Add LD_LIBRARY_PATH type feature (#878)

* Add LD_LIBRARY_PATH type feature Use of environment variable MANTICORE_LD_PATH instead of LD_LIBRARY_PATH which is protected on MacOS Fixes #93 * Comments taken into account Commit to be squashed afterwards * Codeclimate fix * Support LD_LIBRARY_PATH in the loader
trailofbits · May 18, 2018 · f4c4c9a · catenacyber · May 21, 2018 · f4c4c9a
1 parent 71c90c3
commit f4c4c9a
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 3 deletions.
diff --git a/manticore/__main__.py b/manticore/__main__.py
@@ -35,7 +35,7 @@ def positive(value):
     parser.add_argument('--disasm', type=str, default='capstone', choices=disas,
                         help=argparse.SUPPRESS)
     parser.add_argument('--env', type=str, nargs=1, default=[], action='append',
-                        help='Specify symbolic environment variable VARNAME=++++++')
+                        help='Add an environment variable. Use "+" for symbolic bytes. (VARNAME=++++)')
     #TODO allow entry as an address
     #parser.add_argument('--entry', type=str, default=None,
     #                    help='address as entry point')

diff --git a/manticore/platforms/linux.py b/manticore/platforms/linux.py
@@ -481,7 +481,7 @@ def _execve(self, program, argv, envp):
 
         logger.debug("Loading %s as a %s elf", program, self.arch)
 
-        self.load(program)
+        self.load(program, envp)
         self._arch_specific_init()
 
         self._stack_top = self.current.STACK
@@ -830,12 +830,13 @@ def set_entry(self, entryPC):
         self.current.PC = elf_entry
         logger.debug("Entry point updated: %016x", elf_entry)
 
-    def load(self, filename):
+    def load(self, filename, env):
         '''
         Loads and an ELF program in memory and prepares the initial CPU state.
         Creates the stack and loads the environment variables and the arguments in it.
 
         :param filename: pathname of the file to be executed. (used for auxv)
+        :param list env: A list of env variables. (used for extracting vars that control ld behavior)
         :raises error:
             - 'Not matching cpu': if the program is compiled for a different architecture
             - 'Not matching memory': if the program is compiled for a different address size
@@ -846,6 +847,7 @@ def load(self, filename):
         cpu = self.current
         elf = self.elf
         arch = self.arch
+        env = dict(var.split('=') for var in env if '=' in var)
         addressbitsize = {'x86': 32, 'x64': 64, 'ARM': 32}[elf.get_machine_arch()]
         logger.debug("Loading %s as a %s elf", filename, arch)
 
@@ -860,6 +862,13 @@ def load(self, filename):
             logger.info('Interpreter filename: %s', interpreter_filename)
             if os.path.exists(interpreter_filename.decode('utf-8')):
                 interpreter = ELFFile(open(interpreter_filename, 'rb'))
+            elif 'LD_LIBRARY_PATH' in env:
+                for mpath in env['LD_LIBRARY_PATH'].split(":"):
+                    interpreter_path_filename = os.path.join(mpath, os.path.basename(interpreter_filename))
+                    logger.info("looking for interpreter %s", interpreter_path_filename)
+                    if os.path.exists(interpreter_filename):
+                        interpreter = ELFFile(open(interpreter_path_filename))
+                        break
             break
         if interpreter is not None:
             assert interpreter.get_machine_arch() == elf.get_machine_arch()