Trying to compile it with the following but doesn't work:
cc -o exploit exploit.c -Wall -Wextra -Werror -lgnutls
Following error is thrown:
exploit.c:108:27: error: initialization of ‘long unsigned int’ from ‘void ’ makes integer from pointer without a cast [-Werror=int-conversion]
108 | unsigned long heap_base = NULL; / we will save here heap base address when leaked */
| ^~~~
exploit.c:109:27: error: initialization of ‘long unsigned int’ from ‘void ’ makes integer from pointer without a cast [-Werror=int-conversion]
109 | unsigned long curr_heap = NULL; / curr heap for config search */
| ^~~~
exploit.c:110:29: error: initialization of ‘long unsigned int’ from ‘void ’ makes integer from pointer without a cast [-Werror=int-conversion]
110 | unsigned long config_addr = NULL; / when finding config address, we will save it here */
| ^~~~
exploit.c: In function ‘init_ctx_x’:
exploit.c:156:5: error: ‘TLSv1_2_client_method’ is deprecated [-Werror=deprecated-declarations]
156 | method = TLSv1_2_client_method();
| ^~~~~~
In file included from /usr/include/openssl/e_os2.h:13,
from /usr/include/openssl/ssl.h:15,
from exploit.c:22:
/usr/include/openssl/ssl.h:1891:1: note: declared here
1891 | DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_client_method(void))
| ^~~~~~~~~~~~~~~~~~
exploit.c:156:12: error: assignment discards ‘const’ qualifier from pointer target type [-Werror=discarded-qualifiers]
156 | method = TLSv1_2_client_method();
| ^
exploit.c: In function ‘exchange_data’:
exploit.c:285:4: error: implicit declaration of function ‘hexdump’ [-Werror=implicit-function-declaration]
285 | hexdump(buf, size/16);
| ^~~~~~~
exploit.c:287:4: error: implicit declaration of function ‘identify_leak’ [-Werror=implicit-function-declaration]
287 | identify_leak(buf, size);
| ^~~~~~~~~~~~~
exploit.c:294:4: error: implicit declaration of function ‘identify_config’ [-Werror=implicit-function-declaration]
294 | identify_config(mem_exfil, MAX_POST_PIPLN_SZ);
| ^~~~~~~~~~~~~~~
exploit.c: At top level:
exploit.c:305:6: error: conflicting types for ‘hexdump’ [-Werror]
305 | void hexdump(void mem, unsigned int len) {
| ^~~~~~~
exploit.c:285:4: note: previous implicit declaration of ‘hexdump’ was here
285 | hexdump(buf, size/16);
| ^~~~~~~
exploit.c: In function ‘hexdump’:
exploit.c:318:41: error: implicit declaration of function ‘isprint’ [-Werror=implicit-function-declaration]
318 | else if(isprint(((char)mem)[j]))
| ^~~~~~~
exploit.c: In function ‘strstrx’:
exploit.c:333:10: error: comparison of integer expressions of different signedness: ‘int’ and ‘size_t’ {aka ‘long unsigned int’} [-Werror=sign-compare]
333 | while(i < sz_1) {
| ^
exploit.c:336:7: error: assignment discards ‘const’ qualifier from pointer target type [-Werror=discarded-qualifiers]
336 | f = str1+i;
| ^
exploit.c: At top level:
exploit.c:368:6: error: conflicting types for ‘identify_config’ [-Werror]
368 | void identify_config(char *buf, size_t size) {
| ^~~~~~~~~~~~~~~
exploit.c:294:4: note: previous implicit declaration of ‘identify_config’ was here
294 | identify_config(mem_exfil, MAX_POST_PIPLN_SZ);
| ^~~~~~~~~~~~~~~
exploit.c: In function ‘identify_config’:
exploit.c:370:24: error: initialization of ‘long unsigned int’ from ‘void *’ makes integer from pointer without a cast [-Werror=int-conversion]
370 | unsigned long r_ptr = NULL;
| ^~~~
exploit.c: At top level:
exploit.c:383:6: error: conflicting types for ‘identify_leak’ [-Werror]
