修复 char *remove_space(const char *str) 函数非法读取内存漏洞
This commit is contained in:
parent
986efc0fe6
commit
63a5ee43c4
49
README.md
49
README.md
@ -1,26 +1,46 @@
|
||||
# denyhosts
|
||||
拒绝主机&杀毒,适用Debian 8、9、11 Centos 7
|
||||
支持钉钉告警和邮件告警
|
||||
支持第三方QQ邮箱告警
|
||||
支持一次运行检测、后台运行检测
|
||||
支持系统病毒扫描
|
||||
|
||||
- 拒绝主机&杀毒
|
||||
```
|
||||
Debian系统请安装libcurl、iptables-devel、libclamav-dev
|
||||
适用系统:
|
||||
Debian 8、9、11
|
||||
Centos 7
|
||||
支持系统病毒扫描
|
||||
支持一次运行检测、后台运行检测
|
||||
支持钉钉告警和邮件告
|
||||
支持第三方QQ邮箱告警
|
||||
```
|
||||
```
|
||||
Debian
|
||||
apt install libclamav-dev libip4tc-dev libcurl4-openssl-dev #(或者libcurl4-gnutls-dev)
|
||||
apt install libsystemd-dev libjson-c-dev libpcre2-dev clamav-freshclam
|
||||
freshclam # 更新病毒库(必要)
|
||||
|
||||
|
||||
Debian系统使用libiptc库需要nftables切换到iptables
|
||||
Switching to the legacy version:(切换到 iptables)
|
||||
update-alternatives --set iptables /usr/sbin/iptables-legacy
|
||||
update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
|
||||
update-alternatives --set arptables /usr/sbin/arptables-legacy
|
||||
update-alternatives --set ebtables /usr/sbin/ebtables-legacy
|
||||
```
|
||||
|
||||
```
|
||||
Centos 7系统请安装libcurl、iptables-devel、libclamav-devel
|
||||
yum install clamav clamav-update clamav-lib clamav-devel json-c-devel pcre2-devel
|
||||
Centos 7
|
||||
yum install clamav clamav-update clamav-lib clamav-devel json-c-devel pcre2-devel
|
||||
yum install iptables-devel libcurl-devel
|
||||
yum install systemd-devel libtool-ltdl-devel
|
||||
|
||||
yum -y install centos-release-scl
|
||||
yum -y install devtoolset-11-gcc
|
||||
source /opt/rh/devtoolset-11/enable #临时
|
||||
echo "source /opt/rh/devtoolset-11/enable" >> /etc/profile #永久
|
||||
freshclam # 更新病毒库(必要)
|
||||
|
||||
```
|
||||
|
||||
|
||||
|
||||
|
||||
```
|
||||
用法
|
||||
cd /root
|
||||
@ -43,17 +63,6 @@ killall rhost
|
||||
```
|
||||
|
||||
|
||||
```
|
||||
Debian系统使用libiptc库需要nftables切换到iptables
|
||||
Switching to the legacy version:(切换到 iptables)
|
||||
|
||||
update-alternatives --set iptables /usr/sbin/iptables-legacy
|
||||
update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
|
||||
update-alternatives --set arptables /usr/sbin/arptables-legacy
|
||||
update-alternatives --set ebtables /usr/sbin/ebtables-legacy
|
||||
```
|
||||
|
||||
|
||||
```
|
||||
配置文件
|
||||
global {
|
||||
|
Binary file not shown.
@ -33,6 +33,11 @@ int show_all_rule(char *ipv4)
|
||||
struct ipt_counters counter;
|
||||
|
||||
handle = iptc_init("filter");
|
||||
|
||||
if ( !handle ) {
|
||||
printf("Error initializing: %s\n", iptc_strerror(errno));
|
||||
exit(errno);
|
||||
}
|
||||
|
||||
for (chain = iptc_first_chain(handle); chain; chain = iptc_next_chain(handle)) {
|
||||
if (chain != NULL && handle != NULL) {
|
||||
|
29
rhost.c
29
rhost.c
@ -87,7 +87,8 @@ int check_system()
|
||||
if (0 == access("/etc/debian_version", F_OK))
|
||||
{
|
||||
return DEBISN_SYSTEM;
|
||||
} else if (0 == access("/etc/centos-release", F_OK))
|
||||
}
|
||||
else if (0 == access("/etc/centos-release", F_OK))
|
||||
{
|
||||
return CENTOS_SYSTEM;
|
||||
}
|
||||
@ -265,10 +266,10 @@ char *remove_space(const char *str)
|
||||
return '\0';
|
||||
}
|
||||
|
||||
strRet = (char *)malloc(uLen + 1);
|
||||
memset(strRet, 0, uLen + 1);
|
||||
strRet = (char *)malloc(uLen + 2);
|
||||
memset(strRet, 0, uLen + 2);
|
||||
|
||||
for (i = 0; i < uLen + 1; i++)
|
||||
for (i = 0; i < uLen; i++)
|
||||
{
|
||||
if (str[i] != ' ')
|
||||
{
|
||||
@ -419,6 +420,7 @@ int rule(conf * conf)
|
||||
memset(temp, 0, BUFFER);
|
||||
memcpy(temp, p + 12, p1 - p - 12);
|
||||
location = remove_space(temp);
|
||||
printf("%s\n", location );
|
||||
}
|
||||
|
||||
memset(iplocation, 0, BUFFER);
|
||||
@ -427,9 +429,11 @@ int rule(conf * conf)
|
||||
strcat(iplocation, location);
|
||||
strcat(iplocation, ")");
|
||||
|
||||
if (location)
|
||||
printf("%s\n", iplocation );
|
||||
|
||||
if (location != NULL)
|
||||
free(location);
|
||||
if (location_json)
|
||||
if (location_json != NULL)
|
||||
free(location_json);
|
||||
|
||||
// 地域白名单
|
||||
@ -515,11 +519,12 @@ int process_argv(int argc, char *argv[], char **argvs)
|
||||
{
|
||||
argvs[0] = argv[0];
|
||||
int i;
|
||||
int j;
|
||||
for (i = 0; i <= argc - 1; i++)
|
||||
{
|
||||
if (i == 1)
|
||||
{
|
||||
for (int j = i; j <= argc - 2; j++)
|
||||
for (j = i; j <= argc - 2; j++)
|
||||
{
|
||||
argvs[j] = argv[j + 1];
|
||||
}
|
||||
@ -578,6 +583,7 @@ int main(int argc, char *argv[], char **env)
|
||||
signal(SIGCHLD, sig_child); // 创建捕捉子进程退出信号
|
||||
|
||||
int pid;
|
||||
int i;
|
||||
|
||||
// 读取配置
|
||||
char path[BUFFER] = { 0 };
|
||||
@ -607,7 +613,7 @@ int main(int argc, char *argv[], char **env)
|
||||
{
|
||||
argvs[0] = argv[0];
|
||||
split_string(conf->CLAMAV_ARG, " ", args);
|
||||
for (int i=1; i<ARGS_NUM; i++)
|
||||
for (i=1; i<ARGS_NUM; i++)
|
||||
{
|
||||
if (args[i][0] == '\0')
|
||||
{
|
||||
@ -659,7 +665,7 @@ goto_daemon:
|
||||
if ((pid = fork()) < 0) {
|
||||
return 0;
|
||||
} else if (0 != pid) {
|
||||
for(int i=1; i<head_argc; i++)
|
||||
for(i=1; i<head_argc; i++)
|
||||
{
|
||||
if (head_argvs[i])
|
||||
free(head_argvs[i]);
|
||||
@ -679,7 +685,7 @@ goto_daemon:
|
||||
if ((pid = fork()) < 0) {
|
||||
return 0;
|
||||
} else if (0 != pid) {
|
||||
for(int i=1; i<head_argc; i++)
|
||||
for(i=1; i<head_argc; i++)
|
||||
{
|
||||
if (head_argvs[i])
|
||||
free(head_argvs[i]);
|
||||
@ -770,8 +776,7 @@ goto_daemon:
|
||||
free_conf(conf);
|
||||
free(conf);
|
||||
free(public_ip);
|
||||
|
||||
for(int i=1; i<head_argc; i++)
|
||||
for(i=1; i<head_argc; i++)
|
||||
{
|
||||
//printf("%s %d\n", head_argvs[i], i);
|
||||
if (head_argvs[i])
|
||||
|
Loading…
Reference in New Issue
Block a user