From 04996314295e4b860a58eb25af834e9bb07cb320 Mon Sep 17 00:00:00 2001 From: peace-maker Date: Thu, 18 May 2023 17:59:16 +0200 Subject: [PATCH 1/6] Fix failing libcdb.unstrip_libc tests (#2196) * Fix libcdb.unstrip_libc tests The old debugsymbols seem to have been pruned. Update hashes to recent Ubuntu 22.04 libcs. * Switch wget test to httpbingo.org httpbin.org is very slow to respond. Cherry-picked from 1998ff09209fa037fb9a242c299d80cb94edc600 --- pwnlib/libcdb.py | 13 +++++++------ pwnlib/util/web.py | 2 +- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/pwnlib/libcdb.py b/pwnlib/libcdb.py index 9a668682c..9aad10333 100644 --- a/pwnlib/libcdb.py +++ b/pwnlib/libcdb.py @@ -25,7 +25,10 @@ log = getLogger(__name__) HASHES = ['build_id', 'sha1', 'sha256', 'md5'] -DEBUGINFOD_SERVERS = ['https://debuginfod.systemtap.org/'] +DEBUGINFOD_SERVERS = [ + 'https://debuginfod.systemtap.org', + 'https://debuginfod.ubuntu.com', +] + os.environ.get('DEBUGINFOD_SERVERS', '').split() # https://gitlab.com/libcdb/libcdb wasn't updated after 2019, # but still is a massive database of older libc binaries. @@ -202,20 +205,18 @@ def unstrip_libc(filename): :const:`True` if binary was unstripped, :const:`False` otherwise. Examples: - >>> filename = search_by_build_id('2d1c5e0b85cb06ff47fa6fa088ec22cb6e06074e', unstrip=False) + >>> filename = search_by_build_id('69389d485a9793dbe873f0ea2c93e02efaa9aa3d', unstrip=False) >>> libc = ELF(filename) - >>> hex(libc.symbols.read) - '0xe56c0' >>> 'main_arena' in libc.symbols False >>> unstrip_libc(filename) True >>> libc = ELF(filename) >>> hex(libc.symbols.main_arena) - '0x1d57a0' + '0x219c80' >>> unstrip_libc(which('python')) False - >>> filename = search_by_build_id('06a8004be6e10c4aeabbe0db74423ace392a2d6b', unstrip=True) + >>> filename = search_by_build_id('d1704d25fbbb72fa95d517b883131828c0883fe9', unstrip=True) >>> 'main_arena' in ELF(filename).symbols True """ diff --git a/pwnlib/util/web.py b/pwnlib/util/web.py index 28e089350..7e98b67ae 100644 --- a/pwnlib/util/web.py +++ b/pwnlib/util/web.py @@ -25,7 +25,7 @@ def wget(url, save=None, timeout=5, **kwargs): Example: - >>> url = 'https://httpbin.org/robots.txt' + >>> url = 'https://httpbingo.org/robots.txt' >>> result = wget(url, timeout=60) >>> result b'User-agent: *\nDisallow: /deny\n' From 060746e274aa7cea99b1820d39fcb5b3a7d1d307 Mon Sep 17 00:00:00 2001 From: Arusekk Date: Sun, 21 May 2023 13:39:01 +0200 Subject: [PATCH 2/6] pypi: Use trusted publishing (OIDC) (#2194) Recently introduced [auth mechanism][1] makes it possible to not keep any long-lived tokens in GH secrets, reducing attack surface. [1]: https://blog.pypi.org/posts/2023-04-20-introducing-trusted-publishers/ Cherry-picked from 74c37037e2132acb188f22b15c96bec1d05231a0 --- .github/workflows/ci.yml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 2f6a2b26c..32c7142b9 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -198,6 +198,8 @@ jobs: pypi: runs-on: ubuntu-latest if: github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags') + permissions: + id-token: write needs: test steps: - name: Download artifacts @@ -207,10 +209,7 @@ jobs: path: dist - name: Publish package - uses: pypa/gh-action-pypi-publish@v1.1.0 - with: - user: __token__ - password: ${{ secrets.pypi_password }} + uses: pypa/gh-action-pypi-publish@release/v1 - if: failure() run: ls -R From 5a84bbf77579df1da9e7ab6727b59f20916dc35c Mon Sep 17 00:00:00 2001 From: James R T Date: Sun, 21 May 2023 20:20:38 +0800 Subject: [PATCH 3/6] Force `ELF.path` to be of type string (#2174) This commit forces the `path` class variable of the `ELF` class to be of type string, even if a byte string argument is passed. This also makes the implementation consistent with the documentation, which states that `ELF.path` is of type `str`. Fixes #2166 Cherry-picked from 60af3a26d0b2b4777e7050727c0140451cf747c5 Signed-off-by: James Raphael Tiovalen --- pwnlib/elf/elf.