383 | void identify_leak(char *buf, size_t size) {
| ^~~~~~~~~~~~~
exploit.c:287:4: note: previous implicit declaration of ‘identify_leak’ was here
287 | identify_leak(buf, size);
| ^~~~~~~~~~~~~
exploit.c: In function ‘identify_leak’:
exploit.c:391:10: error: comparison of integer expressions of different signedness: ‘int’ and ‘size_t’ {aka ‘long unsigned int’} [-Werror=sign-compare]
391 | while(i < size) {
| ^
exploit.c:399:10: error: comparison of integer expressions of different signedness: ‘int’ and ‘long unsigned int’ [-Werror=sign-compare]
399 | while(x < sizeof(uint64_t)) {
| ^
exploit.c:403:7: error: assignment to ‘uint64_t *’ {aka ‘long unsigned int ’} from incompatible pointer type ‘char ()[8]’ [-Werror=incompatible-pointer-types]
403 | leak = &lk;
| ^
exploit.c: In function ‘leak_phase’:
exploit.c:451:3: error: ‘return’ with no value, in function returning non-void [-Werror=return-type]
451 | return;
| ^~~~~~
exploit.c:414:5: note: declared here
414 | int leak_phase(char *hostname, int port) {
| ^~~~~~~~~~
exploit.c:463:16: error: passing argument 1 of ‘exchange_data’ makes integer from pointer without a cast [-Werror=int-conversion]
463 | exchange_data(ssl, buf, sizeof(buf)-1, 1, 1, TLS_T);
| ^~~
| |
| SSL * {aka struct ssl_st *}
exploit.c:257:25: note: expected ‘long int’ but argument is of type ‘SSL *’ {aka ‘struct ssl_st *’}
257 | void exchange_data(long fd, char *buf, size_t size, int send_flg, int recv_flg, int method_t) {
| ~~~~~^~
exploit.c:466:16: error: passing argument 1 of ‘exchange_data’ makes integer from pointer without a cast [-Werror=int-conversion]
466 | exchange_data(ssl, buf, sizeof(buf)-1, 1, 1, TLS_T);
| ^~~
| |
| SSL * {aka struct ssl_st *}
exploit.c:257:25: note: expected ‘long int’ but argument is of type ‘SSL *’ {aka ‘struct ssl_st *’}
257 | void exchange_data(long fd, char *buf, size_t size, int send_flg, int recv_flg, int method_t) {
| ~~~~~^~
exploit.c:479:16: error: passing argument 1 of ‘exchange_data’ makes integer from pointer without a cast [-Werror=int-conversion]
479 | exchange_data(ssl, buf, sizeof(buf)-1, 1, 0, TLS_T);
| ^~~
| |
| SSL * {aka struct ssl_st *}
exploit.c:257:25: note: expected ‘long int’ but argument is of type ‘SSL *’ {aka ‘struct ssl_st *’}
257 | void exchange_data(long fd, char *buf, size_t size, int send_flg, int recv_flg, int method_t) {
| ~~~~~^~
exploit.c:515:3: error: ‘return’ with no value, in function returning non-void [-Werror=return-type]
515 | return;
| ^~~~~~
exploit.c:414:5: note: declared here
414 | int leak_phase(char *hostname, int port) {
| ^~~~~~~~~~
exploit.c:528:16: error: passing argument 1 of ‘exchange_data’ makes integer from pointer without a cast [-Werror=int-conversion]
528 | exchange_data(ssl, buf, sizeof(buf)-1, 1, 1, TLS_T);
| ^~~
| |
| SSL * {aka struct ssl_st *}
exploit.c:257:25: note: expected ‘long int’ but argument is of type ‘SSL *’ {aka ‘struct ssl_st *’}
257 | void exchange_data(long fd, char *buf, size_t size, int send_flg, int recv_flg, int method_t) {
| ~~~~~^~
exploit.c:418:13: error: unused variable ‘x’ [-Werror=unused-variable]
418 | int i = 0, x = 0;
| ^
exploit.c:417:6: error: unused variable ‘count’ [-Werror=unused-variable]
417 | int count = 0;
| ^~~~~
exploit.c: In function ‘arbitrary_read’:
exploit.c:564:31: error: initialization of ‘long unsigned int’ from ‘void *’ makes integer from pointer without a cast [-Werror=int-conversion]
