5501673411

pending completion

Build # 5501673411

Build Type

push

github-actions

Committed by

web-flow

Commit Message

Shellcraft stackargs (#2219)

From: Peace-Maker <peace-maker@wcfan.de>

* Shellcraft: Fix spilling syscall args to the stack

There was a typo in the generated syscall template causing only the last
stack argument to be generated.

$ shellcraft -f asm mips.linux.sendto 3 0x123456 0x100 0 0xabcdefff 0x10
The 0xabcdefff argument was missing.

* Shellcraft: Generate 6 syscall arguments for unknown functions

There are syscalls with 6 arguments like mmap and sendto which couldn't
be called with all 6 arguments set.

$ shellcraft -f asm mips.linux.mmap2 0 0x1000
'PROT_READ | PROT_WRITE | PROT_EXEC' 'MAP_PRIVATE | MAP_ANONYMOUS' -1 0

* Shellcraft: Fix typo in error message

The `syscalls` variable is only present in the generate.py, not the
generated template.

* Regenerate syscall templates

* MIPS shellcraft: Push last two syscall arguments to the stack

The mips.linux.syscall template was only handling 4 syscall arguments
and silently discarded the remaining ones. Push the arguments to the stack
instead.

$ shellcraft -f asm mips.linux.syscall SYS_sendto 3 0x123456 0x100 0 0xabcdefff 0x10

Fixes #2153

* Fix mips syscall doctest

* Update CHANGELOG

Co-authored-by: Peace-Maker <peace-maker@wcfan.de>

Run Details

3968 of 6659 branches covered (59.59%)

12136 of 16977 relevant lines covered (71.48%)

0.71 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

26.92

/pwnlib/encoders/arm/alphanumeric/random_funcs.py

# Copyright (c) 2013 Pratik Kumar Sahu, Nagendra Chowdary, Anish Mathuria
# Ported to Python by Gallopsled
from __future__ import division

import os
import random
import struct


# +------------------------------------------------------------------------+
# |                       RANDOM NUMBERS FUNCTIONS                         |
# +------------------------------------------------------------------------+

# get a random integer i (0<=i<maxv)
# ==================================
def random_get_int(maxv):
   return random.randrange(0, maxv)


def randel(arr):
   return arr[random_get_int(len(arr))]

def enc_data_msn(c, i):
   # c is the lsn to be encoded with a msn
   # lsn = least significant nibble  msn = most significant nibble
   if c <= i:
      if c == 0:
         #Randomly select and return from {5,7}
         return randel([5, 7])
      else:
         #Randomly select and return from {4,5,6,7}
         return randel([4,5,6,7])
   elif c == 0:
      #Randomly select and return from {3,5,7}
      return randel([3,5,7])
   elif c <= 0x0A:
      #Randomly select and return from {3,4,5,6,7}
      #CSE Why doesn't the author use 3 below then?
      return randel([4,5,6,7])
   else:
      return randel([4,6])

1	# Copyright (c) 2013 Pratik Kumar Sahu, Nagendra Chowdary, Anish Mathuria
2	# Ported to Python by Gallopsled
3	from __future__ import division	1✔
4
5	import os	1✔
6	import random	1✔
7	import struct	1✔
8
9
10	# +------------------------------------------------------------------------+
11	# \| RANDOM NUMBERS FUNCTIONS \|
12	# +------------------------------------------------------------------------+
13
14	# get a random integer i (0<=i<maxv)
15	# ==================================
16	def random_get_int(maxv):	1✔
17	return random.randrange(0, maxv)	×
18
19
20	def randel(arr):	1✔
21	return arr[random_get_int(len(arr))]	×
22
23	def enc_data_msn(c, i):	1✔
24	# c is the lsn to be encoded with a msn
25	# lsn = least significant nibble msn = most significant nibble
26	if c <= i:	×
27	if c == 0:	×
28	#Randomly select and return from {5,7}
29	return randel([5, 7])	×
30	else:
31	#Randomly select and return from {4,5,6,7}
32	return randel([4,5,6,7])	×
33	elif c == 0:	×
34	#Randomly select and return from {3,5,7}
35	return randel([3,5,7])	×
36	elif c <= 0x0A:	×
37	#Randomly select and return from {3,4,5,6,7}
38	#CSE Why doesn't the author use 3 below then?
39	return randel([4,5,6,7])	×
40	else:
41	return randel([4,6])	×

Gallopsled / pwntools / 5501673411

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous