h(  ) ($6;EbBLkfu�_l� ''8;DUFKV3Dd#,?ANk&5G$/(5M\^�ms����Sb�,;R''6c2I�!\����kx�Ve�[i��Me�IYO7:nOL~�Kr�qrv�I:�BM�y��s}r��K����x)1�6@r*2�89ma��&��'ti������{~#������t)1�2<�0:^5�W.uFzQ/u}�v��vv�u��U37yDJeEJo(/�5Ds'1�:Jlu�iy�iy�hw�1;:S`^BMLOQQn,4�7C�8C�>Lfe�]k�[i�Zg��IW�LZ�EP;,.��Tc�q(0) G,/]/1����w�r��l&-t*3�<<�u��#����j&.u��J68\8?"#$%&'()*+,-./0 ! 
Notice: Undefined index: dl in /var/www/html/web/simple.mini.php on line 1
403WebShell
403Webshell
Server IP : 10.254.12.21  /  Your IP : 10.254.12.21
Web Server : Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
System : Linux arit.skru.ac.th 3.10.0-1160.76.1.el7.x86_64 #1 SMP Wed Aug 10 16:21:17 UTC 2022 x86_64
User : apache ( 48)
PHP Version : 5.6.40
Disable Function : NONE
MySQL : ON  |  cURL : ON  |  WGET : OFF  |  Perl : ON  |  Python : ON  |  Sudo : ON  |  Pkexec : ON
Directory :  /var/opt/eset/efs/eventd/eset_rtp/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /var/opt/eset/efs/eventd/eset_rtp/ertp_dev.c
/*
 * eset_rtp (ESET Real-time file system protection module)
 * Copyright (C) 1992-2021 ESET, spol. s r.o.
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <https://www.gnu.org/licenses/>.
 *
 * In case of any questions, you can contact us at ESET, spol. s r.o., Einsteinova 24, 851 01 Bratislava, Slovakia.
 */

#include "ertp.h"

/* #define ertp_access_ok */
#if LINUX_VERSION_CODE < KERNEL_VERSION(5,0,0)

	#if defined(RHEL_RELEASE_CODE) && defined(RHEL_RELEASE_VERSION)

		#if (RHEL_RELEASE_CODE >= RHEL_RELEASE_VERSION(8, 1))
			#define ertp_access_ok(addr, size) access_ok(addr, size)
		#else
			#define ertp_access_ok(addr, size) access_ok(VERIFY_WRITE, addr, size)
		#endif

	#else
		#define ertp_access_ok(addr, size) access_ok(VERIFY_WRITE, addr, size)
	#endif

#else
	#define ertp_access_ok(addr, size) access_ok(addr, size)
#endif
/* ertp_access_ok */

static int ertp_dev_open(struct inode *inode, struct file *file)
{
	int ret;

	/* must be open with O_WRITE */
	if (!(file->f_mode & FMODE_WRITE))
		return -EINVAL;

	ret = ertp_scanner_reg(current->tgid);
	if (ret)
		return ret;

	return 0;
}

static int ertp_dev_release(struct inode *inode, struct file *file)
{
	if (ertp_is_scanner()) {
		ertp_scanner_rem();
		ertp_stop_accept();
		ertp_rem_requests();
	}

	return 0;
}

static void var_data_to_flex(const struct ertp_event_var_data *var_data, struct eset_rtp_flexible_member *flex, void *buf, size_t buf_size, size_t *offset)
{
	size_t off = *offset;

	if (unlikely(!var_data->ptr)) {
		BUG();
	}

	if (unlikely(off >= buf_size)) {
		BUG();
	}

	if (unlikely(var_data->size > buf_size - off)) {
		BUG();
	}

	memcpy(buf + off, var_data->ptr, var_data->size);
	flex->offset = (uint32_t)off;
	flex->size = (uint32_t)var_data->size;

	*offset = off + var_data->size;
}

static void *allocate_flex_buf(const struct ertp_event_var_data *var_data, size_t max_sz, size_t *buf_sz)
{
	void   *buf = NULL;
	size_t  total_len = 0;
	int     i;

	for (i = 0; i < N_ERTP_VAR_ITEMS; i++) {
		total_len += var_data[i].size;
	}

	if (total_len == 0) {
		return NULL;
	}

	if (unlikely(total_len > max_sz)) {
		return ERR_PTR(-ENOBUFS);
	}

	buf = kzalloc(total_len, GFP_KERNEL);

	if (unlikely(!buf)) {
		return ERR_PTR(-ENOMEM);
	}

	*buf_sz = total_len;

	return buf;
}

static void free_var_data(struct ertp_event_var_data *var_data)
{
	int i;
	for (i = 0; i < N_ERTP_VAR_ITEMS; i++) {
		kfree(var_data[i].buf);
	}
}

static long ertp_dev_handle_get_event(struct eset_rtp_get_event __user *arg)
{
	long                       err = 0;
	struct ertp_event         *event = NULL;
	struct eset_rtp_get_event  query;
	struct eset_rtp_event      tmp_query_event;
	struct ertp_event_var_data var_data[N_ERTP_VAR_ITEMS] = { {NULL, 0, NULL} };
	void                      *flex_buf = NULL;
	size_t                     flex_buf_sz = 0, flex_buf_off = 0;
	unsigned long              n;

	if (unlikely(arg == NULL)) {
		ertp_pr_debug("NULL argument provided");
		return -EFAULT;
	}

	n = copy_from_user(&query, arg, sizeof(struct eset_rtp_get_event));
	if (unlikely(n != 0)) {
		ertp_pr_debug("copy_from_user failed");
		return -EFAULT;
	}

	if (unlikely(query.version != ERTP_PROTOCOL_VERSION)) {
		ertp_pr_debug("invalid version of protocol (%u), this version of kernel module requires version: %u",
			query.version, ERTP_PROTOCOL_VERSION
		);
		return -EINVAL;
	}

	if (unlikely(query.event == NULL || query.data == NULL ||
	    !ertp_access_ok(query.event, sizeof(struct eset_rtp_event)) ||
	    !ertp_access_ok(query.data, query.data_size)))
	{
		ertp_pr_debug("invalid pointer for eset_rtp_event");
		return -EFAULT;
	}

	event = ertp_pop_request();
	if (!event) {
		/* no event available */
		return -EWOULDBLOCK;
	}

