From 60c6813a809b534afbb4eb1df063dc2c1f3a5346 Mon Sep 17 00:00:00 2001 From: "John F.X. Galea" Date: Thu, 7 Sep 2017 21:30:55 +0100 Subject: [PATCH] =?UTF-8?q?Implemented=20getcwd=20sys=20call,=20along=20wi?= =?UTF-8?q?th=20a=20new=20helper=20function=20that=20wr=E2=80=A6=20(#483)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Implemented getcwd sys call, along with a new helper function that writes a NULL terminated string to memory. The reason for this commit is that the sys call was not implemented. * Fixed logging string for sys_getcwd imp * Removed semicolon in sys_getcwd function * Fixed logging string for sys_getcwd imp. The problem was that size is unsigned and the incorrect format symbol was used * Fixed the following: 1) Included the string param in the doc of the write_string function. 2) Added less verbose code to append a NULL to a string in the write_string function 3) Removed the assert to check if the written string to memory matches with one that is read at a given address in the sys_getcwd function 4) Fixed bug in the return values returned by sys_getcwd * Fixed error logs in the getcwd function. * Fixed return values of sys_getcwd function. * Fixed string format symbol in sys_getcwd function. * Removed dir exists check from the sys_getcwd function. * Arranged memory block check in the sys_getcwd function. * Removed new line after write_string function. (Thank you @johnfxgalea!) --- manticore/core/cpu/abstractcpu.py | 15 +++++++++++++++ manticore/platforms/linux.py | 28 ++++++++++++++++++++++++++++ 2 files changed, 43 insertions(+) diff --git a/manticore/core/cpu/abstractcpu.py b/manticore/core/cpu/abstractcpu.py index e0c7e48..aaf2bf9 100644 --- a/manticore/core/cpu/abstractcpu.py +++ b/manticore/core/cpu/abstractcpu.py @@ -552,6 +552,21 @@ class Cpu(Eventful): result.append(Operators.CHR(self.read_int(where + i, 8))) return result + def write_string(self, where, string, max_length=None): + ''' + Writes a string to memory, appending a NULL-terminator at the end. + :param int where: Address to write the string to + :param str string: The string to write to memory + :param int max_length: + The size in bytes to cap the string at, or None [default] for no + limit. This includes the NULL terminator. + ''' + + if max_length is not None: + string = string[:max_length-1] + + self.write_bytes(where, string + '\x00') + def read_string(self, where, max_length=None): ''' Read a NUL-terminated concrete buffer from memory. diff --git a/manticore/platforms/linux.py b/manticore/platforms/linux.py index bb062b4..f332d82 100644 --- a/manticore/platforms/linux.py +++ b/manticore/platforms/linux.py @@ -1029,6 +1029,34 @@ class Linux(Platform): except OSError as e: return e.errno + def sys_getcwd(self, buf, size): + ''' + getcwd - Get the current working directory + :param int buf: Pointer to dest array + :param size: size in bytes of the array pointed to by the buf + :return: buf (Success), or 0 + ''' + + try: + current_dir = os.getcwd() + length = len(current_dir) + 1 + + if size > 0 and size < length: + logger.info("GETCWD: size is greater than 0, but is smaller than the length" + "of the path + 1. Returning ERANGE") + return -errno.ERANGE + + if not self.current.memory.access_ok(slice(buf, buf+length), 'w'): + logger.info("GETCWD: buf within invalid memory. Returning EFAULT") + return -errno.EFAULT + + self.current.write_string(buf, current_dir) + logger.debug("getcwd(0x%08x, %u) -> <%s> (Size %d)", buf, size, current_dir, length) + return length + + except OSError as e: + return -e.errno + def sys_lseek(self, fd, offset, whence): ''' lseek - reposition read/write file offset