TokameinE
TokameinE
compile: ``` git clone https://github.com/cesanta/mjs.git cd mjs make ``` run: ``` cd build ./mjs poc.js ``` poc: ```js let a = function() { let y = 1,; let boo =...
I found an arbitrary file reading vulnerability in the vn_handle_get_connection function: ``` void vn_handle_get_connection(vn_http_connection_t *conn) { ........ /* Append default static resource path before HTTP request's uri */ memset(filepath, '\0',...
The following code exists in the handle_rrq function: ` char *r_path = request->packet.filename; // request file ........ strcat(fullpath, r_path); ....... FILE *fp = fopen(fullpath, "r"); ` By not eliminating the...
in /ryu/ofproto/ofproto_v1_3_parser.py about line=5269 ```python while rest: p, rest = OFPTableFeatureProp.parse(rest) props.append(p) table_features.properties = props ``` The rest variable here is obtained through the following code: ```python (type_, length) =...
in /ryu/ofproto/ofproto_v1_3_parser.py about line=139 ```python class OFPHello(MsgBase): ... @classmethod def parser(cls, datapath, version, msg_type, msg_len, xid, buf): msg = super(OFPHello, cls).parser(datapath, version, msg_type, msg_len, xid, buf) offset = ofproto.OFP_HELLO_HEADER_SIZE elems...
in /ryu/ofproto/ofproto_v1_3_parser.py about line=3607 ```python class OFPBucket(StringifyMixin): @classmethod def parser(cls, buf, offset): (len_, weight, watch_port, watch_group) = struct.unpack_from( ofproto.OFP_BUCKET_PACK_STR, buf, offset) .... while length < msg.len: action = OFPAction.parser(buf, offset)...
in /ryu/ofproto/ofproto_v1_3_parser.py about line=4685 ```python class OFPGroupDescStats(StringifyMixin): @classmethod def parser(cls, buf, offset): .... while length < stats.length: bucket = OFPBucket.parser(buf, offset) stats.buckets.append(bucket) offset += bucket.len length += bucket.len ``` If...
in /ryu/ofproto/ofproto_v1_3_parser.py about line=4083 ```python class OFPFlowStats(StringifyMixin): while inst_length > 0: inst = OFPInstruction.parser(buf, offset) instructions.append(inst) offset += inst.len inst_length -= inst.len ``` If inst.length =0,the offset will no longer...
in /ryu/ofproto/ofproto_v1_3_parser.py about line=3943 ```python class OFPMultipartReply(MsgBase): _STATS_MSG_TYPES = {} .... @classmethod def parser(cls, datapath, version, msg_type, msg_len, xid, buf): .... while offset < msg_len: b = stats_type_cls.cls_stats_body_cls.parser(msg.buf, offset) body.append(b)...
in /ryu/ofproto/ofproto_v1_3_parser.py about line=6026 ```python class OFPPacketQueue(StringifyMixin): .... @classmethod def parser(cls, buf, offset): .... while length < len_: queue_prop = OFPQueueProp.parser(buf, offset) if queue_prop is not None: properties.append(queue_prop) offset +=...