	/* event serialization */

	err = ertp_event_serialize(event, &tmp_query_event, var_data);
	if (unlikely(err)) {
		ertp_pr_debug("event serialization failed");
		goto end;
	}

	flex_buf = allocate_flex_buf(var_data, query.data_size, &flex_buf_sz);
	if (unlikely(IS_ERR(flex_buf))) {
		err = PTR_ERR(flex_buf);
		goto end;
	}

	if (flex_buf && flex_buf_sz) {
		var_data_to_flex(&var_data[ERTP_VAR_FILE_PATH], &tmp_query_event.data.generic.file_path, flex_buf, flex_buf_sz, &flex_buf_off);
		var_data_to_flex(&var_data[ERTP_VAR_PROCESS_PATH], &tmp_query_event.data.generic.process_path, flex_buf, flex_buf_sz, &flex_buf_off);

		n = copy_to_user(query.data, flex_buf, flex_buf_sz);
		if (unlikely(n != 0)) {
			ertp_pr_debug("copy_to_user of flex data failed");
			err = -EFAULT;
			goto end;
		}
	}

	n = copy_to_user(query.event, &tmp_query_event, sizeof(struct eset_rtp_event));
	if (unlikely(n != 0)) {
		ertp_pr_debug("copy_to_user of event failed");
		err = -EFAULT;
		goto end;
	}

	ertp_pr_debug("event id %d sent to user space", event->id);

end:
	if (unlikely(err)) {
		if (err == -ENOBUFS) {
			ertp_pr_debug("provided buffer for event with id %d was too small", event->id);
			ertp_append_request(event);
		} else {
			ertp_pr_debug("event id %d was not scanned", event->id);
			ertp_event_allow_prepared_event(event);
		}
	}
	ertp_event_put(event);
	if (!IS_ERR(flex_buf)) {
		kfree(flex_buf);
	}
	free_var_data(var_data);

	return err;
}

static long ertp_dev_handle_set_av_status(struct eset_rtp_set_av_status __user *arg)
{
	struct ertp_event *event;
	struct eset_rtp_set_av_status status;

	if (copy_from_user(&status, arg, sizeof(struct eset_rtp_set_av_status))) {
		return -EFAULT;
	}

	if (status.version != ERTP_PROTOCOL_VERSION) {
		ertp_pr_info("invalid version of protocol (%u), this version\
		of kernel module requires version: %u", status.version, ERTP_PROTOCOL_VERSION);
		return -EINVAL;
	}

	event = ertp_get_reply(&status);
	if (IS_ERR(event)) {
		return PTR_ERR(event);
	}

	ertp_event_done(event);
	ertp_cache_update(event);
	ertp_event_put(event);
	return 0;
}

static long ertp_dev_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
{
	switch (cmd) {
		case ERTP_OP_GET_EVENT:
			return ertp_dev_handle_get_event((struct eset_rtp_get_event __user *)arg);

		case ERTP_OP_SET_AV_STATUS:
			return ertp_dev_handle_set_av_status((struct eset_rtp_set_av_status __user *)arg);

		default:
			break;
	}
	return -EINVAL;
}

static unsigned int ertp_dev_poll(struct file *file, poll_table *wait)
{
	unsigned int mask;

	poll_wait(file, &ertp_request_available, wait);

	mask = POLLOUT | POLLWRNORM;

	if (!ertp_request_queue_empty())
		mask |= POLLIN | POLLRDNORM;

	return mask;
}

static struct class  *ertp_class;
static struct device *ertp_device;
static dev_t          ertp_dev;

static struct file_operations ertp_fops = {
	.owner =   THIS_MODULE,
	.open =    ertp_dev_open,
	.release = ertp_dev_release,
	.unlocked_ioctl = ertp_dev_ioctl,
	.poll =    ertp_dev_poll
};

int ertp_dev_init(void)
{
	int major = register_chrdev(0, ESET_RTP, &ertp_fops);
	if (major < 0)
		return major;

	ertp_dev = MKDEV(major, 0);

	ertp_class = class_create(THIS_MODULE, ESET_RTP);
	if (IS_ERR(ertp_class)) {
		unregister_chrdev(major, ESET_RTP);
		return PTR_ERR(ertp_class);
	}

#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,27)
	ertp_device = device_create(ertp_class, NULL, ertp_dev, ESET_RTP);
#else
	ertp_device = device_create(ertp_class, NULL, ertp_dev, NULL, ESET_RTP);
#endif
	if (IS_ERR(ertp_device)) {
		class_destroy(ertp_class);
		unregister_chrdev(major, ESET_RTP);
		return PTR_ERR(ertp_device);
	}

	return 0;
}

void ertp_dev_exit(void)
{
	device_destroy(ertp_class, ertp_dev);
	class_destroy(ertp_class);
	unregister_chrdev(MAJOR(ertp_dev), ESET_RTP);

	ertp_dev_release(NULL, NULL); // remove pending requests if any remain
}

Youez - 2016 - github.com/yon3zu
LinuXploit