Skip to content

Commit

Permalink
Fix infinite loop in LL traversal, better reachability checks.
Browse files Browse the repository at this point in the history
  • Loading branch information
@nedwill
nedwill committed Jan 7, 2017
1 parent a171fe2 commit 49b7fde
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 3 deletions.
5 changes: 3 additions & 2 deletions source/cleanup.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,8 +58,9 @@ static void *find_orphan() {
} else if (ktimer_base <= child && child < ktimer_end) {
/* object is freed, next pointer is reachable */
reachable[TOBJ_ADDR_TO_IDX(ktimer_base, child)] = true;
} else {
} else if (child != NULL && child != (void *)TIMER2_NEXT_KERNEL) {
printf("[!] Warning! Timer table entry had non-vtable, non-freed entry!\n");
printf("It looks like this: %p -> %p\n", current_timer, child);
wait_for_user();
}
}
Expand Down Expand Up @@ -96,7 +97,7 @@ static void **find_parent() {
// traverse linked list until next points to userspace
void *current_node = ktimer_pool_head;
while (true) {
void *next = (void *)kreadint_real(ktimer_pool_head);
void *next = (void *)kreadint_real(current_node);

if (next == (void *)TIMER2_NEXT_KERNEL) {
return current_node;
Expand Down
1 change: 0 additions & 1 deletion source/exploit.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -359,7 +359,6 @@ bool k11_exploit() {
if (!cleanup_uaf()) {
printf("[-] Warning! Exploit succeeded couldn't cleanup kernel.\n");
printf("[-] System instability may occur.\n");

return false;
}

Expand Down

0 comments on commit 49b7fde

Please sign in to comment.