You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Traceback (most recent call last):
File "<string>", line 110, in <module>
ValueError: execve: argv first element cannot be empty
We expect to open the process, but instead we get an error.
Debugging
The culprit is ssh.py:1034
os.execve(exe, argv, env)
os.execve disallows empty argv[0].
Proposed solution
Instead of using os.execve, we can use ctypes to call the execve function from libc. Below is a POC to call execve in python2 (python3 works the same but strings need to be replaced with bytes)
importctypes# All strings need to be replaced to bytes in python3exe="/bin/sh"argv= []
envp= {"A":"A"}
defget_string_list(string_list):
#Transform a list of bytes into a ctypes array of char pointerschar_p_array= (ctypes.c_char_p*len(string_list))()
fori, stringinenumerate(string_list):
char_p_array[i] =ctypes.c_char_p(string)
returnchar_p_array# Transform envp from dict to listenvp= [k+"="+vfork,vinenvp.items()]
c_exe=ctypes.c_char_p(exe)
c_argv=get_string_list(argv)
c_envp=get_string_list(envp)
# Call execvelibc=ctypes.CDLL(None)
libc.execve(c_exe, c_argv, c_envp)
The text was updated successfully, but these errors were encountered:
* Fix bug at ssh.py:process() - empty argv[0] Error
Before this, process.py relied on `os.execve` which disallows an empty
argv or argv[0] == "".
This commit replaces `os.execve` with `ctypes.CDLL(None).execve` to
call the C-Library function directly which allows an empty argv.
* Add #2225 to stable changelog
* Better ctypes syntax
* Add error message if cytpes.execve fails.
* Updata CHANGELOG.md
* ssh.py: python2 compatibility for os.environb
* Add check that "=" not in misc.normalize_argv_env
This check checks prevents the use of "=" in the
key of an environment variable, which is generally
impossible.
* ssh.process: Seperate cases for empty argv[0]
This commit seperates the cases for an empty argv[0]
from normal cases.
* ssh.py delete leftover comment
---------
Co-authored-by: Youheng Lü <90871590+Youheng-Lue@users.noreply.github.com>
Co-authored-by: Arusekk <arek_koz@o2.pl>
Co-authored-by: peace-maker <peace-maker@wcfan.de>
The following code fails:
We expect to open the process, but instead we get an error.
Debugging
The culprit is
ssh.py:1034
os.execve
disallows empty argv[0].Proposed solution
Instead of using
os.execve
, we can usectypes
to call theexecve
function from libc. Below is a POC to call execve in python2 (python3 works the same but strings need to be replaced with bytes)The text was updated successfully, but these errors were encountered: