Sindbad~EG File Manager

Current Path : /proc/1603417/root/usr/share/systemtap/examples/security-band-aids/
Upload File :
Current File : //proc/1603417/root/usr/share/systemtap/examples/security-band-aids/cve-2018-6485-templatized.stp

#!/usr/bin/stap -g -m CVE_2018_6485

// Work around CVE-2018-6485 and CVE-2018-6551 by imposing a limit
// on the incoming $bytes parameter.  If it's too close to SIZE_MAX,
// pre-CVE code could overflow.  With this band-aid, (a) the size will
// be reduced, to a number beneath the overflow range, but high
// enough that we are confident the subsequent malloc will still fail
// and/or (b) the process is killed

global kill_p = 0

probe process("/lib*/libc.so.6").function("_int_malloc"),
      process("/lib*/libc.so.6").function("_int_memalign")
      if(cve_enabled_p) {
  MALLOC_ALIGNMENT = 65536; /* over-estimate */
  MINSIZE = 64 + MALLOC_ALIGNMENT; /* way over-estimate */
  MAXSIZE = (probing_32bit_app() ? 4294967295 : 18446744073709551615) - MINSIZE*2;
  /* compare as numbers as if unsigned */
  if ((MAXSIZE > 0 && $bytes > 0 && $bytes > MAXSIZE) ||
      (MAXSIZE < 0 && $bytes < 0 && MAXSIZE < $bytes)) {
    cve_count_metric("hit")
    if (cve_notify_p)
      printf("cve-2018-6485 bandaid %s[%d] %d>%d kill?%d fix?%d\n",
	     execname(), tid(),
             $bytes, MAXSIZE,
	     kill_p, cve_fix_p)
    if (kill_p)
      raise (9);
    if (cve_fix_p)
      $bytes = MAXSIZE;
  }
  else
    cve_count_metric("miss")
}

probe timer.s(60) if(cve_enabled_p) {
  if (cve_notify_p)
    printf("cve-2018-6485 bandaid miss#%d hit#%d kill?%d fix?%d\n",
	    cve_metrics["miss"], cve_metrics["hit"], kill_p, cve_fix_p)
}

# Take a look at /proc/systemtap/CVE_2018_6485/* for parameters and prometheus metrics

Sindbad File Manager Version 1.0, Coded By Sindbad EG ~ The Terrorists