修复 char *remove_space(const char *str) 函数非法读取内存漏洞
This commit is contained in:
parent
986efc0fe6
commit
63a5ee43c4
49
README.md
49
README.md
@ -1,26 +1,46 @@
|
|||||||
# denyhosts
|
# denyhosts
|
||||||
拒绝主机&杀毒,适用Debian 8、9、11 Centos 7
|
- 拒绝主机&杀毒
|
||||||
支持钉钉告警和邮件告警
|
|
||||||
支持第三方QQ邮箱告警
|
|
||||||
支持一次运行检测、后台运行检测
|
|
||||||
支持系统病毒扫描
|
|
||||||
|
|
||||||
```
|
```
|
||||||
Debian系统请安装libcurl、iptables-devel、libclamav-dev
|
适用系统:
|
||||||
|
Debian 8、9、11
|
||||||
|
Centos 7
|
||||||
|
支持系统病毒扫描
|
||||||
|
支持一次运行检测、后台运行检测
|
||||||
|
支持钉钉告警和邮件告
|
||||||
|
支持第三方QQ邮箱告警
|
||||||
|
```
|
||||||
|
```
|
||||||
|
Debian
|
||||||
apt install libclamav-dev libip4tc-dev libcurl4-openssl-dev #(或者libcurl4-gnutls-dev)
|
apt install libclamav-dev libip4tc-dev libcurl4-openssl-dev #(或者libcurl4-gnutls-dev)
|
||||||
apt install libsystemd-dev libjson-c-dev libpcre2-dev clamav-freshclam
|
apt install libsystemd-dev libjson-c-dev libpcre2-dev clamav-freshclam
|
||||||
freshclam # 更新病毒库(必要)
|
freshclam # 更新病毒库(必要)
|
||||||
|
|
||||||
|
|
||||||
|
Debian系统使用libiptc库需要nftables切换到iptables
|
||||||
|
Switching to the legacy version:(切换到 iptables)
|
||||||
|
update-alternatives --set iptables /usr/sbin/iptables-legacy
|
||||||
|
update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
|
||||||
|
update-alternatives --set arptables /usr/sbin/arptables-legacy
|
||||||
|
update-alternatives --set ebtables /usr/sbin/ebtables-legacy
|
||||||
```
|
```
|
||||||
|
|
||||||
```
|
```
|
||||||
Centos 7系统请安装libcurl、iptables-devel、libclamav-devel
|
Centos 7
|
||||||
yum install clamav clamav-update clamav-lib clamav-devel json-c-devel pcre2-devel
|
yum install clamav clamav-update clamav-lib clamav-devel json-c-devel pcre2-devel
|
||||||
yum install iptables-devel libcurl-devel
|
yum install iptables-devel libcurl-devel
|
||||||
yum install systemd-devel libtool-ltdl-devel
|
yum install systemd-devel libtool-ltdl-devel
|
||||||
|
|
||||||
|
yum -y install centos-release-scl
|
||||||
|
yum -y install devtoolset-11-gcc
|
||||||
|
source /opt/rh/devtoolset-11/enable #临时
|
||||||
|
echo "source /opt/rh/devtoolset-11/enable" >> /etc/profile #永久
|
||||||
freshclam # 更新病毒库(必要)
|
freshclam # 更新病毒库(必要)
|
||||||
|
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
```
|
```
|
||||||
用法
|
用法
|
||||||
cd /root
|
cd /root
|
||||||
@ -43,17 +63,6 @@ killall rhost
|
|||||||
```
|
```
|
||||||
|
|
||||||
|
|
||||||
```
|
|
||||||
Debian系统使用libiptc库需要nftables切换到iptables
|
|
||||||
Switching to the legacy version:(切换到 iptables)
|
|
||||||
|
|
||||||
update-alternatives --set iptables /usr/sbin/iptables-legacy
|
|
||||||
update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
|
|
||||||
update-alternatives --set arptables /usr/sbin/arptables-legacy
|
|
||||||
update-alternatives --set ebtables /usr/sbin/ebtables-legacy
|
|
||||||
```
|
|
||||||
|
|
||||||
|
|
||||||
```
|
```
|
||||||
配置文件
|
配置文件
|
||||||
global {
|
global {
|
||||||
|
Binary file not shown.
