CVE-2024-41010 format rtnetlink.c

google · Aug 21, 2024 · d9e4a4b · d9e4a4b
1 parent 7605223
commit d9e4a4b
Showing 1 changed file with 29 additions and 20 deletions.
diff --git a/pocs/linux/kernelctf/CVE-2024-41010_lts/exploit/lts-6.6.31/src/rtnetlink.c b/pocs/linux/kernelctf/CVE-2024-41010_lts/exploit/lts-6.6.31/src/rtnetlink.c
@@ -20,30 +20,33 @@
  * @type: Type of the attribute
  * @name: Buffer to copy into the attribute
  */
-struct nlattr *set_str8_attr(struct nlattr *attr, uint16_t type, char *name){
-    int len = 8+sizeof(struct nlattr);
+struct nlattr *set_str8_attr(struct nlattr *attr, uint16_t type, char *name)
+{
+    int len = 8 + sizeof(struct nlattr);
     attr->nla_type = type;
     attr->nla_len = 8;
     memcpy(NLA_ATTR(attr), name, len);
 
-    return (void*)attr + NLA_ALIGN(len) + sizeof(struct nlattr);
+    return (void *)attr + NLA_ALIGN(len) + sizeof(struct nlattr);
 }
 
-struct nlattr *set_str_attr(struct nlattr *attr, uint16_t type, char *name){
-    int len = strlen(name)+sizeof(struct nlattr);
+struct nlattr *set_str_attr(struct nlattr *attr, uint16_t type, char *name)
+{
+    int len = strlen(name) + sizeof(struct nlattr);
     attr->nla_type = type;
     attr->nla_len = len;
     memcpy(NLA_ATTR(attr), name, len);
 
-    return (void*)attr + NLA_ALIGN(len);
+    return (void *)attr + NLA_ALIGN(len);
 }
 
-struct nlattr *set_strn_attr(struct nlattr *attr, uint16_t type, char *name, int len){
+struct nlattr *set_strn_attr(struct nlattr *attr, uint16_t type, char *name, int len)
+{
     attr->nla_type = type;
     attr->nla_len = len;
     memcpy(NLA_ATTR(attr), name, len);
 
-    return (void*)attr + NLA_ALIGN(len);
+    return (void *)attr + NLA_ALIGN(len);
 }
 
 /**
@@ -53,7 +56,8 @@ struct nlattr *set_strn_attr(struct nlattr *attr, uint16_t type, char *name, int
  * @buffer: Buffer with data to send
  * @buffer_size: Size of the previous buffer
  */
-struct nlattr *set_binary_attr(struct nlattr *attr, uint16_t type, uint8_t *buffer, uint64_t buffer_size) {
+struct nlattr *set_binary_attr(struct nlattr *attr, uint16_t type, uint8_t *buffer, uint64_t buffer_size)
+{
     attr->nla_type = type;
     attr->nla_len = NLA_BIN_SIZE(buffer_size);
     memcpy(NLA_ATTR(attr), buffer, buffer_size);
@@ -67,7 +71,8 @@ struct nlattr *set_binary_attr(struct nlattr *attr, uint16_t type, uint8_t *buff
  * @type: Type of the nested attribute
  * @data_len: Length of the nested attribute
  */
-struct nlattr *set_nested_attr(struct nlattr *attr, uint16_t type, uint16_t data_len) {
+struct nlattr *set_nested_attr(struct nlattr *attr, uint16_t type, uint16_t data_len)
+{
     attr->nla_type = type;
     attr->nla_len = (data_len + sizeof(struct nlattr));
     return (void *)attr + sizeof(struct nlattr);
@@ -79,14 +84,16 @@ struct nlattr *set_nested_attr(struct nlattr *attr, uint16_t type, uint16_t data
  * @type: Type of the attribute
  * @value: Value of this attribute
  */
-struct nlattr *set_u32_attr(struct nlattr *attr, uint16_t type, uint32_t value) {
+struct nlattr *set_u32_attr(struct nlattr *attr, uint16_t type, uint32_t value)
+{
     attr->nla_type = type;
     attr->nla_len = sizeof(uint32_t) + sizeof(struct nlattr);
     *(uint32_t *)NLA_ATTR(attr) = htonl(value);
 
     return (void *)attr + sizeof(uint32_t) + sizeof(struct nlattr);
 }
-struct nlattr *set_u32_attr_nat(struct nlattr *attr, uint16_t type, uint32_t value) {
+struct nlattr *set_u32_attr_nat(struct nlattr *attr, uint16_t type, uint32_t value)
+{
     attr->nla_type = type;
     attr->nla_len = sizeof(uint32_t) + sizeof(struct nlattr);
     *(uint32_t *)NLA_ATTR(attr) = value;
@@ -100,7 +107,8 @@ struct nlattr *set_u32_attr_nat(struct nlattr *attr, uint16_t type, uint32_t val
  * @type: Type of the attribute
  * @value: Value of this attribute
  */
-struct nlattr *set_u16_attr(struct nlattr *attr, uint16_t type, uint16_t value) {
+struct nlattr *set_u16_attr(struct nlattr *attr, uint16_t type, uint16_t value)
+{
     attr->nla_type = type;
     attr->nla_len = NLA_ALIGN(sizeof(uint16_t) + sizeof(struct nlattr));
     *(uint16_t *)NLA_ATTR(attr) = (value);
@@ -114,37 +122,38 @@ struct nlattr *set_u16_attr(struct nlattr *attr, uint16_t type, uint16_t value)
  * @type: Type of the attribute
  * @value: Value of this attribute
  */
-struct nlattr *set_u8_attr(struct nlattr *attr, uint16_t type, uint8_t value) {
+struct nlattr *set_u8_attr(struct nlattr *attr, uint16_t type, uint8_t value)
+{
     attr->nla_type = type;
     attr->nla_len = NLA_ALIGN(sizeof(uint8_t) + sizeof(struct nlattr));
     *(uint8_t *)NLA_ATTR(attr) = value;
 
     return (void *)attr + NLA_ALIGN(sizeof(uint8_t) + sizeof(struct nlattr));
 }
 
-
- /**
+/**
  * set_u64_attr(): Prepare a 64 bits integer netlink attribute
  * @attr: Attribute to fill
  * @type: Type of the attribute
  * @value: Value of this attribute
  */
-struct nlattr *set_u64_attr(struct nlattr *attr, uint16_t type, uint64_t value) {
+struct nlattr *set_u64_attr(struct nlattr *attr, uint16_t type, uint64_t value)
+{
     attr->nla_type = type;
     attr->nla_len = sizeof(uint64_t) + sizeof(struct nlattr);
     *(uint64_t *)NLA_ATTR(attr) = htobe64(value);
 
     return (void *)attr + sizeof(uint64_t) + sizeof(struct nlattr);
 }
 
-
- /**
+/**
  * set_flag_attr(): Prepare a flag doesn't need data  integer netlink attribute
  * @attr: Attribute to fill
  * @type: Type of the attribute
  * @value: Value of this attribute
  */
-struct nlattr *set_flag_attr(struct nlattr *attr, uint16_t type) {
+struct nlattr *set_flag_attr(struct nlattr *attr, uint16_t type)
+{
     attr->nla_type = type;
     attr->nla_len = sizeof(struct nlattr);
     // *(uint64_t *)NLA_ATTR(attr) = htobe64(value);