NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: bin/55979 (sh single quotes removes nul characters)
The following reply was made to PR bin/55979; it has been noted by GNATS.
From: Justine Tunney <jtunney%gmail.com@localhost>
To: gnats-bugs%netbsd.org@localhost
Cc: kre%netbsd.org@localhost, gnats-admin%netbsd.org@localhost, netbsd-bugs%netbsd.org@localhost
Subject: Re: bin/55979 (sh single quotes removes nul characters)
Date: Wed, 10 Feb 2021 10:39:13 -0800
--0000000000004da53505baffba91
Content-Type: text/plain; charset="UTF-8"
Have we tried using ASAN to troubleshoot this?
> the hello.com you provided a link to earlier started \177ELF
That's because the binary modified itself. The code following MZqFpD='' is
a printf ELF>$0 so the first 64 bytes have a conventional ELF header for
subsequent invocations. Try downloading https://justine.lol/hello.com
again. That file can be your test case. I can create a more minimal one too
if you need it.
On Wed, Feb 10, 2021 at 5:25 AM Robert Elz <kre%munnari.oz.au@localhost> wrote:
> The following reply was made to PR bin/55979; it has been noted by GNATS.
>
> From: Robert Elz <kre%munnari.OZ.AU@localhost>
> To: Justine Tunney <jtunney%gmail.com@localhost>
> Cc: gnats-bugs%netbsd.org@localhost, gnats-admin%netbsd.org@localhost, netbsd-bugs%netbsd.org@localhost
> Subject: Re: bin/55979 (sh single quotes removes nul characters)
> Date: Wed, 10 Feb 2021 20:24:28 +0700
>
> Date: Tue, 9 Feb 2021 20:08:50 -0800
> From: Justine Tunney <jtunney%gmail.com@localhost>
> Message-ID: <CANtdasQJxExVw_fpBHGX=
> qPWMs56PC-6RH6nufTYM-X25CCORQ%mail.gmail.com@localhost>
>
> One more thing:
>
> | 11172 1 sh CALL
> mmap(0,0x1000,PROT_READ|PROT_WRITE,0x1002<PRIVATE,ANONYMOUS,ALIGN=NONE>,0xffffffff,0,0)
> | 11172 1 sh RET mmap 126131311058944/0x72b73bfda000
>
> That's very odd, sh doesn't call mmap() anywhere (and doesn't use stdio
> for input/output either) and doesn't dynamically load anything either
> (libc and libedit should have been loaded at startup). Are you sure
> that's the NetBSD /bin/sh doing that?
>
> In that sh, do "echo $NETBSD_SHELL" and show what it says please.
>
> kre
>
>
>
--0000000000004da53505baffba91
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div>Have we tried using ASAN to troubleshoot this?<br></d=
iv><div><br></div>> the <a href=3D"http://hello.com";>hello.com</a> you=
=C2=A0provided a link to earlier started \177ELF<br><div><br></div><div>Tha=
t's because the binary modified itself. The code following MZqFpD=3D=
9;' is a printf ELF>$0 so the first 64 bytes have a conventional ELF=
header for subsequent invocations. Try downloading <a href=3D"https://just=
ine.lol/hello.com">https://justine.lol/hello.com</a> again. That file can b=
e your test case. I can create a more minimal one too if you need it.</div>=
</div><br><div class=3D"gmail_quote"><div dir=3D"ltr" class=3D"gmail_attr">=
On Wed, Feb 10, 2021 at 5:25 AM Robert Elz <<a href=3D"mailto:kre@munnar=
i.oz.au">kre%munnari.oz.au@localhost</a>> wrote:<br></div><blockquote class=3D"gma=
il_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,2=
04,204);padding-left:1ex">The following reply was made to PR bin/55979; it =
has been noted by GNATS.<br>
<br>
From: Robert Elz <<a href=3D"mailto:kre%munnari.OZ.AU@localhost"; target=3D"_blank"=
>kre%munnari.OZ.AU@localhost</a>><br>
To: Justine Tunney <<a href=3D"mailto:jtunney%gmail.com@localhost"; target=3D"_blan=
k">jtunney%gmail.com@localhost</a>><br>
Cc: <a href=3D"mailto:gnats-bugs%netbsd.org@localhost"; target=3D"_blank">gnats-bugs@n=
etbsd.org</a>, <a href=3D"mailto:gnats-admin%netbsd.org@localhost"; target=3D"_blank">=
gnats-admin%netbsd.org@localhost</a>, <a href=3D"mailto:netbsd-bugs%netbsd.org@localhost"; targe=
t=3D"_blank">netbsd-bugs%netbsd.org@localhost</a><br>
Subject: Re: bin/55979 (sh single quotes removes nul characters)<br>
Date: Wed, 10 Feb 2021 20:24:28 +0700<br>
<br>
=C2=A0 =C2=A0 =C2=A0Date:=C2=A0 =C2=A0 =C2=A0 =C2=A0 Tue, 9 Feb 2021 20:08:=
50 -0800<br>
=C2=A0 =C2=A0 =C2=A0From:=C2=A0 =C2=A0 =C2=A0 =C2=A0 Justine Tunney <<a =
href=3D"mailto:jtunney%gmail.com@localhost"; target=3D"_blank">jtunney%gmail.com@localhost</a>&g=
t;<br>
=C2=A0 =C2=A0 =C2=A0Message-ID:=C2=A0 <CANtdasQJxExVw_fpBHGX=3D<a href=
=3D"mailto:qPWMs56PC-6RH6nufTYM-X25CCORQ%mail.gmail.com@localhost"; target=3D"_blank">=
qPWMs56PC-6RH6nufTYM-X25CCORQ%mail.gmail.com@localhost</a>><br>
<br>
=C2=A0One more thing:<br>
<br>
=C2=A0 =C2=A0|=C2=A0 =C2=A0 =C2=A0 11172=C2=A0 =C2=A0 =C2=A0 1 sh=C2=A0 =C2=
=A0 =C2=A0 =C2=A0CALL mmap(0,0x1000,PROT_READ|PROT_WRITE,0x1002<PRIVATE,=
ANONYMOUS,ALIGN=3DNONE>,0xffffffff,0,0)<br>
=C2=A0 =C2=A0|=C2=A0 =C2=A0 =C2=A0 11172=C2=A0 =C2=A0 =C2=A0 1 sh=C2=A0 =C2=
=A0 =C2=A0 =C2=A0RET=C2=A0 =C2=A0mmap 126131311058944/0x72b73bfda000<br>
<br>
=C2=A0That's very odd, sh doesn't call mmap() anywhere (and doesn&#=
39;t use stdio<br>
=C2=A0for input/output either) and doesn't dynamically load anything ei=
ther<br>
=C2=A0(libc and libedit should have been loaded at startup).=C2=A0 =C2=A0Ar=
e you sure<br>
=C2=A0that's the NetBSD /bin/sh doing that?<br>
<br>
=C2=A0In that sh, do "echo $NETBSD_SHELL" and show what it says p=
lease.<br>
<br>
=C2=A0kre<br>
<br>
<br>
</blockquote></div>
--0000000000004da53505baffba91--
Home |
Main Index |
Thread Index |
Old Index