_PER_SLAB

SLAB_4k_CPU_PARTIAL

SIZE_OF_MSG_MSG

SIZE_OF_MSG_MSGSEG

LAST_PAGE_GAP_BYTES

PRINT_STACK_DEBUG

PRINT_PAGE_ALLOC

PRINT_PAGE_FREE

PRINT_USER_KEY_PAYLOAD

PRINT_PAGE_CUR_ORDER

PRINT_PAGE_FREE_DETAIL

PRINT_OOB_DETAIL

PRINT_TARGET_SLAB

PRINT_MSG_DETAIL

SIZE_OF_USER_KEY_PAYLOAD

SIZE_OF_USER_KEY_PAYLOAD_SLAB

HEAP_SPRAY_LOOP

PROC_MODPROBE_TRIGGER

MAX_QBYTES_IN_QUEUE

MSG_HEADER_SIZE

NONFAILING(...)

IFLA_IPVLAN_FLAGS

IPVLAN_MODE_L3S

DEVLINK_FAMILY_NAME

DEVLINK_CMD_PORT_GET

DEVLINK_ATTR_BUS_NAME

DEVLINK_ATTR_DEV_NAME

DEVLINK_ATTR_NETDEV_NAME

addr_single_start : uint64_t

addr_single_stop : uint64_t

addr_single_next : uint64_t

addr_modprobe_path : uint64_t

kaslr_offset : int64_t

pause_flag : int

evil_buffer : char*

msg_next : uint64_t

msglist_prev : uint64_t

msglist_next : uint64_t

fuse_mem_addr : void*

msqid : int[0x1000]

next : struct list_head*

prev : struct list_head*

mtext : char[1]

payload : char*

mtext : char[1]

m_list : struct list_head

security : void*

mutex : pthread_mutex_t

proc_mutex : pthread_mutex_t[N_PROCS+1]

shared_data : struct

mutex : pthread_mutex_t

proc_mutex : pthread_mutex_t[N_PROCS+1]

mutex : pthread_mutex_t*

free_mutex : shared_data*

spray_lock : shared_data*

two_loop : shared_data*

shell_lock : shared_data*

hang_threads : shared_data*

fake_user_key_payload

callback : void*

datalen : short unsigned int

procid : unsigned long long

skip_segv : __thread int

segv_env : __thread jmp_buf

recvmymsg(int,int,void*,int,int) {...} : void*

msg_spray(int,int,int) {...} : int

sendmymsg(int,int,int,int) {...} : void

load_symbols() {...} : void

write_file(const char*,const char*,...) {...} : bool

nested : struct nlattr*[8]

buf : char[4096]

netlink_init(struct nlmsg*,int,int,const void*,int) {...} : void

netlink_attr(struct nlmsg*,int,const void*,int) {...} : void

netlink_nest(struct nlmsg*,int) {...} : void

netlink_done(struct nlmsg*) {...} : void

netlink_send_ext(struct nlmsg*,int,uint16_t,int*,bool) {...} : int

netlink_send(struct nlmsg*,int) {...} : int

netlink_query_family_id(struct nlmsg*,int,const char*,bool) {...} : int

netlink_next_msg(struct nlmsg*,unsigned int,unsigned int) {...} : int

netlink_add_device_impl(struct nlmsg*,const char*,const char*) {...} : void

netlink_add_device(struct nlmsg*,int,const char*,const char*) {...} : void

netlink_add_veth(struct nlmsg*,int,const char*,const char*) {...} : void

netlink_add_hsr(struct nlmsg*,int,const char*,const char*,const char*) {...} : void

netlink_add_linked(struct nlmsg*,int,const char*,const char*,const char*) {...} : void

netlink_add_vlan(struct nlmsg*,int,const char*,const char*,uint16_t,uint16_t) {...} : void

netlink_add_macvlan(struct nlmsg*,int,const char*,const char*) {...} : void

netlink_add_geneve(struct nlmsg*,int,const char*,uint32_t,struct in_addr*,struct in6_addr*) {...} : void

netlink_add_ipvlan(struct nlmsg*,int,const char*,const char*,uint16_t,uint16_t) {...} : void

netlink_device_change(struct nlmsg*,int,const char*,bool,const char*,const void*,int,const char*) {...} : void

netlink_add_addr(struct nlmsg*,int,const char*,const void*,int) {...} : int

netlink_add_addr4(struct nlmsg*,int,const char*,const char*) {...} : void

netlink_add_addr6(struct nlmsg*,int,const char*,const char*) {...} : void

nlmsg : struct nlmsg

nlmsg2 : struct nlmsg

initialize_devlink_ports(const char*,const char*,const char*) {...} : void

netdevsim_add(unsigned int,unsigned int) {...} : void

WG_CMD_GET_DEVICE

WG_CMD_SET_DEVICE

wgallowedip_attribute

WGALLOWEDIP_A_UNSPEC

WGALLOWEDIP_A_FAMILY

WGALLOWEDIP_A_IPADDR

WGALLOWEDIP_A_CIDR_MASK

netlink_wireguard_setup(void) {...} : void

initialize_netdevices(void) {...} : void

initialize_netdevices_init(void) {...} : void

setup_common() {...} : void

wait_for_loop(int) {...} : int

drop_caps(void) {...} : void

sandbox_stack : __attribute__((aligned(64 << 10))) static char[1 << 20]

namespace_sandbox_proc(void*) {...} : int

do_sandbox_namespace(void) {...} : int

r : uint64_t[2]

time : unsigned int

fork_spary_n(int,unsigned int,int) {...} : void

packet_socket_rx_ring_init(int,unsigned int,unsigned int,unsigned int,unsigned int,unsigned int) {...} : void

packet_socket_setup(unsigned int,unsigned int,unsigned int,unsigned int,int) {...} : int

initialise_shared(shared_data**) {...} : void

pagealloc_pad(int,int) {...} : int

packet_sock_kmalloc() {...} : int

send_xattr_debug(void*) {...} : void

spray_4k_thread(int,int) {...} : void

release_spray_4k_lock(int) {...} : void

spray_user_key(int,int,int) {...} : int*

init_fuse_mem(char*,void**,void*,int) {...} : void

send_xattr(void*) {...} : void

spray_4k(int,int) {...} : void

oob_write(char*,int,int,int,int) {...} : void

leak_kalsr() {...} : bool

fuse_sendmsg(struct spary_msg_arg*) {...} : void

fuse_msg_spray(int,int,void*) {...} : int

arb_write(void*,int,void*) {...} : bool

modprobe_trigger() {...} : void

am_i_root() {...} : int

modprobe_init() {...} : void

overwrite_modprobe() {...} : void

loop(void) {...} : void

unshare_setup(uid_t,gid_t) {...} : void

fargs_evil1 : char*[]

fargs_evil2 : char*[]

main(int,char*[]) {...} : int

Please wait...

Page is in error, reload to recover