@ -33,6 +33,11 @@ int show_all_rule(char *ipv4)
|
|||||||
struct ipt_counters counter;
|
struct ipt_counters counter;
|
||||||
|
|
||||||
handle = iptc_init("filter");
|
handle = iptc_init("filter");
|
||||||
|
|
||||||
|
if ( !handle ) {
|
||||||
|
printf("Error initializing: %s\n", iptc_strerror(errno));
|
||||||
|
exit(errno);
|
||||||
|
}
|
||||||
|
|
||||||
for (chain = iptc_first_chain(handle); chain; chain = iptc_next_chain(handle)) {
|
for (chain = iptc_first_chain(handle); chain; chain = iptc_next_chain(handle)) {
|
||||||
if (chain != NULL && handle != NULL) {
|
if (chain != NULL && handle != NULL) {
|
||||||
|
29
rhost.c
29
rhost.c
@ -87,7 +87,8 @@ int check_system()
|
|||||||
if (0 == access("/etc/debian_version", F_OK))
|
if (0 == access("/etc/debian_version", F_OK))
|
||||||
{
|
{
|
||||||
return DEBISN_SYSTEM;
|
return DEBISN_SYSTEM;
|
||||||
} else if (0 == access("/etc/centos-release", F_OK))
|
}
|
||||||
|
else if (0 == access("/etc/centos-release", F_OK))
|
||||||
{
|
{
|
||||||
return CENTOS_SYSTEM;
|
return CENTOS_SYSTEM;
|
||||||
}
|
}
|
||||||
@ -265,10 +266,10 @@ char *remove_space(const char *str)
|
|||||||
return '\0';
|
return '\0';
|
||||||
}
|
}
|
||||||
|
|
||||||
strRet = (char *)malloc(uLen + 1);
|
strRet = (char *)malloc(uLen + 2);
|
||||||
memset(strRet, 0, uLen + 1);
|
memset(strRet, 0, uLen + 2);
|
||||||
|
|
||||||
for (i = 0; i < uLen + 1; i++)
|
for (i = 0; i < uLen; i++)
|
||||||
{
|
{
|
||||||
if (str[i] != ' ')
|
if (str[i] != ' ')
|
||||||
{
|
{
|
||||||
@ -419,6 +420,7 @@ int rule(conf * conf)
|
|||||||
memset(temp, 0, BUFFER);
|
memset(temp, 0, BUFFER);
|
||||||
memcpy(temp, p + 12, p1 - p - 12);
|
memcpy(temp, p + 12, p1 - p - 12);
|
||||||
location = remove_space(temp);
|
location = remove_space(temp);
|
||||||
|
printf("%s\n", location );
|
||||||
}
|
}
|
||||||
|
|
||||||
memset(iplocation, 0, BUFFER);
|
memset(iplocation, 0, BUFFER);
|
||||||
@ -427,9 +429,11 @@ int rule(conf * conf)
|
|||||||
strcat(iplocation, location);
|
strcat(iplocation, location);
|
||||||
strcat(iplocation, ")");
|
strcat(iplocation, ")");
|
||||||
|
|
||||||
if (location)
|
printf("%s\n", iplocation );
|
||||||
|
|
||||||
|
if (location != NULL)
|
||||||
free(location);
|
free(location);
|
||||||
if (location_json)
|
if (location_json != NULL)
|
||||||
free(location_json);
|
free(location_json);
|
||||||
|
|
||||||
// 地域白名单
|
// 地域白名单
|
||||||
