From 8be782eeb9a533e3ae2df300636b9dfbe44cb2b7 Mon Sep 17 00:00:00 2001
From: ryuzakighost <ryuzakighost@gmail.com>
Date: Fri, 12 Oct 2018 21:56:49 +1100
Subject: [PATCH] vuln attmept 2
---
fuzzer/Fuzzer.java | 8 +++-----
src/machine-vuln1.c | 8 ++++++--
2 files changed, 9 insertions(+), 7 deletions(-)
diff --git a/fuzzer/Fuzzer.java b/fuzzer/Fuzzer.java
index 51a2922..9c854bf 100644
--- a/fuzzer/Fuzzer.java
+++ b/fuzzer/Fuzzer.java
@@ -21,11 +21,9 @@ public class Fuzzer {
/* We just print one instruction.
Hint: you might want to make use of the instruction
grammar which is effectively encoded in Instruction.java */
- pw.println("MOV R1 1");
- pw.println("MOV R2 0");
- pw.println("DIV R0 R1 R2");
- pw.println("ADD R2 R0 R1");
- pw.println("RET R2");
+ pw.println("MOV R0 65535");
+ pw.println("LDR R2 R0 0");
+ pw.println("RET R2");
}catch (Exception e){
e.printStackTrace(System.err);
diff --git a/src/machine-vuln1.c b/src/machine-vuln1.c
index 3b7782b..7b2d5fb 100644
--- a/src/machine-vuln1.c
+++ b/src/machine-vuln1.c
@@ -55,7 +55,8 @@ unsigned int count = 0; /* counts number of instructions executed so far */
static void machine_init(void){
- memory = malloc(sizeof(int32_t)*MEMORY_SIZE);
+ /*Change doesn't clean all of memory, doing a read on the last memory loc vuln*/
+ memory = malloc(sizeof(int32_t)*(MEMORY_SIZE-1));
regs = malloc(sizeof(int32_t)*NUM_REGS);
/* memset can be vulnerable - changes to this can result in dirty memory to be read*/
@@ -86,11 +87,14 @@ static void do_mult(unsigned int dest, unsigned int src1, unsigned int src2)
}
/* returns 0 on success, nonzero on failure */
-/*CHANGE - Divide by Zero now possible*/
static int do_div(unsigned int dest, unsigned int src1, unsigned int src2)
{
+ if (regs[src2] == 0){
+ return -1;
+ }else{
regs[dest] = regs[src1] / regs[src2];
return 0;
+ }
}
/* returns 0 on success, nonzero on failure */
--
GitLab