Address CVE-2024-42471 (#9)

* Fix CVE-2024-42471 * Include fnetd into repository, download link is broken
2024-09-13 23:21:32 +10:00
parent 5df3832489
commit 45af305522
9 changed files with 22 additions and 58 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -22,7 +22,7 @@ jobs:
          make

      - name: Upload artifacts
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
        with:
          name: vuln-artifact
          path: build/vuln
@@ -39,22 +39,12 @@ jobs:
    steps:
      - uses: actions/checkout@v3

-      - uses: actions/download-artifact@v3
+      - uses: actions/download-artifact@v4
        name: Download build artifacts
        with:
          name: vuln-artifact
          path: build/

-      - name: Install fnetd
-        run: |
-          wget https://cloud.sec.in.tum.de/index.php/s/n5cJnDqnnpSeEpd/download/fnetd.tar.xz -O fnetd.tar.xz
-          tar -xf fnetd.tar.xz
-          mkdir fnetd/build
-          cd fnetd/build
-          cmake .. -G "Unix Makefiles" -DCMAKE_BUILD_TYPE=Release
-          make
-          cd ../..
-
      - name: Setup get_flag
        run: gcc tests/get_flag.c -o get_flag -O3

@@ -63,7 +53,7 @@ jobs:
        with:
          run: |
            chmod +x build/vuln
-            fnetd/build/fnetd -p 1337 -lt 2 -lm 536870912 build/vuln &
+            ./fnetd -p 1337 -lt 2 -lm 536870912 build/vuln &

          tail: true
          wait-on: tcp:localhost:1337
@@ -113,4 +103,4 @@ jobs:
          cat log.txt

      - name: Stop docker
-        run: docker stop exploit_test
+        run: docker stop exploit_test
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -7,4 +7,7 @@ set(CMAKE_C_FLAGS "-Wall -Werror -g -fstack-protector -fshort-enums -z noexecsta

 add_executable(vuln vuln.c)

-add_subdirectory(presentation)
+if(NOT DEFINED ENV{DISABLE_PRESENTATION_BUILD})
+	add_subdirectory(presentation)
+endif()
+
--- a/compile_docker/Dockerfile
+++ b/compile_docker/Dockerfile
@@ -18,6 +18,6 @@ RUN mkdir /home/pwn/source
 RUN tar xvf /home/pwn/parent.tar.xz -C /home/pwn/source
 RUN mkdir /home/pwn/build
 WORKDIR /home/pwn/build
-RUN cmake /home/pwn/source -G "Unix Makefiles" -DCMAKE_BUILD_TYPE=Release
+RUN DISABLE_PRESENTATION_BUILD=true cmake /home/pwn/source -G "Unix Makefiles" -DCMAKE_BUILD_TYPE=Release
 RUN make

--- a/debug_docker/Dockerfile
+++ b/debug_docker/Dockerfile
@@ -8,18 +8,7 @@ FROM debian:bullseye

 RUN apt update -y && apt upgrade -y && apt install -y build-essential wget cmake tar gdb libc6-dbg python3 file strace

-
-############### INSTALL FNETD
-RUN wget https://cloud.sec.in.tum.de/index.php/s/n5cJnDqnnpSeEpd/download/fnetd.tar.xz -O /fnetd.tar.xz
-RUN tar -xf fnetd.tar.xz
-RUN mkdir /fnetd/build
-
-WORKDIR /fnetd/build
-RUN cmake .. -G "Unix Makefiles"
-RUN make
-
-WORKDIR /
-############### END INSTALL
+COPY fnetd /bin/

 ## Add your own dummy get_flag here
 COPY get_flag /bin/get_flag
@@ -36,7 +25,7 @@ RUN mkdir /home/pwn/source
 RUN tar xvf /home/pwn/parent.tar.xz -C /home/pwn/source
 RUN mkdir /home/pwn/build
 WORKDIR /home/pwn/build
-RUN cmake /home/pwn/source -G "Unix Makefiles" -DCMAKE_BUILD_TYPE=Release
+RUN DISABLE_PRESENTATION_BUILD=true cmake /home/pwn/source -G "Unix Makefiles" -DCMAKE_BUILD_TYPE=Release
 RUN make
 WORKDIR /

@@ -53,4 +42,4 @@ EXPOSE 1337

 # Feel free to replace password with the actual chall pw
 ENV FNETD_PASSWORD=1234
-CMD ["/fnetd/build/fnetd", "-p", "1337", "-u", "pwn", "-lt", "2", "-lm", "536870912", "./vuln"]
+CMD ["fnetd", "-p", "1337", "-u", "pwn", "-lt", "2", "-lm", "536870912", "./vuln"]
--- a/debug_docker/launch.sh
+++ b/debug_docker/launch.sh
@@ -1,6 +1,7 @@
 rm -f parent
 find ..  -maxdepth 1 -type f | xargs tar cvf parent.tar.xz
+cp ../fnetd .
 docker container rm binex_project
 docker image rm binex_project
 docker build -t binex_project .
-docker run -it -p 1337:1337 --cap-add=SYS_PTRACE --name binex_project binex_project
+docker run -it -p 8001:1337 --cap-add=SYS_PTRACE --name binex_project binex_project
--- a/BIN
+++ b/BIN
--- a/generate_submission.sh
+++ b/generate_submission.sh
@@ -8,6 +8,7 @@ cp exploit/exploit.py private
 cp activation_key.txt private
 cp release_docker/README.md private
 cp release_docker/Dockerfile private
+cp fnetd private

 # compile vuln
 cd compile_docker
@@ -18,6 +19,7 @@ cd ..
 cp compile_docker/vuln public
 cp vuln.c public
 cp release_docker/Dockerfile public
+cp fnetd public

 echo "Pinguine toll Pinguine toll Pinguine super" >public/activation_key.txt

--- a/release_docker/Dockerfile
+++ b/release_docker/Dockerfile
@@ -3,18 +3,7 @@ FROM debian:bullseye

 RUN apt update -y && apt upgrade -y && apt install -y build-essential wget cmake

-
-############### INSTALL FNETD
-RUN wget https://cloud.sec.in.tum.de/index.php/s/n5cJnDqnnpSeEpd/download/fnetd.tar.xz -O /fnetd.tar.xz
-RUN tar -xf fnetd.tar.xz
-RUN mkdir /fnetd/build
-
-WORKDIR /fnetd/build
-RUN cmake .. -G "Unix Makefiles"
-RUN make
-
-WORKDIR /
-############### END INSTALL
+COPY fnetd /bin/

 COPY get_flag /bin/get_flag

@@ -32,4 +21,4 @@ EXPOSE 1337

 # Feel free to replace password with the actual chall pw
 ENV FNETD_PASSWORD=
-CMD ["/fnetd/build/fnetd", "-p", "1337", "-u", "pwn", "-lt", "2", "-lm", "536870912", "./vuln"]
+CMD ["fnetd", "-p", "1337", "-u", "pwn", "-lt", "2", "-lm", "536870912", "./vuln"]
--- a/tests/Dockerfile
+++ b/tests/Dockerfile
@@ -2,17 +2,7 @@ FROM debian:bullseye

 RUN apt update -y && apt upgrade -y && apt install -y build-essential wget cmake

-############### INSTALL FNETD
-RUN wget https://cloud.sec.in.tum.de/index.php/s/n5cJnDqnnpSeEpd/download/fnetd.tar.xz -O /fnetd.tar.xz
-RUN tar -xf fnetd.tar.xz
-RUN mkdir /fnetd/build
-
-WORKDIR /fnetd/build
-RUN cmake .. -G "Unix Makefiles"
-RUN make
-
-WORKDIR /
-############### END INSTALL
+COPY fnetd /bin/fnetd

 ## Add dummy get_flag
 COPY tests/get_flag.c /bin/get_flag.c
@@ -30,12 +20,12 @@ COPY . /home/pwn/source
 # compile vuln in debug mode
 RUN mkdir /home/pwn/debug
 WORKDIR /home/pwn/debug
-RUN cmake /home/pwn/source -G "Unix Makefiles" -DCMAKE_BUILD_TYPE=Debug
+RUN DISABLE_PRESENTATION_BUILD=true cmake /home/pwn/source -G "Unix Makefiles" -DCMAKE_BUILD_TYPE=Debug
 RUN make

 RUN mkdir /home/pwn/release
 WORKDIR /home/pwn/release
-RUN cmake /home/pwn/source -G "Unix Makefiles" -DCMAKE_BUILD_TYPE=Release
+RUN DISABLE_PRESENTATION_BUILD=true cmake /home/pwn/source -G "Unix Makefiles" -DCMAKE_BUILD_TYPE=Release
 RUN make

 RUN chown -R pwn:pwn /home/pwn
@@ -56,4 +46,4 @@ WORKDIR /home/pwn
 RUN cp /home/pwn/source/activation_key.txt activation_key.txt


-ENTRYPOINT ["sh", "-c", "/fnetd/build/fnetd -p $PORT_DEBUG -u pwn -lt 2 -lm 536870912 /home/pwn/debug/vuln & /fnetd/build/fnetd -p $PORT_RELEASE -u pwn -lt 2 -lm 536870912 /home/pwn/release/vuln"]
+ENTRYPOINT ["sh", "-c", "fnetd -p $PORT_DEBUG -u pwn -lt 2 -lm 536870912 /home/pwn/debug/vuln & fnetd -p $PORT_RELEASE -u pwn -lt 2 -lm 536870912 /home/pwn/release/vuln"]