564 | unsigned long inject_point = NULL;
| ^~~~
exploit.c:589:3: error: ‘return’ with no value, in function returning non-void [-Werror=return-type]
589 | return;
| ^~~~~~
exploit.c:558:5: note: declared here
558 | int arbitrary_read(char *hostname, int port) {
| ^~~~~~~~~~~~~~
exploit.c:592:16: error: passing argument 1 of ‘exchange_data’ makes integer from pointer without a cast [-Werror=int-conversion]
592 | exchange_data(ssl, buf, sizeof(buf)-1, 1, 1, TLS_T);
| ^~~
| |
| SSL * {aka struct ssl_st *}
exploit.c:257:25: note: expected ‘long int’ but argument is of type ‘SSL *’ {aka ‘struct ssl_st *’}
257 | void exchange_data(long fd, char *buf, size_t size, int send_flg, int recv_flg, int method_t) {
| ~~~~~^~
exploit.c:595:16: error: passing argument 1 of ‘exchange_data’ makes integer from pointer without a cast [-Werror=int-conversion]
595 | exchange_data(ssl, buf, sizeof(buf)-1, 1, 1, TLS_T);
| ^~~
| |
| SSL * {aka struct ssl_st *}
exploit.c:257:25: note: expected ‘long int’ but argument is of type ‘SSL *’ {aka ‘struct ssl_st *’}
257 | void exchange_data(long fd, char *buf, size_t size, int send_flg, int recv_flg, int method_t) {
| ~~~~~^~
exploit.c:600:17: error: passing argument 1 of ‘exchange_data’ makes integer from pointer without a cast [-Werror=int-conversion]
600 | exchange_data(ssl, buf, sizeof(buf)-1, 1, 1, TLS_T);
| ^~~
| |
| SSL * {aka struct ssl_st *}
exploit.c:257:25: note: expected ‘long int’ but argument is of type ‘SSL *’ {aka ‘struct ssl_st *’}
257 | void exchange_data(long fd, char *buf, size_t size, int send_flg, int recv_flg, int method_t) {
| ~~~~~^~
exploit.c:606:16: error: passing argument 1 of ‘exchange_data’ makes integer from pointer without a cast [-Werror=int-conversion]
606 | exchange_data(ssl, buf, sizeof(buf)-1, 1, 0, TLS_T);
| ^~~
| |
| SSL * {aka struct ssl_st *}
exploit.c:257:25: note: expected ‘long int’ but argument is of type ‘SSL *’ {aka ‘struct ssl_st *’}
257 | void exchange_data(long fd, char *buf, size_t size, int send_flg, int recv_flg, int method_t) {
| ~~~~~^~
exploit.c:678:3: error: ‘return’ with no value, in function returning non-void [-Werror=return-type]
678 | return;
| ^~~~~~
exploit.c:558:5: note: declared here
558 | int arbitrary_read(char *hostname, int port) {
| ^~~~~~~~~~~~~~
exploit.c:685:16: error: passing argument 1 of ‘exchange_data’ makes integer from pointer without a cast [-Werror=int-conversion]
685 | exchange_data(ssl, buf, sizeof(buf)-1, 1, 1, TLS_T);
| ^~~
| |
| SSL * {aka struct ssl_st *}
exploit.c:257:25: note: expected ‘long int’ but argument is of type ‘SSL *’ {aka ‘struct ssl_st *’}
257 | void exchange_data(long fd, char *buf, size_t size, int send_flg, int recv_flg, int method_t) {
| ~~~~~^~
exploit.c:564:16: error: unused variable ‘inject_point’ [-Werror=unused-variable]
564 | unsigned long inject_point = NULL;
| ^~~~~~~~~~~~
exploit.c:561:20: error: unused variable ‘l’ [-Werror=unused-variable]
561 | int i = 0, x = 0, l = 0;
| ^
exploit.c:560:17: error: unused variable ‘curr’ [-Werror=unused-variable]
560 | int count = 0, curr = 0;
| ^~~~
exploit.c:560:6: error: unused variable ‘count’ [-Werror=unused-variable]
560 | int count = 0, curr = 0;
| ^~~~~
exploit.c: In function ‘search_config’:
exploit.c:717:10: error: comparison of integer expressions of different signedness: ‘int’ and ‘long unsigned int’ [-Werror=sign-compare]
717 | while(i < (HEAP_RANGE_OFF/READ_SZ)) {
| ^
exploit.c: In function ‘write_what_where’:
