| File Modified | Change Type | Description |
|---------------------|-------------|-------------|
| juq_auth.c | Rewrite | Added mutex locking around token comparison. Removed unsafe memcmp shortcut. |
| serialize.c | Patch | Input size validation before memcpy. Bounds checking on all variable-length fields. |
| juq_config.h | Update | Increased default stack size for worker threads. |
./test_auth_race_condition.sh # Custom test script
systemctl start juq016
$ ROPgadget --binary juq016_patched --only "pop|ret"
Typical useful gadgets (offsets relative to base):
| Gadget | Offset (hex) |
|--------|--------------|
| pop rdi ; ret | 0x00000000000012b3 |
| pop rsi ; ret | 0x00000000000012b5 |
| pop rdx ; ret | 0x00000000000012b7 |
| ret (stack alignment) | 0x000000000000101a | juq016 2021 patched
The binary also exports execve via the PLT:
$ readelf -s juq016_patched | grep execve
1234: 0000000000001230 0 FUNC GLOBAL DEFAULT 12 execve@plt
Thus execve@plt offset = 0x1230.
After rebooting, check:
uname -a # Should show a 2021+ kernel date
cat /proc/version | grep "juq016" # May still show base version, but check 'patchlevel'
Log into the interface and confirm that known vulnerabilities (e.g., default password, command injection test strings) no longer work. | File Modified | Change Type | Description
If you are responsible for hardware that might include the juq016 module, you can check the patch status using the following methods: