SHARE
TWEET

/* ghosttest.c: GHOST vulnerability tester */

a guest Jan 28th, 2015 113 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. /* ghosttest.c:  GHOST vulnerability tester */
  2. /* Credit: http://www.openwall.com/lists/oss-security/2015/01/27/9 */
  3. #include <netdb.h>
  4. #include <stdio.h>
  5. #include <stdlib.h>
  6. #include <string.h>
  7. #include <errno.h>
  8.  
  9. #define CANARY "in_the_coal_mine"
  10.  
  11. struct {
  12.   char buffer[1024];
  13.   char canary[sizeof(CANARY)];
  14. } temp = { "buffer", CANARY };
  15.  
  16. int main(void) {
  17.   struct hostent resbuf;
  18.   struct hostent *result;
  19.   int herrno;
  20.   int retval;
  21.  
  22.   /*** strlen (name) = size_needed - sizeof (*host_addr) - sizeof (*h_addr_ptrs) - 1; ***/
  23.   size_t len = sizeof(temp.buffer) - 16*sizeof(unsigned char) - 2*sizeof(char *) - 1;
  24.   char name[sizeof(temp.buffer)];
  25.   memset(name, '0', len);
  26.   name[len] = '\0';
  27.  
  28.   retval = gethostbyname_r(name, &resbuf, temp.buffer, sizeof(temp.buffer), &result, &herrno);
  29.  
  30.   if (strcmp(temp.canary, CANARY) != 0) {
  31.     puts("vulnerable");
  32.     exit(EXIT_SUCCESS);
  33.   }
  34.   if (retval == ERANGE) {
  35.     puts("not vulnerable");
  36.     exit(EXIT_SUCCESS);
  37.   }
  38.   puts("should not happen");
  39.   exit(EXIT_FAILURE);
  40. }
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top