static Boolean hex_string_to_data(char *str, unsigned char **data, size_t *data_len) { size_t str_len, buf_len; unsigned char *buf; int i, ch, cl; str_len = strlen(str); if ((str_len == 0) || ((str_len % 2) != 0)) return FALSE; buf_len = str_len / 2; buf = ssh_xmalloc(buf_len); for (i = 0; i < buf_len; i++) { ch = hex_char_to_int(str[i * 2]); cl = hex_char_to_int(str[(i * 2) + 1]); if ((ch >= 0) && (cl >= 0)) { buf[i] = (unsigned char)(ch * 16 + cl); } else { ssh_xfree(buf); return FALSE; } } if (data) *data = buf; else ssh_xfree(buf); if (data_len) *data_len = buf_len; return TRUE; }
static int prevent_xss_str(t_session *session, char *input) { int result = 0; short low, high; char *str, value; char tag[22]; str = input; while (*str != '\0') { if ((value = *str) == '%') { if ((high = hex_char_to_int(*(str + 1))) != -1) { if ((low = hex_char_to_int(*(str + 2))) != -1) { value = (char)(high<<4) + low; str += 2; } } } if (value == '<') { str++; strncpy(tag, str, 21); tag[21] = '\0'; url_decode(tag); strlower(tag); if ((memcmp(tag, "script", 6) == 0) && ((tag[6] == ' ') || (tag[6] == '>'))) { log_exploit_attempt(session, "XSS", input); #ifdef ENABLE_TOMAHAWK increment_counter(COUNTER_EXPLOIT); #endif #ifdef ENABLE_MONITOR if (session->config->monitor_enabled) { monitor_count_exploit_attempt(session); monitor_event("XSS attempt for %s%s", session->host->hostname.item[0], session->uri); } #endif if (session->host->prevent_xss == p_prevent) { *str = '_'; } result = 1; break; } } str++; } return result; }
int parseImage(char* input_file,int nImages,float** data) { if (nImages>10000) { printf("mnist_image_parser: parseImage(%s,%d)\n",input_file,nImages); return 1; } FILE* input_file_pointer = fopen(input_file, "r"); CHECK_NOTNULL(input_file_pointer); char magic_number_bytes[4]; CHECK(fread(magic_number_bytes, sizeof(char), 4, input_file_pointer)); // If MSB is first then magic_number_bytes will be 0x00000803 if (magic_number_bytes[2] == 0x08 && magic_number_bytes[3] == 0x03) { LOG_INFO("Little Endian : MSB first"); } else if (magic_number_bytes[0] == 0x01 && magic_number_bytes[1] == 0x08) { // I haven't taken into account big indian-ness, yet. LOG_FATAL("Big Endian : MSB last"); } else { LOG_FATAL("This doesn't correspond to a MNIST Label file."); } LOG_INFO("magic number: %d", hex_array_to_int(magic_number_bytes, 4)); char number_of_images_bytes[4]; CHECK(fread(number_of_images_bytes, sizeof(char), 4, input_file_pointer)); int32_t number_of_images = hex_array_to_int(number_of_images_bytes, 4); LOG_INFO("number of images: %d", number_of_images); int32_t num_rows = 0, num_cols = 0; char num_row_cols[4]; CHECK(fread(num_row_cols, sizeof(char), 4, input_file_pointer)); num_rows = hex_array_to_int(num_row_cols, 4); CHECK(fread(num_row_cols, sizeof(char), 4, input_file_pointer)); num_cols = hex_array_to_int(num_row_cols, 4); LOG_INFO("pixel rows: %d and pixel columns: %d", num_rows, num_cols); int32_t num_pixles_in_image = num_cols * num_rows; //char images_pixels_bytes[num_pixles_in_image]; char* images_pixels_bytes = malloc(num_pixles_in_image); for(int images_done = 0; images_done<nImages;images_done++){ //printf("parse image %d\n",images_done); CHECK(fread(images_pixels_bytes, sizeof(char), num_pixles_in_image, input_file_pointer)); for (int32_t idx = 0; idx < num_pixles_in_image; ++idx) { //printf("image %d at pixel %d\n",images_done,idx); int32_t image_pixel_value = hex_char_to_int(images_pixels_bytes[idx]); // printf("%d \n",image_pixel_value); // A graphic of the number this represents. data[images_done][idx] = (float)image_pixel_value; } } printf("Images parsed.\n"); free(images_pixels_bytes); fclose(input_file_pointer); return 0; }
uint64_t mix_hashed_nums(uint8_t *hashed_nums, const uint8_t *unhashedData, size_t unhashed_sz, uint8_t **mixed_hash, uint8_t *hash_digest) { uint32_t i, index = 0; const uint32_t hashed_nums_len = SHA256_LEN; uint64_t count; uint8_t tmp_val, tmp_array[SHA256_LEN + 2]; //initialize the class for the extend hash Extend_Array new_hash; Extend_Array_init(&new_hash); //set the first hash length in the temp array to all 0xff memset(tmp_array, 0xff, SHA256_LEN); //set the last two bytes to \000 *(tmp_array + SHA256_LEN) = *(tmp_array + SHA256_LEN + 1) = 0; for(count = 0;; count++) { //+1 to keeps a 0 value of *(hashed_nums + index) moving on i = hex_char_to_int(*(hashed_nums + index)) + 1; index += i; //if we hit the end of the hash, rehash it if(index >= hashed_nums_len) { index = index % hashed_nums_len; sha256_to_str(hashed_nums, hashed_nums_len, hashed_nums, hash_digest); //rescramble } tmp_val = *(hashed_nums + index); join_to_array(tmp_array, tmp_val); //plop tmp_val at the end of tmp_array sha256_to_str(tmp_array, SHA256_LEN + 1, tmp_array, hash_digest); //extend the expanded hash to the array extend_array(&new_hash, count * SHA256_LEN, tmp_array, SHA256_LEN, false); //check if the last value of hashed_nums is the same as the last value in tmp_array if(index == hashed_nums_len - 1) if(tmp_val == *(tmp_array + SHA256_LEN - 1)) { //add to count since we extended the array, but break will exit the for loop and count // will not get incremenented by the for loop count++; break; } } //extend the unhashed data to the end and add the \000 to the end extend_array(&new_hash, count * SHA256_LEN, (unsigned char*)unhashedData, unhashed_sz, true); //assign the address of new_hash's array to mixed_hash *mixed_hash = new_hash.array; return count * SHA256_LEN + unhashed_sz; }
/* Prevent cross-site scripting. */ int prevent_xss(t_session *session) { int result = 0; bool logged = false; short low, high; char *str, value; if ((str = session->vars) == NULL) { return 0; } while (*str != '\0') { if ((value = *str) == '%') { if ((high = hex_char_to_int(*(str + 1))) != -1) { if ((low = hex_char_to_int(*(str + 2))) != -1) { value = (char)(high<<4) + low; } } } if ((value == '\"') || (value == '<') || (value == '>') || (value == '\'')) { if (logged == false) { log_exploit_attempt(session, "XSS", session->vars); #ifdef ENABLE_TOMAHAWK increment_counter(COUNTER_EXPLOIT); #endif #ifdef ENABLE_MONITOR if (session->config->monitor_enabled) { monitor_count_exploit(session); monitor_event("XSS attempt for %s", session->file_on_disk); } #endif logged = true; } *str = '_'; result = 1; } str++; } return result; }
static int arc4_seed_proc_sys_kernel_random_uuid( void ) { /* * Occasionally, somebody will make /proc/sys accessible in a chroot, * but not /dev/urandom. Let's try /proc/sys/kernel/random/uuid. * Its format is stupid, so we need to decode it from hex. */ char buf[ 128 ]; HB_U8 entropy[ 64 ]; int bytes, i, nybbles; for( bytes = 0; bytes < ADD_ENTROPY; ) { int fd = open( "/proc/sys/kernel/random/uuid", O_RDONLY, 0 ); int n; if( fd < 0 ) return -1; n = read( fd, buf, sizeof( buf ) ); close( fd ); if( n <= 0 ) return -1; memset( entropy, 0, sizeof( entropy ) ); for( i = nybbles = 0; i < n; ++i ) { if( HB_ISXDIGIT( buf[ i ] ) ) { int nyb = hex_char_to_int( buf[ i ] ); if( nybbles & 1 ) entropy[ nybbles / 2 ] |= nyb; else entropy[ nybbles / 2 ] |= nyb << 4; ++nybbles; } } if( nybbles < 2 ) return -1; arc4_addrandom( entropy, nybbles / 2 ); bytes += nybbles / 2; } memset( entropy, 0, sizeof( entropy ) ); memset( buf, 0, sizeof( buf ) ); return 0; }
typename boost::enable_if<boost::is_integral<typename hex_iterator_traits<OutputIterator>::value_type>, OutputIterator>::type decode_one ( InputIterator &first, InputIterator last, OutputIterator out, EndPred pred ) { typedef typename hex_iterator_traits<OutputIterator>::value_type T; T res (0); // Need to make sure that we get can read that many chars here. for ( std::size_t i = 0; i < 2 * sizeof ( T ); ++i, ++first ) { if ( pred ( first, last )) BOOST_THROW_EXCEPTION (not_enough_input ()); res = ( 16 * res ) + hex_char_to_int (*first); } *out = res; return ++out; }
int* parseLabel(char* fileDir) { int* labels; FILE* input_file_pointer = fopen(fileDir, "r"); CHECK_NOTNULL(input_file_pointer); char magic_number_bytes[4]; CHECK(fread(magic_number_bytes, sizeof(char), 4, input_file_pointer)); // If MSB is first then magic_number_bytes will be 0x00000801 if (magic_number_bytes[2] == 0x08 && magic_number_bytes[3] == 0x01) { LOG_INFO("Little Endian : MSB first"); } else if (magic_number_bytes[0] == 0x01 && magic_number_bytes[1] == 0x08) { // I haven't taken into account big indian-ness, yet. LOG_FATAL("Big Endian : MSB last"); } else { LOG_FATAL("This doesn't correspond to a MNIST Label file."); } LOG_INFO("magic number: %d", hex_array_to_int(magic_number_bytes, 4)); char number_of_images_bytes[4]; CHECK(fread(number_of_images_bytes, sizeof(char), 4, input_file_pointer)); LOG_INFO("number of labels: %d", hex_array_to_int(number_of_images_bytes, 4)); labels = malloc(sizeof(int)*hex_array_to_int(number_of_images_bytes,4)); assert(labels!=NULL); char label_byte; int nlabels= hex_array_to_int(number_of_images_bytes,4); for (int i=0;i<nlabels && fread(&label_byte, sizeof(char), 1, input_file_pointer);i++) { labels[i] = hex_char_to_int(label_byte); } fclose(input_file_pointer); return labels; }