update from upstream

etrickel · Jan 17, 2018 · b7fa52d · b7fa52d
1 parent 579d49a
commit b7fa52d
Show file tree

Hide file tree

Showing 16 changed files with 786 additions and 114 deletions.
diff --git a/.gitignore b/.gitignore
@@ -32,5 +32,4 @@ coverage.xml
 docs/_build/
 target/
 site
-tests/bins
 tests/pylint*.html
diff --git a/.travis.yml b/.travis.yml
@@ -11,20 +11,24 @@ branches:
 addons:
   apt:
     packages:
-      - python
+      - python3
       - gcc
+      - g++
+      - pkg-config
       - gdb
-      - python-pip
+      - python3-pip
       - pylint
+      - git
+      - cmake
+      - libglib2.0-dev
 
 before_script:
+  - pip3 install --user --upgrade ropper retdec-python keystone-engine capstone unicorn
   - echo "source `pwd`/gef.py" > ~/.gdbinit
 
 script:
   - gdb -q -ex 'gef help' -ex 'gef config' -ex 'quit' /bin/ls
-
-after_script:
-  - python ./tests/test-runner.py
+  - python3 ./tests/test-runner.py
 
 notifications:
   email:

diff --git a/gef.py b/gef.py
@@ -53,7 +53,6 @@
 #
 #
 
-# x86 aggregate selectors
 
 from __future__ import print_function, division, absolute_import
 
@@ -616,7 +615,8 @@ def __int__(self):
         return self.__addr
 
     def dereference_as_long(self, addr):
-        return long(dereference(addr).address)
+        derefed = dereference(addr)
+        return long(derefed.address) if derefed is not None else 0
 
     def fastbin(self, i):
         addr = self.dereference_as_long(self.fastbinsY[i])
@@ -2832,7 +2832,11 @@ def gef_get_auxiliary_values():
     for line in gdb.execute("info auxv", to_string=True).splitlines():
         tmp = line.split()
         _type = tmp[1]
-        res[_type] = int(tmp[-2], base=0) if _type in ("AT_PLATFORM", "AT_EXECFN") else int(tmp[-1], base=0)
+        if _type in ("AT_PLATFORM", "AT_EXECFN"):
+            idx = line[:-1].rfind('"') - 1
+            tmp = line[:idx].split()
+
+        res[_type] = int(tmp[-1], base=0)
     return res
 
 
@@ -2848,10 +2852,12 @@ def gef_read_canary():
     canary &= ~0xff
     return canary, canary_location
 
+
 def gef_get_pie_breakpoint(num):
     global __pie_breakpoints__
     return __pie_breakpoints__[num]
 
+
 @lru_cache()
 def gef_getpagesize():
     """Get the page size from auxiliary values."""
@@ -4693,8 +4699,17 @@ def do_invoke(self, argv):
         else:
             perm = Permission.READ | Permission.WRITE | Permission.EXECUTE
 
-        loc = long(gdb.parse_and_eval(argv[0]))
+        loc = safe_parse_and_eval(argv[0])
+        if loc is None:
+            err("Invalid address")
+            return
+
+        loc = long(loc)
         sect = process_lookup_address(loc)
+        if sect is None:
+            err("Unmapped address")
+            return
+
         size = sect.page_end - sect.page_start
         original_pc = current_arch.pc
 
@@ -5941,6 +5956,7 @@ def pre_load(self):
         return
 
 
+    @only_if_gdb_running
     def do_invoke(self, argv):
         ropper = sys.modules["ropper"]
         if "--file" not in argv:
@@ -7119,7 +7135,17 @@ def do_invoke(self, argv):
         elif len(argv) == 2 and argv[0] == "$sp" and argv[1].isdigit():
             nb = int(argv[1])
 
-        start_address = align_address(long(gdb.parse_and_eval(argv[0])))
+        addr = safe_parse_and_eval(argv[0])
+        if addr is None:
+            err("Invalid address")
+            return
+
+        addr = long(addr)
+        if process_lookup_address(addr) is None:
+            err("Unmapped address")
+            return
+
+        start_address = align_address(addr)
         largest_addresss_to_be_shown = start_address + (current_arch.ptrsize * nb)
 
         stackoffs = range(0, nb)

