Commit f60a90de authored by Tyler Nichols's avatar Tyler Nichols

Fixed a severe memory management issue. Appears to work now.

parent bdb9dd1f
......@@ -18,8 +18,8 @@
#define BOOT_PATH "/boot/System.map-"
#define MAX_VERSION_LEN 256
unsigned long *syscall_table = NULL;
//unsigned long *syscall_table = (unsigned long *)0xffffffff81801400;
//unsigned long *syscall_table = NULL;
unsigned long *syscall_table = (unsigned long *)0xffffffff81801400;
asmlinkage int (*original_write)(unsigned int, const char __user *, size_t);
static int find_sys_call_table (char *kern_ver) {
......@@ -129,9 +129,16 @@ static int find_sys_call_table (char *kern_ver) {
return 0;
}
char *acquire_kernel_version (void) {
/*
* We have to pass in a pointer to a buffer to store the parsed
* version information in. If we declare a pointer to the
* parsed version info on the stack of this function, the
* pointer will disappear when the function ends and the
* stack frame is removed.
*/
char *acquire_kernel_version (char *buf) {
struct file *proc_version;
char *full_kernel_version, *parsed_version;
char *kernel_version;
/*
* We use this to store the userspace perspective of the filesystem
......@@ -156,37 +163,31 @@ char *acquire_kernel_version (void) {
return NULL;
}
/*
* Allocate space for the full kernel version info
*/
full_kernel_version = kmalloc(MAX_VERSION_LEN, GFP_KERNEL);
/*
* Zero out memory just to be safe
*/
memset(full_kernel_version, 0, MAX_VERSION_LEN);
memset(buf, 0, MAX_VERSION_LEN);
/*
* Read version info from /proc virtual filesystem
*/
vfs_read(proc_version, full_kernel_version, MAX_VERSION_LEN, &(proc_version->f_pos));
vfs_read(proc_version, buf, MAX_VERSION_LEN, &(proc_version->f_pos));
/*
* Extract the third field from the full version string
*/
parsed_version = strsep(&full_kernel_version, " ");
parsed_version = strsep(&full_kernel_version, " ");
parsed_version = strsep(&full_kernel_version, " ");
kernel_version = strsep(&buf, " ");
kernel_version = strsep(&buf, " ");
kernel_version = strsep(&buf, " ");
filp_close(proc_version, 0);
kfree(full_kernel_version);
/*
* Switch filesystem context back to user space mode
*/
set_fs(oldfs);
return parsed_version;
return kernel_version;
}
asmlinkage int new_write (unsigned int x, const char __user *y, size_t size) {
......@@ -196,12 +197,14 @@ asmlinkage int new_write (unsigned int x, const char __user *y, size_t size) {
}
static int __init onload(void) {
char *kernel_version = kmalloc(MAX_VERSION_LEN, GFP_KERNEL);
printk(KERN_WARNING "Hello world!\n");
printk(KERN_EMERG "Version: %s\n", acquire_kernel_version());
printk(KERN_EMERG "Version: %s\n", acquire_kernel_version(kernel_version));
find_sys_call_table(acquire_kernel_version());
printk(KERN_EMERG "Syscall table address: %p\n", *syscall_table);
// find_sys_call_table(acquire_kernel_version());
printk(KERN_EMERG "Syscall table address: %p\n", syscall_table);
printk(KERN_EMERG "sizeof(unsigned long *): %zx\n", sizeof(unsigned long*));
printk(KERN_EMERG "sizeof(sys_call_table) : %zx\n", sizeof(syscall_table));
......@@ -226,6 +229,8 @@ static int __init onload(void) {
printk(KERN_EMERG "[-] onload: syscall_table is NULL\n");
}
kfree(kernel_version);
/*
* A non 0 return means init_module failed; module can't be loaded.
*/
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment