├── LICENSE ├── Multi Zip Slip (Arbitrary Write in Archive Extraction) ├── README.md ├── libarchive_example.c ├── malicious.tar └── python_example.py ├── Posix Command Injection ├── README.md └── src │ └── CmdInjExample │ ├── CMakeLists.txt │ ├── FileParser.cpp │ ├── FileParser.h │ ├── bin │ ├── CmdInjExample │ └── test.bin │ ├── main.cpp │ └── poc.rb ├── Posix Null Byte Terminator ├── README.md ├── leak_example.png ├── snprintf_example.png ├── sprintf_example.png ├── strcpy_example.png └── strncpy_example.png ├── Posix Stack Buffer Overflow ├── README.md ├── build.sh ├── compile.sh ├── pistache │ ├── .travis.yml │ ├── CMakeCache.txt │ ├── CMakeFiles │ │ ├── 3.5.1 │ │ │ ├── CMakeCCompiler.cmake │ │ │ ├── CMakeCXXCompiler.cmake │ │ │ ├── CMakeDetermineCompilerABI_C.bin │ │ │ ├── CMakeDetermineCompilerABI_CXX.bin │ │ │ ├── CMakeSystem.cmake │ │ │ ├── CompilerIdC │ │ │ │ ├── CMakeCCompilerId.c │ │ │ │ └── a.out │ │ │ └── CompilerIdCXX │ │ │ │ ├── CMakeCXXCompilerId.cpp │ │ │ │ └── a.out │ │ ├── CMakeDirectoryInformation.cmake │ │ ├── CMakeOutput.log │ │ ├── Makefile.cmake │ │ ├── Makefile2 │ │ ├── TargetDirectories.txt │ │ ├── cmake.check_cache │ │ ├── feature_tests.bin │ │ ├── feature_tests.c │ │ ├── feature_tests.cxx │ │ └── progress.marks │ ├── CMakeLists.txt │ ├── LICENSE │ ├── Makefile │ ├── README.md │ ├── cmake_install.cmake │ ├── examples │ │ ├── CMakeLists.txt │ │ ├── custom_header.cc │ │ ├── hello_server.cc │ │ ├── http_client.cc │ │ ├── http_server.cc │ │ ├── rest_description.cc │ │ └── rest_server.cc │ ├── googletest-release-1.7.0 │ │ ├── CHANGES │ │ ├── CMakeLists.txt │ │ ├── CONTRIBUTORS │ │ ├── LICENSE │ │ ├── Makefile.am │ │ ├── README │ │ ├── build-aux │ │ │ └── .keep │ │ ├── cmake │ │ │ └── internal_utils.cmake │ │ ├── codegear │ │ │ ├── gtest.cbproj │ │ │ ├── gtest.groupproj │ │ │ ├── gtest_all.cc │ │ │ ├── gtest_link.cc │ │ │ ├── gtest_main.cbproj │ │ │ └── gtest_unittest.cbproj │ │ ├── configure.ac │ │ ├── include │ │ │ └── gtest │ │ │ │ ├── gtest-death-test.h │ │ │ │ ├── gtest-message.h │ │ │ │ ├── gtest-param-test.h │ │ │ │ ├── gtest-param-test.h.pump │ │ │ │ ├── gtest-printers.h │ │ │ │ ├── gtest-spi.h │ │ │ │ ├── gtest-test-part.h │ │ │ │ ├── gtest-typed-test.h │ │ │ │ ├── gtest.h │ │ │ │ ├── gtest_pred_impl.h │ │ │ │ ├── gtest_prod.h │ │ │ │ └── internal │ │ │ │ ├── gtest-death-test-internal.h │ │ │ │ ├── gtest-filepath.h │ │ │ │ ├── gtest-internal.h │ │ │ │ ├── gtest-linked_ptr.h │ │ │ │ ├── gtest-param-util-generated.h │ │ │ │ ├── gtest-param-util-generated.h.pump │ │ │ │ ├── gtest-param-util.h │ │ │ │ ├── gtest-port.h │ │ │ │ ├── gtest-string.h │ │ │ │ ├── gtest-tuple.h │ │ │ │ ├── gtest-tuple.h.pump │ │ │ │ ├── gtest-type-util.h │ │ │ │ └── gtest-type-util.h.pump │ │ ├── m4 │ │ │ ├── acx_pthread.m4 │ │ │ └── gtest.m4 │ │ ├── make │ │ │ └── Makefile │ │ ├── msvc │ │ │ ├── gtest-md.sln │ │ │ ├── gtest-md.vcproj │ │ │ ├── gtest.sln │ │ │ ├── gtest.vcproj │ │ │ ├── gtest_main-md.vcproj │ │ │ ├── gtest_main.vcproj │ │ │ ├── gtest_prod_test-md.vcproj │ │ │ ├── gtest_prod_test.vcproj │ │ │ ├── gtest_unittest-md.vcproj │ │ │ └── gtest_unittest.vcproj │ │ ├── samples │ │ │ ├── prime_tables.h │ │ │ ├── sample1.cc │ │ │ ├── sample1.h │ │ │ ├── sample10_unittest.cc │ │ │ ├── sample1_unittest.cc │ │ │ ├── sample2.cc │ │ │ ├── sample2.h │ │ │ ├── sample2_unittest.cc │ │ │ ├── sample3-inl.h │ │ │ ├── sample3_unittest.cc │ │ │ ├── sample4.cc │ │ │ ├── sample4.h │ │ │ ├── sample4_unittest.cc │ │ │ ├── sample5_unittest.cc │ │ │ ├── sample6_unittest.cc │ │ │ ├── sample7_unittest.cc │ │ │ ├── sample8_unittest.cc │ │ │ └── sample9_unittest.cc │ │ ├── scripts │ │ │ ├── fuse_gtest_files.py │ │ │ ├── gen_gtest_pred_impl.py │ │ │ ├── gtest-config.in │ │ │ ├── pump.py │ │ │ ├── test │ │ │ │ └── Makefile │ │ │ ├── upload.py │ │ │ └── upload_gtest.py │ │ ├── src │ │ │ ├── gtest-all.cc │ │ │ ├── gtest-death-test.cc │ │ │ ├── gtest-filepath.cc │ │ │ ├── gtest-internal-inl.h │ │ │ ├── gtest-port.cc │ │ │ ├── gtest-printers.cc │ │ │ ├── gtest-test-part.cc │ │ │ ├── gtest-typed-test.cc │ │ │ ├── gtest.cc │ │ │ └── gtest_main.cc │ │ ├── test │ │ │ ├── gtest-death-test_ex_test.cc │ │ │ ├── gtest-death-test_test.cc │ │ │ ├── gtest-filepath_test.cc │ │ │ ├── gtest-linked_ptr_test.cc │ │ │ ├── gtest-listener_test.cc │ │ │ ├── gtest-message_test.cc │ │ │ ├── gtest-options_test.cc │ │ │ ├── gtest-param-test2_test.cc │ │ │ ├── gtest-param-test_test.cc │ │ │ ├── gtest-param-test_test.h │ │ │ ├── gtest-port_test.cc │ │ │ ├── gtest-printers_test.cc │ │ │ ├── gtest-test-part_test.cc │ │ │ ├── gtest-tuple_test.cc │ │ │ ├── gtest-typed-test2_test.cc │ │ │ ├── gtest-typed-test_test.cc │ │ │ ├── gtest-typed-test_test.h │ │ │ ├── gtest-unittest-api_test.cc │ │ │ ├── gtest_all_test.cc │ │ │ ├── gtest_break_on_failure_unittest.py │ │ │ ├── gtest_break_on_failure_unittest_.cc │ │ │ ├── gtest_catch_exceptions_test.py │ │ │ ├── gtest_catch_exceptions_test_.cc │ │ │ ├── gtest_color_test.py │ │ │ ├── gtest_color_test_.cc │ │ │ ├── gtest_env_var_test.py │ │ │ ├── gtest_env_var_test_.cc │ │ │ ├── gtest_environment_test.cc │ │ │ ├── gtest_filter_unittest.py │ │ │ ├── gtest_filter_unittest_.cc │ │ │ ├── gtest_help_test.py │ │ │ ├── gtest_help_test_.cc │ │ │ ├── gtest_list_tests_unittest.py │ │ │ ├── gtest_list_tests_unittest_.cc │ │ │ ├── gtest_main_unittest.cc │ │ │ ├── gtest_no_test_unittest.cc │ │ │ ├── gtest_output_test.py │ │ │ ├── gtest_output_test_.cc │ │ │ ├── gtest_output_test_golden_lin.txt │ │ │ ├── gtest_pred_impl_unittest.cc │ │ │ ├── gtest_premature_exit_test.cc │ │ │ ├── gtest_prod_test.cc │ │ │ ├── gtest_repeat_test.cc │ │ │ ├── gtest_shuffle_test.py │ │ │ ├── gtest_shuffle_test_.cc │ │ │ ├── gtest_sole_header_test.cc │ │ │ ├── gtest_stress_test.cc │ │ │ ├── gtest_test_utils.py │ │ │ ├── gtest_throw_on_failure_ex_test.cc │ │ │ ├── gtest_throw_on_failure_test.py │ │ │ ├── gtest_throw_on_failure_test_.cc │ │ │ ├── gtest_uninitialized_test.py │ │ │ ├── gtest_uninitialized_test_.cc │ │ │ ├── gtest_unittest.cc │ │ │ ├── gtest_xml_outfile1_test_.cc │ │ │ ├── gtest_xml_outfile2_test_.cc │ │ │ ├── gtest_xml_outfiles_test.py │ │ │ ├── gtest_xml_output_unittest.py │ │ │ ├── gtest_xml_output_unittest_.cc │ │ │ ├── gtest_xml_test_utils.py │ │ │ ├── production.cc │ │ │ └── production.h │ │ └── xcode │ │ │ ├── Config │ │ │ ├── DebugProject.xcconfig │ │ │ ├── FrameworkTarget.xcconfig │ │ │ ├── General.xcconfig │ │ │ ├── ReleaseProject.xcconfig │ │ │ ├── StaticLibraryTarget.xcconfig │ │ │ └── TestTarget.xcconfig │ │ │ ├── Resources │ │ │ └── Info.plist │ │ │ ├── Samples │ │ │ └── FrameworkSample │ │ │ │ ├── Info.plist │ │ │ │ ├── WidgetFramework.xcodeproj │ │ │ │ └── project.pbxproj │ │ │ │ ├── runtests.sh │ │ │ │ ├── widget.cc │ │ │ │ ├── widget.h │ │ │ │ └── widget_test.cc │ │ │ ├── Scripts │ │ │ ├── runtests.sh │ │ │ └── versiongenerate.py │ │ │ └── gtest.xcodeproj │ │ │ └── project.pbxproj │ ├── include │ │ └── pistache │ │ │ ├── async.h │ │ │ ├── client.h │ │ │ ├── common.h │ │ │ ├── cookie.h │ │ │ ├── description.h │ │ │ ├── endpoint.h │ │ │ ├── flags.h │ │ │ ├── http.h │ │ │ ├── http_defs.h │ │ │ ├── http_header.h │ │ │ ├── http_headers.h │ │ │ ├── iterator_adapter.h │ │ │ ├── listener.h │ │ │ ├── mailbox.h │ │ │ ├── mime.h │ │ │ ├── net.h │ │ │ ├── optional.h │ │ │ ├── os.h │ │ │ ├── peer.h │ │ │ ├── prototype.h │ │ │ ├── reactor.h │ │ │ ├── route_bind.h │ │ │ ├── router.h │ │ │ ├── serializer │ │ │ └── rapidjson.h │ │ │ ├── stream.h │ │ │ ├── tcp.h │ │ │ ├── timer_pool.h │ │ │ ├── transport.h │ │ │ ├── typeid.h │ │ │ └── view.h │ ├── install_manifest.txt │ ├── src │ │ ├── CMakeFiles │ │ │ ├── CMakeDirectoryInformation.cmake │ │ │ ├── Export │ │ │ │ └── lib │ │ │ │ │ └── cmake │ │ │ │ │ └── pistache │ │ │ │ │ ├── PistacheTargets-release.cmake │ │ │ │ │ └── PistacheTargets.cmake │ │ │ ├── pistache.dir │ │ │ │ ├── CXX.includecache │ │ │ │ ├── DependInfo.cmake │ │ │ │ ├── build.make │ │ │ │ ├── client │ │ │ │ │ └── client.cc.o │ │ │ │ ├── cmake_clean.cmake │ │ │ │ ├── cmake_clean_target.cmake │ │ │ │ ├── common │ │ │ │ │ ├── cookie.cc.o │ │ │ │ │ ├── description.cc.o │ │ │ │ │ ├── http.cc.o │ │ │ │ │ ├── http_defs.cc.o │ │ │ │ │ ├── http_header.cc.o │ │ │ │ │ ├── http_headers.cc.o │ │ │ │ │ ├── mime.cc.o │ │ │ │ │ ├── net.cc.o │ │ │ │ │ ├── os.cc.o │ │ │ │ │ ├── peer.cc.o │ │ │ │ │ ├── reactor.cc.o │ │ │ │ │ ├── stream.cc.o │ │ │ │ │ ├── tcp.cc.o │ │ │ │ │ ├── timer_pool.cc.o │ │ │ │ │ └── transport.cc.o │ │ │ │ ├── depend.internal │ │ │ │ ├── depend.make │ │ │ │ ├── flags.make │ │ │ │ ├── link.txt │ │ │ │ ├── progress.make │ │ │ │ └── server │ │ │ │ │ ├── endpoint.cc.o │ │ │ │ │ ├── listener.cc.o │ │ │ │ │ └── router.cc.o │ │ │ └── progress.marks │ │ ├── CMakeLists.txt │ │ ├── Makefile │ │ ├── PistacheConfig.cmake │ │ ├── PistacheConfig.cmake.in │ │ ├── client │ │ │ └── client.cc │ │ ├── cmake_install.cmake │ │ ├── common │ │ │ ├── cookie.cc │ │ │ ├── description.cc │ │ │ ├── http.cc │ │ │ ├── http_defs.cc │ │ │ ├── http_header.cc │ │ │ ├── http_headers.cc │ │ │ ├── mime.cc │ │ │ ├── net.cc │ │ │ ├── os.cc │ │ │ ├── peer.cc │ │ │ ├── reactor.cc │ │ │ ├── stream.cc │ │ │ ├── tcp.cc │ │ │ ├── timer_pool.cc │ │ │ └── transport.cc │ │ ├── libpistache.a │ │ └── server │ │ │ ├── endpoint.cc │ │ │ ├── listener.cc │ │ │ └── router.cc │ └── tests │ │ ├── CMakeLists.txt │ │ ├── async_test.cc │ │ ├── cookie_test.cc │ │ ├── headers_test.cc │ │ ├── http_parsing_test.cc │ │ ├── mime_test.cc │ │ ├── router_test.cc │ │ ├── typeid_test.cc │ │ └── view_test.cc ├── webserver └── webserver.cpp ├── README.md ├── Windows COM Ref Counting Use After Free ├── ComClientExample.exe ├── ComClientExample │ ├── ComClientExample.opensdf │ ├── ComClientExample.sln │ ├── ComClientExample.v12.suo │ └── ComClientExample │ │ ├── ComClientExample.cpp │ │ ├── ComClientExample.h │ │ ├── ComClientExample.rc │ │ ├── ComClientExample.vcxproj │ │ ├── ComClientExample.vcxproj.filters │ │ ├── Debug │ │ ├── ComClientExample.Build.CppClean.log │ │ └── ComClientExample.log │ │ ├── ReadMe.txt │ │ ├── Resource.h │ │ ├── stdafx.cpp │ │ ├── stdafx.h │ │ └── targetver.h ├── ComServerExample.dll ├── ComServerExample │ ├── ComServerExample.sln │ ├── ComServerExample.v12.suo │ └── ComServerExample │ │ ├── ComServerExample.aps │ │ ├── ComServerExample.cpp │ │ ├── ComServerExample.def │ │ ├── ComServerExample.idl │ │ ├── ComServerExample.rc │ │ ├── ComServerExample.rgs │ │ ├── ComServerExample.vcxproj │ │ ├── ComServerExample.vcxproj.filters │ │ ├── ComServerExamplePS.vcxproj │ │ ├── ComServerExamplePS.vcxproj.filters │ │ ├── ComServerExample_i.c │ │ ├── ComServerExample_i.h │ │ ├── ComServerExample_p.c │ │ ├── ComServerExampleps.def │ │ ├── Debug │ │ ├── ComServerExample.log │ │ ├── ComServerExample.obj │ │ ├── ComServerExample.pch │ │ ├── ComServerExample.res │ │ ├── ComServerExample.tlb │ │ ├── ComServerExample.tlog │ │ │ ├── CL.read.1.tlog │ │ │ ├── CL.write.1.tlog │ │ │ ├── ComServerExample.lastbuildstate │ │ │ ├── ComServerExample.write.1u.tlog │ │ │ ├── cl.command.1.tlog │ │ │ ├── link.command.1.tlog │ │ │ ├── link.read.1.tlog │ │ │ ├── link.write.1.tlog │ │ │ ├── midl.command.1.tlog │ │ │ ├── midl.read.1.tlog │ │ │ ├── midl.write.1.tlog │ │ │ ├── rc.command.1.tlog │ │ │ ├── rc.read.1.tlog │ │ │ └── rc.write.1.tlog │ │ ├── ComServerExample_i.obj │ │ ├── HelloWorld.obj │ │ ├── dllmain.obj │ │ ├── stdafx.obj │ │ ├── vc120.idb │ │ └── vc120.pdb │ │ ├── HelloWorld.cpp │ │ ├── HelloWorld.h │ │ ├── HelloWorld.rgs │ │ ├── ReadMe.txt │ │ ├── dlldata.c │ │ ├── dllmain.cpp │ │ ├── dllmain.h │ │ ├── resource.h │ │ ├── stdafx.cpp │ │ ├── stdafx.h │ │ └── targetver.h ├── How to Create a COM Server & Client with Visual Studio.pdf ├── README.md └── Screenshot.png ├── Windows Format String Arbitrary Write ├── README.md ├── Screenshot.png ├── format_string_arbitrary_write.cpp └── format_string_arbitrary_write.exe ├── Windows Heap Memory Leak ├── README.md ├── client.rb ├── mem_leak_server.cpp └── mem_leak_server.exe ├── Windows Heap Overflow Arbitrary Code Execution ├── .DS_Store ├── README.md ├── screenshot.png ├── smash_test.cpp └── smash_test.exe ├── Windows Heap Overflow Info Leak ├── README.md ├── Screenshot.png ├── heap_overflow_example.cpp └── heap_overflow_example.exe ├── Windows Heartbleed OOB Read ├── README.md ├── client.rb ├── heartbleed_example.c └── heartbleed_example.exe ├── Windows Integer Overflow ├── README.md ├── Screenshot_IDA.png ├── integer_overflow_example.c └── integer_overflow_example.exe ├── Windows Out of Scope Double Free ├── DoubleFree.cpp ├── DoubleFree.exe └── README.md ├── Windows Stack Buffer Overflow ├── README.md ├── vulnerable_service.c └── vulnerable_service.exe ├── Windows Type Confusion ├── .DS_Store ├── README.md ├── type_confusion_examples.cpp ├── type_confusion_examples.exe └── type_confusion_examples.pdb ├── Windows Unicode Buffer Overflow ├── README.md ├── Screenshot.png ├── unicode_overflow.c └── unicode_overflow.exe ├── Windows Unsafe DLL Loading ├── README.md ├── Screenshot.png ├── start_wsgidav.sh ├── unsafe_dll_loading.c └── unsafe_dll_loading.exe └── Windows Use After Free to Type Confusion Leak ├── README.md ├── Screenshot.png ├── array_leak_test.cpp └── array_leak_test.exe /LICENSE: -------------------------------------------------------------------------------- 1 | BSD 3-Clause License 2 | 3 | Copyright (c) 2019, sinn3r 4 | All rights reserved. 5 | 6 | Redistribution and use in source and binary forms, with or without 7 | modification, are permitted provided that the following conditions are met: 8 | 9 | 1. Redistributions of source code must retain the above copyright notice, this 10 | list of conditions and the following disclaimer. 11 | 12 | 2. Redistributions in binary form must reproduce the above copyright notice, 13 | this list of conditions and the following disclaimer in the documentation 14 | and/or other materials provided with the distribution. 15 | 16 | 3. Neither the name of the copyright holder nor the names of its 17 | contributors may be used to endorse or promote products derived from 18 | this software without specific prior written permission. 19 | 20 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 21 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 23 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 24 | FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 | DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 26 | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 27 | CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 28 | OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 29 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30 | -------------------------------------------------------------------------------- /Multi Zip Slip (Arbitrary Write in Archive Extraction)/README.md: -------------------------------------------------------------------------------- 1 | # Multi Zip Slip (Arbitrary Write in Archive Extraction) 2 | 3 | The term "Zip Slip" comes from Snyk's [security research](https://snyk.io/research/zip-slip-vulnerability) in archive extraction. Basically what it means is, archive extraction libraries often don't care where the files are extracted to, which is a security problem because you could leverage this and write a file anywhere on the system. This tends to be a more serious issue for web applications that handle compressed files. 4 | 5 | For example, for a PHP application, a malicious archive would contain a PHP payload (payload.php for example) with the following path: 6 | 7 | ``` 8 | ../../../../../var/www/html/ 9 | ``` 10 | 11 | Once extracted, the attacker could make a GET request to the PHP payload and get remote code execution: 12 | 13 | ``` 14 | $ curl http://example.com/payload.php 15 | ``` 16 | 17 | For a real world case, here's one that was found by Steven Seeley for [Cisco Prime Infrastructure's Health Monitor](https://srcincite.io/blog/2019/05/17/panic-at-the-cisco-unauthenticated-rce-in-prime-infrastructure.html) component, and I wrote a [Metasploit exploit](https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/cpi_tararchive_upload.rb) for it. 18 | 19 | It seems quite a few libraries still seem to overlook this so it is worth documented as a vulnerable case study. In my repository, there are a couple examples that demonstrate the problem. Since they are quite generic, they also serve as code patterns and maybe you can find more vulnerabilities on other applications that way. 20 | 21 | I wrote a [Metasploit module](https://atxsinn3r.io/exploits.html) that allows you generate this type of malicious TAR file so you can quickly test Zip Slip vulns. 22 | 23 | -------------------------------------------------------------------------------- /Multi Zip Slip (Arbitrary Write in Archive Extraction)/malicious.tar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Multi Zip Slip (Arbitrary Write in Archive Extraction)/malicious.tar -------------------------------------------------------------------------------- /Multi Zip Slip (Arbitrary Write in Archive Extraction)/python_example.py: -------------------------------------------------------------------------------- 1 | # This is an example of unsafe archive extraction in Python 2 | # The python version tested is: v2.7 3 | 4 | import tarfile 5 | t = tarfile.open('malicious_archive.tar') 6 | t.extractall() 7 | print "Done" 8 | -------------------------------------------------------------------------------- /Posix Command Injection/README.md: -------------------------------------------------------------------------------- 1 | # Command Injection Example 2 | 3 | In my limited experience, command injections in C/C++ tend to occur with applications that either rely on system commands or external scripts (typically bash or python) to achieve certain tasks. Although this may sound odd at first, because technically in C/C++ you could build anything, my personal opinoin is that sometimes "dirty programming" is the necessary evil/solution in real world development for tight deadlines, internal politics, and stressful business expecations. In layman's terms, imagine you are always given ten seconds to do a ten-hour job. 4 | 5 | For this vulnerable example, we are mimicking a scenario where a program needs to parse a custom file format and extracts a path to a PNG file. In order to verify the PNG, an economical way is to use the file command, which saves time and effort to develop. Unfortunately, the path is user-supplied and can be used to inject system commands. 6 | 7 | The build directory contains the vulnerable app. You can use poc.rb to build the custom file format as a reference, and exploit from there. -------------------------------------------------------------------------------- /Posix Command Injection/src/CmdInjExample/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | cmake_minimum_required(VERSION 3.17) 2 | project(CmdInjExample) 3 | 4 | set(CMAKE_CXX_STANDARD 14) 5 | #set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsanitize=address -fno-omit-frame-pointer -g") 6 | set(CMAKE_RUNTIME_OUTPUT_DIRECTORY ${PROJECT_SOURCE_DIR}/bin) 7 | add_executable(CmdInjExample main.cpp FileParser.cpp FileParser.h) -------------------------------------------------------------------------------- /Posix Command Injection/src/CmdInjExample/FileParser.cpp: -------------------------------------------------------------------------------- 1 | #include "FileParser.h" 2 | 3 | FileParser::FileParser(const char* fname) { 4 | fileName = fname; 5 | } 6 | 7 | bool FileParser::Validate() { 8 | PngFileInfo* info; 9 | LoadFile(&info); 10 | bool isValid = (CheckMagic(&info) && CheckPng(&info)); 11 | munmap(info, sizeof(PngFileInfo)); 12 | return isValid; 13 | } 14 | 15 | void FileParser::LoadFile(PngFileInfo** info) { 16 | int f = open(fileName, O_RDONLY); 17 | if (!f) { 18 | throw std::runtime_error("Failed to open file"); 19 | } 20 | *info = (PngFileInfo*) mmap(nullptr, sizeof(PngFileInfo), PROT_READ, MAP_SHARED, f, 0); 21 | if (*info == MAP_FAILED) { 22 | throw std::runtime_error("Mapping failed"); 23 | } 24 | close(f); 25 | } 26 | 27 | bool FileParser::CheckPng(PngFileInfo** info) { 28 | bool isPng = false; 29 | char* cmd = nullptr; 30 | FILE* pipe = nullptr; 31 | std::string output; 32 | char outBuf[512]; 33 | 34 | char* filePath = strndup((*info)->filePath, sizeof(PngFileInfo::filePath)-1); 35 | size_t len = snprintf(nullptr, 0, "file %s", filePath); 36 | if (len == -1) { 37 | goto eof; 38 | } 39 | cmd = (char*) calloc(len+1, sizeof(char)); 40 | snprintf(cmd, len+1, "file %s", filePath); 41 | pipe = popen(cmd, "r"); 42 | if (!pipe) { 43 | goto eof; 44 | } 45 | while (!feof(pipe)) { 46 | if (fgets(outBuf, sizeof(outBuf), pipe) != nullptr) { 47 | output += outBuf; 48 | } 49 | } 50 | if (strstr(output.c_str(), "PNG")) { 51 | isPng = true; 52 | } 53 | 54 | eof: 55 | free(filePath); 56 | pclose(pipe); 57 | free(cmd); 58 | return isPng; 59 | } 60 | 61 | bool FileParser::CheckMagic(PngFileInfo** info) { 62 | uint32_t magic = (*info)->magic; 63 | return (magic == MAGIC); 64 | } 65 | -------------------------------------------------------------------------------- /Posix Command Injection/src/CmdInjExample/FileParser.h: -------------------------------------------------------------------------------- 1 | #ifndef CMDINJEXAMPLE_FILEPARSER_H 2 | #define CMDINJEXAMPLE_FILEPARSER_H 3 | 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include 10 | #include 11 | #include 12 | 13 | #define MAGIC 0xDEADBEEF 14 | 15 | typedef struct PngFileInfo { 16 | uint32_t magic; 17 | char filePath[PATH_MAX]; 18 | } PngFileInfo_; 19 | 20 | class FileParser { 21 | public: 22 | explicit FileParser(const char* fname); 23 | bool Validate(); 24 | private: 25 | const char* fileName; 26 | void LoadFile(PngFileInfo** info); 27 | bool CheckPng(PngFileInfo** info); 28 | bool CheckMagic(PngFileInfo** info); 29 | }; 30 | 31 | #endif //CMDINJEXAMPLE_FILEPARSER_H 32 | -------------------------------------------------------------------------------- /Posix Command Injection/src/CmdInjExample/bin/CmdInjExample: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Posix Command Injection/src/CmdInjExample/bin/CmdInjExample -------------------------------------------------------------------------------- /Posix Command Injection/src/CmdInjExample/bin/test.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Posix Command Injection/src/CmdInjExample/bin/test.bin -------------------------------------------------------------------------------- /Posix Command Injection/src/CmdInjExample/main.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | * This example will load a custom file format and attempt to verify that a 3 | * user-supplied file path points a valid PNG. The verification is done by 4 | * calling the file command, which is unsafe. 5 | */ 6 | 7 | #include 8 | #include "FileParser.h" 9 | 10 | int main() { 11 | const char* fileName = "test.bin"; 12 | FileParser parser(fileName); 13 | if(parser.Validate()) { 14 | std::cout << "File looks good" << std::endl; 15 | } else { 16 | std::cout << "Invalid file" << std::endl; 17 | } 18 | return 0; 19 | } 20 | -------------------------------------------------------------------------------- /Posix Command Injection/src/CmdInjExample/poc.rb: -------------------------------------------------------------------------------- 1 | #!/bin/env ruby 2 | 3 | data = [0xDEADBEEF].pack("V*") 4 | # I wonder what we can do in here? 5 | data << "/tmp/test.png" 6 | 7 | File.write('bin/test.bin', data) 8 | puts "test.bin created. Let the program load it." 9 | -------------------------------------------------------------------------------- /Posix Null Byte Terminator/leak_example.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Posix Null Byte Terminator/leak_example.png -------------------------------------------------------------------------------- /Posix Null Byte Terminator/snprintf_example.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Posix Null Byte Terminator/snprintf_example.png -------------------------------------------------------------------------------- /Posix Null Byte Terminator/sprintf_example.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Posix Null Byte Terminator/sprintf_example.png -------------------------------------------------------------------------------- /Posix Null Byte Terminator/strcpy_example.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Posix Null Byte Terminator/strcpy_example.png -------------------------------------------------------------------------------- /Posix Null Byte Terminator/strncpy_example.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Posix Null Byte Terminator/strncpy_example.png -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/README.md: -------------------------------------------------------------------------------- 1 | # Linux Stack Buffer Overflow 2 | 3 | This is an example of a stack buffer overflow for a custom Linux HTTP server. -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/build.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | sudo bash -c 'echo 0 > /proc/sys/kernel/randomize_va_space' 4 | g++ webserver.cpp -o webserver -std=c++11 -lpistache -lpthread -fno-stack-protector -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/compile.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | sudo bash -c 'echo 0 > /proc/sys/kernel/randomize_va_space' 4 | g++ webserver.cpp -m32 -o webserver -std=c++11 -lpistache -lpthread -fno-stack-protector -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/.travis.yml: -------------------------------------------------------------------------------- 1 | language: cpp 2 | sudo: required 3 | dist: trusty 4 | script: mkdir build && cd build && cmake -DCMAKE_BUILD_TYPE=Release .. && make 5 | compiler: 6 | - clang 7 | - gcc 8 | branches: 9 | only: 10 | - master 11 | 12 | -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/CMakeFiles/3.5.1/CMakeCCompiler.cmake: -------------------------------------------------------------------------------- 1 | set(CMAKE_C_COMPILER "/usr/bin/cc") 2 | set(CMAKE_C_COMPILER_ARG1 "") 3 | set(CMAKE_C_COMPILER_ID "GNU") 4 | set(CMAKE_C_COMPILER_VERSION "5.4.0") 5 | set(CMAKE_C_COMPILER_WRAPPER "") 6 | set(CMAKE_C_STANDARD_COMPUTED_DEFAULT "11") 7 | set(CMAKE_C_COMPILE_FEATURES "c_function_prototypes;c_restrict;c_variadic_macros;c_static_assert") 8 | set(CMAKE_C90_COMPILE_FEATURES "c_function_prototypes") 9 | set(CMAKE_C99_COMPILE_FEATURES "c_restrict;c_variadic_macros") 10 | set(CMAKE_C11_COMPILE_FEATURES "c_static_assert") 11 | 12 | set(CMAKE_C_PLATFORM_ID "Linux") 13 | set(CMAKE_C_SIMULATE_ID "") 14 | set(CMAKE_C_SIMULATE_VERSION "") 15 | 16 | set(CMAKE_AR "/usr/bin/ar") 17 | set(CMAKE_RANLIB "/usr/bin/ranlib") 18 | set(CMAKE_LINKER "/usr/bin/ld") 19 | set(CMAKE_COMPILER_IS_GNUCC 1) 20 | set(CMAKE_C_COMPILER_LOADED 1) 21 | set(CMAKE_C_COMPILER_WORKS TRUE) 22 | set(CMAKE_C_ABI_COMPILED TRUE) 23 | set(CMAKE_COMPILER_IS_MINGW ) 24 | set(CMAKE_COMPILER_IS_CYGWIN ) 25 | if(CMAKE_COMPILER_IS_CYGWIN) 26 | set(CYGWIN 1) 27 | set(UNIX 1) 28 | endif() 29 | 30 | set(CMAKE_C_COMPILER_ENV_VAR "CC") 31 | 32 | if(CMAKE_COMPILER_IS_MINGW) 33 | set(MINGW 1) 34 | endif() 35 | set(CMAKE_C_COMPILER_ID_RUN 1) 36 | set(CMAKE_C_SOURCE_FILE_EXTENSIONS c;m) 37 | set(CMAKE_C_IGNORE_EXTENSIONS h;H;o;O;obj;OBJ;def;DEF;rc;RC) 38 | set(CMAKE_C_LINKER_PREFERENCE 10) 39 | 40 | # Save compiler ABI information. 