/*
 * CVE-2021-33909: size_t-to-int vulnerability in Linux's filesystem layer
 *
 * The program removes the huge directory structure generated by the PoC exploit from Qualys, Inc.
 *
 * $Date: 2021/07/24 $
 */

#include <errno.h>
#include <limits.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>

#define die() do { \
    fprintf(stderr, "died in %s: %u\n", __func__, __LINE__); \
    exit(EXIT_FAILURE); \
} while (0)

static const char *bigdir;
static char onedir[NAME_MAX + 1];
u_int c = 0;
int cd;
int rm;

int main(int argc, char **argv) {
    if (argc != 2) die();
    bigdir = argv[1];
    if (*bigdir != '/') die();

    if (sizeof(onedir) != 256) die();
    memset(onedir, '\\', sizeof(onedir)-1);
    if (onedir[sizeof(onedir)-1] != '\0') die();

    if (chdir(bigdir)) die();

    while(1) {
        cd = chdir(onedir);
        c++;
        printf("cd = %d, c = %d\n", cd, c);
        if(cd != 0) break;
    }
    while(c > 1) {
        cd = chdir("..");
        rm = rmdir(onedir);
        c--;
        printf("cd = %d, rm = %d, c = %d\n", cd, rm, c);
    }
    die();
}