diff --git a/tests/binaries/Makefile b/tests/binaries/Makefile
@@ -0,0 +1,42 @@
+CC              =       gcc
+DEBUG           =       1
+CFLAGS          +=      -Wall
+SOURCES         =       $(wildcard *.c)
+COMPILED        =       $(SOURCES:.c=.o)
+LINKED          =       $(SOURCES:.c=.out)
+LDFLAGS         =
+EXTRA_FLAGS	=
+
+ifeq ($(TARGET), x86)
+CFLAGS          +=      -m32
+endif
+
+ifeq ($(DEBUG), 1)
+CFLAGS          +=      -DDEBUG=1 -ggdb -O0
+else
+CFLAGS          +=      -O1
+endif
+
+
+.PHONY : all clean
+
+all: $(LINKED)
+
+
+%.out : %.c
+	@echo "[+] Linking C file '$@'"
+	@$(CC) $(CFLAGS) $(EXTRA_FLAGS) -o $@ $? $(LDFLAGS)
+
+clean :
+	@echo "[+] Cleaning stuff"
+	@rm -f $(COMPILED) $(LINKED)
+
+checksec-no-canary.out: EXTRA_FLAGS := -fno-stack-protector
+
+checksec-no-pie.out: EXTRA_FLAGS := -fno-pie
+
+checksec-no-nx.out: EXTRA_FLAGS := -z execstack
+
+pattern.out: EXTRA_FLAGS := -D_FORTIFY_SOURCE=0 -fno-stack-protector
+
+canary.out: EXTRA_FLAGS := -fstack-protector-all
diff --git a/tests/binaries/canary.c b/tests/binaries/canary.c
@@ -0,0 +1,29 @@
+/**
+ * canary.c
+ * -*- mode: c -*-
+ * -*- coding: utf-8 -*-
+ */
+
+#include <stdio.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <string.h>
+
+
+void greetz(char* buf)
+{
+        char name[8] = {0,};
+        strcpy(name, buf);
+        printf("Hello %s\n", name);
+}
+
+
+int main(int argc, char** argv, char** envp)
+{
+        if(argc < 2)
+                return EXIT_FAILURE;
+
+        greetz(argv[1]);
+        return EXIT_SUCCESS;
+}
diff --git a/tests/binaries/checksec-no-canary.c b/tests/binaries/checksec-no-canary.c
@@ -0,0 +1,20 @@
+/**
+ * -*- mode: c -*-
+ * -*- coding: utf-8 -*-
+ *
+ * checksec-no-canary.c
+ *
+ * @author: @_hugsy_
+ * @licence: WTFPL v.2
+ */
+
+#include <stdio.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+
+int main(int argc, char** argv, char** envp)
+{
+        return EXIT_SUCCESS;
+}
diff --git a/tests/binaries/checksec-no-nx.c b/tests/binaries/checksec-no-nx.c
@@ -0,0 +1,20 @@
+/**
+ * -*- mode: c -*-
+ * -*- coding: utf-8 -*-
+ *
+ * checksec-no-canary.c
+ *
+ * @author: @_hugsy_
+ * @licence: WTFPL v.2
+ */
+
+#include <stdio.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+
+int main(int argc, char** argv, char** envp)
+{
+        return EXIT_SUCCESS;
+}
diff --git a/tests/binaries/checksec-no-pie.c b/tests/binaries/checksec-no-pie.c
@@ -0,0 +1,20 @@
+/**
+ * -*- mode: c -*-
+ * -*- coding: utf-8 -*-
+ *
+ * checksec-no-pie.c
+ *
+ * @author: @_hugsy_
+ * @licence: WTFPL v.2
+ */
+
+#include <stdio.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+
+int main(int argc, char** argv, char** envp)
+{
+        return EXIT_SUCCESS;
+}
diff --git a/tests/binaries/format-string-helper.c b/tests/binaries/format-string-helper.c
@@ -0,0 +1,31 @@
+/**
+ * bof.c
+ * -*- mode: c -*-
+ * -*- coding: utf-8 -*-
+ */
+
+#include <stdio.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <string.h>
+
+
+void greetz(char* buf)
+{
+        char name[256] = {0,};
+        strcpy(name, buf);
+        printf("Hello");
+        printf(name);
+        printf("\n");
+}
+
+
+int main(int argc, char** argv, char** envp)
+{
+        if(argc < 2)
+                return EXIT_FAILURE;
+
+        greetz(argv[1]);
+        return EXIT_SUCCESS;
+}
diff --git a/tests/binaries/heap-fastbins.c b/tests/binaries/heap-fastbins.c
@@ -0,0 +1,27 @@
+/**
+ * -*- mode: c -*-
+ * -*- coding: utf-8 -*-
+ *
+ * heap.c
+ *
+ * @author: @_hugsy_
+ * @licence: WTFPL v.2
+ */
+
+#include <stdio.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+
+int main(int argc, char** argv, char** envp)
+{
+        void* p1 = malloc(0x10);
+        void* p2 = malloc(0x10);
+        void* p3 = malloc(0x10);
+        free(p2);
+        __asm__ volatile("int3;" : : : );
+        (void)p1;
+        (void)p3;
+        return EXIT_SUCCESS;
+}
diff --git a/tests/binaries/heap.c b/tests/binaries/heap.c
@@ -0,0 +1,23 @@
+/**
+ * -*- mode: c -*-
+ * -*- coding: utf-8 -*-
+ *
+ * heap.c
+ *
+ * @author: @_hugsy_
+ * @licence: WTFPL v.2
+ */
+
+#include <stdio.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+
+int main(int argc, char** argv, char** envp)
+{
+        void* p1 = malloc(0x10);
+        __asm__ volatile("int3;" : : : );
+        (void)p1;
+        return EXIT_SUCCESS;
+}
diff --git a/tests/binaries/pattern.c b/tests/binaries/pattern.c
@@ -0,0 +1,29 @@
+/**
+ * pattern.c
+ * -*- mode: c -*-
+ * -*- coding: utf-8 -*-
+ */
+
+#include <stdio.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <string.h>
+
+
+void greetz(char* buf)
+{
+        char name[8] = {0,};
+        strcpy(name, buf);
+        printf("Hello %s\n", name);
+}
+
+
+int main(int argc, char** argv, char** envp)
+{
+        if(argc < 2)
+                return EXIT_FAILURE;
+
+        greetz(argv[1]);
+        return EXIT_SUCCESS;
+}
diff --git a/tests/binaries/retdec.c b/tests/binaries/retdec.c
@@ -0,0 +1,21 @@
+/**
+ * -*- mode: c -*-
+ * -*- coding: utf-8 -*-
+ *
+ * retdec.c
+ *
+ * @author: @_hugsy_
+ * @licence: WTFPL v.2
+ */
+
+#include <stdio.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+
+int main(int argc, char** argv, char** envp)
+{
+        printf("Hello World!\n");
+        return EXIT_SUCCESS;
+}