Skip to content

Commit

Permalink
cleaning up utils and vulnerabilities
Browse files Browse the repository at this point in the history
  • Loading branch information
@c01db33f
c01db33f committed Oct 6, 2014
1 parent 5186f83 commit aa7d3f3
Show file tree
Hide file tree
Showing 2 changed files with 41 additions and 25 deletions.
53 changes: 40 additions & 13 deletions utils.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,9 +21,11 @@
from concolica import interlocked


name_index = interlocked.Counter()
_name_index = interlocked.Counter()


def unique_name(name):
return '{0}_{1:x}'.format(name, name_index.increment())
return '{0}_{1:x}'.format(name, _name_index.increment())


def mask(size):
Expand Down Expand Up @@ -131,7 +133,8 @@ def maximum(state, value):
def arbitrary(state, value):
if state.solver.check(value == bv.Constant(value.size, 0xc01db33f)):
return True
return False
else:
return False


class String(object):
Expand All @@ -153,6 +156,7 @@ def __iter__(self):
if not constraint.symbolic:
constraint = (byte != 0)
else:
# not sure that I've implemented &= in smt
constraint = constraint & (byte != 0)

# this might look silly, but it actually makes the
Expand All @@ -171,19 +175,16 @@ def __iter__(self):

class OutputBuffer(object):


def __init__(self, state, address):
self.state = state
self.address = address
self.index = 0


def copy(self, new_state):
new = OutputBuffer(new_state, self.address)
new.index = self.index
return new


def append(self, c):
if isinstance(c, str):
c = bv.Constant(8, ord(c))
Expand All @@ -192,7 +193,6 @@ def append(self, c):
self.index += 1
self.state.write(write_address, c)


def append_string(self, s, max_len=None):
if max_len is not None:
if isinstance(s, str):
Expand All @@ -210,7 +210,7 @@ def append_string(self, s, max_len=None):
self.append(c)
l += 1
else:
raise 'not supported this yet, whatever this is'
raise NotImplementedError()
else:
if isinstance(s, str):
for c in s:
Expand All @@ -219,7 +219,7 @@ def append_string(self, s, max_len=None):
for c, constraint in s:
self.append(c)
else:
raise 'not supported this yet, whatever this is'
raise NotImplementedError()


class BoundOutputBuffer(OutputBuffer):
Expand All @@ -241,7 +241,7 @@ def append(self, c):
OutputBuffer.append(self, c)


class DummyOutputBuffer(OutputBuffer):
class DummyOutputBuffer():

def __init__(self):
self.string = ''
Expand All @@ -262,6 +262,34 @@ def append(self, c):
self.string += chr(c.value)
self.index += 1

def append_string(self, s, max_len=None):
if max_len is not None:
if isinstance(s, str):
l = 0
for c in s:
if l > max_len:
break
self.append(c)
l += 1
elif isinstance(s, String):
l = 0
for c, constraint in s:
if l > max_len:
break
self.append(c)
l += 1
else:
raise NotImplementedError()
else:
if isinstance(s, str):
for c in s:
self.append(c)
elif isinstance(s, String):
for c, constraint in s:
self.append(c)
else:
raise NotImplementedError()


def concrete_format_string(state, output, fmt, va_args):
percent = False
Expand Down Expand Up @@ -304,7 +332,7 @@ def concrete_format_string(state, output, fmt, va_args):
output_constraints = []

if c == '%':
output_string = '%'
output_strings.append('%')
elif c == 'c':
# print a single character
value = va_args[arg_index].resize(8)
Expand Down Expand Up @@ -368,15 +396,14 @@ def concrete_format_string(state, output, fmt, va_args):
# skip unrecongised characters
pass


def _format_output_string(string, width, zero_fill, left_align):
if len(width) > 0:
width = int(width)
while len(string) < int(width):
if zero_fill:
string = '0' + string
elif left_align:
string = string + ' '
string += ' '
else:
string = ' ' + string
return string
Expand Down
13 changes: 1 addition & 12 deletions vulnerabilities.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,12 +18,12 @@
# GENERAL EXCEPTIONS #
########################################################################


class StateException(BaseException):

def __init__(self, state):
self.state = state


def __str__(self):
return '{} {:x} exception'.format(
self.state.id, self.state.ip)
Expand Down Expand Up @@ -60,7 +60,6 @@ def __init__(self, state, address):
StateException.__init__(self, state)
self.address = address


def __str__(self):
return '{} {:x} invalid memory access: {}'.format(
self.state.id, self.state.ip, self.address)
Expand All @@ -73,7 +72,6 @@ class InvalidRead(InvalidMemoryAccess):
def __init__(self, state, address):
InvalidMemoryAccess.__init__(self, state, address)


def __str__(self):
return '{} {:x} invalid read: {:x}'.format(
self.state.id, self.state.ip, self.address)
Expand All @@ -84,7 +82,6 @@ class UninitialisedRead(InvalidRead):
def __init__(self, state, address):
InvalidRead.__init__(self, state, address)


def __str__(self):
return '{} {:x} uninitialised read: {:x}'.format(
self.state.id, self.state.ip, self.address)
Expand All @@ -95,7 +92,6 @@ class UnmappedRead(InvalidRead):
def __init__(self, state, address):
InvalidRead.__init__(self, state, address)


def __str__(self):
return '{} {:x} unmapped read: {:x}'.format(
self.state.id, self.state.ip, self.address)
Expand All @@ -106,7 +102,6 @@ class ArbitraryRead(InvalidRead):
def __init__(self, state, address):
InvalidRead.__init__(self, state, address)


def __str__(self):
return '{} {:x} arbitrary read: {}'.format(
self.state.id, self.state.ip, self.address)
Expand All @@ -120,7 +115,6 @@ def __init__(self, state, address, value):
InvalidMemoryAccess.__init__(self, state, address)
self.value = value


def __str__(self):
return '{} {:x} invalid write: {:x} {}'.format(
self.state.id, self.state.ip, self.address, self.value)
Expand All @@ -131,7 +125,6 @@ class UnmappedWrite(InvalidWrite):
def __init__(self, state, address, value):
InvalidWrite.__init__(self, state, address, value)


def __str__(self):
return '{} {:x} unmapped write: {} {}'.format(
self.state.id, self.state.ip, self.address, self.value)
Expand All @@ -142,7 +135,6 @@ class ArbitraryWrite(InvalidWrite):
def __init__(self, state, address, value):
InvalidWrite.__init__(self, state, address, value)


def __str__(self):
return '{} {:x} arbitrary write: {} {}'.format(
self.state.id, self.state.ip, self.address, self.value)
Expand All @@ -155,7 +147,6 @@ class InvalidExecution(InvalidMemoryAccess):
def __init__(self, state, address):
InvalidMemoryAccess.__init__(self, state, address)


def __str__(self):
return '{} {:x} invalid execution: {}'.format(
self.state.id, self.state.ip, self.address)
Expand All @@ -166,7 +157,6 @@ class ArbitraryExecution(InvalidExecution):
def __init__(self, state, address):
InvalidExecution.__init__(self, state, address)


def __str__(self):
return '{} {:x} arbitrary execution: {}'.format(
self.state.id, self.state.ip, self.address)
Expand All @@ -178,7 +168,6 @@ def __init__(self, state, address, byte):
InvalidExecution.__init__(self, state, address)
self.byte = byte


def __str__(self):
return '{} {:x} symbolic execution: {}'.format(
self.state.id, self.state.ip, self.byte.smt2())

0 comments on commit aa7d3f3

Please sign in to comment.