41 | set(CMAKE_C_SIZEOF_DATA_PTR "8") 42 | set(CMAKE_C_COMPILER_ABI "ELF") 43 | set(CMAKE_C_LIBRARY_ARCHITECTURE "x86_64-linux-gnu") 44 | 45 | if(CMAKE_C_SIZEOF_DATA_PTR) 46 | set(CMAKE_SIZEOF_VOID_P "${CMAKE_C_SIZEOF_DATA_PTR}") 47 | endif() 48 | 49 | if(CMAKE_C_COMPILER_ABI) 50 | set(CMAKE_INTERNAL_PLATFORM_ABI "${CMAKE_C_COMPILER_ABI}") 51 | endif() 52 | 53 | if(CMAKE_C_LIBRARY_ARCHITECTURE) 54 | set(CMAKE_LIBRARY_ARCHITECTURE "x86_64-linux-gnu") 55 | endif() 56 | 57 | set(CMAKE_C_CL_SHOWINCLUDES_PREFIX "") 58 | if(CMAKE_C_CL_SHOWINCLUDES_PREFIX) 59 | set(CMAKE_CL_SHOWINCLUDES_PREFIX "${CMAKE_C_CL_SHOWINCLUDES_PREFIX}") 60 | endif() 61 | 62 | 63 | 64 | 65 | set(CMAKE_C_IMPLICIT_LINK_LIBRARIES "c") 66 | set(CMAKE_C_IMPLICIT_LINK_DIRECTORIES "/usr/lib/gcc/x86_64-linux-gnu/5;/usr/lib/x86_64-linux-gnu;/usr/lib;/lib/x86_64-linux-gnu;/lib") 67 | set(CMAKE_C_IMPLICIT_LINK_FRAMEWORK_DIRECTORIES "") 68 | -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/CMakeFiles/3.5.1/CMakeDetermineCompilerABI_C.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Posix Stack Buffer Overflow/pistache/CMakeFiles/3.5.1/CMakeDetermineCompilerABI_C.bin -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/CMakeFiles/3.5.1/CMakeDetermineCompilerABI_CXX.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Posix Stack Buffer Overflow/pistache/CMakeFiles/3.5.1/CMakeDetermineCompilerABI_CXX.bin -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/CMakeFiles/3.5.1/CMakeSystem.cmake: -------------------------------------------------------------------------------- 1 | set(CMAKE_HOST_SYSTEM "Linux-4.13.0-36-generic") 2 | set(CMAKE_HOST_SYSTEM_NAME "Linux") 3 | set(CMAKE_HOST_SYSTEM_VERSION "4.13.0-36-generic") 4 | set(CMAKE_HOST_SYSTEM_PROCESSOR "x86_64") 5 | 6 | 7 | 8 | set(CMAKE_SYSTEM "Linux-4.13.0-36-generic") 9 | set(CMAKE_SYSTEM_NAME "Linux") 10 | set(CMAKE_SYSTEM_VERSION "4.13.0-36-generic") 11 | set(CMAKE_SYSTEM_PROCESSOR "x86_64") 12 | 13 | set(CMAKE_CROSSCOMPILING "FALSE") 14 | 15 | set(CMAKE_SYSTEM_LOADED 1) 16 | -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/CMakeFiles/3.5.1/CompilerIdC/a.out: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Posix Stack Buffer Overflow/pistache/CMakeFiles/3.5.1/CompilerIdC/a.out -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/CMakeFiles/3.5.1/CompilerIdCXX/a.out: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Posix Stack Buffer Overflow/pistache/CMakeFiles/3.5.1/CompilerIdCXX/a.out -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/CMakeFiles/CMakeDirectoryInformation.cmake: -------------------------------------------------------------------------------- 1 | # CMAKE generated file: DO NOT EDIT! 2 | # Generated by "Unix Makefiles" Generator, CMake Version 3.5 3 | 4 | # Relative path conversion top directories. 5 | set(CMAKE_RELATIVE_PATH_TOP_SOURCE "/home/sinn3r/Desktop/buffer_overflow/pistache") 6 | set(CMAKE_RELATIVE_PATH_TOP_BINARY "/home/sinn3r/Desktop/buffer_overflow/pistache") 7 | 8 | # Force unix paths in dependencies. 9 | set(CMAKE_FORCE_UNIX_PATHS 1) 10 | 11 | 12 | # The C and CXX include file regular expressions for this directory. 13 | set(CMAKE_C_INCLUDE_REGEX_SCAN "^.*$") 14 | set(CMAKE_C_INCLUDE_REGEX_COMPLAIN "^$") 15 | set(CMAKE_CXX_INCLUDE_REGEX_SCAN ${CMAKE_C_INCLUDE_REGEX_SCAN}) 16 | set(CMAKE_CXX_INCLUDE_REGEX_COMPLAIN ${CMAKE_C_INCLUDE_REGEX_COMPLAIN}) 17 | -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/CMakeFiles/Makefile.cmake: -------------------------------------------------------------------------------- 1 | # CMAKE generated file: DO NOT EDIT! 2 | # Generated by "Unix Makefiles" Generator, CMake Version 3.5 3 | 4 | # The generator used is: 5 | set(CMAKE_DEPENDS_GENERATOR "Unix Makefiles") 6 | 7 | # The top level Makefile was generated from the following files: 8 | set(CMAKE_MAKEFILE_DEPENDS 9 | "CMakeCache.txt" 10 | "CMakeFiles/3.5.1/CMakeCCompiler.cmake" 11 | "CMakeFiles/3.5.1/CMakeCXXCompiler.cmake" 12 | "CMakeFiles/3.5.1/CMakeSystem.cmake" 13 | "CMakeLists.txt" 14 | "src/CMakeLists.txt" 15 | "src/PistacheConfig.cmake.in" 16 | "/usr/share/cmake-3.5/Modules/CMakeCInformation.cmake" 17 | "/usr/share/cmake-3.5/Modules/CMakeCXXInformation.cmake" 18 | "/usr/share/cmake-3.5/Modules/CMakeCheckCompilerFlagCommonPatterns.cmake" 19 | "/usr/share/cmake-3.5/Modules/CMakeCommonLanguageInclude.cmake" 20 | "/usr/share/cmake-3.5/Modules/CMakeGenericSystem.cmake" 21 | "/usr/share/cmake-3.5/Modules/CMakeLanguageInformation.cmake" 22 | "/usr/share/cmake-3.5/Modules/CMakePackageConfigHelpers.cmake" 23 | "/usr/share/cmake-3.5/Modules/CMakeParseArguments.cmake" 24 | "/usr/share/cmake-3.5/Modules/CMakeSystemSpecificInformation.cmake" 25 | "/usr/share/cmake-3.5/Modules/CMakeSystemSpecificInitialize.cmake" 26 | "/usr/share/cmake-3.5/Modules/CMakeUnixFindMake.cmake" 27 | "/usr/share/cmake-3.5/Modules/CheckCXXCompilerFlag.cmake" 28 | "/usr/share/cmake-3.5/Modules/CheckCXXSourceCompiles.cmake" 29 | "/usr/share/cmake-3.5/Modules/Compiler/GNU-C.cmake" 30 | "/usr/share/cmake-3.5/Modules/Compiler/GNU-CXX.cmake" 31 | "/usr/share/cmake-3.5/Modules/Compiler/GNU.cmake" 32 | "/usr/share/cmake-3.5/Modules/Platform/Linux-GNU-C.cmake" 33 | "/usr/share/cmake-3.5/Modules/Platform/Linux-GNU-CXX.cmake" 34 | "/usr/share/cmake-3.5/Modules/Platform/Linux-GNU.cmake" 35 | "/usr/share/cmake-3.5/Modules/Platform/Linux.cmake" 36 | "/usr/share/cmake-3.5/Modules/Platform/UnixPaths.cmake" 37 | "/usr/share/cmake-3.5/Modules/WriteBasicConfigVersionFile.cmake" 38 | ) 39 | 40 | # The corresponding makefile is: 41 | set(CMAKE_MAKEFILE_OUTPUTS 42 | "Makefile" 43 | "CMakeFiles/cmake.check_cache" 44 | ) 45 | 46 | # Byproducts of CMake generate step: 47 | set(CMAKE_MAKEFILE_PRODUCTS 48 | "CMakeFiles/CMakeDirectoryInformation.cmake" 49 | "src/CMakeFiles/CMakeDirectoryInformation.cmake" 50 | ) 51 | 52 | # Dependency information for all targets: 53 | set(CMAKE_DEPEND_INFO_FILES 54 | "src/CMakeFiles/pistache.dir/DependInfo.cmake" 55 | ) 56 | -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/CMakeFiles/TargetDirectories.txt: -------------------------------------------------------------------------------- 1 | /home/sinn3r/Desktop/buffer_overflow/pistache/CMakeFiles/install.dir 2 | /home/sinn3r/Desktop/buffer_overflow/pistache/CMakeFiles/install/local.dir 3 | /home/sinn3r/Desktop/buffer_overflow/pistache/CMakeFiles/edit_cache.dir 4 | /home/sinn3r/Desktop/buffer_overflow/pistache/CMakeFiles/rebuild_cache.dir 5 | /home/sinn3r/Desktop/buffer_overflow/pistache/CMakeFiles/list_install_components.dir 6 | /home/sinn3r/Desktop/buffer_overflow/pistache/src/CMakeFiles/install.dir 7 | /home/sinn3r/Desktop/buffer_overflow/pistache/src/CMakeFiles/list_install_components.dir 8 | /home/sinn3r/Desktop/buffer_overflow/pistache/src/CMakeFiles/pistache.dir 9 | /home/sinn3r/Desktop/buffer_overflow/pistache/src/CMakeFiles/install/local.dir 10 | /home/sinn3r/Desktop/buffer_overflow/pistache/src/CMakeFiles/edit_cache.dir 11 | /home/sinn3r/Desktop/buffer_overflow/pistache/src/CMakeFiles/rebuild_cache.dir 12 | -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/CMakeFiles/cmake.check_cache: -------------------------------------------------------------------------------- 1 | # This file is generated by cmake for dependency checking of the CMakeCache.txt file 2 | -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/CMakeFiles/feature_tests.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Posix Stack Buffer Overflow/pistache/CMakeFiles/feature_tests.bin -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/CMakeFiles/feature_tests.c: -------------------------------------------------------------------------------- 1 | 2 | const char features[] = {"\n" 3 | "C_FEATURE:" 4 | #if (__GNUC__ * 100 + __GNUC_MINOR__) >= 404 5 | "1" 6 | #else 7 | "0" 8 | #endif 9 | "c_function_prototypes\n" 10 | "C_FEATURE:" 11 | #if (__GNUC__ * 100 + __GNUC_MINOR__) >= 404 && defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L 12 | "1" 13 | #else 14 | "0" 15 | #endif 16 | "c_restrict\n" 17 | "C_FEATURE:" 18 | #if (__GNUC__ * 100 + __GNUC_MINOR__) >= 406 && defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201000L 19 | "1" 20 | #else 21 | "0" 22 | #endif 23 | "c_static_assert\n" 24 | "C_FEATURE:" 25 | #if (__GNUC__ * 100 + __GNUC_MINOR__) >= 404 && defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L 26 | "1" 27 | #else 28 | "0" 29 | #endif 30 | "c_variadic_macros\n" 31 | 32 | }; 33 | 34 | int main(int argc, char** argv) { (void)argv; return features[argc]; } 35 | -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/CMakeFiles/progress.marks: -------------------------------------------------------------------------------- 1 | 20 2 | -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | cmake_minimum_required (VERSION 3.0.2) 2 | project (pistache) 3 | include(CheckCXXCompilerFlag) 4 | 5 | option(PISTACHE_BUILD_TESTS "build tests alongside the project" OFF) 6 | option(PISTACHE_BUILD_EXAMPLES "build examples alongside the project" OFF) 7 | option(PISTACHE_INSTALL "add pistache as install target (recommended)" ON) 8 | 9 | CHECK_CXX_COMPILER_FLAG("-std=c++11" COMPILER_SUPPORTS_CXX11) 10 | CHECK_CXX_COMPILER_FLAG("-std=c++0x" COMPILER_SUPPORTS_CXX0X) 11 | if(COMPILER_SUPPORTS_CXX11) 12 | set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c++11") 13 | elseif(COMPILER_SUPPORTS_CXX0X) 14 | set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c++0x") 15 | else() 16 | message(STATUS "The compiler ${CMAKE_CXX_COMPILER} has no C++11 support. Please use a different C++ compiler.") 17 | endif() 18 | 19 | include_directories (${CMAKE_CURRENT_SOURCE_DIR}/include) 20 | add_subdirectory (src) 21 | 22 | include_directories (src) 23 | 24 | if (PISTACHE_BUILD_EXAMPLES) 25 | add_subdirectory (examples) 26 | endif() 27 | 28 | if (PISTACHE_BUILD_TESTS) 29 | find_package(GTest) 30 | if (GTEST_FOUND) 31 | include_directories(${GTEST_INCLUDE_DIRS}) 32 | else() 33 | ADD_SUBDIRECTORY (googletest-release-1.7.0) 34 | include_directories(${gtest_SOURCE_DIR}/include ${gtest_SOURCE_DIR}) 35 | endif() 36 | 37 | enable_testing() 38 | add_subdirectory(tests) 39 | endif() 40 | -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/README.md: -------------------------------------------------------------------------------- 1 | # Pistache 2 | 3 | [![Travis Build Status](https://travis-ci.org/oktal/pistache.svg?branch=master)](https://travis-ci.org/oktal/pistache) 4 | 5 | Pistache is a modern and elegant HTTP and REST framework for C++. 6 | 7 | It is entirely written in pure-C++11 and provides a clear and pleasant API 8 | 9 | Full documentation is located at [http://pistache.io](http://pistache.io). 10 | 11 | # Contributing 12 | 13 | Pistache is an open-source project and will always stay open-source. However, working on an open-source project while having a full-time job is sometimes a difficult task to accomplish. 14 | 15 | That's why your help is needed. If you would like to contribute to the project in any way (submitting ideas, fixing bugs, writing documentation, ...), please join the 16 | [cpplang Slack channel](https://cpplang.now.sh/). Drop a private message to `@octal` and I will invite you to the channel dedicated to Pistache. 17 | 18 | Hope to see you there ! 19 | 20 | # Example 21 | 22 | ## Hello World (server) 23 | 24 | ```cpp 25 | #include 26 | 27 | using namespace Pistache; 28 | 29 | struct HelloHandler : public Http::Handler { 30 | HTTP_PROTOTYPE(HelloHandler) 31 | 32 | void onRequest(const Http::Request& request, Http::ResponseWriter writer) { 33 | writer.send(Http::Code::Ok, "Hello, World!"); 34 | } 35 | }; 36 | 37 | int main() { 38 | Http::listenAndServe("*:9080"); 39 | } 40 | ``` 41 | -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/cmake_install.cmake: -------------------------------------------------------------------------------- 1 | # Install script for directory: /home/sinn3r/Desktop/buffer_overflow/pistache 2 | 3 | # Set the install prefix 4 | if(NOT DEFINED CMAKE_INSTALL_PREFIX) 5 | set(CMAKE_INSTALL_PREFIX "/usr/local") 6 | endif() 7 | string(REGEX REPLACE "/$" "" CMAKE_INSTALL_PREFIX "${CMAKE_INSTALL_PREFIX}") 8 | 9 | # Set the install configuration name. 10 | if(NOT DEFINED CMAKE_INSTALL_CONFIG_NAME) 11 | if(BUILD_TYPE) 12 | string(REGEX REPLACE "^[^A-Za-z0-9_]+" "" 13 | CMAKE_INSTALL_CONFIG_NAME "${BUILD_TYPE}") 14 | else() 15 | set(CMAKE_INSTALL_CONFIG_NAME "Release") 16 | endif() 17 | message(STATUS "Install configuration: \"${CMAKE_INSTALL_CONFIG_NAME}\"") 18 | endif() 19 | 20 | # Set the component getting installed. 21 | if(NOT CMAKE_INSTALL_COMPONENT) 22 | if(COMPONENT) 23 | message(STATUS "Install component: \"${COMPONENT}\"") 24 | set(CMAKE_INSTALL_COMPONENT "${COMPONENT}") 25 | else() 26 | set(CMAKE_INSTALL_COMPONENT) 27 | endif() 28 | endif() 29 | 30 | # Install shared libraries without execute permission? 31 | if(NOT DEFINED CMAKE_INSTALL_SO_NO_EXE) 32 | set(CMAKE_INSTALL_SO_NO_EXE "1") 33 | endif() 34 | 35 | if(NOT CMAKE_INSTALL_LOCAL_ONLY) 36 | # Include the install script for each subdirectory. 37 | include("/home/sinn3r/Desktop/buffer_overflow/pistache/src/cmake_install.cmake") 38 | 39 | endif() 40 | 41 | if(CMAKE_INSTALL_COMPONENT) 42 | set(CMAKE_INSTALL_MANIFEST "install_manifest_${CMAKE_INSTALL_COMPONENT}.txt") 43 | else() 44 | set(CMAKE_INSTALL_MANIFEST "install_manifest.txt") 45 | endif() 46 | 47 | string(REPLACE ";" "\n" CMAKE_INSTALL_MANIFEST_CONTENT 48 | "${CMAKE_INSTALL_MANIFEST_FILES}") 49 | file(WRITE "/home/sinn3r/Desktop/buffer_overflow/pistache/${CMAKE_INSTALL_MANIFEST}" 50 | "${CMAKE_INSTALL_MANIFEST_CONTENT}") 51 | -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/examples/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | function(pistache_example example_name) 2 | set(EXAMPLE_EXECUTABLE run_${example_name}) 3 | set(EXAMPLE_SOURCE ${example_name}.cc) 4 | 5 | add_executable(${EXAMPLE_EXECUTABLE} ${EXAMPLE_SOURCE}) 6 | target_link_libraries(${EXAMPLE_EXECUTABLE} pistache) 7 | endfunction() 8 | 9 | pistache_example(http_server) 10 | pistache_example(http_client) 11 | pistache_example(rest_server) 12 | pistache_example(custom_header) 13 | 14 | find_package(RapidJSON) 15 | if (RapidJSON_FOUND) 16 | include_directories(${RapidJSON_INCLUDE_DIRS}) 17 | pistache_example(rest_description) 18 | endif() 19 | -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/examples/custom_header.cc: -------------------------------------------------------------------------------- 1 | /* 2 | Mathieu Stefani, 15 février 2016 3 | 4 | Example of custom headers registering 5 | */ 6 | 7 | #include 8 | #include 9 | 10 | using namespace Pistache; 11 | using namespace Pistache::Http; 12 | 13 | class XProtocolVersion : public Header::Header { 14 | public: 15 | NAME("X-Protocol-Version"); 16 | 17 | XProtocolVersion() 18 | : min(0) 19 | , maj(0) 20 | { } 21 | 22 | XProtocolVersion(uint32_t major, uint32_t minor) 23 | : maj(major) 24 | , min(minor) 25 | { } 26 | 27 | void parse(const std::string& str) { 28 | auto p = str.find('.'); 29 | std::string major, minor; 30 | if (p != std::string::npos) { 31 | major = str.substr(0, p); 32 | minor = str.substr(p + 1); 33 | } 34 | else { 35 | major = str; 36 | } 37 | 38 | maj = std::stoi(major); 39 | if (!minor.empty()) 40 | min = std::stoi(minor); 41 | } 42 | 43 | void write(std::ostream& os) const { 44 | os << maj; 45 | os << "." << min; 46 | } 47 | 48 | uint32_t major() const { 49 | return maj; 50 | } 51 | 52 | uint32_t minor() const { 53 | return min; 54 | } 55 | 56 | private: 57 | uint32_t min; 58 | uint32_t maj; 59 | }; 60 | 61 | int main() { 62 | Header::Registry::registerHeader(); 63 | } 64 | -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/examples/hello_server.cc: -------------------------------------------------------------------------------- 1 | /* 2 | Mathieu Stefani, 13 février 2016 3 | 4 | Example of an hello world server 5 | */ 6 | 7 | 8 | #include "pistache/endpoint.h" 9 | 10 | using namespace Pistache; 11 | 12 | class HelloHandler : public Http::Handler { 13 | public: 14 | 15 | HTTP_PROTOTYPE(HelloHandler) 16 | 17 | void onRequest(const Http::Request& request, Http::ResponseWriter response) { 18 | response.send(Http::Code::Ok, "Hello World"); 19 | } 20 | }; 21 | 22 | int main() { 23 | Pistache::Address addr(Pistache::Ipv4::any(), Pistache::Port(9080)); 24 | auto opts = Pistache::Http::Endpoint::options() 25 | .threads(1); 26 | 27 | Http::Endpoint server(addr); 28 | server.init(opts); 29 | server.setHandler(Http::make_handler()); 30 | server.serve(); 31 | 32 | server.shutdown(); 33 | } 34 | -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/examples/http_client.cc: -------------------------------------------------------------------------------- 1 | /* 2 | Mathieu Stefani, 07 février 2016 3 | 4 | * Http client example 5 | */ 6 | 7 | #include 8 | 9 | #include 10 | #include 11 | #include 12 | 13 | using namespace Pistache; 14 | using namespace Pistache::Http; 15 | 16 | int main(int argc, char *argv[]) { 17 | if (argc < 2) { 18 | std::cerr << "Usage: http_client page [count]" << std::endl; 19 | return 1; 20 | } 21 | 22 | std::string page = argv[1]; 23 | int count = 1; 24 | if (argc == 3) { 25 | count = std::stoi(argv[2]); 26 | } 27 | 28 | Http::Client client; 29 | 30 | auto opts = Http::Client::options() 31 | .threads(1) 32 | .maxConnectionsPerHost(8); 33 | client.init(opts); 34 | 35 | std::vector> responses; 36 | 37 | std::atomic completedRequests(0); 38 | std::atomic failedRequests(0); 39 | 40 | auto start = std::chrono::system_clock::now(); 41 | 42 | for (int i = 0; i < count; ++i) { 43 | auto resp = client.get(page).cookie(Http::Cookie("FOO", "bar")).send(); 44 | resp.then([&](Http::Response response) { 45 | ++completedRequests; 46 | std::cout << "Response code = " << response.code() << std::endl; 47 | auto body = response.body(); 48 | if (!body.empty()) 49 | std::cout << "Response body = " << body << std::endl; 50 | }, Async::IgnoreException); 51 | responses.push_back(std::move(resp)); 52 | } 53 | 54 | auto sync = Async::whenAll(responses.begin(), responses.end()); 55 | Async::Barrier> barrier(sync); 56 | 57 | barrier.wait_for(std::chrono::seconds(5)); 58 | 59 | auto end = std::chrono::system_clock::now(); 60 | std::cout << "Summary of execution" << std::endl 61 | << "Total number of requests sent : " << count << std::endl 62 | << "Total number of responses received: " << completedRequests.load() << std::endl 63 | << "Total number of requests failed : " << failedRequests.load() << std::endl 64 | << "Total time of execution : " 65 | << std::chrono::duration_cast(end - start).count() << "ms" << std::endl; 66 | 67 | client.shutdown(); 68 | } 69 | -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/googletest-release-1.7.0/CONTRIBUTORS: -------------------------------------------------------------------------------- 1 | # This file contains a list of people who've made non-trivial 2 | # contribution to the Google C++ Testing Framework project. People 3 | # who commit code to the project are encouraged to add their names 4 | # here. Please keep the list sorted by first names. 5 | 6 | Ajay Joshi 7 | Balázs Dán 8 | Bharat Mediratta 9 | Chandler Carruth 10 | Chris Prince 11 | Chris Taylor 12 | Dan Egnor 13 | Eric Roman 14 | Hady Zalek 15 | Jeffrey Yasskin 16 | Jói Sigurðsson 17 | Keir Mierle 18 | Keith Ray 19 | Kenton Varda 20 | Manuel Klimek 21 | Markus Heule 22 | Mika Raento 23 | Miklós Fazekas 24 | Pasi Valminen 25 | Patrick Hanna 26 | Patrick Riley 27 | Peter Kaminski 28 | Preston Jackson 29 | Rainer Klaffenboeck 30 | Russ Cox 31 | Russ Rufer 32 | Sean Mcafee 33 | Sigurður Ásgeirsson 34 | Tracy Bialik 35 | Vadim Berman 36 | Vlad Losev 37 | Zhanyong Wan 38 | -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/googletest-release-1.7.0/LICENSE: -------------------------------------------------------------------------------- 1 | Copyright 2008, Google Inc. 2 | All rights reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without 5 | modification, are permitted provided that the following conditions are 6 | met: 7 | 8 | * Redistributions of source code must retain the above copyright 9 | notice, this list of conditions and the following disclaimer. 10 | * Redistributions in binary form must reproduce the above 11 | copyright notice, this list of conditions and the following disclaimer 12 | in the documentation and/or other materials provided with the 13 | distribution. 14 | * Neither the name of Google Inc. nor the names of its 15 | contributors may be used to endorse or promote products derived from 16 | this software without specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20 | LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 21 | A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 22 | OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23 | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 24 | LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 25 | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 26 | THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 27 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 28 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 | -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/googletest-release-1.7.0/build-aux/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Posix Stack Buffer Overflow/pistache/googletest-release-1.7.0/build-aux/.keep -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/googletest-release-1.7.0/codegear/gtest.groupproj: -------------------------------------------------------------------------------- 1 |  2 | 3 | {c1d923e0-6cba-4332-9b6f-3420acbf5091} 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | Default.Personality 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/googletest-release-1.7.0/codegear/gtest_all.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2009, Google Inc. 2 | // All rights reserved. 3 | // 4 | // Redistribution and use in source and binary forms, with or without 5 | // modification, are permitted provided that the following conditions are 6 | // met: 7 | // 8 | // * Redistributions of source code must retain the above copyright 9 | // notice, this list of conditions and the following disclaimer. 10 | // * Redistributions in binary form must reproduce the above 11 | // copyright notice, this list of conditions and the following disclaimer 12 | // in the documentation and/or other materials provided with the 13 | // distribution. 14 | // * Neither the name of Google Inc. nor the names of its 15 | // contributors may be used to endorse or promote products derived from 16 | // this software without specific prior written permission. 17 | // 18 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 | // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20 | // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 21 | // A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 22 | // OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23 | // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 24 | // LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 25 | // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 26 | // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 27 | // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 28 | // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 | // 30 | // Author: Josh Kelley (joshkel@gmail.com) 31 | // 32 | // Google C++ Testing Framework (Google Test) 33 | // 34 | // C++Builder's IDE cannot build a static library from files with hyphens 35 | // in their name. See http://qc.codegear.com/wc/qcmain.aspx?d=70977 . 36 | // This file serves as a workaround. 37 | 38 | #include "src/gtest-all.cc" 39 | -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/googletest-release-1.7.0/codegear/gtest_link.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2009, Google Inc. 2 | // All rights reserved. 3 | // 4 | // Redistribution and use in source and binary forms, with or without 5 | // modification, are permitted provided that the following conditions are 6 | // met: 7 | // 8 | // * Redistributions of source code must retain the above copyright 9 | // notice, this list of conditions and the following disclaimer. 10 | // * Redistributions in binary form must reproduce the above 11 | // copyright notice, this list of conditions and the following disclaimer 12 | // in the documentation and/or other materials provided with the 13 | // distribution. 14 | // * Neither the name of Google Inc. nor the names of its 15 | // contributors may be used to endorse or promote products derived from 16 | // this software without specific prior written permission. 17 | // 18 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 | // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20 | // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 21 | // A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 22 | // OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23 | // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 24 | // LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 25 | // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 26 | // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 27 | // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 28 | // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 | // 30 | // Author: Josh Kelley (joshkel@gmail.com) 31 | // 32 | // Google C++ Testing Framework (Google Test) 33 | // 34 | // Links gtest.lib and gtest_main.lib into the current project in C++Builder. 35 | // This means that these libraries can't be renamed, but it's the only way to 36 | // ensure that Debug versus Release test builds are linked against the 37 | // appropriate Debug or Release build of the libraries. 38 | 39 | #pragma link "gtest.lib" 40 | #pragma link "gtest_main.lib" 41 | -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/googletest-release-1.7.0/samples/sample1.h: -------------------------------------------------------------------------------- 1 | // Copyright 2005, Google Inc. 2 | // All rights reserved. 3 | // 4 | // Redistribution and use in source and binary forms, with or without 5 | // modification, are permitted provided that the following conditions are 6 | // met: 7 | // 8 | // * Redistributions of source code must retain the above copyright 9 | // notice, this list of conditions and the following disclaimer. 10 | // * Redistributions in binary form must reproduce the above 11 | // copyright notice, this list of conditions and the following disclaimer 12 | // in the documentation and/or other materials provided with the 13 | // distribution. 14 | // * Neither the name of Google Inc. nor the names of its 15 | // contributors may be used to endorse or promote products derived from 16 | // this software without specific prior written permission. 17 | // 18 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 | // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20 | // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 21 | // A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 22 | // OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23 | // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 24 | // LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 25 | // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 26 | // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 27 | // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 28 | // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 | 30 | // A sample program demonstrating using Google C++ testing framework. 31 | // 32 | // Author: wan@google.com (Zhanyong Wan) 33 | 34 | #ifndef GTEST_SAMPLES_SAMPLE1_H_ 35 | #define GTEST_SAMPLES_SAMPLE1_H_ 36 | 37 | // Returns n! (the factorial of n). For negative n, n! is defined to be 1. 38 | int Factorial(int n); 39 | 40 | // Returns true iff n is a prime number. 41 | bool IsPrime(int n); 42 | 43 | #endif // GTEST_SAMPLES_SAMPLE1_H_ 44 | -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/googletest-release-1.7.0/samples/sample2.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2005, Google Inc. 2 | // All rights reserved. 3 | // 4 | // Redistribution and use in source and binary forms, with or without 5 | // modification, are permitted provided that the following conditions are 6 | // met: 7 | // 8 | // * Redistributions of source code must retain the above copyright 9 | // notice, this list of conditions and the following disclaimer. 10 | // * Redistributions in binary form must reproduce the above 11 | // copyright notice, this list of conditions and the following disclaimer 12 | // in the documentation and/or other materials provided with the 13 | // distribution. 14 | // * Neither the name of Google Inc. nor the names of its 15 | // contributors may be used to endorse or promote products derived from 16 | // this software without specific prior written permission. 17 | // 18 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 | // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20 | // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 21 | // A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 22 | // OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23 | // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 24 | // LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 25 | // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 26 | // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 27 | // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 28 | // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 | 30 | // A sample program demonstrating using Google C++ testing framework. 31 | // 32 | // Author: wan@google.com (Zhanyong Wan) 33 | 34 | #include "sample2.h" 35 | 36 | #include 37 | 38 | // Clones a 0-terminated C string, allocating memory using new. 39 | const char* MyString::CloneCString(const char* a_c_string) { 40 | if (a_c_string == NULL) return NULL; 41 | 42 | const size_t len = strlen(a_c_string); 43 | char* const clone = new char[ len + 1 ]; 44 | memcpy(clone, a_c_string, len + 1); 45 | 46 | return clone; 47 | } 48 | 49 | // Sets the 0-terminated C string this MyString object 50 | // represents. 51 | void MyString::Set(const char* a_c_string) { 52 | // Makes sure this works when c_string == c_string_ 53 | const char* const temp = MyString::CloneCString(a_c_string); 54 | delete[] c_string_; 55 | c_string_ = temp; 56 | } 57 | -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/googletest-release-1.7.0/samples/sample4.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2005, Google Inc. 2 | // All rights reserved. 3 | // 4 | // Redistribution and use in source and binary forms, with or without 5 | // modification, are permitted provided that the following conditions are 6 | // met: 7 | // 8 | // * Redistributions of source code must retain the above copyright 9 | // notice, this list of conditions and the following disclaimer. 10 | // * Redistributions in binary form must reproduce the above 11 | // copyright notice, this list of conditions and the following disclaimer 12 | // in the documentation and/or other materials provided with the 13 | // distribution. 14 | // * Neither the name of Google Inc. nor the names of its 15 | // contributors may be used to endorse or promote products derived from 16 | // this software without specific prior written permission. 17 | // 18 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 | // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20 | // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 21 | // A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 22 | // OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23 | // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 24 | // LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 25 | // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 26 | // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 27 | // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 28 | // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 | 30 | // A sample program demonstrating using Google C++ testing framework. 31 | // 32 | // Author: wan@google.com (Zhanyong Wan) 33 | 34 | #include 35 | 36 | #include "sample4.h" 37 | 38 | // Returns the current counter value, and increments it. 39 | int Counter::Increment() { 40 | return counter_++; 41 | } 42 | 43 | // Prints the current counter value to STDOUT. 44 | void Counter::Print() const { 45 | printf("%d", counter_); 46 | } 47 | -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/googletest-release-1.7.0/samples/sample4.h: -------------------------------------------------------------------------------- 1 | // Copyright 2005, Google Inc. 2 | // All rights reserved. 3 | // 4 | // Redistribution and use in source and binary forms, with or without 5 | // modification, are permitted provided that the following conditions are 6 | // met: 7 | // 8 | // * Redistributions of source code must retain the above copyright 9 | // notice, this list of conditions and the following disclaimer. 10 | // * Redistributions in binary form must reproduce the above 11 | // copyright notice, this list of conditions and the following disclaimer 12 | // in the documentation and/or other materials provided with the 13 | // distribution. 14 | // * Neither the name of Google Inc. nor the names of its 15 | // contributors may be used to endorse or promote products derived from 16 | // this software without specific prior written permission. 17 | // 18 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 | // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20 | // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 21 | // A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 22 | // OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23 | // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 24 | // LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 25 | // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 26 | // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 27 | // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 28 | // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 | 30 | // A sample program demonstrating using Google C++ testing framework. 31 | // 32 | // Author: wan@google.com (Zhanyong Wan) 33 | 34 | #ifndef GTEST_SAMPLES_SAMPLE4_H_ 35 | #define GTEST_SAMPLES_SAMPLE4_H_ 36 | 37 | // A simple monotonic counter. 38 | class Counter { 39 | private: 40 | int counter_; 41 | 42 | public: 43 | // Creates a counter that starts at 0. 44 | Counter() : counter_(0) {} 45 | 46 | // Returns the current counter value, and increments it. 47 | int Increment(); 48 | 49 | // Prints the current counter value to STDOUT. 50 | void Print() const; 51 | }; 52 | 53 | #endif // GTEST_SAMPLES_SAMPLE4_H_ 54 | -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/googletest-release-1.7.0/samples/sample4_unittest.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2005, Google Inc. 2 | // All rights reserved. 3 | // 4 | // Redistribution and use in source and binary forms, with or without 5 | // modification, are permitted provided that the following conditions are 6 | // met: 7 | // 8 | // * Redistributions of source code must retain the above copyright 9 | // notice, this list of conditions and the following disclaimer. 10 | // * Redistributions in binary form must reproduce the above 11 | // copyright notice, this list of conditions and the following disclaimer 12 | // in the documentation and/or other materials provided with the 13 | // distribution. 14 | // * Neither the name of Google Inc. nor the names of its 15 | // contributors may be used to endorse or promote products derived from 16 | // this software without specific prior written permission. 17 | // 18 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 | // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20 | // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 21 | // A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 22 | // OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23 | // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 24 | // LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 25 | // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 26 | // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 27 | // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 28 | // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 | // 30 | // Author: wan@google.com (Zhanyong Wan) 31 | 32 | #include "gtest/gtest.h" 33 | #include "sample4.h" 34 | 35 | // Tests the Increment() method. 36 | TEST(Counter, Increment) { 37 | Counter c; 38 | 39 | // EXPECT_EQ() evaluates its arguments exactly once, so they 40 | // can have side effects. 41 | 42 | EXPECT_EQ(0, c.Increment()); 43 | EXPECT_EQ(1, c.Increment()); 44 | EXPECT_EQ(2, c.Increment()); 45 | } 46 | -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/googletest-release-1.7.0/scripts/test/Makefile: -------------------------------------------------------------------------------- 1 | # A Makefile for fusing Google Test and building a sample test against it. 2 | # 3 | # SYNOPSIS: 4 | # 5 | # make [all] - makes everything. 6 | # make TARGET - makes the given target. 7 | # make check - makes everything and runs the built sample test. 8 | # make clean - removes all files generated by make. 9 | 10 | # Points to the root of fused Google Test, relative to where this file is. 11 | FUSED_GTEST_DIR = output 12 | 13 | # Paths to the fused gtest files. 14 | FUSED_GTEST_H = $(FUSED_GTEST_DIR)/gtest/gtest.h 15 | FUSED_GTEST_ALL_CC = $(FUSED_GTEST_DIR)/gtest/gtest-all.cc 16 | 17 | # Where to find the sample test. 18 | SAMPLE_DIR = ../../samples 19 | 20 | # Where to find gtest_main.cc. 21 | GTEST_MAIN_CC = ../../src/gtest_main.cc 22 | 23 | # Flags passed to the preprocessor. 24 | # We have no idea here whether pthreads is available in the system, so 25 | # disable its use. 26 | CPPFLAGS += -I$(FUSED_GTEST_DIR) -DGTEST_HAS_PTHREAD=0 27 | 28 | # Flags passed to the C++ compiler. 29 | CXXFLAGS += -g 30 | 31 | all : sample1_unittest 32 | 33 | check : all 34 | ./sample1_unittest 35 | 36 | clean : 37 | rm -rf $(FUSED_GTEST_DIR) sample1_unittest *.o 38 | 39 | $(FUSED_GTEST_H) : 40 | ../fuse_gtest_files.py $(FUSED_GTEST_DIR) 41 | 42 | $(FUSED_GTEST_ALL_CC) : 43 | ../fuse_gtest_files.py $(FUSED_GTEST_DIR) 44 | 45 | gtest-all.o : $(FUSED_GTEST_H) $(FUSED_GTEST_ALL_CC) 46 | $(CXX) $(CPPFLAGS) $(CXXFLAGS) -c $(FUSED_GTEST_DIR)/gtest/gtest-all.cc 47 | 48 | gtest_main.o : $(FUSED_GTEST_H) $(GTEST_MAIN_CC) 49 | $(CXX) $(CPPFLAGS) $(CXXFLAGS) -c $(GTEST_MAIN_CC) 50 | 51 | sample1.o : $(SAMPLE_DIR)/sample1.cc $(SAMPLE_DIR)/sample1.h 52 | $(CXX) $(CPPFLAGS) $(CXXFLAGS) -c $(SAMPLE_DIR)/sample1.cc 53 | 54 | sample1_unittest.o : $(SAMPLE_DIR)/sample1_unittest.cc \ 55 | $(SAMPLE_DIR)/sample1.h $(FUSED_GTEST_H) 56 | $(CXX) $(CPPFLAGS) $(CXXFLAGS) -c $(SAMPLE_DIR)/sample1_unittest.cc 57 | 58 | sample1_unittest : sample1.o sample1_unittest.o gtest-all.o gtest_main.o 59 | $(CXX) $(CPPFLAGS) $(CXXFLAGS) $^ -o $@ 60 | -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/googletest-release-1.7.0/src/gtest-all.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2008, Google Inc. 2 | // All rights reserved. 3 | // 4 | // Redistribution and use in source and binary forms, with or without 5 | // modification, are permitted provided that the following conditions are 6 | // met: 7 | // 8 | // * Redistributions of source code must retain the above copyright 9 | // notice, this list of conditions and the following disclaimer. 10 | // * Redistributions in binary form must reproduce the above 11 | // copyright notice, this list of conditions and the following disclaimer 12 | // in the documentation and/or other materials provided with the 13 | // distribution. 14 | // * Neither the name of Google Inc. nor the names of its 15 | // contributors may be used to endorse or promote products derived from 16 | // this software without specific prior written permission. 17 | // 18 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 | // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20 | // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 21 | // A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 22 | // OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23 | // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 24 | // LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 25 | // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 26 | // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 27 | // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 28 | // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 | // 30 | // Author: mheule@google.com (Markus Heule) 31 | // 32 | // Google C++ Testing Framework (Google Test) 33 | // 34 | // Sometimes it's desirable to build Google Test by compiling a single file. 35 | // This file serves this purpose. 36 | 37 | // This line ensures that gtest.h can be compiled on its own, even 38 | // when it's fused. 39 | #include "gtest/gtest.h" 40 | 41 | // The following lines pull in the real gtest *.cc files. 42 | #include "src/gtest.cc" 43 | #include "src/gtest-death-test.cc" 44 | #include "src/gtest-filepath.cc" 45 | #include "src/gtest-port.cc" 46 | #include "src/gtest-printers.cc" 47 | #include "src/gtest-test-part.cc" 48 | #include "src/gtest-typed-test.cc" 49 | -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/googletest-release-1.7.0/src/gtest_main.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2006, Google Inc. 2 | // All rights reserved. 3 | // 4 | // Redistribution and use in source and binary forms, with or without 5 | // modification, are permitted provided that the following conditions are 6 | // met: 7 | // 8 | // * Redistributions of source code must retain the above copyright 9 | // notice, this list of conditions and the following disclaimer. 10 | // * Redistributions in binary form must reproduce the above 11 | // copyright notice, this list of conditions and the following disclaimer 12 | // in the documentation and/or other materials provided with the 13 | // distribution. 14 | // * Neither the name of Google Inc. nor the names of its 15 | // contributors may be used to endorse or promote products derived from 16 | // this software without specific prior written permission. 17 | // 18 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 | // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20 | // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 21 | // A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 22 | // OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23 | // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 24 | // LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 25 | // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 26 | // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 27 | // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 28 | // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 | 30 | #include 31 | 32 | #include "gtest/gtest.h" 33 | 34 | GTEST_API_ int main(int argc, char **argv) { 35 | printf("Running main() from gtest_main.cc\n"); 36 | testing::InitGoogleTest(&argc, argv); 37 | return RUN_ALL_TESTS(); 38 | } 39 | -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/googletest-release-1.7.0/test/gtest-typed-test2_test.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2008 Google Inc. 2 | // All Rights Reserved. 3 | // 4 | // Redistribution and use in source and binary forms, with or without 5 | // modification, are permitted provided that the following conditions are 6 | // met: 7 | // 8 | // * Redistributions of source code must retain the above copyright 9 | // notice, this list of conditions and the following disclaimer. 10 | // * Redistributions in binary form must reproduce the above 11 | // copyright notice, this list of conditions and the following disclaimer 12 | // in the documentation and/or other materials provided with the 13 | // distribution. 14 | // * Neither the name of Google Inc. nor the names of its 15 | // contributors may be used to endorse or promote products derived from 16 | // this software without specific prior written permission. 17 | // 18 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 | // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20 | // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 21 | // A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 22 | // OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23 | // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 24 | // LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 25 | // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 26 | // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 27 | // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 28 | // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 | // 30 | // Author: wan@google.com (Zhanyong Wan) 31 | 32 | #include 33 | 34 | #include "test/gtest-typed-test_test.h" 35 | #include "gtest/gtest.h" 36 | 37 | #if GTEST_HAS_TYPED_TEST_P 38 | 39 | // Tests that the same type-parameterized test case can be 40 | // instantiated in different translation units linked together. 41 | // (ContainerTest is also instantiated in gtest-typed-test_test.cc.) 42 | INSTANTIATE_TYPED_TEST_CASE_P(Vector, ContainerTest, 43 | testing::Types >); 44 | 45 | #endif // GTEST_HAS_TYPED_TEST_P 46 | -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/googletest-release-1.7.0/test/gtest_all_test.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2009, Google Inc. 2 | // All rights reserved. 3 | // 4 | // Redistribution and use in source and binary forms, with or without 5 | // modification, are permitted provided that the following conditions are 6 | // met: 7 | // 8 | // * Redistributions of source code must retain the above copyright 9 | // notice, this list of conditions and the following disclaimer. 10 | // * Redistributions in binary form must reproduce the above 11 | // copyright notice, this list of conditions and the following disclaimer 12 | // in the documentation and/or other materials provided with the 13 | // distribution. 14 | // * Neither the name of Google Inc. nor the names of its 15 | // contributors may be used to endorse or promote products derived from 16 | // this software without specific prior written permission. 17 | // 18 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 | // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20 | // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 21 | // A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 22 | // OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23 | // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 24 | // LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 25 | // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 26 | // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 27 | // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 28 | // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 | // 30 | // Author: wan@google.com (Zhanyong Wan) 31 | // 32 | // Tests for Google C++ Testing Framework (Google Test) 33 | // 34 | // Sometimes it's desirable to build most of Google Test's own tests 35 | // by compiling a single file. This file serves this purpose. 36 | #include "test/gtest-filepath_test.cc" 37 | #include "test/gtest-linked_ptr_test.cc" 38 | #include "test/gtest-message_test.cc" 39 | #include "test/gtest-options_test.cc" 40 | #include "test/gtest-port_test.cc" 41 | #include "test/gtest_pred_impl_unittest.cc" 42 | #include "test/gtest_prod_test.cc" 43 | #include "test/gtest-test-part_test.cc" 44 | #include "test/gtest-typed-test_test.cc" 45 | #include "test/gtest-typed-test2_test.cc" 46 | #include "test/gtest_unittest.cc" 47 | #include "test/production.cc" 48 | -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/googletest-release-1.7.0/test/gtest_help_test_.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2009, Google Inc. 2 | // All rights reserved. 3 | // 4 | // Redistribution and use in source and binary forms, with or without 5 | // modification, are permitted provided that the following conditions are 6 | // met: 7 | // 8 | // * Redistributions of source code must retain the above copyright 9 | // notice, this list of conditions and the following disclaimer. 10 | // * Redistributions in binary form must reproduce the above 11 | // copyright notice, this list of conditions and the following disclaimer 12 | // in the documentation and/or other materials provided with the 13 | // distribution. 14 | // * Neither the name of Google Inc. nor the names of its 15 | // contributors may be used to endorse or promote products derived from 16 | // this software without specific prior written permission. 17 | // 18 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 | // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20 | // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 21 | // A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 22 | // OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23 | // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 24 | // LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 25 | // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 26 | // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 27 | // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 28 | // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 | // 30 | // Author: wan@google.com (Zhanyong Wan) 31 | 32 | // This program is meant to be run by gtest_help_test.py. Do not run 33 | // it directly. 34 | 35 | #include "gtest/gtest.h" 36 | 37 | // When a help flag is specified, this program should skip the tests 38 | // and exit with 0; otherwise the following test will be executed, 39 | // causing this program to exit with a non-zero code. 40 | TEST(HelpFlagTest, ShouldNotBeRun) { 41 | ASSERT_TRUE(false) << "Tests shouldn't be run when --help is specified."; 42 | } 43 | 44 | #if GTEST_HAS_DEATH_TEST 45 | TEST(DeathTest, UsedByPythonScriptToDetectSupportForDeathTestsInThisBinary) {} 46 | #endif 47 | -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/googletest-release-1.7.0/test/gtest_main_unittest.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2006, Google Inc. 2 | // All rights reserved. 3 | // 4 | // Redistribution and use in source and binary forms, with or without 5 | // modification, are permitted provided that the following conditions are 6 | // met: 7 | // 8 | // * Redistributions of source code must retain the above copyright 9 | // notice, this list of conditions and the following disclaimer. 10 | // * Redistributions in binary form must reproduce the above 11 | // copyright notice, this list of conditions and the following disclaimer 12 | // in the documentation and/or other materials provided with the 13 | // distribution. 14 | // * Neither the name of Google Inc. nor the names of its 15 | // contributors may be used to endorse or promote products derived from 16 | // this software without specific prior written permission. 17 | // 18 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 | // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20 | // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 21 | // A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 22 | // OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23 | // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 24 | // LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 25 | // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 26 | // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 27 | // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 28 | // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 | // 30 | // Author: wan@google.com (Zhanyong Wan) 31 | 32 | #include "gtest/gtest.h" 33 | 34 | // Tests that we don't have to define main() when we link to 35 | // gtest_main instead of gtest. 36 | 37 | namespace { 38 | 39 | TEST(GTestMainTest, ShouldSucceed) { 40 | } 41 | 42 | } // namespace 43 | 44 | // We are using the main() function defined in src/gtest_main.cc, so 45 | // we don't define it here. 46 | -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/googletest-release-1.7.0/test/gtest_prod_test.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2006, Google Inc. 2 | // All rights reserved. 3 | // 4 | // Redistribution and use in source and binary forms, with or without 5 | // modification, are permitted provided that the following conditions are 6 | // met: 7 | // 8 | // * Redistributions of source code must retain the above copyright 9 | // notice, this list of conditions and the following disclaimer. 10 | // * Redistributions in binary form must reproduce the above 11 | // copyright notice, this list of conditions and the following disclaimer 12 | // in the documentation and/or other materials provided with the 13 | // distribution. 14 | // * Neither the name of Google Inc. nor the names of its 15 | // contributors may be used to endorse or promote products derived from 16 | // this software without specific prior written permission. 