@ -515,11 +519,12 @@ int process_argv(int argc, char *argv[], char **argvs)
|
|||||||
{
|
{
|
||||||
argvs[0] = argv[0];
|
argvs[0] = argv[0];
|
||||||
int i;
|
int i;
|
||||||
|
int j;
|
||||||
for (i = 0; i <= argc - 1; i++)
|
for (i = 0; i <= argc - 1; i++)
|
||||||
{
|
{
|
||||||
if (i == 1)
|
if (i == 1)
|
||||||
{
|
{
|
||||||
for (int j = i; j <= argc - 2; j++)
|
for (j = i; j <= argc - 2; j++)
|
||||||
{
|
{
|
||||||
argvs[j] = argv[j + 1];
|
argvs[j] = argv[j + 1];
|
||||||
}
|
}
|
||||||
@ -578,6 +583,7 @@ int main(int argc, char *argv[], char **env)
|
|||||||
signal(SIGCHLD, sig_child); // 创建捕捉子进程退出信号
|
signal(SIGCHLD, sig_child); // 创建捕捉子进程退出信号
|
||||||
|
|
||||||
int pid;
|
int pid;
|
||||||
|
int i;
|
||||||
|
|
||||||
// 读取配置
|
// 读取配置
|
||||||
char path[BUFFER] = { 0 };
|
char path[BUFFER] = { 0 };
|
||||||
@ -607,7 +613,7 @@ int main(int argc, char *argv[], char **env)
|
|||||||
{
|
{
|
||||||
argvs[0] = argv[0];
|
argvs[0] = argv[0];
|
||||||
split_string(conf->CLAMAV_ARG, " ", args);
|
split_string(conf->CLAMAV_ARG, " ", args);
|
||||||
for (int i=1; i<ARGS_NUM; i++)
|
for (i=1; i<ARGS_NUM; i++)
|
||||||
{
|
{
|
||||||
if (args[i][0] == '\0')
|
if (args[i][0] == '\0')
|
||||||
{
|
{
|
||||||
@ -659,7 +665,7 @@ goto_daemon:
|
|||||||
if ((pid = fork()) < 0) {
|
if ((pid = fork()) < 0) {
|
||||||
return 0;
|
return 0;
|
||||||
} else if (0 != pid) {
|
} else if (0 != pid) {
|
||||||
for(int i=1; i<head_argc; i++)
|
for(i=1; i<head_argc; i++)
|
||||||
{
|
{
|
||||||
if (head_argvs[i])
|
if (head_argvs[i])
|
||||||
free(head_argvs[i]);
|
free(head_argvs[i]);
|
||||||
@ -679,7 +685,7 @@ goto_daemon:
|
|||||||
if ((pid = fork()) < 0) {
|
if ((pid = fork()) < 0) {
|
||||||
return 0;
|
return 0;
|
||||||
} else if (0 != pid) {
|
} else if (0 != pid) {
|
||||||
for(int i=1; i<head_argc; i++)
|
for(i=1; i<head_argc; i++)
|
||||||
{
|
{
|
||||||
if (head_argvs[i])
|
if (head_argvs[i])
|
||||||
free(head_argvs[i]);
|
free(head_argvs[i]);
|
||||||
@ -770,8 +776,7 @@ goto_daemon:
|
|||||||
free_conf(conf);
|
free_conf(conf);
|
||||||
free(conf);
|
free(conf);
|
||||||
free(public_ip);
|
free(public_ip);
|
||||||
|
for(i=1; i<head_argc; i++)
|
||||||
for(int i=1; i<head_argc; i++)
|
|
||||||
{
|
{
|
||||||
//printf("%s %d\n", head_argvs[i], i);
|
//printf("%s %d\n", head_argvs[i], i);
|
||||||
if (head_argvs[i])
|
if (head_argvs[i])
|
||||||
|
Loading…
Reference in New Issue
Block a user