/* exploitme coded in a hurry by Yoann Guillot and Julien Tinnes, used 'man select_tut' as skeleton */
#include <stdlib.h>
#include <stdio.h>
#include <unistd.h>
#include <sys/time.h>
#include <sys/types.h>
#include <string.h>
#include <signal.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <errno.h>
#include <sys/mman.h>
#include <malloc.h>

#define LISTEN_PORT 4545

int	main(void) {
	struct sockaddr_in a;
	int s, mysock;
	int yes, ret, pagesize;
	void *buf;

	pagesize = sysconf(_SC_PAGE_SIZE);
	if (pagesize == -1) {
		perror("pagesize");
		return -1;
	}

	if (pagesize < 4096)
		pagesize=(4096/pagesize+1)*pagesize;
	printf("Detected pagesize: %d\n", pagesize);
	buf=memalign(pagesize, pagesize);
	if (buf == NULL) {
		perror("memalign");
		return -1;
	}
	if ((s = socket (AF_INET, SOCK_STREAM, 0)) < 0) {
		perror ("socket");
		return -1;
	}
	yes = 1;
	if (setsockopt
			(s, SOL_SOCKET, SO_REUSEADDR,
			 (char *) &yes, sizeof (yes)) < 0) {
		perror ("setsockopt");
		close (s);
		return -1;
	}
	memset (&a, 0, sizeof (a));
	a.sin_port = htons (LISTEN_PORT);
	a.sin_family = AF_INET;
	if (bind
			(s, (struct sockaddr *) &a, sizeof (a)) < 0) {
		perror ("bind");
		close (s);
		return -1;
	}
	printf ("Send your shellcode to port %d\n",
		(int) LISTEN_PORT);
	listen (s, 10);
	for (;;) {
		mysock=accept(s, NULL, NULL);
		if (mysock == -1) {
			perror("accept");
			close(s);
			return -1;
		}
		if (!fork()) {
			printf("Got new connexion\n");
			close(s);
			switch (yes=read(mysock, buf, pagesize)) {
				case -1:
					perror("read");
				case 0:
					close(mysock);
					close(s);
					return -1;
			}
			printf("Read %d bytes\n", yes);
			/* This has the useful side effect of flushing the cache on architectures such as MIPS! */
			ret=mprotect(buf, pagesize, PROT_READ|PROT_WRITE|PROT_EXEC);
			if (ret) {
				perror("mprotect");
				return -1;
			}
			((void (*)())buf)();
			return 42;
		} else
			close(mysock);
	}
	
}