1. 首頁
  2. 問答
  3. Exploit C代碼中的不兼容的指針類型錯誤

Exploit C代碼中的不兼容的指針類型錯誤

2012-12-21 42 views
1

我正在嘗試編譯以下用於學習練習的漏洞代碼,並且已經對C中的指針進行了一些研究,但是我多次修復代碼的嘗試都沒有對編譯器錯誤消息。我非常感謝,如果有人可以在正確的方向指向我,我旁邊的C.Exploit C代碼中的不兼容的指針類型錯誤

相關的錯誤沒有經驗:

OFudge.c: In function ‘get_server_hello’: 
OFudge.c:1009:5: warning: passing argument 2 of ‘d2i_X509’ from incompatible pointer 
type [enabled by default]

線1009:

ssl->x509=d2i_X509(NULL,&p,(long)cert_length);

整個功能:

void get_server_hello(ssl_conn* ssl) 
{ 
    unsigned char buf[BUFSIZE]; 
    unsigned char *p, *end; 
    int len; 
    int server_version, cert_length, cs_length, conn_id_length; 
    int found; 

    if (!(len = read_ssl_packet(ssl, buf, sizeof(buf)))) { 
     printf("Server error: %s\n", ssl_error(ntohs(*(uint16_t*)&buf[1]))); 
     exit(1); 
    } 
    if (len < 11) { 
     printf("get_server_hello: Packet too short (len = %d)\n", len); 
     exit(1); 
    } 

    p = buf; 

    if (*(p++) != SSL2_MT_SERVER_HELLO) { 
     printf("get_server_hello: Expected SSL2 MT SERVER HELLO, got %x\n", (int)p[-1]); 
     exit(1); 
    } 

    if (*(p++) != 0) { 
     printf("get_server_hello: SESSION-ID-HIT is not 0\n"); 
     exit(1); 
    } 

    if (*(p++) != 1) { 
     printf("get_server_hello: CERTIFICATE-TYPE is not SSL CT X509 CERTIFICATE\n"); 
     exit(1); 
    } 

    n2s(p, server_version); 
    if (server_version != 2) { 
     printf("get_server_hello: Unsupported server version %d\n", server_version); 
     exit(1); 
    } 

    n2s(p, cert_length); 
    n2s(p, cs_length); 
    n2s(p, conn_id_length); 

    if (len != 11 + cert_length + cs_length + conn_id_length) { 
     printf("get_server_hello: Malformed packet size\n"); 
     exit(1); 
    } 

    /* read the server certificate */ 
    ssl->x509 = NULL; 
    ssl->x509=d2i_X509(NULL,&p,(long)cert_length); 
    if (ssl->x509 == NULL) { 
     printf("get server hello: Cannot parse x509 certificate\n"); 
     exit(1); 
    } 

    if (cs_length % 3 != 0) { 
     printf("get server hello: CIPHER-SPECS-LENGTH is not a multiple of 3\n"); 
     exit(1); 
    } 

    found = 0; 
    for (end=p+cs_length; p < end; p += 3) { 
     if ((p[0] == 0x01) && (p[1] == 0x00) && (p[2] == 0x80)) 
      found = 1; /* SSL CK RC4 128 WITH MD5 */ 
    } 

    if (!found) { 
     printf("get server hello: Remote server does not support 128 bit RC4\n"); 
     exit(1); 
    } 

    if (conn_id_length > SSL2_MAX_CONNECTION_ID_LENGTH) { 
     printf("get server hello: CONNECTION-ID-LENGTH is too long\n"); 
     exit(1); 
    } 

    /* The connection id is sent back to the server in the CLIENT FINISHED packet */ 
    ssl->conn_id_length = conn_id_length; 
    memcpy(ssl->conn_id, p, conn_id_length); 
}

來源

2012-12-21 user1922430

+0

參數2是'&p'。既然你有'unsigned char * p',你傳遞一個'unsigned char **'(雙指針)給函數。它的原型是什麼?它是否需要單個指針?如果是這樣,請在通話中放入'&'。 –

+0

這只是一個警告,你應該可以編譯..? – cmc

+1

漏洞通常以非標準方式使用內存來工作,所以它不會引起編譯器警告。 – Barmar

回答

0

編譯器清楚地告訴你問題是什麼。它甚至告訴你哪個論點導致了這個問題。僅僅比較期望的參數類型和作爲參數傳遞的類型是如此困難?

根據這一

http://www.openssl.org/docs/crypto/d2i_X509.html

功能需要一個const unsigned char **參數

X509 *d2i_X509(X509 **px, const unsigned char **in, int len);

你傳遞一個unsigned char **代替。 const unsigned char **unsigned char **是兩種不同的類型,不能互相轉換。所以,這是你的錯誤。

來源

2012-12-21 20:34:36 AnT

相關問題

 相關問題