- A+
所属分类:神兵利刃
CVE-2012-2122 也就是 MySQL 刚刚爆出的那个漏洞。该代码用来检查是否 memcmp 存在此漏洞,如下:
/*
* CVE-2012-2122 checker
*
* You may get differing results with/without -m32
*
* Joshua J. Drake
*/
#include <stdio.h>
#include <stdlib.h>
#include <time.h>
#include <sys/types.h>
#include <unistd.h>
#include <string.h>
int main(void) {
int one, two, ret;
time_t start = time(0);
time_t now;
srand(getpid()*start);
while (1) {
one = rand();
two = rand();
ret = memcmp(&one, &two, sizeof(int));
if (ret < -128 || ret > 127)
break;
time(&now);
if (now - start > 10) {
printf("Not triggered in 10 seconds, *probably* not vulnerable..\n");
return 1;
}
}
printf("Vulnerable! memcmp returned: %d\n", ret);
return 0;
}
代码来源:http://pastie.org/4064638
- 我的微信
- 这是我的微信扫一扫
-
- 我的微信公众号
- 我的微信公众号扫一扫
-