17 | // 18 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 | // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20 | // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 21 | // A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 22 | // OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23 | // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 24 | // LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 25 | // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 26 | // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 27 | // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 28 | // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 | // 30 | // Author: wan@google.com (Zhanyong Wan) 31 | // 32 | // Unit test for include/gtest/gtest_prod.h. 33 | 34 | #include "gtest/gtest.h" 35 | #include "test/production.h" 36 | 37 | // Tests that private members can be accessed from a TEST declared as 38 | // a friend of the class. 39 | TEST(PrivateCodeTest, CanAccessPrivateMembers) { 40 | PrivateCode a; 41 | EXPECT_EQ(0, a.x_); 42 | 43 | a.set_x(1); 44 | EXPECT_EQ(1, a.x_); 45 | } 46 | 47 | typedef testing::Test PrivateCodeFixtureTest; 48 | 49 | // Tests that private members can be accessed from a TEST_F declared 50 | // as a friend of the class. 51 | TEST_F(PrivateCodeFixtureTest, CanAccessPrivateMembers) { 52 | PrivateCode a; 53 | EXPECT_EQ(0, a.x_); 54 | 55 | a.set_x(2); 56 | EXPECT_EQ(2, a.x_); 57 | } 58 | -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/googletest-release-1.7.0/test/gtest_sole_header_test.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2008, Google Inc. 2 | // All rights reserved. 3 | // 4 | // Redistribution and use in source and binary forms, with or without 5 | // modification, are permitted provided that the following conditions are 6 | // met: 7 | // 8 | // * Redistributions of source code must retain the above copyright 9 | // notice, this list of conditions and the following disclaimer. 10 | // * Redistributions in binary form must reproduce the above 11 | // copyright notice, this list of conditions and the following disclaimer 12 | // in the documentation and/or other materials provided with the 13 | // distribution. 14 | // * Neither the name of Google Inc. nor the names of its 15 | // contributors may be used to endorse or promote products derived from 16 | // this software without specific prior written permission. 17 | // 18 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 | // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20 | // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 21 | // A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 22 | // OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23 | // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 24 | // LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 25 | // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 26 | // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 27 | // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 28 | // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 | // 30 | // Author: mheule@google.com (Markus Heule) 31 | // 32 | // This test verifies that it's possible to use Google Test by including 33 | // the gtest.h header file alone. 34 | 35 | #include "gtest/gtest.h" 36 | 37 | namespace { 38 | 39 | void Subroutine() { 40 | EXPECT_EQ(42, 42); 41 | } 42 | 43 | TEST(NoFatalFailureTest, ExpectNoFatalFailure) { 44 | EXPECT_NO_FATAL_FAILURE(;); 45 | EXPECT_NO_FATAL_FAILURE(SUCCEED()); 46 | EXPECT_NO_FATAL_FAILURE(Subroutine()); 47 | EXPECT_NO_FATAL_FAILURE({ SUCCEED(); }); 48 | } 49 | 50 | TEST(NoFatalFailureTest, AssertNoFatalFailure) { 51 | ASSERT_NO_FATAL_FAILURE(;); 52 | ASSERT_NO_FATAL_FAILURE(SUCCEED()); 53 | ASSERT_NO_FATAL_FAILURE(Subroutine()); 54 | ASSERT_NO_FATAL_FAILURE({ SUCCEED(); }); 55 | } 56 | 57 | } // namespace 58 | -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/googletest-release-1.7.0/test/gtest_uninitialized_test_.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2008, Google Inc. 2 | // All rights reserved. 3 | // 4 | // Redistribution and use in source and binary forms, with or without 5 | // modification, are permitted provided that the following conditions are 6 | // met: 7 | // 8 | // * Redistributions of source code must retain the above copyright 9 | // notice, this list of conditions and the following disclaimer. 10 | // * Redistributions in binary form must reproduce the above 11 | // copyright notice, this list of conditions and the following disclaimer 12 | // in the documentation and/or other materials provided with the 13 | // distribution. 14 | // * Neither the name of Google Inc. nor the names of its 15 | // contributors may be used to endorse or promote products derived from 16 | // this software without specific prior written permission. 17 | // 18 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 | // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20 | // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 21 | // A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 22 | // OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23 | // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 24 | // LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 25 | // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 26 | // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 27 | // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 28 | // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 | // 30 | // Author: wan@google.com (Zhanyong Wan) 31 | 32 | #include "gtest/gtest.h" 33 | 34 | TEST(DummyTest, Dummy) { 35 | // This test doesn't verify anything. We just need it to create a 36 | // realistic stage for testing the behavior of Google Test when 37 | // RUN_ALL_TESTS() is called without testing::InitGoogleTest() being 38 | // called first. 39 | } 40 | 41 | int main() { 42 | return RUN_ALL_TESTS(); 43 | } 44 | -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/googletest-release-1.7.0/test/gtest_xml_outfile1_test_.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2008, Google Inc. 2 | // All rights reserved. 3 | // 4 | // Redistribution and use in source and binary forms, with or without 5 | // modification, are permitted provided that the following conditions are 6 | // met: 7 | // 8 | // * Redistributions of source code must retain the above copyright 9 | // notice, this list of conditions and the following disclaimer. 10 | // * Redistributions in binary form must reproduce the above 11 | // copyright notice, this list of conditions and the following disclaimer 12 | // in the documentation and/or other materials provided with the 13 | // distribution. 14 | // * Neither the name of Google Inc. nor the names of its 15 | // contributors may be used to endorse or promote products derived from 16 | // this software without specific prior written permission. 17 | // 18 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 | // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20 | // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 21 | // A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 22 | // OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23 | // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 24 | // LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 25 | // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 26 | // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 27 | // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 28 | // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 | // 30 | // Author: keith.ray@gmail.com (Keith Ray) 31 | // 32 | // gtest_xml_outfile1_test_ writes some xml via TestProperty used by 33 | // gtest_xml_outfiles_test.py 34 | 35 | #include "gtest/gtest.h" 36 | 37 | class PropertyOne : public testing::Test { 38 | protected: 39 | virtual void SetUp() { 40 | RecordProperty("SetUpProp", 1); 41 | } 42 | virtual void TearDown() { 43 | RecordProperty("TearDownProp", 1); 44 | } 45 | }; 46 | 47 | TEST_F(PropertyOne, TestSomeProperties) { 48 | RecordProperty("TestSomeProperty", 1); 49 | } 50 | -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/googletest-release-1.7.0/test/gtest_xml_outfile2_test_.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2008, Google Inc. 2 | // All rights reserved. 3 | // 4 | // Redistribution and use in source and binary forms, with or without 5 | // modification, are permitted provided that the following conditions are 6 | // met: 7 | // 8 | // * Redistributions of source code must retain the above copyright 9 | // notice, this list of conditions and the following disclaimer. 10 | // * Redistributions in binary form must reproduce the above 11 | // copyright notice, this list of conditions and the following disclaimer 12 | // in the documentation and/or other materials provided with the 13 | // distribution. 14 | // * Neither the name of Google Inc. nor the names of its 15 | // contributors may be used to endorse or promote products derived from 16 | // this software without specific prior written permission. 17 | // 18 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 | // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20 | // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 21 | // A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 22 | // OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23 | // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 24 | // LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 25 | // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 26 | // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 27 | // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 28 | // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 | // 30 | // Author: keith.ray@gmail.com (Keith Ray) 31 | // 32 | // gtest_xml_outfile2_test_ writes some xml via TestProperty used by 33 | // gtest_xml_outfiles_test.py 34 | 35 | #include "gtest/gtest.h" 36 | 37 | class PropertyTwo : public testing::Test { 38 | protected: 39 | virtual void SetUp() { 40 | RecordProperty("SetUpProp", 2); 41 | } 42 | virtual void TearDown() { 43 | RecordProperty("TearDownProp", 2); 44 | } 45 | }; 46 | 47 | TEST_F(PropertyTwo, TestSomeProperties) { 48 | RecordProperty("TestSomeProperty", 2); 49 | } 50 | -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/googletest-release-1.7.0/test/production.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2006, Google Inc. 2 | // All rights reserved. 3 | // 4 | // Redistribution and use in source and binary forms, with or without 5 | // modification, are permitted provided that the following conditions are 6 | // met: 7 | // 8 | // * Redistributions of source code must retain the above copyright 9 | // notice, this list of conditions and the following disclaimer. 10 | // * Redistributions in binary form must reproduce the above 11 | // copyright notice, this list of conditions and the following disclaimer 12 | // in the documentation and/or other materials provided with the 13 | // distribution. 14 | // * Neither the name of Google Inc. nor the names of its 15 | // contributors may be used to endorse or promote products derived from 16 | // this software without specific prior written permission. 17 | // 18 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 | // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20 | // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 21 | // A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 22 | // OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23 | // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 24 | // LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 25 | // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 26 | // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 27 | // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 28 | // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 | // 30 | // Author: wan@google.com (Zhanyong Wan) 31 | // 32 | // This is part of the unit test for include/gtest/gtest_prod.h. 33 | 34 | #include "production.h" 35 | 36 | PrivateCode::PrivateCode() : x_(0) {} 37 | -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/googletest-release-1.7.0/test/production.h: -------------------------------------------------------------------------------- 1 | // Copyright 2006, Google Inc. 2 | // All rights reserved. 3 | // 4 | // Redistribution and use in source and binary forms, with or without 5 | // modification, are permitted provided that the following conditions are 6 | // met: 7 | // 8 | // * Redistributions of source code must retain the above copyright 9 | // notice, this list of conditions and the following disclaimer. 10 | // * Redistributions in binary form must reproduce the above 11 | // copyright notice, this list of conditions and the following disclaimer 12 | // in the documentation and/or other materials provided with the 13 | // distribution. 14 | // * Neither the name of Google Inc. nor the names of its 15 | // contributors may be used to endorse or promote products derived from 16 | // this software without specific prior written permission. 17 | // 18 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 | // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20 | // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 21 | // A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 22 | // OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23 | // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 24 | // LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 25 | // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 26 | // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 27 | // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 28 | // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 | // 30 | // Author: wan@google.com (Zhanyong Wan) 31 | // 32 | // This is part of the unit test for include/gtest/gtest_prod.h. 33 | 34 | #ifndef GTEST_TEST_PRODUCTION_H_ 35 | #define GTEST_TEST_PRODUCTION_H_ 36 | 37 | #include "gtest/gtest_prod.h" 38 | 39 | class PrivateCode { 40 | public: 41 | // Declares a friend test that does not use a fixture. 42 | FRIEND_TEST(PrivateCodeTest, CanAccessPrivateMembers); 43 | 44 | // Declares a friend test that uses a fixture. 45 | FRIEND_TEST(PrivateCodeFixtureTest, CanAccessPrivateMembers); 46 | 47 | PrivateCode(); 48 | 49 | int x() const { return x_; } 50 | private: 51 | void set_x(int an_x) { x_ = an_x; } 52 | int x_; 53 | }; 54 | 55 | #endif // GTEST_TEST_PRODUCTION_H_ 56 | -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/googletest-release-1.7.0/xcode/Config/DebugProject.xcconfig: -------------------------------------------------------------------------------- 1 | // 2 | // DebugProject.xcconfig 3 | // 4 | // These are Debug Configuration project settings for the gtest framework and 5 | // examples. It is set in the "Based On:" dropdown in the "Project" info 6 | // dialog. 7 | // This file is based on the Xcode Configuration files in: 8 | // http://code.google.com/p/google-toolbox-for-mac/ 9 | // 10 | 11 | #include "General.xcconfig" 12 | 13 | // No optimization 14 | GCC_OPTIMIZATION_LEVEL = 0 15 | 16 | // Deployment postprocessing is what triggers Xcode to strip, turn it off 17 | DEPLOYMENT_POSTPROCESSING = NO 18 | 19 | // Dead code stripping off 20 | DEAD_CODE_STRIPPING = NO 21 | 22 | // Debug symbols should be on obviously 23 | GCC_GENERATE_DEBUGGING_SYMBOLS = YES 24 | 25 | // Define the DEBUG macro in all debug builds 26 | OTHER_CFLAGS = $(OTHER_CFLAGS) -DDEBUG=1 27 | 28 | // These are turned off to avoid STL incompatibilities with client code 29 | // // Turns on special C++ STL checks to "encourage" good STL use 30 | // GCC_PREPROCESSOR_DEFINITIONS = $(GCC_PREPROCESSOR_DEFINITIONS) _GLIBCXX_DEBUG_PEDANTIC _GLIBCXX_DEBUG _GLIBCPP_CONCEPT_CHECKS 31 | -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/googletest-release-1.7.0/xcode/Config/FrameworkTarget.xcconfig: -------------------------------------------------------------------------------- 1 | // 2 | // FrameworkTarget.xcconfig 3 | // 4 | // These are Framework target settings for the gtest framework and examples. It 5 | // is set in the "Based On:" dropdown in the "Target" info dialog. 6 | // This file is based on the Xcode Configuration files in: 7 | // http://code.google.com/p/google-toolbox-for-mac/ 8 | // 9 | 10 | // Dynamic libs need to be position independent 11 | GCC_DYNAMIC_NO_PIC = NO 12 | 13 | // Dynamic libs should not have their external symbols stripped. 14 | STRIP_STYLE = non-global 15 | 16 | // Let the user install by specifying the $DSTROOT with xcodebuild 17 | SKIP_INSTALL = NO 18 | -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/googletest-release-1.7.0/xcode/Config/General.xcconfig: -------------------------------------------------------------------------------- 1 | // 2 | // General.xcconfig 3 | // 4 | // These are General configuration settings for the gtest framework and 5 | // examples. 6 | // This file is based on the Xcode Configuration files in: 7 | // http://code.google.com/p/google-toolbox-for-mac/ 8 | // 9 | 10 | // Build for PPC and Intel, 32- and 64-bit 11 | ARCHS = i386 x86_64 ppc ppc64 12 | 13 | // Zerolink prevents link warnings so turn it off 14 | ZERO_LINK = NO 15 | 16 | // Prebinding considered unhelpful in 10.3 and later 17 | PREBINDING = NO 18 | 19 | // Strictest warning policy 20 | WARNING_CFLAGS = -Wall -Werror -Wendif-labels -Wnewline-eof -Wno-sign-compare -Wshadow 21 | 22 | // Work around Xcode bugs by using external strip. See: 23 | // http://lists.apple.com/archives/Xcode-users/2006/Feb/msg00050.html 24 | SEPARATE_STRIP = YES 25 | 26 | // Force C99 dialect 27 | GCC_C_LANGUAGE_STANDARD = c99 28 | 29 | // not sure why apple defaults this on, but it's pretty risky 30 | ALWAYS_SEARCH_USER_PATHS = NO 31 | 32 | // Turn on position dependent code for most cases (overridden where appropriate) 33 | GCC_DYNAMIC_NO_PIC = YES 34 | 35 | // Default SDK and minimum OS version is 10.4 36 | SDKROOT = $(DEVELOPER_SDK_DIR)/MacOSX10.4u.sdk 37 | MACOSX_DEPLOYMENT_TARGET = 10.4 38 | GCC_VERSION = 4.0 39 | 40 | // VERSIONING BUILD SETTINGS (used in Info.plist) 41 | GTEST_VERSIONINFO_ABOUT = © 2008 Google Inc. 42 | -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/googletest-release-1.7.0/xcode/Config/ReleaseProject.xcconfig: -------------------------------------------------------------------------------- 1 | // 2 | // ReleaseProject.xcconfig 3 | // 4 | // These are Release Configuration project settings for the gtest framework 5 | // and examples. It is set in the "Based On:" dropdown in the "Project" info 6 | // dialog. 7 | // This file is based on the Xcode Configuration files in: 8 | // http://code.google.com/p/google-toolbox-for-mac/ 9 | // 10 | 11 | #include "General.xcconfig" 12 | 13 | // subconfig/Release.xcconfig 14 | 15 | // Optimize for space and size (Apple recommendation) 16 | GCC_OPTIMIZATION_LEVEL = s 17 | 18 | // Deploment postprocessing is what triggers Xcode to strip 19 | DEPLOYMENT_POSTPROCESSING = YES 20 | 21 | // No symbols 22 | GCC_GENERATE_DEBUGGING_SYMBOLS = NO 23 | 24 | // Dead code strip does not affect ObjC code but can help for C 25 | DEAD_CODE_STRIPPING = YES 26 | 27 | // NDEBUG is used by things like assert.h, so define it for general compat. 28 | // ASSERT going away in release tends to create unused vars. 29 | OTHER_CFLAGS = $(OTHER_CFLAGS) -DNDEBUG=1 -Wno-unused-variable 30 | 31 | // When we strip we want to strip all symbols in release, but save externals. 32 | STRIP_STYLE = all 33 | -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/googletest-release-1.7.0/xcode/Config/StaticLibraryTarget.xcconfig: -------------------------------------------------------------------------------- 1 | // 2 | // StaticLibraryTarget.xcconfig 3 | // 4 | // These are static library target settings for libgtest.a. It 5 | // is set in the "Based On:" dropdown in the "Target" info dialog. 6 | // This file is based on the Xcode Configuration files in: 7 | // http://code.google.com/p/google-toolbox-for-mac/ 8 | // 9 | 10 | // Static libs can be included in bundles so make them position independent 11 | GCC_DYNAMIC_NO_PIC = NO 12 | 13 | // Static libs should not have their internal globals or external symbols 14 | // stripped. 15 | STRIP_STYLE = debugging 16 | 17 | // Let the user install by specifying the $DSTROOT with xcodebuild 18 | SKIP_INSTALL = NO 19 | -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/googletest-release-1.7.0/xcode/Config/TestTarget.xcconfig: -------------------------------------------------------------------------------- 1 | // 2 | // TestTarget.xcconfig 3 | // 4 | // These are Test target settings for the gtest framework and examples. It 5 | // is set in the "Based On:" dropdown in the "Target" info dialog. 6 | 7 | PRODUCT_NAME = $(TARGET_NAME) 8 | HEADER_SEARCH_PATHS = ../include 9 | -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/googletest-release-1.7.0/xcode/Resources/Info.plist: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | CFBundleDevelopmentRegion 6 | English 7 | CFBundleExecutable 8 | ${EXECUTABLE_NAME} 9 | CFBundleIconFile 10 | 11 | CFBundleIdentifier 12 | com.google.${PRODUCT_NAME} 13 | CFBundleInfoDictionaryVersion 14 | 6.0 15 | CFBundlePackageType 16 | FMWK 17 | CFBundleSignature 18 | ???? 19 | CFBundleVersion 20 | GTEST_VERSIONINFO_LONG 21 | CFBundleShortVersionString 22 | GTEST_VERSIONINFO_SHORT 23 | CFBundleGetInfoString 24 | ${PRODUCT_NAME} GTEST_VERSIONINFO_LONG, ${GTEST_VERSIONINFO_ABOUT} 25 | NSHumanReadableCopyright 26 | ${GTEST_VERSIONINFO_ABOUT} 27 | CSResourcesFileMapped 28 | 29 | 30 | 31 | -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/googletest-release-1.7.0/xcode/Samples/FrameworkSample/Info.plist: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | CFBundleDevelopmentRegion 6 | English 7 | CFBundleExecutable 8 | ${EXECUTABLE_NAME} 9 | CFBundleIconFile 10 | 11 | CFBundleIdentifier 12 | com.google.gtest.${PRODUCT_NAME:identifier} 13 | CFBundleInfoDictionaryVersion 14 | 6.0 15 | CFBundleName 16 | ${PRODUCT_NAME} 17 | CFBundlePackageType 18 | FMWK 19 | CFBundleShortVersionString 20 | 1.0 21 | CFBundleSignature 22 | ???? 23 | CFBundleVersion 24 | 1.0 25 | CSResourcesFileMapped 26 | 27 | 28 | 29 | -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/include/pistache/common.h: -------------------------------------------------------------------------------- 1 | /* common.h 2 | Mathieu Stefani, 12 August 2015 3 | 4 | A collection of macro / utilities / constants 5 | */ 6 | 7 | #pragma once 8 | 9 | #include 10 | #include 11 | #include 12 | #include 13 | #include 14 | 15 | #include 16 | #include 17 | #include 18 | 19 | #define unsafe 20 | 21 | #define TRY(...) \ 22 | do { \ 23 | auto ret = __VA_ARGS__; \ 24 | if (ret < 0) { \ 25 | const char* str = #__VA_ARGS__; \ 26 | std::ostringstream oss; \ 27 | oss << str << ": "; \ 28 | if (errno == 0) { \ 29 | oss << gai_strerror(ret); \ 30 | } else { \ 31 | oss << strerror(errno); \ 32 | } \ 33 | throw std::runtime_error(oss.str()); \ 34 | } \ 35 | } while (0) 36 | 37 | #define TRY_RET(...) \ 38 | [&]() { \ 39 | auto ret = __VA_ARGS__; \ 40 | if (ret < 0) { \ 41 | const char *str = #__VA_ARGS__; \ 42 | std::ostringstream oss; \ 43 | oss << str << ": " << strerror(errno); \ 44 | throw std::runtime_error(oss.str()); \ 45 | } \ 46 | return ret; \ 47 | }(); \ 48 | (void) 0 49 | 50 | #define unreachable() __builtin_unreachable() 51 | 52 | namespace Pistache { 53 | namespace Const { 54 | 55 | static constexpr int MaxBacklog = 128; 56 | static constexpr int MaxEvents = 1024; 57 | static constexpr int MaxBuffer = 4096; 58 | static constexpr int ChunkSize = 1024; 59 | } // namespace Const 60 | } // namespace Pistache 61 | -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/include/pistache/cookie.h: -------------------------------------------------------------------------------- 1 | /* 2 | Mathieu Stefani, 16 janvier 2016 3 | 4 | Representation of a Cookie as per http://tools.ietf.org/html/rfc6265 5 | */ 6 | 7 | #pragma once 8 | 9 | #include 10 | #include 11 | #include 12 | #include 13 | 14 | #include 15 | #include 16 | 17 | namespace Pistache { 18 | namespace Http { 19 | 20 | struct Cookie { 21 | Cookie(std::string name, std::string value); 22 | 23 | std::string name; 24 | std::string value; 25 | 26 | Optional path; 27 | Optional domain; 28 | Optional expires; 29 | 30 | Optional maxAge; 31 | bool secure; 32 | bool httpOnly; 33 | 34 | std::map ext; 35 | 36 | static Cookie fromRaw(const char* str, size_t len); 37 | static Cookie fromString(const std::string& str); 38 | 39 | void write(std::ostream& os) const; 40 | }; 41 | 42 | class CookieJar { 43 | public: 44 | typedef std::unordered_map Storage; 45 | 46 | struct iterator : std::iterator { 47 | iterator(const Storage::const_iterator& iterator) 48 | : it_(iterator) 49 | { } 50 | 51 | Cookie operator*() const { 52 | return it_->second; 53 | } 54 | 55 | iterator operator++() { 56 | ++it_; 57 | return iterator(it_); 58 | } 59 | 60 | iterator operator++(int) { 61 | iterator ret(it_); 62 | it_++; 63 | return ret; 64 | } 65 | 66 | bool operator !=(iterator other) const { 67 | return it_ != other.it_; 68 | } 69 | 70 | bool operator==(iterator other) const { 71 | return it_ == other.it_; 72 | } 73 | 74 | private: 75 | Storage::const_iterator it_; 76 | }; 77 | 78 | CookieJar(); 79 | 80 | void add(const Cookie& cookie); 81 | Cookie get(const std::string& name) const; 82 | 83 | bool has(const std::string& name) const; 84 | 85 | iterator begin() const { 86 | return iterator(cookies.begin()); 87 | } 88 | 89 | iterator end() const { 90 | return iterator(cookies.end()); 91 | } 92 | 93 | private: 94 | Storage cookies; 95 | }; 96 | 97 | } // namespace Net 98 | } // namespace Pistache 99 | -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/include/pistache/endpoint.h: -------------------------------------------------------------------------------- 1 | /* 2 | Mathieu Stefani, 22 janvier 2016 3 | 4 | An Http endpoint 5 | */ 6 | 7 | #pragma once 8 | 9 | #include 10 | #include 11 | #include 12 | 13 | namespace Pistache { 14 | namespace Http { 15 | 16 | class Endpoint { 17 | public: 18 | struct Options { 19 | friend class Endpoint; 20 | 21 | Options& threads(int val); 22 | Options& flags(Flags flags); 23 | Options& backlog(int val); 24 | 25 | private: 26 | int threads_; 27 | Flags flags_; 28 | int backlog_; 29 | Options(); 30 | }; 31 | Endpoint(); 32 | Endpoint(const Address& addr); 33 | 34 | template 35 | void initArgs(Args&& ...args) { 36 | listener.init(std::forward(args)...); 37 | } 38 | 39 | void init(const Options& options); 40 | void setHandler(const std::shared_ptr& handler); 41 | 42 | void bind(); 43 | void bind(const Address& addr); 44 | 45 | void serve(); 46 | void serveThreaded(); 47 | 48 | void shutdown(); 49 | 50 | bool isBound() const { 51 | return listener.isBound(); 52 | } 53 | 54 | Async::Promise requestLoad(const Tcp::Listener::Load& old); 55 | 56 | static Options options(); 57 | 58 | private: 59 | 60 | template 61 | void serveImpl(Method method) 62 | { 63 | #define CALL_MEMBER_FN(obj, pmf) ((obj).*(pmf)) 64 | if (!handler_) 65 | throw std::runtime_error("Must call setHandler() prior to serve()"); 66 | 67 | listener.setHandler(handler_); 68 | 69 | if (listener.bind()) { 70 | const auto& addr = listener.address(); 71 | CALL_MEMBER_FN(listener, method)(); 72 | } 73 | #undef CALL_MEMBER_FN 74 | } 75 | 76 | std::shared_ptr handler_; 77 | Tcp::Listener listener; 78 | }; 79 | 80 | template 81 | void listenAndServe(Address addr) 82 | { 83 | auto options = Endpoint::options().threads(1); 84 | listenAndServe(addr, options); 85 | } 86 | 87 | template 88 | void listenAndServe(Address addr, const Endpoint::Options& options) 89 | { 90 | Endpoint endpoint(addr); 91 | endpoint.init(options); 92 | endpoint.setHandler(make_handler()); 93 | endpoint.serve(); 94 | } 95 | 96 | 97 | } // namespace Http 98 | } // namespace Pistache 99 | -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/include/pistache/iterator_adapter.h: -------------------------------------------------------------------------------- 1 | /* 2 | Mathieu Stefani, 28 février 2016 3 | 4 | A collection of sample iterator adapters 5 | */ 6 | 7 | #pragma once 8 | 9 | namespace Pistache { 10 | 11 | template 12 | struct FlatMapIteratorAdapter { 13 | typedef typename Map::key_type Key; 14 | typedef typename Map::mapped_type Value; 15 | typedef typename Map::const_iterator const_iterator; 16 | 17 | FlatMapIteratorAdapter(const_iterator it) 18 | : it(it) 19 | { } 20 | 21 | FlatMapIteratorAdapter operator++() { 22 | ++it; 23 | return FlatMapIteratorAdapter(it); 24 | } 25 | 26 | const Value& operator*() { 27 | return it->second; 28 | } 29 | 30 | bool operator==(FlatMapIteratorAdapter other) { 31 | return other.it == it; 32 | } 33 | 34 | bool operator!=(FlatMapIteratorAdapter other) { 35 | return !(*this == other); 36 | } 37 | 38 | private: 39 | const_iterator it; 40 | }; 41 | 42 | template 43 | FlatMapIteratorAdapter 44 | makeFlatMapIterator(const Map&, typename Map::const_iterator it) { 45 | return FlatMapIteratorAdapter(it); 46 | } 47 | 48 | } // namespace Pistache 49 | -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/include/pistache/listener.h: -------------------------------------------------------------------------------- 1 | /* listener.h 2 | Mathieu Stefani, 12 August 2015 3 | 4 | A TCP Listener 5 | */ 6 | 7 | #pragma once 8 | 9 | #include 10 | #include 11 | #include 12 | 13 | #include 14 | 15 | #include 16 | #include 17 | #include 18 | #include 19 | #include 20 | #include 21 | 22 | namespace Pistache { 23 | namespace Tcp { 24 | 25 | class Peer; 26 | class Transport; 27 | 28 | void setSocketOptions(Fd fd, Flags options); 29 | 30 | class Listener { 31 | public: 32 | 33 | struct Load { 34 | typedef std::chrono::system_clock::time_point TimePoint; 35 | double global; 36 | std::vector workers; 37 | 38 | std::vector raw; 39 | TimePoint tick; 40 | }; 41 | 42 | Listener(); 43 | ~Listener(); 44 | 45 | Listener(const Address& address); 46 | void init( 47 | size_t workers, 48 | Flags options = Options::None, 49 | int backlog = Const::MaxBacklog); 50 | void setHandler(const std::shared_ptr& handler); 51 | 52 | bool bind(); 53 | bool bind(const Address& adress); 54 | 55 | bool isBound() const; 56 | 57 | void run(); 58 | void runThreaded(); 59 | 60 | void shutdown(); 61 | 62 | Async::Promise requestLoad(const Load& old); 63 | 64 | Options options() const; 65 | Address address() const; 66 | 67 | void pinWorker(size_t worker, const CpuSet& set); 68 | 69 | private: 70 | Address addr_; 71 | int listen_fd; 72 | int backlog_; 73 | NotifyFd shutdownFd; 74 | Polling::Epoll poller; 75 | 76 | Flags options_; 77 | std::unique_ptr acceptThread; 78 | 79 | size_t workers_; 80 | std::shared_ptr transport_; 81 | std::shared_ptr handler_; 82 | 83 | std::shared_ptr reactor_; 84 | Aio::Reactor::Key transportKey; 85 | 86 | void handleNewConnection(); 87 | void dispatchPeer(const std::shared_ptr& peer); 88 | 89 | }; 90 | 91 | } // namespace Tcp 92 | } // namespace Pistache 93 | -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/include/pistache/peer.h: -------------------------------------------------------------------------------- 1 | /* peer.h 2 | Mathieu Stefani, 12 August 2015 3 | 4 | A class representing a TCP Peer 5 | */ 6 | 7 | #pragma once 8 | 9 | #include 10 | #include 11 | #include 12 | #include 13 | 14 | #include 15 | #include 16 | #include 17 | #include 18 | 19 | namespace Pistache { 20 | namespace Tcp { 21 | 22 | class Transport; 23 | 24 | class Peer { 25 | public: 26 | friend class Transport; 27 | 28 | Peer(); 29 | Peer(const Address& addr); 30 | 31 | Address address() const; 32 | std::string hostname() const; 33 | 34 | void associateFd(Fd fd); 35 | Fd fd() const; 36 | 37 | void putData(std::string name, std::shared_ptr data); 38 | 39 | std::shared_ptr getData(std::string name) const; 40 | template 41 | std::shared_ptr getData(std::string name) const { 42 | return std::static_pointer_cast(getData(std::move(name))); 43 | } 44 | 45 | std::shared_ptr tryGetData(std::string name) const; 46 | template 47 | std::shared_ptr tryGetData(std::string name) const { 48 | auto data = tryGetData(std::move(name)); 49 | if (data == nullptr) return nullptr; 50 | 51 | return std::static_pointer_cast(data); 52 | } 53 | 54 | Async::Promise send(const Buffer& buffer, int flags = 0); 55 | 56 | private: 57 | void associateTransport(Transport* transport); 58 | Transport* transport() const; 59 | 60 | Transport* transport_; 61 | 62 | Address addr; 63 | std::string hostname_; 64 | Fd fd_; 65 | std::unordered_map> data_; 66 | }; 67 | 68 | std::ostream& operator<<(std::ostream& os, const Peer& peer); 69 | 70 | } // namespace Tcp 71 | } // namespace Pistache 72 | -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/include/pistache/prototype.h: -------------------------------------------------------------------------------- 1 | /* 2 | Mathieu Stefani, 28 janvier 2016 3 | 4 | Simple Prototype design pattern implement 5 | */ 6 | 7 | #pragma once 8 | 9 | #include 10 | #include 11 | 12 | namespace Pistache { 13 | 14 | /* In a sense, a Prototype is just a class that provides a clone() method */ 15 | template 16 | struct Prototype { 17 | virtual std::shared_ptr clone() const = 0; 18 | }; 19 | 20 | } // namespace Pistache 21 | 22 | #define PROTOTYPE_OF(Base, Class) \ 23 | private: \ 24 | std::shared_ptr clone() const { \ 25 | return std::make_shared(); \ 26 | } \ 27 | public: 28 | -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/include/pistache/route_bind.h: -------------------------------------------------------------------------------- 1 | /* 2 | Mathieu Stefani, 27 février 2016 3 | 4 | A special bind() method for REST routes 5 | */ 6 | 7 | #pragma once 8 | 9 | namespace Pistache { 10 | namespace Rest { 11 | namespace Route { 12 | 13 | void Get(Router& router, std::string resource, Route::Handler handler); 14 | void Post(Router& router, std::string resource, Route::Handler handler); 15 | void Put(Router& router, std::string resource, Route::Handler handler); 16 | void Delete(Router& router, std::string resource, Route::Handler handler); 17 | 18 | namespace details { 19 | template 20 | struct TypeList 21 | { 22 | template 23 | struct At { 24 | static_assert(N < sizeof...(Args), "Invalid index"); 25 | typedef typename std::tuple_element>::type Type; 26 | }; 27 | }; 28 | 29 | template 30 | void static_checks() { 31 | static_assert(sizeof...(Args) == 2, "Function should take 2 parameters"); 32 | typedef details::TypeList Arguments; 33 | // Disabled now as it 34 | // 1/ does not compile 35 | // 2/ might not be relevant 36 | #if 0 37 | static_assert(std::is_same::Type, const Rest::Request&>::value, "First argument should be a const Rest::Request&"); 38 | static_assert(std::is_same::Type, Http::Response>::value, "Second argument should be a Http::Response"); 39 | #endif 40 | } 41 | } 42 | 43 | 44 | template 45 | Route::Handler bind(Result (Cls::*func)(Args...), Obj obj) { 46 | details::static_checks(); 47 | 48 | #define CALL_MEMBER_FN(obj, pmf) ((obj)->*(pmf)) 49 | 50 | return [=](const Rest::Request& request, Http::ResponseWriter response) { 51 | CALL_MEMBER_FN(obj, func)(request, std::move(response)); 52 | }; 53 | 54 | #undef CALL_MEMBER_FN 55 | } 56 | 57 | template 58 | Route::Handler bind(Result (*func)(Args...)) { 59 | details::static_checks(); 60 | 61 | return [=](const Rest::Request& request, Http::ResponseWriter response) { 62 | func(request, std::move(response)); 63 | }; 64 | } 65 | 66 | } // namespace Route 67 | } // namespace Rest 68 | } // namespace Pistache 69 | -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/include/pistache/tcp.h: -------------------------------------------------------------------------------- 1 | /* tcp.h 2 | Mathieu Stefani, 05 novembre 2015 3 | 4 | TCP 5 | */ 6 | 7 | #pragma once 8 | 9 | #include 10 | #include 11 | 12 | #include 13 | #include 14 | 15 | namespace Pistache { 16 | namespace Tcp { 17 | 18 | class Peer; 19 | class Transport; 20 | 21 | enum class Options : uint64_t { 22 | None = 0, 23 | NoDelay = 1, 24 | Linger = NoDelay << 1, 25 | FastOpen = Linger << 1, 26 | QuickAck = FastOpen << 1, 27 | ReuseAddr = QuickAck << 1, 28 | ReverseLookup = ReuseAddr << 1, 29 | InstallSignalHandler = ReverseLookup << 1 30 | }; 31 | 32 | DECLARE_FLAGS_OPERATORS(Options) 33 | 34 | class Handler : private Prototype { 35 | public: 36 | friend class Transport; 37 | 38 | Handler(); 39 | ~Handler(); 40 | 41 | virtual void onInput(const char *buffer, size_t len, const std::shared_ptr& peer) = 0; 42 | 43 | virtual void onConnection(const std::shared_ptr& peer); 44 | virtual void onDisconnection(const std::shared_ptr& peer); 45 | 46 | protected: 47 | Transport *transport() { 48 | if (!transport_) 49 | throw std::logic_error("Orphaned handler"); 50 | return transport_; 51 | } 52 | 53 | private: 54 | void associateTransport(Transport* transport); 55 | Transport *transport_; 56 | }; 57 | 58 | } // namespace Tcp 59 | } // namespace Pistache 60 | -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/include/pistache/timer_pool.h: -------------------------------------------------------------------------------- 1 | /* timer_pool.h 2 | Mathieu Stefani, 09 février 2016 3 | 4 | A pool of timer fd to avoid creating fds everytime we need a timer and 5 | thus reduce the total number of system calls. 6 | 7 | Most operations are lock-free except resize operations needed when the 8 | pool is empty, in which case it's blocking but we expect it to be rare. 9 | */ 10 | 11 | #pragma once 12 | 13 | #include 14 | #include 15 | #include 16 | #include 17 | 18 | #include 19 | 20 | #include 21 | #include 22 | 23 | namespace Pistache { 24 | 25 | namespace Default { 26 | static constexpr size_t InitialPoolSize = 128; 27 | } 28 | 29 | class TimerPool { 30 | public: 31 | TimerPool(size_t initialSize = Default::InitialPoolSize); 32 | 33 | struct Entry { 34 | 35 | friend class TimerPool; 36 | 37 | Fd fd; 38 | 39 | Entry() 40 | : fd(-1) 41 | , registered(false) 42 | { 43 | state.store(static_cast(State::Idle)); 44 | } 45 | 46 | ~Entry() { 47 | if (fd != -1) 48 | close(fd); 49 | } 50 | 51 | void initialize(); 52 | template 53 | void arm(Duration duration) { 54 | if (fd == -1) return; 55 | 56 | armMs(std::chrono::duration_cast(duration)); 57 | } 58 | 59 | void disarm(); 60 | 61 | void 62 | registerReactor(const Aio::Reactor::Key& key, Aio::Reactor* reactor) { 63 | if (!registered) { 64 | reactor->registerFd(key, fd, Polling::NotifyOn::Read); 65 | registered = true; 66 | } 67 | } 68 | 69 | private: 70 | void armMs(std::chrono::milliseconds value); 71 | enum class State : uint32_t { Idle, Used }; 72 | std::atomic state; 73 | 74 | bool registered; 75 | }; 76 | 77 | std::shared_ptr pickTimer(); 78 | void releaseTimer(const std::shared_ptr& timer); 79 | 80 | private: 81 | std::vector> timers; 82 | }; 83 | 84 | } // namespace Pistache 85 | -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/include/pistache/typeid.h: -------------------------------------------------------------------------------- 1 | /* typeid.h 2 | Mathieu Stefani, 30 novembre 2015 3 | Copyright (c) 2015 Datacratic. All rights reserved. 4 | 5 | This header provides a TypeId type that holds an unique identifier 6 | for a given type. Basically equivalent to std::type_info except that 7 | it does not rely on RTTI. The identifier is determined at compile-time. 8 | 9 | Inspired by Rust's std::TypeId 10 | */ 11 | 12 | #pragma once 13 | 14 | namespace Pistache { 15 | 16 | class TypeId { 17 | public: 18 | template 19 | static TypeId of() { 20 | static char const id_ {}; 21 | 22 | return TypeId(&id_); 23 | } 24 | 25 | operator size_t() const { 26 | return reinterpret_cast(id_); 27 | } 28 | 29 | private: 30 | typedef void const* Id; 31 | 32 | TypeId(Id id) 33 | : id_(id) 34 | { } 35 | 36 | Id id_; 37 | }; 38 | 39 | #define APPLY_OP(lhs, rhs, op) \ 40 | static_cast(lhs) op static_cast(rhs); 41 | 42 | inline bool operator==(const TypeId& lhs, const TypeId& rhs) { 43 | return APPLY_OP(lhs, rhs, ==); 44 | } 45 | 46 | inline bool operator !=(const TypeId& lhs, const TypeId& rhs) { 47 | return APPLY_OP(lhs, rhs, !=); 48 | } 49 | 50 | inline bool operator<(const TypeId& lhs, const TypeId& rhs) { 51 | return APPLY_OP(lhs, rhs, <); 52 | } 53 | 54 | #undef APPLY_OP 55 | 56 | } // namespace Pistache 57 | 58 | namespace std { 59 | template<> struct hash { 60 | size_t operator()(const Pistache::TypeId& id) { 61 | return static_cast(id); 62 | } 63 | }; 64 | } 65 | -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/install_manifest.txt: -------------------------------------------------------------------------------- 1 | /usr/local/lib/libpistache.a 2 | /usr/local/include/pistache/mime.h 3 | /usr/local/include/pistache/view.h 4 | /usr/local/include/pistache/common.h 5 | /usr/local/include/pistache/typeid.h 6 | /usr/local/include/pistache/tcp.h 7 | /usr/local/include/pistache/http.h 8 | /usr/local/include/pistache/iterator_adapter.h 9 | /usr/local/include/pistache/http_header.h 10 | /usr/local/include/pistache/os.h 11 | /usr/local/include/pistache/http_headers.h 12 | /usr/local/include/pistache/mailbox.h 13 | /usr/local/include/pistache/serializer/rapidjson.h 14 | /usr/local/include/pistache/timer_pool.h 15 | /usr/local/include/pistache/net.h 16 | /usr/local/include/pistache/peer.h 17 | /usr/local/include/pistache/async.h 18 | /usr/local/include/pistache/reactor.h 19 | /usr/local/include/pistache/description.h 20 | /usr/local/include/pistache/listener.h 21 | /usr/local/include/pistache/cookie.h 22 | /usr/local/include/pistache/router.h 23 | /usr/local/include/pistache/optional.h 24 | /usr/local/include/pistache/route_bind.h 25 | /usr/local/include/pistache/prototype.h 26 | /usr/local/include/pistache/http_defs.h 27 | /usr/local/include/pistache/endpoint.h 28 | /usr/local/include/pistache/client.h 29 | /usr/local/include/pistache/stream.h 30 | /usr/local/include/pistache/flags.h 31 | /usr/local/include/pistache/transport.h 32 | /usr/local/lib/libpistache.a 33 | /usr/local/lib/cmake/pistache/PistacheTargets.cmake 34 | /usr/local/lib/cmake/pistache/PistacheTargets-release.cmake 35 | /usr/local/lib/cmake/pistache/PistacheConfig.cmake -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/src/CMakeFiles/CMakeDirectoryInformation.cmake: -------------------------------------------------------------------------------- 1 | # CMAKE generated file: DO NOT EDIT! 2 | # Generated by "Unix Makefiles" Generator, CMake Version 3.5 3 | 4 | # Relative path conversion top directories. 5 | set(CMAKE_RELATIVE_PATH_TOP_SOURCE "/home/sinn3r/Desktop/buffer_overflow/pistache") 6 | set(CMAKE_RELATIVE_PATH_TOP_BINARY "/home/sinn3r/Desktop/buffer_overflow/pistache") 7 | 8 | # Force unix paths in dependencies. 9 | set(CMAKE_FORCE_UNIX_PATHS 1) 10 | 11 | 12 | # The C and CXX include file regular expressions for this directory. 13 | set(CMAKE_C_INCLUDE_REGEX_SCAN "^.*$") 14 | set(CMAKE_C_INCLUDE_REGEX_COMPLAIN "^$") 15 | set(CMAKE_CXX_INCLUDE_REGEX_SCAN ${CMAKE_C_INCLUDE_REGEX_SCAN}) 16 | set(CMAKE_CXX_INCLUDE_REGEX_COMPLAIN ${CMAKE_C_INCLUDE_REGEX_COMPLAIN}) 17 | -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/src/CMakeFiles/Export/lib/cmake/pistache/PistacheTargets-release.cmake: -------------------------------------------------------------------------------- 1 | #---------------------------------------------------------------- 2 | # Generated CMake target import file for configuration "Release". 3 | #---------------------------------------------------------------- 4 | 5 | # Commands may need to know the format version. 6 | set(CMAKE_IMPORT_FILE_VERSION 1) 7 | 8 | # Import target "pistache" for configuration "Release" 9 | set_property(TARGET pistache APPEND PROPERTY IMPORTED_CONFIGURATIONS RELEASE) 10 | set_target_properties(pistache PROPERTIES 11 | IMPORTED_LINK_INTERFACE_LANGUAGES_RELEASE "CXX" 12 | IMPORTED_LOCATION_RELEASE "${_IMPORT_PREFIX}/lib/libpistache.a" 13 | ) 14 | 15 | list(APPEND _IMPORT_CHECK_TARGETS pistache ) 16 | list(APPEND _IMPORT_CHECK_FILES_FOR_pistache "${_IMPORT_PREFIX}/lib/libpistache.a" ) 17 | 18 | # Commands beyond this point should not need to know the version. 19 | set(CMAKE_IMPORT_FILE_VERSION) 20 | -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/src/CMakeFiles/pistache.dir/client/client.cc.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Posix Stack Buffer Overflow/pistache/src/CMakeFiles/pistache.dir/client/client.cc.o -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/src/CMakeFiles/pistache.dir/cmake_clean.cmake: -------------------------------------------------------------------------------- 1 | file(REMOVE_RECURSE 2 | "CMakeFiles/pistache.dir/common/http.cc.o" 3 | "CMakeFiles/pistache.dir/common/transport.cc.o" 4 | "CMakeFiles/pistache.dir/common/http_header.cc.o" 5 | "CMakeFiles/pistache.dir/common/stream.cc.o" 6 | "CMakeFiles/pistache.dir/common/timer_pool.cc.o" 7 | "CMakeFiles/pistache.dir/common/mime.cc.o" 8 | "CMakeFiles/pistache.dir/common/description.cc.o" 9 | "CMakeFiles/pistache.dir/common/reactor.cc.o" 10 | "CMakeFiles/pistache.dir/common/peer.cc.o" 11 | "CMakeFiles/pistache.dir/common/os.cc.o" 12 | "CMakeFiles/pistache.dir/common/http_headers.cc.o" 13 | "CMakeFiles/pistache.dir/common/net.cc.o" 14 | "CMakeFiles/pistache.dir/common/tcp.cc.o" 15 | "CMakeFiles/pistache.dir/common/cookie.cc.o" 16 | "CMakeFiles/pistache.dir/common/http_defs.cc.o" 17 | "CMakeFiles/pistache.dir/server/router.cc.o" 18 | "CMakeFiles/pistache.dir/server/endpoint.cc.o" 19 | "CMakeFiles/pistache.dir/server/listener.cc.o" 20 | "CMakeFiles/pistache.dir/client/client.cc.o" 21 | "libpistache.pdb" 22 | "libpistache.a" 23 | ) 24 | 25 | # Per-language clean rules from dependency scanning. 26 | foreach(lang CXX) 27 | include(CMakeFiles/pistache.dir/cmake_clean_${lang}.cmake OPTIONAL) 28 | endforeach() 29 | -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/src/CMakeFiles/pistache.dir/cmake_clean_target.cmake: -------------------------------------------------------------------------------- 1 | file(REMOVE_RECURSE 2 | "libpistache.a" 3 | ) 4 | -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/src/CMakeFiles/pistache.dir/common/cookie.cc.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Posix Stack Buffer Overflow/pistache/src/CMakeFiles/pistache.dir/common/cookie.cc.o -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/src/CMakeFiles/pistache.dir/common/description.cc.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Posix Stack Buffer Overflow/pistache/src/CMakeFiles/pistache.dir/common/description.cc.o -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/src/CMakeFiles/pistache.dir/common/http.cc.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Posix Stack Buffer Overflow/pistache/src/CMakeFiles/pistache.dir/common/http.cc.o -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/src/CMakeFiles/pistache.dir/common/http_defs.cc.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Posix Stack Buffer Overflow/pistache/src/CMakeFiles/pistache.dir/common/http_defs.cc.o -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/src/CMakeFiles/pistache.dir/common/http_header.cc.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Posix Stack Buffer Overflow/pistache/src/CMakeFiles/pistache.dir/common/http_header.cc.o -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/src/CMakeFiles/pistache.dir/common/http_headers.cc.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Posix Stack Buffer Overflow/pistache/src/CMakeFiles/pistache.dir/common/http_headers.cc.o -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/src/CMakeFiles/pistache.dir/common/mime.cc.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Posix Stack Buffer Overflow/pistache/src/CMakeFiles/pistache.dir/common/mime.cc.o -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/src/CMakeFiles/pistache.dir/common/net.cc.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Posix Stack Buffer Overflow/pistache/src/CMakeFiles/pistache.dir/common/net.cc.o -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/src/CMakeFiles/pistache.dir/common/os.cc.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Posix Stack Buffer Overflow/pistache/src/CMakeFiles/pistache.dir/common/os.cc.o -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/src/CMakeFiles/pistache.dir/common/peer.cc.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Posix Stack Buffer Overflow/pistache/src/CMakeFiles/pistache.dir/common/peer.cc.o -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/src/CMakeFiles/pistache.dir/common/reactor.cc.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Posix Stack Buffer Overflow/pistache/src/CMakeFiles/pistache.dir/common/reactor.cc.o -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/src/CMakeFiles/pistache.dir/common/stream.cc.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Posix Stack Buffer Overflow/pistache/src/CMakeFiles/pistache.dir/common/stream.cc.o -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/src/CMakeFiles/pistache.dir/common/tcp.cc.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Posix Stack Buffer Overflow/pistache/src/CMakeFiles/pistache.dir/common/tcp.cc.o -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/src/CMakeFiles/pistache.dir/common/timer_pool.cc.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Posix Stack Buffer Overflow/pistache/src/CMakeFiles/pistache.dir/common/timer_pool.cc.o -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/src/CMakeFiles/pistache.dir/common/transport.cc.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Posix Stack Buffer Overflow/pistache/src/CMakeFiles/pistache.dir/common/transport.cc.o -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/src/CMakeFiles/pistache.dir/flags.make: -------------------------------------------------------------------------------- 1 | # CMAKE generated file: DO NOT EDIT! 2 | # Generated by "Unix Makefiles" Generator, CMake Version 3.5 3 | 4 | # compile CXX with /usr/bin/c++ 5 | CXX_FLAGS = -std=c++11 -O3 -DNDEBUG 6 | 7 | CXX_DEFINES = 8 | 9 | CXX_INCLUDES = -I/home/sinn3r/Desktop/buffer_overflow/pistache/include -I/home/sinn3r/Desktop/buffer_overflow/pistache/src/../include 10 | 11 | -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/src/CMakeFiles/pistache.dir/link.txt: -------------------------------------------------------------------------------- 1 | /usr/bin/ar qc libpistache.a CMakeFiles/pistache.dir/common/http.cc.o CMakeFiles/pistache.dir/common/transport.cc.o CMakeFiles/pistache.dir/common/http_header.cc.o CMakeFiles/pistache.dir/common/stream.cc.o CMakeFiles/pistache.dir/common/timer_pool.cc.o CMakeFiles/pistache.dir/common/mime.cc.o CMakeFiles/pistache.dir/common/description.cc.o CMakeFiles/pistache.dir/common/reactor.cc.o CMakeFiles/pistache.dir/common/peer.cc.o CMakeFiles/pistache.dir/common/os.cc.o CMakeFiles/pistache.dir/common/http_headers.cc.o CMakeFiles/pistache.dir/common/net.cc.o CMakeFiles/pistache.dir/common/tcp.cc.o CMakeFiles/pistache.dir/common/cookie.cc.o CMakeFiles/pistache.dir/common/http_defs.cc.o CMakeFiles/pistache.dir/server/router.cc.o CMakeFiles/pistache.dir/server/endpoint.cc.o CMakeFiles/pistache.dir/server/listener.cc.o CMakeFiles/pistache.dir/client/client.cc.o 2 | /usr/bin/ranlib libpistache.a 3 | -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/src/CMakeFiles/pistache.dir/progress.make: -------------------------------------------------------------------------------- 1 | CMAKE_PROGRESS_1 = 1 2 | CMAKE_PROGRESS_2 = 2 3 | CMAKE_PROGRESS_3 = 3 4 | CMAKE_PROGRESS_4 = 4 5 | CMAKE_PROGRESS_5 = 5 6 | CMAKE_PROGRESS_6 = 6 7 | CMAKE_PROGRESS_7 = 7 8 | CMAKE_PROGRESS_8 = 8 9 | CMAKE_PROGRESS_9 = 9 10 | CMAKE_PROGRESS_10 = 10 11 | CMAKE_PROGRESS_11 = 11 12 | CMAKE_PROGRESS_12 = 12 13 | CMAKE_PROGRESS_13 = 13 14 | CMAKE_PROGRESS_14 = 14 15 | CMAKE_PROGRESS_15 = 15 16 | CMAKE_PROGRESS_16 = 16 17 | CMAKE_PROGRESS_17 = 17 18 | CMAKE_PROGRESS_18 = 18 19 | CMAKE_PROGRESS_19 = 19 20 | CMAKE_PROGRESS_20 = 20 21 | 22 | -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/src/CMakeFiles/pistache.dir/server/endpoint.cc.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Posix Stack Buffer Overflow/pistache/src/CMakeFiles/pistache.dir/server/endpoint.cc.o -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/src/CMakeFiles/pistache.dir/server/listener.cc.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Posix Stack Buffer Overflow/pistache/src/CMakeFiles/pistache.dir/server/listener.cc.o -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/src/CMakeFiles/pistache.dir/server/router.cc.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Posix Stack Buffer Overflow/pistache/src/CMakeFiles/pistache.dir/server/router.cc.o -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/src/CMakeFiles/progress.marks: -------------------------------------------------------------------------------- 1 | 20 2 | -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/src/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | file (GLOB COMMON_SOURCE_FILES "common/*.cc") 2 | file (GLOB SERVER_SOURCE_FILES "server/*.cc") 3 | file (GLOB CLIENT_SOURCE_FILES "client/*.cc") 4 | 5 | file (GLOB INCLUDE_FILES ${PROJECT_SOURCE_DIR}/include/pistache/*h) 6 | 7 | set(SOURCE_FILES 8 | ${COMMON_SOURCE_FILES} 9 | ${SERVER_SOURCE_FILES} 10 | ${CLIENT_SOURCE_FILES} 11 | ${INCLUDE_FILES} 12 | ) 13 | 14 | add_library(pistache ${SOURCE_FILES}) 15 | set_target_properties(pistache PROPERTIES 16 | OUTPUT_NAME "pistache" 17 | VERSION ${GENERIC_LIB_VERSION} 18 | SOVERSION ${GENERIC_LIB_SOVERSION} 19 | ) 20 | 21 | target_include_directories(pistache PUBLIC 22 | $ 23 | ) 24 | 25 | set(include_install_dir "include") 26 | set(lib_install_dir "lib/") 27 | set(bin_install_dir "bin/") 28 | 29 | target_link_libraries(pistache pthread) 30 | 31 | if (PISTACHE_INSTALL) 32 | install( 33 | TARGETS pistache 34 | EXPORT ${targets_export_name} 35 | ARCHIVE DESTINATION ${lib_install_dir} 36 | LIBRARY DESTINATION ${lib_install_dir} 37 | RUNTIME DESTINATION ${bin_install_dir} 38 | INCLUDES DESTINATION ${include_install_dir}) 39 | 40 | install( 41 | DIRECTORY "${PROJECT_SOURCE_DIR}/include/pistache" 42 | DESTINATION ${include_install_dir} 43 | FILES_MATCHING PATTERN "*.