exploit.c:748:31: error: initialization of ‘long unsigned int’ from ‘void *’ makes integer from pointer without a cast [-Werror=int-conversion]
748 | unsigned long inject_point = NULL;
| ^~~~
exploit.c:777:3: error: ‘return’ with no value, in function returning non-void [-Werror=return-type]
777 | return;
| ^~~~~~
exploit.c:740:5: note: declared here
740 | int write_what_where(char *hostname, int port, char *injected_config) {
| ^~~~~~~~~~~~~~~~
exploit.c:780:16: error: passing argument 1 of ‘exchange_data’ makes integer from pointer without a cast [-Werror=int-conversion]
780 | exchange_data(ssl, buf, sizeof(buf)-1, 1, 1, TLS_T);
| ^~~
| |
| SSL * {aka struct ssl_st *}
exploit.c:257:25: note: expected ‘long int’ but argument is of type ‘SSL *’ {aka ‘struct ssl_st *’}
257 | void exchange_data(long fd, char *buf, size_t size, int send_flg, int recv_flg, int method_t) {
| ~~~~~^~
exploit.c:783:16: error: passing argument 1 of ‘exchange_data’ makes integer from pointer without a cast [-Werror=int-conversion]
783 | exchange_data(ssl, buf, sizeof(buf)-1, 1, 1, TLS_T);
| ^~~
| |
| SSL * {aka struct ssl_st *}
exploit.c:257:25: note: expected ‘long int’ but argument is of type ‘SSL *’ {aka ‘struct ssl_st *’}
257 | void exchange_data(long fd, char *buf, size_t size, int send_flg, int recv_flg, int method_t) {
| ~~~~~^~
exploit.c:788:17: error: passing argument 1 of ‘exchange_data’ makes integer from pointer without a cast [-Werror=int-conversion]
788 | exchange_data(ssl, buf, sizeof(buf)-1, 1, 1, TLS_T);
| ^~~
| |
| SSL * {aka struct ssl_st *}
exploit.c:257:25: note: expected ‘long int’ but argument is of type ‘SSL *’ {aka ‘struct ssl_st *’}
257 | void exchange_data(long fd, char *buf, size_t size, int send_flg, int recv_flg, int method_t) {
| ~~~~~^~
exploit.c:793:16: error: passing argument 1 of ‘exchange_data’ makes integer from pointer without a cast [-Werror=int-conversion]
793 | exchange_data(ssl, buf, sizeof(buf)-1, 1, 0, TLS_T);
| ^~~
| |
| SSL * {aka struct ssl_st *}
exploit.c:257:25: note: expected ‘long int’ but argument is of type ‘SSL *’ {aka ‘struct ssl_st *’}
257 | void exchange_data(long fd, char *buf, size_t size, int send_flg, int recv_flg, int method_t) {
| ~~~~~^~
exploit.c:866:3: error: ‘return’ with no value, in function returning non-void [-Werror=return-type]
866 | return;
| ^~~~~~
exploit.c:740:5: note: declared here
740 | int write_what_where(char *hostname, int port, char *injected_config) {
| ^~~~~~~~~~~~~~~~
exploit.c:871:16: error: passing argument 1 of ‘exchange_data’ makes integer from pointer without a cast [-Werror=int-conversion]
871 | exchange_data(ssl, buf, sizeof(buf)-1, 1, 0, TLS_T);
| ^~~
| |
| SSL * {aka struct ssl_st *}
exploit.c:257:25: note: expected ‘long int’ but argument is of type ‘SSL *’ {aka ‘struct ssl_st *’}
257 | void exchange_data(long fd, char *buf, size_t size, int send_flg, int recv_flg, int method_t) {
| ~~~~~^~
exploit.c:745:20: error: unused variable ‘l’ [-Werror=unused-variable]
745 | int i = 0, x = 0, l = 0;
| ^
exploit.c:744:6: error: unused variable ‘curr’ [-Werror=unused-variable]
744 | int curr = 0;
| ^~~~
exploit.c:743:6: error: unused variable ‘count’ [-Werror=unused-variable]
743 | int count = 0;
| ^~~~~
exploit.c: In function ‘main’:
exploit.c:905:12: error: unused variable ‘listener_p’ [-Werror=unused-variable]
905 | pthread_t listener_p = 0;
| ^~~~~~~~~~
cc1: all warnings being treated as errors