desock: close the pipes after stdin EOF?

[d33tah]

Consider the following sock.py Python file:

import socket
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect(("127.0.0.1", 31337))
print(s.recv(200))
print(s.recv(200))

Now run ncat -l --sh-exec 'echo 1' -k and then the file above and observe the behavior. Then try:

echo -n '2' | LD_PRELOAD=desock.so strace -ff python sock.py

You will see that while without dsesock.so the program would exit, turning it on causes an infinite loop. I believe that recvrom should fail if we hit an EOF. Perhaps somehow exiting the loop or closing the pipe in such case could cause that, letting the fuzzed processes avoid an infinite loop?

[zardus]

Ah, that's very possible...

I'm swamped with a big deadline on Friday, but I'll take a look after that!

[d33tah]

Wow, that's a quick reply! Thanks, I'd love to have this bug fixed.

[zardus]

So after that amazing quick reply, I finally had a chance to look into this
two months later :-)

I pushed a partial fix that at least stops the stdin synchronization on
stdin EOF, but stdout is trickier. There's no EOF; we just sit waiting for
the fake-fd to have an event on it. Not exactly sure how to fix it yet...
Let me know if you have any ideas!

On Tue, Nov 10, 2015 at 3:54 AM, Jacek Wielemborek <notifications@github.com

wrote:

Wow, that's a quick reply! Thanks, I'd love to have this bug fixed.

—
Reply to this email directly or view it on GitHub
#15 (comment).

[Matir]

I realize this issue is quite old, but is there a reason not to call shutdown() on STDIN EOF? I needed this for fuzzing an event-driven program to indicate that there will be no more input.