*h") 44 | install(TARGETS pistache 45 | EXPORT PistacheTargets 46 | DESTINATION lib) 47 | install(EXPORT PistacheTargets 48 | DESTINATION "lib/cmake/pistache" 49 | EXPORT_LINK_INTERFACE_LIBRARIES 50 | COMPONENT cmake-config 51 | ) 52 | 53 | include(CMakePackageConfigHelpers) 54 | configure_package_config_file( 55 | "PistacheConfig.cmake.in" 56 | "${CMAKE_CURRENT_BINARY_DIR}/PistacheConfig.cmake" 57 | INSTALL_DESTINATION "lib/cmake/pistache" 58 | ) 59 | install( 60 | FILES "${CMAKE_CURRENT_BINARY_DIR}/PistacheConfig.cmake" 61 | DESTINATION "lib/cmake/pistache" 62 | COMPONENT cmake-config 63 | ) 64 | endif() 65 | -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/src/PistacheConfig.cmake: -------------------------------------------------------------------------------- 1 | 2 | ####### Expanded from @PACKAGE_INIT@ by configure_package_config_file() ####### 3 | ####### Any changes to this file will be overwritten by the next CMake run #### 4 | ####### The input file was PistacheConfig.cmake.in ######## 5 | 6 | get_filename_component(PACKAGE_PREFIX_DIR "${CMAKE_CURRENT_LIST_DIR}/../../../" ABSOLUTE) 7 | 8 | macro(set_and_check _var _file) 9 | set(${_var} "${_file}") 10 | if(NOT EXISTS "${_file}") 11 | message(FATAL_ERROR "File or directory ${_file} referenced by variable ${_var} does not exist !") 12 | endif() 13 | endmacro() 14 | 15 | macro(check_required_components _NAME) 16 | foreach(comp ${${_NAME}_FIND_COMPONENTS}) 17 | if(NOT ${_NAME}_${comp}_FOUND) 18 | if(${_NAME}_FIND_REQUIRED_${comp}) 19 | set(${_NAME}_FOUND FALSE) 20 | endif() 21 | endif() 22 | endforeach() 23 | endmacro() 24 | 25 | #################################################################################### 26 | 27 | include("${CMAKE_CURRENT_LIST_DIR}/PistacheTargets.cmake") 28 | -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/src/PistacheConfig.cmake.in: -------------------------------------------------------------------------------- 1 | @PACKAGE_INIT@ 2 | 3 | include("${CMAKE_CURRENT_LIST_DIR}/PistacheTargets.cmake") 4 | -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/src/common/tcp.cc: -------------------------------------------------------------------------------- 1 | /* tcp.cc 2 | Mathieu Stefani, 05 novembre 2015 3 | 4 | TCP 5 | */ 6 | 7 | #include 8 | #include 9 | 10 | namespace Pistache { 11 | namespace Tcp { 12 | 13 | Handler::Handler() 14 | : transport_(nullptr) 15 | { } 16 | 17 | Handler::~Handler() 18 | { } 19 | 20 | void 21 | Handler::associateTransport(Transport* transport) { 22 | transport_ = transport; 23 | } 24 | 25 | void 26 | Handler::onConnection(const std::shared_ptr& peer) { 27 | } 28 | 29 | void 30 | Handler::onDisconnection(const std::shared_ptr& peer) { 31 | } 32 | 33 | } // namespace Tcp 34 | } // namespace Pistache 35 | -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/src/common/timer_pool.cc: -------------------------------------------------------------------------------- 1 | /* timer_pool.cc 2 | Mathieu Stefani, 09 février 2016 3 | 4 | Implementation of the timer pool 5 | */ 6 | 7 | #include 8 | 9 | #include 10 | 11 | namespace Pistache { 12 | 13 | void 14 | TimerPool::Entry::initialize() { 15 | if (fd == -1) { 16 | fd = TRY_RET(timerfd_create(CLOCK_MONOTONIC, TFD_NONBLOCK)); 17 | } 18 | } 19 | 20 | void 21 | TimerPool::Entry::disarm() { 22 | if (fd == -1) return; 23 | 24 | itimerspec spec; 25 | spec.it_interval.tv_sec = 0; 26 | spec.it_interval.tv_nsec = 0; 27 | 28 | spec.it_value.tv_sec = 0; 29 | spec.it_value.tv_nsec = 0; 30 | 31 | TRY(timerfd_settime(fd, 0, &spec, 0)); 32 | } 33 | 34 | void 35 | TimerPool::Entry::armMs(std::chrono::milliseconds value) 36 | { 37 | itimerspec spec; 38 | spec.it_interval.tv_sec = 0; 39 | spec.it_interval.tv_nsec = 0; 40 | 41 | if (value.count() < 1000) { 42 | spec.it_value.tv_sec = 0; 43 | spec.it_value.tv_nsec 44 | = std::chrono::duration_cast(value).count(); 45 | } else { 46 | spec.it_value.tv_sec 47 | = std::chrono::duration_cast(value).count(); 48 | spec.it_value.tv_nsec = 0; 49 | } 50 | TRY(timerfd_settime(fd, 0, &spec, 0)); 51 | } 52 | 53 | TimerPool::TimerPool(size_t initialSize) 54 | { 55 | for (size_t i = 0; i < initialSize; ++i) { 56 | timers.push_back(std::make_shared()); 57 | } 58 | } 59 | 60 | std::shared_ptr 61 | TimerPool::pickTimer() { 62 | for (auto& entry: timers) { 63 | auto curState = static_cast(TimerPool::Entry::State::Idle); 64 | auto newState = static_cast(TimerPool::Entry::State::Used); 65 | if (entry->state.compare_exchange_strong(curState, newState)) { 66 | entry->initialize(); 67 | return entry; 68 | } 69 | } 70 | 71 | return nullptr; 72 | } 73 | 74 | void 75 | TimerPool::releaseTimer(const std::shared_ptr& timer) { 76 | timer->state.store(static_cast(TimerPool::Entry::State::Idle)); 77 | } 78 | 79 | } // namespace Pistache 80 | -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/src/libpistache.a: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Posix Stack Buffer Overflow/pistache/src/libpistache.a -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/src/server/endpoint.cc: -------------------------------------------------------------------------------- 1 | /* endpoint.cc 2 | Mathieu Stefani, 22 janvier 2016 3 | 4 | Implementation of the http endpoint 5 | */ 6 | 7 | 8 | #include 9 | #include 10 | #include 11 | 12 | namespace Pistache { 13 | namespace Http { 14 | 15 | Endpoint::Options::Options() 16 | : threads_(1) 17 | { } 18 | 19 | Endpoint::Options& 20 | Endpoint::Options::threads(int val) { 21 | threads_ = val; 22 | return *this; 23 | } 24 | 25 | Endpoint::Options& 26 | Endpoint::Options::flags(Flags flags) { 27 | flags_ = flags; 28 | return *this; 29 | } 30 | 31 | Endpoint::Options& 32 | Endpoint::Options::backlog(int val) { 33 | backlog_ = val; 34 | return *this; 35 | } 36 | 37 | Endpoint::Endpoint() 38 | { } 39 | 40 | Endpoint::Endpoint(const Address& addr) 41 | : listener(addr) 42 | { } 43 | 44 | void 45 | Endpoint::init(const Endpoint::Options& options) { 46 | listener.init(options.threads_, options.flags_); 47 | } 48 | 49 | void 50 | Endpoint::setHandler(const std::shared_ptr& handler) { 51 | handler_ = handler; 52 | } 53 | 54 | void 55 | Endpoint::bind() { 56 | listener.bind(); 57 | } 58 | 59 | void 60 | Endpoint::bind(const Address& addr) { 61 | listener.bind(addr); 62 | } 63 | 64 | void 65 | Endpoint::serve() 66 | { 67 | serveImpl(&Tcp::Listener::run); 68 | } 69 | 70 | void 71 | Endpoint::serveThreaded() 72 | { 73 | serveImpl(&Tcp::Listener::runThreaded); 74 | } 75 | 76 | void 77 | Endpoint::shutdown() 78 | { 79 | listener.shutdown(); 80 | } 81 | 82 | Async::Promise 83 | Endpoint::requestLoad(const Tcp::Listener::Load& old) { 84 | return listener.requestLoad(old); 85 | } 86 | 87 | Endpoint::Options 88 | Endpoint::options() { 89 | return Options(); 90 | } 91 | 92 | } // namespace Http 93 | } // namespace Pistache 94 | -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/tests/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | function(pistache_test test_name) 2 | set(TEST_EXECUTABLE run_${test_name}) 3 | set(TEST_SOURCE ${test_name}.cc) 4 | 5 | add_executable(${TEST_EXECUTABLE} ${TEST_SOURCE}) 6 | target_link_libraries(${TEST_EXECUTABLE} gtest gtest_main pistache) 7 | add_test(${test_name} ${TEST_EXECUTABLE}) 8 | endfunction() 9 | 10 | 11 | pistache_test(mime_test) 12 | pistache_test(headers_test) 13 | pistache_test(async_test) 14 | pistache_test(typeid_test) 15 | pistache_test(router_test) 16 | pistache_test(cookie_test) 17 | pistache_test(view_test) 18 | pistache_test(http_parsing_test) 19 | -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/tests/http_parsing_test.cc: -------------------------------------------------------------------------------- 1 | #include "gtest/gtest.h" 2 | #include 3 | 4 | using namespace Pistache; 5 | 6 | // @Todo: Add an easy to use fixture to inject data for parsing tests. 7 | 8 | TEST(http_parsing_test, should_parse_http_request_in_two_packets_issue_160) 9 | { 10 | Http::Private::Parser parser; 11 | 12 | auto feed = [&](const char* data) 13 | { 14 | parser.feed(data, std::strlen(data)); 15 | }; 16 | 17 | // First, we feed the parser with a Request-Line 18 | feed("GET /hello HTTP/1.1\r\n"); 19 | ASSERT_EQ(parser.parse(), Http::Private::State::Again); 20 | // @Todo @Completeness We should also assert that we are in the correct step. However, the step is currently not 21 | // exposed by the parser. Since the parser is supposed to stay "private", we could either directly expose the step 22 | // or return it from the parse() method. 23 | 24 | // Let's now put some headers 25 | feed("User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36\r\n"); 26 | feed("Host: localhost\r\n"); 27 | feed("Content-Length: 5\r\n"); 28 | feed("\r\n"); 29 | ASSERT_EQ(parser.parse(), Http::Private::State::Again); 30 | 31 | // Finally, we finish the body 32 | feed("HELLO"); 33 | ASSERT_EQ(parser.parse(), Http::Private::State::Done); 34 | } -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/pistache/tests/typeid_test.cc: -------------------------------------------------------------------------------- 1 | #include "gtest/gtest.h" 2 | #include 3 | 4 | using namespace Pistache; 5 | 6 | TEST(type_id_test, basic_test) { 7 | ASSERT_EQ(TypeId::of(), TypeId::of()); 8 | 9 | ASSERT_NE(TypeId::of(), TypeId::of()); 10 | ASSERT_NE(TypeId::of(), TypeId::of()); 11 | ASSERT_NE(TypeId::of(), TypeId::of()); 12 | 13 | ASSERT_EQ(TypeId::of(), TypeId::of()); 14 | 15 | ASSERT_NE(TypeId::of(), TypeId::of()); 16 | ASSERT_NE(TypeId::of(), TypeId::of()); 17 | } 18 | -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/webserver: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Posix Stack Buffer Overflow/webserver -------------------------------------------------------------------------------- /Posix Stack Buffer Overflow/webserver.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include "pistache/endpoint.h" 3 | using namespace Pistache; 4 | using namespace std; 5 | 6 | 7 | namespace HttpServer { 8 | class Logger { 9 | public: 10 | static void LogResourceName(const Http::Request &request) { 11 | char buffer[1024]; 12 | const char* resourceName = request.resource().c_str(); 13 | sprintf(buffer, "[*] Resource accessed: %s", resourceName); 14 | cout << (char*) buffer << endl; 15 | } 16 | 17 | static void LogUserAgent(const Http::Request &request) { 18 | char buffer[1024]; 19 | auto header = request.headers().tryGet(); 20 | const char* userAgent = (char*) header->agent().c_str(); 21 | sprintf(buffer, "[*] User-Agent is: %s", userAgent); 22 | cout << (char*) buffer << endl; 23 | } 24 | }; 25 | 26 | class VulnerableHandler : public Http::Handler { 27 | public: 28 | HTTP_PROTOTYPE(VulnerableHandler) 29 | 30 | void onRequest(const Http::Request &request, Http::ResponseWriter response) { 31 | if (request.resource() == "/" || request.resource() == "/index.html" || request.resource() == "/default.html") 32 | { 33 | Logger::LogResourceName(request); 34 | Logger::LogUserAgent(request); 35 | response.send(Http::Code::Ok, "Hello World!\n"); 36 | } 37 | else 38 | { 39 | response.send(Http::Code::Not_Found); 40 | } 41 | } 42 | }; 43 | } 44 | 45 | int main(void) { 46 | cout << "[*] Server is listening on *:8080" << endl;; 47 | Http::listenAndServe("*:8080"); 48 | return 0; 49 | } -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # VulnCases 2 | 3 | I like to write vulnerable cases, and learn the basics from different levels, from source, static, to dynamic analysis. Sometimes they are fun to exploit, too. 4 | 5 | If you like my repository, you may also like: 6 | 7 | * [Modern Memory Safety: C/C++ Vulnerability Discovery, Exploitation, Hardening](https://github.com/struct/mms) 8 | * [Semmle's C/C++ Query Documentation](https://help.semmle.com/wiki/pages/viewpage.action?pageId=29392898) 9 | * [Carnegie Mellon University: SEI CERT C Coding Standard](https://wiki.sei.cmu.edu/confluence/display/c/SEI+CERT+C+Coding+Standard) 10 | * [Carnegie Mellon University: SEI CERT C++ Coding Standard](https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?pageId=88046682) 11 | 12 | # License 13 | 14 | Please see [LICENSE](https://github.com/wchen-r7/VulnCases/blob/master/LICENSE) 15 | -------------------------------------------------------------------------------- /Windows COM Ref Counting Use After Free/ComClientExample.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Windows COM Ref Counting Use After Free/ComClientExample.exe -------------------------------------------------------------------------------- /Windows COM Ref Counting Use After Free/ComClientExample/ComClientExample.opensdf: -------------------------------------------------------------------------------- 1 | sinn3rDESKTOP-O8HGFI8 -------------------------------------------------------------------------------- /Windows COM Ref Counting Use After Free/ComClientExample/ComClientExample.sln: -------------------------------------------------------------------------------- 1 |  2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio 2013 4 | VisualStudioVersion = 12.0.40629.0 5 | MinimumVisualStudioVersion = 10.0.40219.1 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ComClientExample", "ComClientExample\ComClientExample.vcxproj", "{4FE88285-09AD-4F77-8A70-7D8E7AC61120}" 7 | EndProject 8 | Global 9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 10 | Debug|Win32 = Debug|Win32 11 | Release|Win32 = Release|Win32 12 | EndGlobalSection 13 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 14 | {4FE88285-09AD-4F77-8A70-7D8E7AC61120}.Debug|Win32.ActiveCfg = Debug|Win32 15 | {4FE88285-09AD-4F77-8A70-7D8E7AC61120}.Debug|Win32.Build.0 = Debug|Win32 16 | {4FE88285-09AD-4F77-8A70-7D8E7AC61120}.Release|Win32.ActiveCfg = Release|Win32 17 | {4FE88285-09AD-4F77-8A70-7D8E7AC61120}.Release|Win32.Build.0 = Release|Win32 18 | EndGlobalSection 19 | GlobalSection(SolutionProperties) = preSolution 20 | HideSolutionNode = FALSE 21 | EndGlobalSection 22 | EndGlobal 23 | -------------------------------------------------------------------------------- /Windows COM Ref Counting Use After Free/ComClientExample/ComClientExample.v12.suo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Windows COM Ref Counting Use After Free/ComClientExample/ComClientExample.v12.suo -------------------------------------------------------------------------------- /Windows COM Ref Counting Use After Free/ComClientExample/ComClientExample/ComClientExample.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "resource.h" 4 | -------------------------------------------------------------------------------- /Windows COM Ref Counting Use After Free/ComClientExample/ComClientExample/ComClientExample.rc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Windows COM Ref Counting Use After Free/ComClientExample/ComClientExample/ComClientExample.rc -------------------------------------------------------------------------------- /Windows COM Ref Counting Use After Free/ComClientExample/ComClientExample/ComClientExample.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | Header Files 23 | 24 | 25 | Header Files 26 | 27 | 28 | Header Files 29 | 30 | 31 | Header Files 32 | 33 | 34 | 35 | 36 | Source Files 37 | 38 | 39 | Source Files 40 | 41 | 42 | 43 | 44 | Resource Files 45 | 46 | 47 | -------------------------------------------------------------------------------- /Windows COM Ref Counting Use After Free/ComClientExample/ComClientExample/Debug/ComClientExample.Build.CppClean.log: -------------------------------------------------------------------------------- 1 | c:\users\sinn3r\documents\visual studio 2013\projects\comclientexample\comclientexample\debug\comclientexample.pch 2 | c:\users\sinn3r\documents\visual studio 2013\projects\comclientexample\comclientexample\debug\vc120.pdb 3 | c:\users\sinn3r\documents\visual studio 2013\projects\comclientexample\comclientexample\debug\vc120.idb 4 | c:\users\sinn3r\documents\visual studio 2013\projects\comclientexample\comclientexample\debug\stdafx.obj 5 | c:\users\sinn3r\documents\visual studio 2013\projects\comclientexample\comclientexample\debug\comclientexample.obj 6 | c:\users\sinn3r\documents\visual studio 2013\projects\comclientexample\debug\comclientexample.ilk 7 | c:\users\sinn3r\documents\visual studio 2013\projects\comclientexample\debug\comclientexample.exe 8 | c:\users\sinn3r\documents\visual studio 2013\projects\comclientexample\debug\comclientexample.pdb 9 | c:\users\sinn3r\documents\visual studio 2013\projects\comclientexample\comclientexample\debug\comclientexample.res 10 | c:\users\sinn3r\documents\visual studio 2013\projects\comclientexample\comclientexample\debug\comserverexample.tli 11 | c:\users\sinn3r\documents\visual studio 2013\projects\comclientexample\comclientexample\debug\comserverexample.tlh 12 | c:\users\sinn3r\documents\visual studio 2013\projects\comclientexample\comclientexample\debug\comclientexample.tlog\cl.command.1.tlog 13 | c:\users\sinn3r\documents\visual studio 2013\projects\comclientexample\comclientexample\debug\comclientexample.tlog\cl.read.1.tlog 14 | c:\users\sinn3r\documents\visual studio 2013\projects\comclientexample\comclientexample\debug\comclientexample.tlog\cl.write.1.tlog 15 | c:\users\sinn3r\documents\visual studio 2013\projects\comclientexample\comclientexample\debug\comclientexample.tlog\link.command.1.tlog 16 | c:\users\sinn3r\documents\visual studio 2013\projects\comclientexample\comclientexample\debug\comclientexample.tlog\link.read.1.tlog 17 | c:\users\sinn3r\documents\visual studio 2013\projects\comclientexample\comclientexample\debug\comclientexample.tlog\link.write.1.tlog 18 | c:\users\sinn3r\documents\visual studio 2013\projects\comclientexample\comclientexample\debug\comclientexample.tlog\rc.command.1.tlog 19 | c:\users\sinn3r\documents\visual studio 2013\projects\comclientexample\comclientexample\debug\comclientexample.tlog\rc.read.1.tlog 20 | c:\users\sinn3r\documents\visual studio 2013\projects\comclientexample\comclientexample\debug\comclientexample.tlog\rc.write.1.tlog 21 | -------------------------------------------------------------------------------- /Windows COM Ref Counting Use After Free/ComClientExample/ComClientExample/Debug/ComClientExample.log: -------------------------------------------------------------------------------- 1 | Build started 5/25/2019 4:12:06 PM. 2 | 3 | Build succeeded. 4 | 5 | Time Elapsed 00:00:00.15 6 | -------------------------------------------------------------------------------- /Windows COM Ref Counting Use After Free/ComClientExample/ComClientExample/Resource.h: -------------------------------------------------------------------------------- 1 | //{{NO_DEPENDENCIES}} 2 | // Microsoft Visual C++ generated include file. 3 | // Used by ComClientExample.rc 4 | // 5 | 6 | #define IDS_APP_TITLE 103 7 | 8 | // Next default values for new objects 9 | // 10 | #ifdef APSTUDIO_INVOKED 11 | #ifndef APSTUDIO_READONLY_SYMBOLS 12 | #define _APS_NEXT_RESOURCE_VALUE 101 13 | #define _APS_NEXT_COMMAND_VALUE 40001 14 | #define _APS_NEXT_CONTROL_VALUE 1000 15 | #define _APS_NEXT_SYMED_VALUE 101 16 | #endif 17 | #endif 18 | -------------------------------------------------------------------------------- /Windows COM Ref Counting Use After Free/ComClientExample/ComClientExample/stdafx.cpp: -------------------------------------------------------------------------------- 1 | // stdafx.cpp : source file that includes just the standard includes 2 | // ComClientExample.pch will be the pre-compiled header 3 | // stdafx.obj will contain the pre-compiled type information 4 | 5 | #include "stdafx.h" 6 | 7 | // TODO: reference any additional headers you need in STDAFX.H 8 | // and not in this file 9 | -------------------------------------------------------------------------------- /Windows COM Ref Counting Use After Free/ComClientExample/ComClientExample/stdafx.h: -------------------------------------------------------------------------------- 1 | // stdafx.h : include file for standard system include files, 2 | // or project specific include files that are used frequently, but 3 | // are changed infrequently 4 | // 5 | 6 | #pragma once 7 | 8 | #include "targetver.h" 9 | 10 | #include 11 | #include 12 | #define _ATL_CSTRING_EXPLICIT_CONSTRUCTORS // some CString constructors will be explicit 13 | #define _AFX_NO_MFC_CONTROLS_IN_DIALOGS // remove support for MFC controls in dialogs 14 | 15 | #ifndef VC_EXTRALEAN 16 | #define VC_EXTRALEAN // Exclude rarely-used stuff from Windows headers 17 | #endif 18 | 19 | #include 20 | #include // MFC core and standard components 21 | #include // MFC extensions 22 | #ifndef _AFX_NO_OLE_SUPPORT 23 | #include // MFC support for Internet Explorer 4 Common Controls 24 | #endif 25 | #ifndef _AFX_NO_AFXCMN_SUPPORT 26 | #include // MFC support for Windows Common Controls 27 | #endif // _AFX_NO_AFXCMN_SUPPORT 28 | 29 | #include 30 | 31 | 32 | #define _ATL_CSTRING_EXPLICIT_CONSTRUCTORS // some CString constructors will be explicit 33 | 34 | #include 35 | #include 36 | #include "C:\Users\sinn3r\Documents\Visual Studio 2013\Projects\ComServerExample\ComServerExample\ComServerExample_i.c" 37 | #include "C:\Users\sinn3r\Documents\Visual Studio 2013\Projects\ComServerExample\ComServerExample\ComServerExample_i.h" 38 | #import "C:\Users\sinn3r\Documents\Visual Studio 2013\Projects\ComServerExample\Debug\ComServerExample.dll" 39 | 40 | // TODO: reference additional headers your program requires here 41 | -------------------------------------------------------------------------------- /Windows COM Ref Counting Use After Free/ComClientExample/ComClientExample/targetver.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | // Including SDKDDKVer.h defines the highest available Windows platform. 4 | 5 | // If you wish to build your application for a previous Windows platform, include WinSDKVer.h and 6 | // set the _WIN32_WINNT macro to the platform you wish to support before including SDKDDKVer.h. 7 | 8 | #include 9 | -------------------------------------------------------------------------------- /Windows COM Ref Counting Use After Free/ComServerExample.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Windows COM Ref Counting Use After Free/ComServerExample.dll -------------------------------------------------------------------------------- /Windows COM Ref Counting Use After Free/ComServerExample/ComServerExample.sln: -------------------------------------------------------------------------------- 1 |  2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio 2013 4 | VisualStudioVersion = 12.0.40629.0 5 | MinimumVisualStudioVersion = 10.0.40219.1 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ComServerExample", "ComServerExample\ComServerExample.vcxproj", "{68F68C55-2674-44C9-842C-C43B202A05BE}" 7 | EndProject 8 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ComServerExamplePS", "ComServerExample\ComServerExamplePS.vcxproj", "{EB275EA1-0F11-45FA-AC55-FF745939E56D}" 9 | ProjectSection(ProjectDependencies) = postProject 10 | {68F68C55-2674-44C9-842C-C43B202A05BE} = {68F68C55-2674-44C9-842C-C43B202A05BE} 11 | EndProjectSection 12 | EndProject 13 | Global 14 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 15 | Debug|Win32 = Debug|Win32 16 | Release|Win32 = Release|Win32 17 | EndGlobalSection 18 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 19 | {68F68C55-2674-44C9-842C-C43B202A05BE}.Debug|Win32.ActiveCfg = Debug|Win32 20 | {68F68C55-2674-44C9-842C-C43B202A05BE}.Debug|Win32.Build.0 = Debug|Win32 21 | {68F68C55-2674-44C9-842C-C43B202A05BE}.Release|Win32.ActiveCfg = Release|Win32 22 | {68F68C55-2674-44C9-842C-C43B202A05BE}.Release|Win32.Build.0 = Release|Win32 23 | {EB275EA1-0F11-45FA-AC55-FF745939E56D}.Debug|Win32.ActiveCfg = Debug|Win32 24 | {EB275EA1-0F11-45FA-AC55-FF745939E56D}.Release|Win32.ActiveCfg = Release|Win32 25 | EndGlobalSection 26 | GlobalSection(SolutionProperties) = preSolution 27 | HideSolutionNode = FALSE 28 | EndGlobalSection 29 | EndGlobal 30 | -------------------------------------------------------------------------------- /Windows COM Ref Counting Use After Free/ComServerExample/ComServerExample.v12.suo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Windows COM Ref Counting Use After Free/ComServerExample/ComServerExample.v12.suo -------------------------------------------------------------------------------- /Windows COM Ref Counting Use After Free/ComServerExample/ComServerExample/ComServerExample.aps: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Windows COM Ref Counting Use After Free/ComServerExample/ComServerExample/ComServerExample.aps -------------------------------------------------------------------------------- /Windows COM Ref Counting Use After Free/ComServerExample/ComServerExample/ComServerExample.cpp: -------------------------------------------------------------------------------- 1 | // ComServerExample.cpp : Implementation of DLL Exports. 2 | 3 | // 4 | // Note: COM+ 1.0 Information: 5 | // Please remember to run Microsoft Transaction Explorer to install the component(s). 6 | // Registration is not done by default. 7 | 8 | #include "stdafx.h" 9 | #include "resource.h" 10 | #include "ComServerExample_i.h" 11 | #include "dllmain.h" 12 | 13 | 14 | using namespace ATL; 15 | 16 | // Used to determine whether the DLL can be unloaded by OLE. 17 | STDAPI DllCanUnloadNow(void) 18 | { 19 | AFX_MANAGE_STATE(AfxGetStaticModuleState()); 20 | return (AfxDllCanUnloadNow()==S_OK && _AtlModule.GetLockCount()==0) ? S_OK : S_FALSE; 21 | } 22 | 23 | // Returns a class factory to create an object of the requested type. 24 | STDAPI DllGetClassObject(_In_ REFCLSID rclsid, _In_ REFIID riid, _Outptr_ LPVOID* ppv) 25 | { 26 | return _AtlModule.DllGetClassObject(rclsid, riid, ppv); 27 | } 28 | 29 | // DllRegisterServer - Adds entries to the system registry. 30 | STDAPI DllRegisterServer(void) 31 | { 32 | // registers object, typelib and all interfaces in typelib 33 | HRESULT hr = _AtlModule.DllRegisterServer(); 34 | return hr; 35 | } 36 | 37 | // DllUnregisterServer - Removes entries from the system registry. 38 | STDAPI DllUnregisterServer(void) 39 | { 40 | HRESULT hr = _AtlModule.DllUnregisterServer(); 41 | return hr; 42 | } 43 | 44 | // DllInstall - Adds/Removes entries to the system registry per user per machine. 45 | STDAPI DllInstall(BOOL bInstall, _In_opt_ LPCWSTR pszCmdLine) 46 | { 47 | HRESULT hr = E_FAIL; 48 | static const wchar_t szUserSwitch[] = L"user"; 49 | 50 | if (pszCmdLine != NULL) 51 | { 52 | if (_wcsnicmp(pszCmdLine, szUserSwitch, _countof(szUserSwitch)) == 0) 53 | { 54 | ATL::AtlSetPerUserRegistration(true); 55 | } 56 | } 57 | 58 | if (bInstall) 59 | { 60 | hr = DllRegisterServer(); 61 | if (FAILED(hr)) 62 | { 63 | DllUnregisterServer(); 64 | } 65 | } 66 | else 67 | { 68 | hr = DllUnregisterServer(); 69 | } 70 | 71 | return hr; 72 | } 73 | 74 | 75 | -------------------------------------------------------------------------------- /Windows COM Ref Counting Use After Free/ComServerExample/ComServerExample/ComServerExample.def: -------------------------------------------------------------------------------- 1 | ; ComServerExample.def : Declares the module parameters. 