Address CVE-2024-42471 (#9)

* Fix CVE-2024-42471 * Include fnetd into repository, download link is broken
2024-09-13 23:21:32 +10:00
parent 5df3832489
commit 45af305522
9 changed files with 22 additions and 58 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -22,7 +22,7 @@ jobs:
          make

      - name: Upload artifacts
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
        with:
          name: vuln-artifact
          path: build/vuln
@@ -39,22 +39,12 @@ jobs:
    steps:
      - uses: actions/checkout@v3

-      - uses: actions/download-artifact@v3
+      - uses: actions/download-artifact@v4
        name: Download build artifacts
        with:
          name: vuln-artifact
          path: build/

-      - name: Install fnetd
-        run: |
-          wget https://cloud.sec.in.tum.de/index.php/s/n5cJnDqnnpSeEpd/download/fnetd.tar.xz -O fnetd.tar.xz
-          tar -xf fnetd.tar.xz
-          mkdir fnetd/build
-          cd fnetd/build
-          cmake .. -G "Unix Makefiles" -DCMAKE_BUILD_TYPE=Release
-          make
-          cd ../..
-
      - name: Setup get_flag
        run: gcc tests/get_flag.c -o get_flag -O3

@@ -63,7 +53,7 @@ jobs:
        with:
          run: |
            chmod +x build/vuln
-            fnetd/build/fnetd -p 1337 -lt 2 -lm 536870912 build/vuln &
+            ./fnetd -p 1337 -lt 2 -lm 536870912 build/vuln &

          tail: true
          wait-on: tcp:localhost:1337
@@ -113,4 +103,4 @@ jobs:
          cat log.txt

      - name: Stop docker
-        run: docker stop exploit_test
+        run: docker stop exploit_test