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pwnlib/elf/elf.py b/pwnlib/elf/elf.py index c6e670824..2d0fba1f5 100644 --- a/pwnlib/elf/elf.py +++ b/pwnlib/elf/elf.py @@ -225,7 +225,7 @@ def __init__(self, path, checksec=True): super(ELF,self).__init__(self.mmap) #: :class:`str`: Path to the file - self.path = os.path.abspath(path) + self.path = packing._need_text(os.path.abspath(path)) #: :class:`str`: Architecture of the file (e.g. ``'i386'``, ``'arm'``). #: From 123f68f0961a683d5494cb7f70a989a99f371bcf Mon Sep 17 00:00:00 2001 From: peace-maker Date: Sun, 21 May 2023 14:42:05 +0200 Subject: [PATCH 4/6] Fix highlight of unaligned nullbyte in disasm cmd (#2182) "1001" would highlight the "00" even though it's not a null byte in the input. Group the bytes correctly to look for real null bytes and newlines only ignoring accidental matches of adjacent bytes. Co-authored-by: Arusekk --- pwnlib/commandline/disasm.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pwnlib/commandline/disasm.py b/pwnlib/commandline/disasm.py index e4ab12e05..78e69b904 100644 --- a/pwnlib/commandline/disasm.py +++ b/pwnlib/commandline/disasm.py @@ -82,9 +82,9 @@ def main(args): instrs = disasm(dat, vma=safeeval.const(args.address), byte=False, offset=False) # instrs = highlight(instrs, PwntoolsLexer(), TerminalFormatter()) + highlight_bytes = lambda t: ''.join(map(lambda x: x.replace('00', text.red('00')).replace('0a', text.red('0a')), group(2, t))) for o,b,i in zip(*map(str.splitlines, (offsets, bytes, instrs))): - b = b.replace('00', text.red('00')) - b = b.replace('0a', text.red('0a')) + b = ' '.join(highlight_bytes(bb) for bb in b.split(' ')) i = highlight(i.strip(), PwntoolsLexer(), TerminalFormatter()).strip() i = i.replace(',',', ') From 8f122c3e0062b0399bd973ce70d5a66f67db8b16 Mon Sep 17 00:00:00 2001 From: Jonathan Keller <19418817+NobodyNada@users.noreply.github.com> Date: Sun, 21 May 2023 05:51:03 -0700 Subject: [PATCH 5/6] Fix encoding & escaping in ssh.upload_dir (#2165) remote_tar is a `bytes`, so the string interpolation resulted in the command `cd ... && tar -xzf b'/tmp/...tar.gz`. It also would have failed had either path contained spaces. To fix this, make everything a bytes and use proper escaping. Co-authored-by: Arusekk --- pwnlib/tubes/ssh.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pwnlib/tubes/ssh.py b/pwnlib/tubes/ssh.py index eab27a57b..cd06f344d 100644 --- a/pwnlib/tubes/ssh.py +++ b/pwnlib/tubes/ssh.py @@ -1633,7 +1633,7 @@ def upload_dir(self, local, remote=None): remote: Remote directory """ - remote = remote or self.cwd + remote = packing._encode(remote or self.cwd) local = os.path.expanduser(local) dirname = os.path.dirname(local) @@ -1654,7 +1654,7 @@ def upload_dir(self, local, remote=None): remote_tar = self.mktemp('--suffix=.tar.gz') self.upload_file(local_tar, remote_tar) - untar = self.run('cd %s && tar -xzf %s' % (remote, remote_tar)) + untar = self.run(b'cd %s && tar -xzf %s' % (sh_string(remote), sh_string(remote_tar))) message = untar.recvrepeat(2) if untar.wait() != 0: From d76c9fc704df21a1a741ff4bb54bdcb5de66343a Mon Sep 17 00:00:00 2001 From: peace-maker Date: Sun, 21 May 2023 15:01:48 +0200 Subject: [PATCH 6/6] Fix typo in mips mov shellcraft template (#2195) --- pwnlib/shellcraft/templates/mips/mov.asm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pwnlib/shellcraft/templates/mips/mov.asm b/pwnlib/shellcraft/templates/mips/mov.asm index 0bc0ece0c..28e3c77fe 100644 --- a/pwnlib/shellcraft/templates/mips/mov.asm +++ b/pwnlib/shellcraft/templates/mips/mov.asm @@ -69,7 +69,7 @@ if not dst.startswith('$'): log.error("Registers must start with $") return -if isinstance(src, str) and dst.startswith('$') and dst not in registers.mips: +if isinstance(dst, str) and dst.startswith('$') and dst not in registers.mips: log.error("Unknown register %r" % dst) return