2 | 3 | LIBRARY 4 | 5 | EXPORTS 6 | DllCanUnloadNow PRIVATE 7 | DllGetClassObject PRIVATE 8 | DllRegisterServer PRIVATE 9 | DllUnregisterServer PRIVATE 10 | DllInstall PRIVATE 11 | -------------------------------------------------------------------------------- /Windows COM Ref Counting Use After Free/ComServerExample/ComServerExample/ComServerExample.idl: -------------------------------------------------------------------------------- 1 | // ComServerExample.idl : IDL source for ComServerExample 2 | // 3 | 4 | // This file will be processed by the MIDL tool to 5 | // produce the type library (ComServerExample.tlb) and marshalling code. 6 | 7 | import "oaidl.idl"; 8 | import "ocidl.idl"; 9 | 10 | [ 11 | object, 12 | uuid(39AF322A-A542-410B-828F-E134B95DD39D), 13 | dual, 14 | nonextensible, 15 | pointer_default(unique) 16 | ] 17 | interface IHelloWorld : IDispatch{ 18 | [id(1)] HRESULT PrintSomething([in] CHAR* val); 19 | }; 20 | [ 21 | uuid(1E0FF5B2-0BE1-49FA-9970-0EEF7912E30B), 22 | version(1.0), 23 | ] 24 | library ComServerExampleLib 25 | { 26 | importlib("stdole2.tlb"); 27 | [ 28 | uuid(69217890-0822-49A0-AF26-7F9195CAA59B) 29 | ] 30 | coclass HelloWorld 31 | { 32 | [default] interface IHelloWorld; 33 | }; 34 | }; 35 | 36 | -------------------------------------------------------------------------------- /Windows COM Ref Counting Use After Free/ComServerExample/ComServerExample/ComServerExample.rc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Windows COM Ref Counting Use After Free/ComServerExample/ComServerExample/ComServerExample.rc -------------------------------------------------------------------------------- /Windows COM Ref Counting Use After Free/ComServerExample/ComServerExample/ComServerExample.rgs: -------------------------------------------------------------------------------- 1 | HKCR 2 | { 3 | } 4 | -------------------------------------------------------------------------------- /Windows COM Ref Counting Use After Free/ComServerExample/ComServerExample/ComServerExamplePS.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {9729d5c0-a952-43a7-8a9c-b45532ea4560} 6 | 7 | 8 | {46856e20-2c9f-4a94-bcbf-4dd19bec6a95} 9 | False 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | Generated Files 18 | 19 | 20 | Generated Files 21 | 22 | 23 | Generated Files 24 | 25 | 26 | -------------------------------------------------------------------------------- /Windows COM Ref Counting Use After Free/ComServerExample/ComServerExample/ComServerExample_i.c: -------------------------------------------------------------------------------- 1 | 2 | 3 | /* this ALWAYS GENERATED file contains the IIDs and CLSIDs */ 4 | 5 | /* link this file in with the server and any clients */ 6 | 7 | 8 | /* File created by MIDL compiler version 8.00.0603 */ 9 | /* at Tue Sep 11 17:22:15 2018 10 | */ 11 | /* Compiler settings for ComServerExample.idl: 12 | Oicf, W1, Zp8, env=Win32 (32b run), target_arch=X86 8.00.0603 13 | protocol : dce , ms_ext, c_ext, robust 14 | error checks: allocation ref bounds_check enum stub_data 15 | VC __declspec() decoration level: 16 | __declspec(uuid()), __declspec(selectany), __declspec(novtable) 17 | DECLSPEC_UUID(), MIDL_INTERFACE() 18 | */ 19 | /* @@MIDL_FILE_HEADING( ) */ 20 | 21 | #pragma warning( disable: 4049 ) /* more than 64k source lines */ 22 | 23 | 24 | #ifdef __cplusplus 25 | extern "C"{ 26 | #endif 27 | 28 | 29 | #include 30 | #include 31 | 32 | #ifdef _MIDL_USE_GUIDDEF_ 33 | 34 | #ifndef INITGUID 35 | #define INITGUID 36 | #include 37 | #undef INITGUID 38 | #else 39 | #include 40 | #endif 41 | 42 | #define MIDL_DEFINE_GUID(type,name,l,w1,w2,b1,b2,b3,b4,b5,b6,b7,b8) \ 43 | DEFINE_GUID(name,l,w1,w2,b1,b2,b3,b4,b5,b6,b7,b8) 44 | 45 | #else // !_MIDL_USE_GUIDDEF_ 46 | 47 | #ifndef __IID_DEFINED__ 48 | #define __IID_DEFINED__ 49 | 50 | typedef struct _IID 51 | { 52 | unsigned long x; 53 | unsigned short s1; 54 | unsigned short s2; 55 | unsigned char c[8]; 56 | } IID; 57 | 58 | #endif // __IID_DEFINED__ 59 | 60 | #ifndef CLSID_DEFINED 61 | #define CLSID_DEFINED 62 | typedef IID CLSID; 63 | #endif // CLSID_DEFINED 64 | 65 | #define MIDL_DEFINE_GUID(type,name,l,w1,w2,b1,b2,b3,b4,b5,b6,b7,b8) \ 66 | const type name = {l,w1,w2,{b1,b2,b3,b4,b5,b6,b7,b8}} 67 | 68 | #endif !_MIDL_USE_GUIDDEF_ 69 | 70 | MIDL_DEFINE_GUID(IID, IID_IHelloWorld,0x39AF322A,0xA542,0x410B,0x82,0x8F,0xE1,0x34,0xB9,0x5D,0xD3,0x9D); 71 | 72 | 73 | MIDL_DEFINE_GUID(IID, LIBID_ComServerExampleLib,0x1E0FF5B2,0x0BE1,0x49FA,0x99,0x70,0x0E,0xEF,0x79,0x12,0xE3,0x0B); 74 | 75 | 76 | MIDL_DEFINE_GUID(CLSID, CLSID_HelloWorld,0x69217890,0x0822,0x49A0,0xAF,0x26,0x7F,0x91,0x95,0xCA,0xA5,0x9B); 77 | 78 | #undef MIDL_DEFINE_GUID 79 | 80 | #ifdef __cplusplus 81 | } 82 | #endif 83 | 84 | 85 | 86 | -------------------------------------------------------------------------------- /Windows COM Ref Counting Use After Free/ComServerExample/ComServerExample/ComServerExampleps.def: -------------------------------------------------------------------------------- 1 | 2 | LIBRARY 3 | 4 | EXPORTS 5 | DllGetClassObject PRIVATE 6 | DllCanUnloadNow PRIVATE 7 | DllRegisterServer PRIVATE 8 | DllUnregisterServer PRIVATE 9 | -------------------------------------------------------------------------------- /Windows COM Ref Counting Use After Free/ComServerExample/ComServerExample/Debug/ComServerExample.log: -------------------------------------------------------------------------------- 1 | Build started 9/11/2018 5:23:00 PM. 2 | 1>Project "c:\Users\sinn3r\documents\visual studio 2013\Projects\ComServerExample\ComServerExample\ComServerExample.vcxproj" on node 2 (Build target(s)). 3 | 1>ClCompile: 4 | C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\bin\CL.exe /c /ZI /nologo /W3 /WX- /Od /Oy- /D WIN32 /D _WINDOWS /D _DEBUG /D _USRDLL /D _WINDLL /D _UNICODE /D UNICODE /D _AFXDLL /Gm /EHsc /RTC1 /MDd /GS /fp:precise /Zc:wchar_t /Zc:forScope /Yu"stdafx.h" /Fp"Debug\ComServerExample.pch" /Fo"Debug\\" /Fd"Debug\vc120.pdb" /Gd /TP /analyze- /errorReport:prompt HelloWorld.cpp 5 | HelloWorld.cpp 6 | Link: 7 | C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\bin\link.exe /ERRORREPORT:PROMPT /OUT:"c:\users\sinn3r\documents\visual studio 2013\Projects\ComServerExample\Debug\ComServerExample.dll" /INCREMENTAL /NOLOGO comsvcs.lib /DEF:".\ComServerExample.def" /MANIFEST /MANIFESTUAC:"level='asInvoker' uiAccess='false'" /manifest:embed /manifestinput:"C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\Include\Manifest\dpiaware.manifest" /DEBUG /PDB:"c:\users\sinn3r\documents\visual studio 2013\Projects\ComServerExample\Debug\ComServerExample.pdb" /SUBSYSTEM:WINDOWS /TLBID:1 /DYNAMICBASE /NXCOMPAT /MACHINE:X86 /DLL Debug\ComServerExample.res 8 | Debug\ComServerExample.obj 9 | Debug\ComServerExample_i.obj 10 | Debug\dllmain.obj 11 | Debug\HelloWorld.obj 12 | Debug\stdafx.obj 13 | Creating library c:\users\sinn3r\documents\visual studio 2013\Projects\ComServerExample\Debug\ComServerExample.lib and object c:\users\sinn3r\documents\visual studio 2013\Projects\ComServerExample\Debug\ComServerExample.exp 14 | ComServerExample.vcxproj -> c:\users\sinn3r\documents\visual studio 2013\Projects\ComServerExample\Debug\ComServerExample.dll 15 | RegisterOutput: 16 | regsvr32 /s "c:\users\sinn3r\documents\visual studio 2013\Projects\ComServerExample\Debug\ComServerExample.dll" 17 | 1>Done Building Project "c:\Users\sinn3r\documents\visual studio 2013\Projects\ComServerExample\ComServerExample\ComServerExample.vcxproj" (Build target(s)). 18 | 19 | Build succeeded. 20 | 21 | Time Elapsed 00:00:01.79 22 | -------------------------------------------------------------------------------- /Windows COM Ref Counting Use After Free/ComServerExample/ComServerExample/Debug/ComServerExample.obj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Windows COM Ref Counting Use After Free/ComServerExample/ComServerExample/Debug/ComServerExample.obj -------------------------------------------------------------------------------- /Windows COM Ref Counting Use After Free/ComServerExample/ComServerExample/Debug/ComServerExample.pch: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Windows COM Ref Counting Use After Free/ComServerExample/ComServerExample/Debug/ComServerExample.pch -------------------------------------------------------------------------------- /Windows COM Ref Counting Use After Free/ComServerExample/ComServerExample/Debug/ComServerExample.res: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Windows COM Ref Counting Use After Free/ComServerExample/ComServerExample/Debug/ComServerExample.res -------------------------------------------------------------------------------- /Windows COM Ref Counting Use After Free/ComServerExample/ComServerExample/Debug/ComServerExample.tlb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Windows COM Ref Counting Use After Free/ComServerExample/ComServerExample/Debug/ComServerExample.tlb -------------------------------------------------------------------------------- /Windows COM Ref Counting Use After Free/ComServerExample/ComServerExample/Debug/ComServerExample.tlog/CL.read.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Windows COM Ref Counting Use After Free/ComServerExample/ComServerExample/Debug/ComServerExample.tlog/CL.read.1.tlog -------------------------------------------------------------------------------- /Windows COM Ref Counting Use After Free/ComServerExample/ComServerExample/Debug/ComServerExample.tlog/CL.write.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Windows COM Ref Counting Use After Free/ComServerExample/ComServerExample/Debug/ComServerExample.tlog/CL.write.1.tlog -------------------------------------------------------------------------------- /Windows COM Ref Counting Use After Free/ComServerExample/ComServerExample/Debug/ComServerExample.tlog/ComServerExample.lastbuildstate: -------------------------------------------------------------------------------- 1 | #TargetFrameworkVersion=v4.0:PlatformToolSet=v120:EnableManagedIncrementalBuild=false:VCToolArchitecture=Native32Bit 2 | Debug|Win32|c:\users\sinn3r\documents\visual studio 2013\Projects\ComServerExample\| 3 | -------------------------------------------------------------------------------- /Windows COM Ref Counting Use After Free/ComServerExample/ComServerExample/Debug/ComServerExample.tlog/ComServerExample.write.1u.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Windows COM Ref Counting Use After Free/ComServerExample/ComServerExample/Debug/ComServerExample.tlog/ComServerExample.write.1u.tlog -------------------------------------------------------------------------------- /Windows COM Ref Counting Use After Free/ComServerExample/ComServerExample/Debug/ComServerExample.tlog/cl.command.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Windows COM Ref Counting Use After Free/ComServerExample/ComServerExample/Debug/ComServerExample.tlog/cl.command.1.tlog -------------------------------------------------------------------------------- /Windows COM Ref Counting Use After Free/ComServerExample/ComServerExample/Debug/ComServerExample.tlog/link.command.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Windows COM Ref Counting Use After Free/ComServerExample/ComServerExample/Debug/ComServerExample.tlog/link.command.1.tlog -------------------------------------------------------------------------------- /Windows COM Ref Counting Use After Free/ComServerExample/ComServerExample/Debug/ComServerExample.tlog/link.read.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Windows COM Ref Counting Use After Free/ComServerExample/ComServerExample/Debug/ComServerExample.tlog/link.read.1.tlog -------------------------------------------------------------------------------- /Windows COM Ref Counting Use After Free/ComServerExample/ComServerExample/Debug/ComServerExample.tlog/link.write.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Windows COM Ref Counting Use After Free/ComServerExample/ComServerExample/Debug/ComServerExample.tlog/link.write.1.tlog -------------------------------------------------------------------------------- /Windows COM Ref Counting Use After Free/ComServerExample/ComServerExample/Debug/ComServerExample.tlog/midl.command.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Windows COM Ref Counting Use After Free/ComServerExample/ComServerExample/Debug/ComServerExample.tlog/midl.command.1.tlog -------------------------------------------------------------------------------- /Windows COM Ref Counting Use After Free/ComServerExample/ComServerExample/Debug/ComServerExample.tlog/midl.read.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Windows COM Ref Counting Use After Free/ComServerExample/ComServerExample/Debug/ComServerExample.tlog/midl.read.1.tlog -------------------------------------------------------------------------------- /Windows COM Ref Counting Use After Free/ComServerExample/ComServerExample/Debug/ComServerExample.tlog/midl.write.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Windows COM Ref Counting Use After Free/ComServerExample/ComServerExample/Debug/ComServerExample.tlog/midl.write.1.tlog -------------------------------------------------------------------------------- /Windows COM Ref Counting Use After Free/ComServerExample/ComServerExample/Debug/ComServerExample.tlog/rc.command.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Windows COM Ref Counting Use After Free/ComServerExample/ComServerExample/Debug/ComServerExample.tlog/rc.command.1.tlog -------------------------------------------------------------------------------- /Windows COM Ref Counting Use After Free/ComServerExample/ComServerExample/Debug/ComServerExample.tlog/rc.read.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Windows COM Ref Counting Use After Free/ComServerExample/ComServerExample/Debug/ComServerExample.tlog/rc.read.1.tlog -------------------------------------------------------------------------------- /Windows COM Ref Counting Use After Free/ComServerExample/ComServerExample/Debug/ComServerExample.tlog/rc.write.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Windows COM Ref Counting Use After Free/ComServerExample/ComServerExample/Debug/ComServerExample.tlog/rc.write.1.tlog -------------------------------------------------------------------------------- /Windows COM Ref Counting Use After Free/ComServerExample/ComServerExample/Debug/ComServerExample_i.obj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Windows COM Ref Counting Use After Free/ComServerExample/ComServerExample/Debug/ComServerExample_i.obj -------------------------------------------------------------------------------- /Windows COM Ref Counting Use After Free/ComServerExample/ComServerExample/Debug/HelloWorld.obj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Windows COM Ref Counting Use After Free/ComServerExample/ComServerExample/Debug/HelloWorld.obj -------------------------------------------------------------------------------- /Windows COM Ref Counting Use After Free/ComServerExample/ComServerExample/Debug/dllmain.obj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Windows COM Ref Counting Use After Free/ComServerExample/ComServerExample/Debug/dllmain.obj -------------------------------------------------------------------------------- /Windows COM Ref Counting Use After Free/ComServerExample/ComServerExample/Debug/stdafx.obj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Windows COM Ref Counting Use After Free/ComServerExample/ComServerExample/Debug/stdafx.obj -------------------------------------------------------------------------------- /Windows COM Ref Counting Use After Free/ComServerExample/ComServerExample/Debug/vc120.idb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Windows COM Ref Counting Use After Free/ComServerExample/ComServerExample/Debug/vc120.idb -------------------------------------------------------------------------------- /Windows COM Ref Counting Use After Free/ComServerExample/ComServerExample/Debug/vc120.pdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Windows COM Ref Counting Use After Free/ComServerExample/ComServerExample/Debug/vc120.pdb -------------------------------------------------------------------------------- /Windows COM Ref Counting Use After Free/ComServerExample/ComServerExample/HelloWorld.cpp: -------------------------------------------------------------------------------- 1 | // HelloWorld.cpp : Implementation of CHelloWorld 2 | 3 | #include "stdafx.h" 4 | #include "HelloWorld.h" 5 | #include 6 | using namespace std; 7 | 8 | 9 | // CHelloWorld 10 | 11 | 12 | 13 | STDMETHODIMP CHelloWorld::PrintSomething(CHAR* val) 14 | { 15 | AFX_MANAGE_STATE(AfxGetStaticModuleState()); 16 | 17 | cout << "This is your string:" << endl; 18 | cout << val << endl; 19 | 20 | return S_OK; 21 | } 22 | -------------------------------------------------------------------------------- /Windows COM Ref Counting Use After Free/ComServerExample/ComServerExample/HelloWorld.h: -------------------------------------------------------------------------------- 1 | // HelloWorld.h : Declaration of the CHelloWorld 2 | 3 | #pragma once 4 | #include "resource.h" // main symbols 5 | 6 | 7 | 8 | #include "ComServerExample_i.h" 9 | 10 | 11 | 12 | #if defined(_WIN32_WCE) && !defined(_CE_DCOM) && !defined(_CE_ALLOW_SINGLE_THREADED_OBJECTS_IN_MTA) 13 | #error "Single-threaded COM objects are not properly supported on Windows CE platform, such as the Windows Mobile platforms that do not include full DCOM support. Define _CE_ALLOW_SINGLE_THREADED_OBJECTS_IN_MTA to force ATL to support creating single-thread COM object's and allow use of it's single-threaded COM object implementations. The threading model in your rgs file was set to 'Free' as that is the only threading model supported in non DCOM Windows CE platforms." 14 | #endif 15 | 16 | using namespace ATL; 17 | 18 | 19 | // CHelloWorld 20 | 21 | class ATL_NO_VTABLE CHelloWorld : 22 | public CComObjectRootEx, 23 | public CComCoClass, 24 | public IDispatchImpl 25 | { 26 | public: 27 | CHelloWorld() 28 | { 29 | } 30 | 31 | DECLARE_REGISTRY_RESOURCEID(IDR_HELLOWORLD) 32 | 33 | 34 | BEGIN_COM_MAP(CHelloWorld) 35 | COM_INTERFACE_ENTRY(IHelloWorld) 36 | COM_INTERFACE_ENTRY(IDispatch) 37 | END_COM_MAP() 38 | 39 | 40 | 41 | DECLARE_PROTECT_FINAL_CONSTRUCT() 42 | 43 | HRESULT FinalConstruct() 44 | { 45 | return S_OK; 46 | } 47 | 48 | void FinalRelease() 49 | { 50 | } 51 | 52 | public: 53 | 54 | 55 | 56 | STDMETHOD(PrintSomething)(CHAR* val); 57 | }; 58 | 59 | OBJECT_ENTRY_AUTO(__uuidof(HelloWorld), CHelloWorld) 60 | -------------------------------------------------------------------------------- /Windows COM Ref Counting Use After Free/ComServerExample/ComServerExample/HelloWorld.rgs: -------------------------------------------------------------------------------- 1 | HKCR 2 | { 3 | ComServerExample.HelloWorld.1 = s 'HelloWorld Class' 4 | { 5 | CLSID = s '{69217890-0822-49A0-AF26-7F9195CAA59B}' 6 | } 7 | ComServerExample.HelloWorld = s 'HelloWorld Class' 8 | { 9 | CurVer = s 'ComServerExample.HelloWorld.1' 10 | } 11 | NoRemove CLSID 12 | { 13 | ForceRemove {69217890-0822-49A0-AF26-7F9195CAA59B} = s 'HelloWorld Class' 14 | { 15 | ProgID = s 'ComServerExample.HelloWorld.1' 16 | VersionIndependentProgID = s 'ComServerExample.HelloWorld' 17 | ForceRemove Programmable 18 | InprocServer32 = s '%MODULE%' 19 | { 20 | val ThreadingModel = s 'Apartment' 21 | } 22 | TypeLib = s '{1E0FF5B2-0BE1-49FA-9970-0EEF7912E30B}' 23 | Version = s '1.0' 24 | } 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /Windows COM Ref Counting Use After Free/ComServerExample/ComServerExample/dlldata.c: -------------------------------------------------------------------------------- 1 | /********************************************************* 2 | DllData file -- generated by MIDL compiler 3 | 4 | DO NOT ALTER THIS FILE 5 | 6 | This file is regenerated by MIDL on every IDL file compile. 7 | 8 | To completely reconstruct this file, delete it and rerun MIDL 9 | on all the IDL files in this DLL, specifying this file for the 10 | /dlldata command line option 11 | 12 | *********************************************************/ 13 | 14 | #define PROXY_DELEGATION 15 | 16 | #include 17 | 18 | #ifdef __cplusplus 19 | extern "C" { 20 | #endif 21 | 22 | EXTERN_PROXY_FILE( ComServerExample ) 23 | 24 | 25 | PROXYFILE_LIST_START 26 | /* Start of list */ 27 | REFERENCE_PROXY_FILE( ComServerExample ), 28 | /* End of list */ 29 | PROXYFILE_LIST_END 30 | 31 | 32 | DLLDATA_ROUTINES( aProxyFileList, GET_DLL_CLSID ) 33 | 34 | #ifdef __cplusplus 35 | } /*extern "C" */ 36 | #endif 37 | 38 | /* end of generated dlldata file */ 39 | -------------------------------------------------------------------------------- /Windows COM Ref Counting Use After Free/ComServerExample/ComServerExample/dllmain.cpp: -------------------------------------------------------------------------------- 1 | // dllmain.cpp : Implementation of DllMain. 2 | 3 | #include "stdafx.h" 4 | #include "resource.h" 5 | #include "ComServerExample_i.h" 6 | #include "dllmain.h" 7 | 8 | CComServerExampleModule _AtlModule; 9 | 10 | class CComServerExampleApp : public CWinApp 11 | { 12 | public: 13 | 14 | // Overrides 15 | virtual BOOL InitInstance(); 16 | virtual int ExitInstance(); 17 | 18 | DECLARE_MESSAGE_MAP() 19 | }; 20 | 21 | BEGIN_MESSAGE_MAP(CComServerExampleApp, CWinApp) 22 | END_MESSAGE_MAP() 23 | 24 | CComServerExampleApp theApp; 25 | 26 | BOOL CComServerExampleApp::InitInstance() 27 | { 28 | return CWinApp::InitInstance(); 29 | } 30 | 31 | int CComServerExampleApp::ExitInstance() 32 | { 33 | return CWinApp::ExitInstance(); 34 | } 35 | -------------------------------------------------------------------------------- /Windows COM Ref Counting Use After Free/ComServerExample/ComServerExample/dllmain.h: -------------------------------------------------------------------------------- 1 | // dllmain.h : Declaration of module class. 2 | 3 | class CComServerExampleModule : public ATL::CAtlDllModuleT< CComServerExampleModule > 4 | { 5 | public : 6 | DECLARE_LIBID(LIBID_ComServerExampleLib) 7 | DECLARE_REGISTRY_APPID_RESOURCEID(IDR_COMSERVEREXAMPLE, "{AE0D880D-82FE-43F7-A5B2-4404E694D4A7}") 8 | }; 9 | 10 | extern class CComServerExampleModule _AtlModule; 11 | -------------------------------------------------------------------------------- /Windows COM Ref Counting Use After Free/ComServerExample/ComServerExample/resource.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Windows COM Ref Counting Use After Free/ComServerExample/ComServerExample/resource.h -------------------------------------------------------------------------------- /Windows COM Ref Counting Use After Free/ComServerExample/ComServerExample/stdafx.cpp: -------------------------------------------------------------------------------- 1 | // stdafx.cpp : source file that includes just the standard includes 2 | // ComServerExample.pch will be the pre-compiled header 3 | // stdafx.obj will contain the pre-compiled type information 4 | 5 | #include "stdafx.h" 6 | -------------------------------------------------------------------------------- /Windows COM Ref Counting Use After Free/ComServerExample/ComServerExample/stdafx.h: -------------------------------------------------------------------------------- 1 | // stdafx.h : include file for standard system include files, 2 | // or project specific include files that are used frequently, 3 | // but are changed infrequently 4 | 5 | #pragma once 6 | 7 | #ifndef STRICT 8 | #define STRICT 9 | #endif 10 | 11 | #include "targetver.h" 12 | 13 | #define _ATL_APARTMENT_THREADED 14 | 15 | #define _ATL_NO_AUTOMATIC_NAMESPACE 16 | 17 | #define _ATL_CSTRING_EXPLICIT_CONSTRUCTORS // some CString constructors will be explicit 18 | 19 | #include 20 | #include 21 | #include 22 | #include 23 | #include 24 | #include 25 | #include 26 | #include 27 | #include 28 | #include 29 | 30 | #ifndef _AFX_NO_OLE_SUPPORT 31 | #include // MFC Automation classes 32 | #endif // _AFX_NO_OLE_SUPPORT 33 | 34 | #include 35 | 36 | #define ATL_NO_ASSERT_ON_DESTROY_NONEXISTENT_WINDOW 37 | 38 | #include "resource.h" 39 | #include 40 | #include 41 | #include 42 | -------------------------------------------------------------------------------- /Windows COM Ref Counting Use After Free/ComServerExample/ComServerExample/targetver.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | // Including SDKDDKVer.h defines the highest available Windows platform. 4 | 5 | // If you wish to build your application for a previous Windows platform, include WinSDKVer.h and 6 | // set the _WIN32_WINNT macro to the platform you wish to support before including SDKDDKVer.h. 7 | 8 | #include 9 | -------------------------------------------------------------------------------- /Windows COM Ref Counting Use After Free/How to Create a COM Server & Client with Visual Studio.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Windows COM Ref Counting Use After Free/How to Create a COM Server & Client with Visual Studio.pdf -------------------------------------------------------------------------------- /Windows COM Ref Counting Use After Free/README.md: -------------------------------------------------------------------------------- 1 | # Windows COM Reference Counting Use After Free 2 | 3 | ![Screenshot](https://raw.githubusercontent.com/wchen-r7/VulnCases/master/Windows%20COM%20Ref%20Counting%20Use%20After%20Free/Screenshot.png) 4 | 5 | This is an example of a use after free vulnerability due to incorrect reference counting. This type 6 | of use after free is more common among Windows binaries, such as Internet Explorer, ActiveX, etc. 7 | The idea of reference counting is simple but kind of easy to make mistakes. Basically, every new 8 | copy of a pointer to an interface on an object, you're supposed to AddRef: 9 | 10 | ```cpp 11 | someObject->AddRef() 12 | ``` 13 | 14 | What that does is literally adding 1 to a counter. 15 | 16 | When the pointer is no longer needed, then you do a Release(): 17 | 18 | ```cpp 19 | someObject->Release() 20 | ``` 21 | 22 | When the counter becomes 0, then the object will actually be freed. 23 | 24 | If the counting is wrong, you may end up freeing the object unexpectedly. 25 | 26 | In this folder, the ComClientExample.exe should demonstrate that problem, also EIP should be 0x41414141. 27 | Remember to register ComServerExample.dll as admin: 28 | 29 | ``` 30 | regsvr32 ComServerExample.dll 31 | ``` 32 | 33 | Tested on Windows 10 as of May 25th 2019. 34 | -------------------------------------------------------------------------------- /Windows COM Ref Counting Use After Free/Screenshot.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Windows COM Ref Counting Use After Free/Screenshot.png -------------------------------------------------------------------------------- /Windows Format String Arbitrary Write/README.md: -------------------------------------------------------------------------------- 1 | # Windows Format String Arbitrary Write 2 | 3 | ![Screenshot](https://raw.githubusercontent.com/wchen-r7/VulnCases/master/Windows%20Format%20String%20Arbitrary%20Write/Screenshot.png) 4 | 5 | This is an example of a format string vulnerability for Windows. The code is written in a way 6 | that allows you to easily overwrite an object's state. Technically, you can use this example 7 | to do other format string attacks too (such as reading a pointer on the stack), too. 8 | 9 | Note: Make sure you disable GS when you compile, otherwise you can only read stuff from the 10 | stack, not write. 11 | -------------------------------------------------------------------------------- /Windows Format String Arbitrary Write/Screenshot.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Windows Format String Arbitrary Write/Screenshot.png -------------------------------------------------------------------------------- /Windows Format String Arbitrary Write/format_string_arbitrary_write.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | /* 5 | To compile with Visual Studio: 6 | cl.exe /MT /EHa /GS- format_string_arbitrary_write.cpp 7 | 8 | To read a pointer, your input can be: 9 | %x 10 | 11 | To modify the flag in SomeObject, you can do the following. 12 | %.1s means to print one byte, and %n is to count, and save that result. 13 | It is important you disable GS in order to do this. 14 | %.1s%n 15 | */ 16 | 17 | class SomeObject { 18 | public: 19 | // Let's change this flag to true with a format string attack. 20 | // When this is an object, the address for flag is the first DWORD of the allocation. 21 | BOOL flag; 22 | SomeObject() { 23 | flag = FALSE; 24 | } 25 | }; 26 | 27 | int main(int args, char** argv) { 28 | if (args <= 1) { 29 | printf("Enter something to mess with the flag in the object\n"); 30 | return 0; 31 | } 32 | 33 | // The %n format is disabled by default for Windows binaries, so we need to enable it. 34 | _set_printf_count_output(1); 35 | 36 | // Watch where the address is for SomeObject on the stack. 37 | // It could be somewhere the printf function can reach, and end up abusing. 38 | SomeObject* obj = new SomeObject(); 39 | printf(argv[1]); 40 | 41 | if (obj->flag) { 42 | printf("\nFlag is true: You have successfully modified the flag of the object\n"); 43 | } else { 44 | printf("\nFlag is false: Try again\n"); 45 | } 46 | delete(obj); 47 | obj = NULL; 48 | return 0; 49 | } -------------------------------------------------------------------------------- /Windows Format String Arbitrary Write/format_string_arbitrary_write.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Windows Format String Arbitrary Write/format_string_arbitrary_write.exe -------------------------------------------------------------------------------- /Windows Heap Memory Leak/README.md: -------------------------------------------------------------------------------- 1 | # Windows Heap Memory Leak 2 | 3 | This is an example of a heap memory leak for Windows, as a server application. Due to the fact 4 | the malloc is never properly freed, typically it can be leveraged to exploit memory corruption 5 | bugs in the real world. -------------------------------------------------------------------------------- /Windows Heap Memory Leak/client.rb: -------------------------------------------------------------------------------- 1 | require 'socket' 2 | 3 | DATA_SIZE = 1024 4 | ITERATIONS = 512 5 | sock = TCPSocket.new('172.16.135.133', 8080) 6 | 1024.times do |i| 7 | puts "Sending request ##{i+1}" 8 | sock.puts('A' * DATA_SIZE) 9 | # The sleep is kind of needed, because the server isn't so well written to handle 10 | # so many requests so quickly, it mind blow up. muhaha. Whatever. 11 | sleep(0.1) 12 | end 13 | sock.close 14 | 15 | puts "Ok there should be a bunch of data in memory. Go check!" 16 | -------------------------------------------------------------------------------- /Windows Heap Memory Leak/mem_leak_server.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Windows Heap Memory Leak/mem_leak_server.exe -------------------------------------------------------------------------------- /Windows Heap Overflow Arbitrary Code Execution/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Windows Heap Overflow Arbitrary Code Execution/.DS_Store -------------------------------------------------------------------------------- /Windows Heap Overflow Arbitrary Code Execution/README.md: -------------------------------------------------------------------------------- 1 | # Windows Heap Overflow Arbitrary Code Execution 2 | 3 | ![screenshot](https://raw.githubusercontent.com/wchen-r7/VulnCases/master/Windows%20Heap%20Overflow%20Arbitrary%20Code%20Execution/screenshot.png) 4 | 5 | This example demonstrates how to turn a heap overflow on Windows 10 into an exploitable crash. 6 | The technique is similar to the leak example I used in a different folder. If you are compiling 7 | the source code yourself, the position of the vftable can shift (in .rdata), so make sure that 8 | offset to the image address is still correct. 9 | 10 | Tested on Windows 10 as of June 2nd, 2019. 11 | 12 | ## Full Writeup 13 | 14 | https://blog.rapid7.com/2019/06/12/heap-overflow-exploitation-on-windows-10-explained/ -------------------------------------------------------------------------------- /Windows Heap Overflow Arbitrary Code Execution/screenshot.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Windows Heap Overflow Arbitrary Code Execution/screenshot.png -------------------------------------------------------------------------------- /Windows Heap Overflow Arbitrary Code Execution/smash_test.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | using namespace std; 5 | 6 | #define CHUNK_SIZE 0x190 7 | #define ALLOC_COUNT 10 8 | 9 | class SomeObject { 10 | public: 11 | void function1() { 12 | }; 13 | virtual void virtualFunction() { 14 | printf("test\n"); 15 | }; 16 | }; 17 | 18 | int main(int args, char** argv) { 19 | int i; 20 | HANDLE hChunk; 21 | void* allocations[ALLOC_COUNT]; 22 | SomeObject* objects[5]; 23 | SomeObject* obj = new SomeObject(); 24 | printf("SomeObject address : 0x%08x\n", obj); 25 | int vectorSize = 40; 26 | 27 | HANDLE defaultHeap = GetProcessHeap(); 28 | 29 | for (i = 0; i < ALLOC_COUNT; i++) { 30 | hChunk = HeapAlloc(defaultHeap, 0, CHUNK_SIZE); 31 | memset(hChunk, 'A', CHUNK_SIZE); 32 | allocations[i] = hChunk; 33 | printf("[%d] Heap chunk in backend : 0x%08x\n", i, hChunk); 34 | } 35 | 36 | HeapFree(defaultHeap, HEAP_NO_SERIALIZE, allocations[3]); 37 | vector v1(vectorSize, obj); 38 | vector v2(vectorSize, obj); 39 | vector v3(vectorSize, obj); 40 | vector v4(vectorSize, obj); 41 | vector v5(vectorSize, obj); 42 | vector v6(vectorSize, obj); 43 | vector v7(vectorSize, obj); 44 | vector v8(vectorSize, obj); 45 | vector v9(vectorSize, obj); 46 | vector v10(vectorSize, obj); 47 | 48 | printf("vector : 0x%08x\n", v1); 49 | printf("vector : 0x%08x\n", v2); 50 | printf("vector : 0x%08x\n", v3); 51 | printf("vector : 0x%08x\n", v4); 52 | printf("vector : 0x%08x\n", v5); 53 | printf("vector : 0x%08x\n", v6); 54 | printf("vector : 0x%08x\n", v7); 55 | printf("vector : 0x%08x\n", v8); 56 | printf("vector : 0x%08x\n", v9); 57 | printf("vector : 0x%08x\n", v10); 58 | 59 | memset(allocations[2], 'B', CHUNK_SIZE + 8 + 32); 60 | 61 | v1.at(0)->virtualFunction(); 62 | 63 | system("PAUSE"); 64 | return 0; 65 | } 66 | -------------------------------------------------------------------------------- /Windows Heap Overflow Arbitrary Code Execution/smash_test.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Windows Heap Overflow Arbitrary Code Execution/smash_test.exe -------------------------------------------------------------------------------- /Windows Heap Overflow Info Leak/Screenshot.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Windows Heap Overflow Info Leak/Screenshot.png -------------------------------------------------------------------------------- /Windows Heap Overflow Info Leak/heap_overflow_example.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Windows Heap Overflow Info Leak/heap_overflow_example.exe -------------------------------------------------------------------------------- /Windows Heartbleed OOB Read/README.md: -------------------------------------------------------------------------------- 1 | # Windows Heartbleed Example 2 | 3 | This is a remote out-of-bound read example that mimics the [Heartbleed vulnerability](http://heartbleed.com/). Similar to Heartbleed, the format of your packet would look like this: 4 | 5 | ``` 6 | [Type][Size][Payload] 7 | ``` 8 | 9 | More specifically: 10 | 11 | * Type = Unsigned char (1 byte) 12 | * Size = Unsigned short (2 bytes) 13 | * Payload = An array of string 14 | 15 | The server is expected to spit back your payload. So for example, if your input looks like this: 16 | 17 | ```ruby 18 | packet = "" 19 | packet << "\x01" # Type 20 | packet << "\x00\x04" # Size 21 | packet << "\x41\x41\x41\x41" # Payload 22 | ``` 23 | 24 | Your are expected to receive this from the server: 25 | 26 | ``` 27 | AAAA 28 | ``` 29 | 30 | Since the size isn't properly checked. You can read more than you should. However, since this is just a small demo, there isn't any sensitive data to leak. But hey this example is open source, you can easily modify that to make it more exciting. 31 | -------------------------------------------------------------------------------- /Windows Heartbleed OOB Read/client.rb: -------------------------------------------------------------------------------- 1 | require 'socket' 2 | require 'hexdump' 3 | 4 | type = 0x01 5 | size = 0x0004 6 | payload = "ABCD" 7 | 8 | packet = 9 | [ 10 | [type].pack("C"), 11 | [size].pack("s>"), 12 | payload 13 | ].join 14 | 15 | sock = TCPSocket.new('192.168.7.129', 4444) 16 | sock.write(packet) 17 | resp = sock.recv(size) 18 | sock.close 19 | puts "Response (#{resp.length} bytes received):" 20 | puts resp.hexdump 21 | -------------------------------------------------------------------------------- /Windows Heartbleed OOB Read/heartbleed_example.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Windows Heartbleed OOB Read/heartbleed_example.exe -------------------------------------------------------------------------------- /Windows Integer Overflow/README.md: -------------------------------------------------------------------------------- 1 | # Windows Integer Overflow 2 | 3 | ![Screenshot_IDA](https://raw.githubusercontent.com/wchen-r7/VulnCases/master/Windows%20Integer%20Overflow/Screenshot_IDA.png) 4 | 5 | This example is an integer overflow. It mimics a type of scenario when an application wants to 6 | parse a file format that contains a size and data field. The size field is one byte, which 7 | covers a value between 0x00 to 0xff. When the size check occurs, it stores the value in a 8 | `char` data type, which by default is a `signed char`, and that only holds a value between 9 | -128 to 127. when the size field is something larger than 127, an integer overflow occurs, 10 | which bypasses the length check, and copies the data into a stack buffer. The result causes 11 | the stack to overflow, and is expected to overwrite an SEH chain. 12 | -------------------------------------------------------------------------------- /Windows Integer Overflow/Screenshot_IDA.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Windows Integer Overflow/Screenshot_IDA.png -------------------------------------------------------------------------------- /Windows Integer Overflow/integer_overflow_example.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | /* 4 | Example of an integer overflow. 5 | 6 | To compile (with Visual Studio): 7 | cl /MT /GS- integer_overflow_example.c 8 | */ 9 | 10 | #define MAX_DATA_SIZE 255 11 | #define DATA_SIZE 1000 12 | 13 | // This struct represents a file or a network packet 14 | struct MockedFile { 15 | char size[MAX_DATA_SIZE]; 16 | char* data; 17 | }; 18 | 19 | // Prepares the fake file 20 | void MockFileFormat(struct MockedFile* mock) { 21 | char size[1]; 22 | size[0] = DATA_SIZE; 23 | 24 | char* data = (char*) malloc(DATA_SIZE); 25 | memset(data, 'A', DATA_SIZE); 26 | 27 | memcpy(mock->size, size, 1); 28 | mock->data = data; 29 | } 30 | 31 | int main(int args, char** argv) { 32 | // Pretend this gives us the fake file (or a network packet) 33 | struct MockedFile mock; 34 | MockFileFormat(&mock); 35 | 36 | // The size field is copied to a one-byte buffer 37 | char sizeBuf[1]; 38 | memcpy(sizeBuf, mock.size, 1); 39 | 40 | // char by default is signed, which means this check can only 41 | // handle range between -128 to 127, and may result an integer 42 | // overflow 43 | char size = sizeBuf[0]; 44 | printf("Data size is %d\n", size); 45 | if (size < MAX_DATA_SIZE) { 46 | char buffer[MAX_DATA_SIZE]; 47 | memset(buffer, '\0', MAX_DATA_SIZE); 48 | memcpy(buffer, mock.data, size); 49 | printf("%s\n", buffer); 50 | } 51 | 52 | return 0; 53 | } -------------------------------------------------------------------------------- /Windows Integer Overflow/integer_overflow_example.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Windows Integer Overflow/integer_overflow_example.exe -------------------------------------------------------------------------------- /Windows Out of Scope Double Free/DoubleFree.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | 5 | class Object { 6 | public: 7 | void* buf = NULL; 8 | 9 | Object() { 10 | buf = malloc(1024); 11 | } 12 | 13 | ~Object() { 14 | printf("Destructor is triggered\n"); 15 | free(buf); 16 | buf = NULL; 17 | } 18 | }; 19 | 20 | void Test(Object obj) { 21 | printf("In Function Test()\n"); 22 | } 23 | 24 | int main(int args, char** argv) { 25 | Object obj; 26 | Test(obj); 27 | return 0; 28 | } 29 | -------------------------------------------------------------------------------- /Windows Out of Scope Double Free/DoubleFree.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Windows Out of Scope Double Free/DoubleFree.exe -------------------------------------------------------------------------------- /Windows Stack Buffer Overflow/README.md: -------------------------------------------------------------------------------- 1 | # Windows Stack Buffer Overflow 2 | 3 | Ahh, the classic stack buffer overflow. These bugs still exist today. This is actually the exact 4 | same challenge from Metasploit's Nov 2018 CTF, where people only had one way to break into the 5 | Windows machine... yup, it was this challenge. -------------------------------------------------------------------------------- /Windows Stack Buffer Overflow/vulnerable_service.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Windows Stack Buffer Overflow/vulnerable_service.exe -------------------------------------------------------------------------------- /Windows Type Confusion/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Windows Type Confusion/.DS_Store -------------------------------------------------------------------------------- /Windows Type Confusion/README.md: -------------------------------------------------------------------------------- 1 | # Windows Type Confusion Example 2 | 3 | Type confusion is when code doesn't verify the type of the object that is passed to it, and use it blindly without any type checking. In some cases, you find them as vulnerabilities. In some exploitation cases, type confusion is something you could create in order to gain code execution. 4 | 5 | In file type_confusion_examples.cpp, there are two examples. 6 | 7 | The first one demonstrates that the program intends to call function A, but when you feed it the wrong object, it ends up calling a different function because the vtable offset is the same. This would be more obvious if you look at the code in IDA. If you see the following message, that is it: 8 | 9 | ``` 10 | If you see this function being executed, you are confused! 11 | ``` 12 | 13 | The second example reminds us the fact that when an object is created, the `new` operator is used, and what that returns is really just pointer to a heap allocation (typically with HeapAlloc or malloc). If that is the type of scenario you can create (including content you control), you can easily cause an exploitable looking crash: 14 | 15 | ``` 16 | 0:000> g 17 | (24f4.1064): Access violation - code c0000005 (first chance) 18 | First chance exceptions are reported before any exception handling. 19 | This exception may be expected and handled. 20 | *** WARNING: Unable to verify checksum for type_confusion_examples.exe 21 | eax=000e0828 ebx=00a9f000 ecx=000e0828 edx=41414141 esi=000dd4f0 edi=000dd548 22 | eip=00e771f6 esp=00cffb90 ebp=00cffbb4 iopl=0 nv up ei pl nz ac pe nc 23 | cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010216 24 | type_confusion_examples!main+0xa6: 25 | 00e771f6 8b02 mov eax,dword ptr [edx] ds:002b:41414141=???????? 26 | 0:000> u 27 | type_confusion_examples!main+0xa6 [C:\Users\sinn3r\Desktop\type_confusion_examples.cpp @ 40]: 28 | 00e771f6 8b02 mov eax,dword ptr [edx] 29 | 00e771f8 ffd0 call eax 30 | 00e771fa 8b4de0 mov ecx,dword ptr [ebp-20h] 31 | 00e771fd 51 push ecx 32 | 00e771fe e85bb8ffff call type_confusion_examples!ILT+6745(_free) (00e72a5e) 33 | 00e77203 83c404 add esp,4 34 | 00e77206 6864deec00 push offset type_confusion_examples!__xt_z+0x11c (00ecde64) 35 | 00e7720b e803aeffff call type_confusion_examples!ILT+4110(_system) (00e72013) 36 | ``` 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | -------------------------------------------------------------------------------- /Windows Type Confusion/type_confusion_examples.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | /* 5 | Compiled using Visual Studio 2019: 6 | cl.exe /Z7 /MT /EHa type_confusion_examples.cpp 7 | */ 8 | 9 | class Base {}; 10 | 11 | class Child : public Base { 12 | public: 13 | virtual void test1(); 14 | }; 15 | 16 | class Baddie : public Base { 17 | public: 18 | virtual void UnexpectedFunction() { 19 | printf("If you see this function being executed, you are confused!\n"); 20 | } 21 | }; 22 | 23 | void* CopyString(char* s) { 24 | void* buf = malloc(strlen(s)); 25 | strcpy((char*) buf, s); 26 | return buf; 27 | } 28 | 29 | int main(int args, char** argv) { 30 | // Example 1 of type confusion 31 | Base* baddie = new Baddie(); 32 | Child* child1 = static_cast(baddie); 33 | if (child1) 34 | child1->test1(); 35 | 36 | // Example 2 of type confusion 37 | char* s = "AAAAAAAAAAAAAAAA"; 38 | void* buf = CopyString(s); 39 | Child* child2 = static_cast(buf); 40 | child2->test1(); 41 | free(buf); 42 | 43 | system("PAUSE"); 44 | return 0; 45 | } 46 | -------------------------------------------------------------------------------- /Windows Type Confusion/type_confusion_examples.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Windows Type Confusion/type_confusion_examples.exe -------------------------------------------------------------------------------- /Windows Type Confusion/type_confusion_examples.pdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Windows Type Confusion/type_confusion_examples.pdb -------------------------------------------------------------------------------- /Windows Unicode Buffer Overflow/README.md: -------------------------------------------------------------------------------- 1 | # Windows Unicode Overflow 2 | 3 | ![Screenshot](https://raw.githubusercontent.com/wchen-r7/VulnCases/master/Windows%20Unicode%20Buffer%20Overflow/Screenshot.png) 4 | 5 | This is an example of a buffer overflow due to the use of MultiByteToWideChar. This function is 6 | used to convert an ANSI string to unicode, and that implies each character expands to two bytes. 7 | Sometimes, a C/C++ programmer miscalculates this. 8 | 9 | For example, this is 'A' in hex: 10 | 11 | ``` 12 | 41 13 | ``` 14 | 15 | After the conversion, it becomes: 16 | 17 | ``` 18 | 0041 19 | ``` 20 | 21 | To exploit this type of bug, we are restricted to only use gadgets that reside in this address 22 | format: 23 | 24 | ``` 25 | 00xx00xx 26 | ``` 27 | 28 | For example, if we want a JMP ESP for a unicode overflow, we can't use an address that looks like: 29 | 30 | ``` 31 | 0x20417241 32 | ``` 33 | 34 | We could use one that looks like: 35 | 36 | ``` 37 | 0x00410072 38 | ``` 39 | 40 | Due to this restriction, unicode without ASLR is already quite challenging to exploit, especially 41 | for a small application. You just may not find enough gadgets to work with. If that is the case, 42 | consider finding ways to load more DLLs, and hopefully there is one that can provide enough gadgets 43 | you can work with. 44 | 45 | The [Corelan tutorial](https://www.corelan.be/index.php/2009/11/06/exploit-writing-tutorial-part-7-unicode-from-0x00410041-to-calc/) explains quite well how to exploit this type of bug. 46 | -------------------------------------------------------------------------------- /Windows Unicode Buffer Overflow/Screenshot.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Windows Unicode Buffer Overflow/Screenshot.png -------------------------------------------------------------------------------- /Windows Unicode Buffer Overflow/unicode_overflow.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | #define ORIGINAL_STRING_SIZE 1024 5 | 6 | 7 | int main(int args, char** argv) { 8 | char originalStr[ORIGINAL_STRING_SIZE]; 9 | memset(originalStr, 'A', ORIGINAL_STRING_SIZE); 10 | memcpy(originalStr+ORIGINAL_STRING_SIZE-1, "\0", 1); 11 | 12 | WCHAR newBuffer[32]; 13 | memset(newBuffer, '\0', sizeof(newBuffer)); 14 | MultiByteToWideChar(CP_ACP, 0, originalStr, -1, newBuffer, sizeof(newBuffer)); 15 | wprintf(L"%ls\n", newBuffer); 16 | return 0; 17 | } -------------------------------------------------------------------------------- /Windows Unicode Buffer Overflow/unicode_overflow.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Windows Unicode Buffer Overflow/unicode_overflow.exe -------------------------------------------------------------------------------- /Windows Unsafe DLL Loading/README.md: -------------------------------------------------------------------------------- 1 | # Unsafe DLL Loading 2 | 3 | ![Screenshot](https://raw.githubusercontent.com/wchen-r7/VulnCases/master/Windows%20Unsafe%20DLL%20Loading/Screenshot.png) 4 | 5 | This is an example of unsafe DLL loading. The EXE attempts to load a non-existent named 6 | HelloWorld.dll, and as you can see, Windows is looking for it in multiple places. This 7 | is because LoadLibrary has this search order: 8 | 9 | 1. The directory from which the application loaded. 10 | 2. The system directory. 11 | 3. The 16-bit system directory. 12 | 4. The Windows directory. 13 | 5. The current directory. 14 | 6. The directories that are listed in the PATH environment variable. 15 | 16 | If an attacker has control over one of these directories, for example: a directory 17 | traversal that allows the person to write to anywhere on the file system, then he 18 | can generate a DLL payload like this: 19 | 20 | ``` 21 | msfvenom -f dll -p windows/exec CMD="C:\windows\system32\calc.exe" -o runcalc.dll 22 | ``` 23 | 24 | And then hijack the DLL by placing it in a path that the EXE loads. 25 | 26 | Also see: 27 | 28 | https://github.com/rapid7/DLLHijackAuditKit 29 | 30 | ## WebDav Setup 31 | 32 | You can do: 33 | 34 | ``` 35 | sudo pip install wsgidav cheroot 36 | ``` 37 | 38 | You might need to do: 39 | 40 | ``` 41 | sudo pip install six --upgrade --ignore-installed 42 | ``` 43 | 44 | Create a share folder: 45 | 46 | ``` 47 | /tmp/webdav/share 48 | ``` 49 | 50 | And finally, start wsgidav: 51 | 52 | ``` 53 | ./start_wsgidav.sh 54 | ``` 55 | -------------------------------------------------------------------------------- /Windows Unsafe DLL Loading/Screenshot.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Windows Unsafe DLL Loading/Screenshot.png -------------------------------------------------------------------------------- /Windows Unsafe DLL Loading/start_wsgidav.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Before you can run this script, you need to do: 4 | # sudo pip install wsgidav cheroot 5 | # Reference: https://github.com/mar10/wsgidav 6 | # Might need to do this: sudo pip install six --upgrade --ignore-installed 7 | # Next, on your server, host your EXE here: 8 | # /tmp/webdav/share 9 | # And then on your client machine (ie. win 10), open a network share/drive: 10 | # \\server_ip\share 11 | sudo wsgidav --host=0.0.0.0 --port=80 --root=/tmp/webdav --auth=anonymous -------------------------------------------------------------------------------- /Windows Unsafe DLL Loading/unsafe_dll_loading.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | #define MODULE_NAME "HelloWorld.dll" 5 | 6 | int main(int args, char** argv) { 7 | // Read about search order: 8 | // https://docs.microsoft.com/en-us/windows/desktop/Dlls/dynamic-link-library-search-order 9 | // That's how they get you. 10 | HMODULE module = LoadLibrary(MODULE_NAME); 11 | if (module == NULL) { 12 | printf("Unable to load %s\n", MODULE_NAME); 13 | return -1; 14 | } 15 | 16 | printf("Press any key to unload %s\n", MODULE_NAME); 17 | system("PAUSE"); 18 | if (!FreeLibrary(module)) { 19 | printf("Failed to unload\n"); 20 | } 21 | 22 | return 0; 23 | } -------------------------------------------------------------------------------- /Windows Unsafe DLL Loading/unsafe_dll_loading.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Windows Unsafe DLL Loading/unsafe_dll_loading.exe -------------------------------------------------------------------------------- /Windows Use After Free to Type Confusion Leak/README.md: -------------------------------------------------------------------------------- 1 | # Windows Use After Free Type Confusion Info Leak 2 | 3 | ![Screenshot](https://github.com/wchen-r7/VulnCases/blob/master/Windows%20Use%20After%20Free%20to%20Type%20Confusion%20Leak/Screenshot.png?raw=true) 4 | 5 | The title is quite a mouthful but this is what the bug is all about. The case study is intended 6 | to demonstrate how a use after free condition could allow an application to confuse an object 7 | as a string, as a result leaking the address when there is a read primitive. The leaked address 8 | can also be used to calculate the image base address, which defeats the purpose of ASLR, and 9 | collect ROP gadgets (which defeats DEP). 10 | -------------------------------------------------------------------------------- /Windows Use After Free to Type Confusion Leak/Screenshot.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Windows Use After Free to Type Confusion Leak/Screenshot.png -------------------------------------------------------------------------------- /Windows Use After Free to Type Confusion Leak/array_leak_test.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/atxsinn3r/VulnCases/0b179eb05251f43a80cbeae4475a85a51aef07ea/Windows Use After Free to Type Confusion Leak/array_leak_test.exe --------------------------------------------------------------------------------