blob: 9cb87bff86dba6ea7ff64f9eedb206fa6fc19a01 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
|
#!/bin/bash
mkdir -p tmp db
die() {
echo >&2 $1
exit 1
}
dump_symbols() {
readelf -Ws $1 | perl -n -e '/: (\w*).*?(\w+)@@GLIBC_/ && print "$2 $1\n"'
}
extract_label() {
perl -n -e '/(\w+)/ && print $1'
}
dump_libc_start_main_ret() {
local call_main=`objdump -D $1 \
| grep -A 100 '<__libc_start_main>' \
| grep call \
| grep -B 1 '<exit>' \
| head -n 1 \
| extract_label`
local offset=`objdump -D $1 | egrep -A 1 "(^| )$call_main:" | tail -n 1 | extract_label`
if [[ "$offset" != "" ]]; then
echo "__libc_start_main_ret $offset"
fi
}
dump_bin_sh() {
local offset=`strings -a -t x $1 | grep '/bin/sh' | extract_label`
if [[ "$offset" != "" ]]; then
echo "str_bin_sh $offset"
fi
}
get_ubuntu() {
local url="$1"
local info="$2"
echo "Getting $info"
echo " -> Location: $url"
local id=`echo $url | perl -n -e '/(libc6[^\/]*)\./ && print $1'`
echo " -> ID: $id"
if [[ -e db/${id}.info ]]; then
echo " -> Already have this version, 'rm db/${id}.*' to force"
return
fi
echo " -> Downloading package"
rm -rf tmp/*
wget $url 2>/dev/null -O tmp/pkg.deb || die "Failed to download package from $url"
echo " -> Extracting package"
cd tmp
ar x pkg.deb || die "ar failed"
tar xf data.tar.* || die "tar failed"
cd ..
local libc=`find tmp -name libc.so.6 || die "Cannot locate libc.so.6"`
echo " -> Writing libc to db/${id}.so"
cp $libc db/${id}.so
echo " -> Writing symbols to db/${id}.symbols"
(dump_symbols $libc; dump_libc_start_main_ret $libc; dump_bin_sh $libc) \
> db/${id}.symbols
echo " -> Writing version info"
echo "$info" > db/${id}.info
}
get_current_ubuntu() {
local version=$1
local arch=$2
local pkg=$3
local info=ubuntu-$version-$arch-$pkg
echo "Getting package location for ubuntu-$version-$arch"
local url=`(wget http://packages.ubuntu.com/$version/$arch/$pkg/download -O - 2>/dev/null \
| grep -oh 'http://[^"]*libc6[^"]*.deb') || die "Failed to get package version"`
get_ubuntu $url $info
}
get_all_ubuntu() {
local info=$1
local url=$2
for f in `wget $url/ -O - 2>/dev/null | egrep -oh 'libc6(-i386|-amd64)?_[^"]*' |grep -v "</a>"`; do
get_ubuntu $url/$f $1
done
}
get_current_ubuntu trusty i386 libc6
get_current_ubuntu trusty amd64 libc6
get_current_ubuntu trusty amd64 libc6-i386
get_current_ubuntu utopic i386 libc6
get_current_ubuntu utopic amd64 libc6
get_current_ubuntu utopic amd64 libc6-i386
get_all_ubuntu archive-eglibc http://security.ubuntu.com/ubuntu/pool/main/e/eglibc/
get_all_ubuntu archive-glibc http://security.ubuntu.com/ubuntu/pool/main/g/glibc/
|
