From 0d4270c4f3e2d6ff1436e770769c4fcb10a613a4 Mon Sep 17 00:00:00 2001
From: patawat watakul <pwatakul@student.unimelb.edu.au>
Date: Fri, 11 Oct 2019 01:31:34 +1100
Subject: [PATCH] update vuln
---
poc/vuln-3.poc | 6 ++++++
poc/vuln-4.poc | 2 ++
src/vuln-3/passbook.c | 4 +++-
src/vuln-4/passbook.c | 1 +
4 files changed, 12 insertions(+), 1 deletion(-)
diff --git a/poc/vuln-3.poc b/poc/vuln-3.poc
index e69de29..6bb3a5c 100644
--- a/poc/vuln-3.poc
+++ b/poc/vuln-3.poc
@@ -0,0 +1,6 @@
+put http://example.com example_username password1
+put http://example2.com example_username2 password2
+rem http://example2.com
+put http://example3.com example_username3 password3
+put http://example4.com example_username4 password4
+get http://example2.com
diff --git a/poc/vuln-4.poc b/poc/vuln-4.poc
index e69de29..e228f4d 100644
--- a/poc/vuln-4.poc
+++ b/poc/vuln-4.poc
@@ -0,0 +1,2 @@
+put http://example.com example_username password1
+
diff --git a/src/vuln-3/passbook.c b/src/vuln-3/passbook.c
index 2a2ae56..f6d88bb 100644
--- a/src/vuln-3/passbook.c
+++ b/src/vuln-3/passbook.c
@@ -161,7 +161,9 @@ static node_t * rem(node_t *p, const char *url){
int ret = strcmp(url,p->url);
if (ret == 0){
node_t * left = p->left;
- node_t * const right = p->right;
+ // Change code over here and the node is not deleted
+ // node_t * const right = p->right;
+ node_t * const right = p;
left = node_insert(left,right);
node_free(p);
if (pptr != NULL){
diff --git a/src/vuln-4/passbook.c b/src/vuln-4/passbook.c
index 2a2ae56..1840780 100644
--- a/src/vuln-4/passbook.c
+++ b/src/vuln-4/passbook.c
@@ -65,6 +65,7 @@ static node_t *node_new(const char *url, const cred_t cred){
node_t *new = malloc(sizeof(node_t));
assert(new != NULL && "new: malloc failed");
new->url = strdup(url);
+ free(new->url);
assert(new->url != NULL && "new: strdup url failed");
new->cred.username = strdup(cred.username);
assert(new->cred.username != NULL && "new: strdup username failed");
--
GitLab