commit 9d4f8aaceda37364748a4be8238ffde4c137a19c
parent f1285b65d59119b71c7c4f98dddcf2d6969922be
Author: Louis Burda <quent.burda@gmail.com>
Date: Thu, 13 May 2021 13:55:07 +0200
added cleanup script, improved poc test, addec echo for debugging and small fixes
Diffstat:
10 files changed, 121 insertions(+), 21 deletions(-)
diff --git a/service/.gitignore b/service/.gitignore
@@ -0,0 +1 @@
+data/*
diff --git a/service/Dockerfile b/service/Dockerfile
@@ -10,12 +10,15 @@ RUN mkdir /data
COPY entrypoint.sh /
RUN chmod +x /entrypoint.sh
+COPY cleaner.sh /
+RUN chmod +x /cleaner.sh
+
COPY src/ /service/
WORKDIR /service/
-
RUN make clean && make
EXPOSE 9000
+ENV RESULTDIR=/data/scans
ENTRYPOINT ["/entrypoint.sh"]
diff --git a/service/cleaner.sh b/service/cleaner.sh
@@ -0,0 +1,19 @@
+#!/bin/sh
+
+timeref="/data/lastclean"
+
+if [ -z "$RESULTDIR" ]; then
+ echo "RESULTDIR is undefined! skipping cleanup.."
+ exit 1
+fi
+
+if [ -f "$timeref" ]; then
+ files="$(find "$RESULTDIR" -mindepth 1 \! -newer "$timeref")"
+ echo "$files" | while read path; do
+ rm -rf "$path"
+ done
+ echo "[ $(date +%T) ] Removed $(echo -n "$files" | wc -l) old files!"
+fi
+
+touch "$timeref"
+
diff --git a/service/entrypoint.sh b/service/entrypoint.sh
@@ -1,13 +1,14 @@
#!/bin/sh
-set -e -x
-
chown -R service:service "/data/"
-export RESULTDIR="/data"
-
-servicecmd='socat -T30 -s TCP-LISTEN:9000,reuseaddr,fork,end-close EXEC:"/service/printdoc",raw,pty,echo=0,stderr'
+mkdir -p "$RESULTDIR"
while [ 1 ]; do
- su -s /bin/sh -c "$servicecmd" service
-done
+ /cleaner.sh
+ sleep 180
+done &
+
+servicecmd='socat -T30 -s TCP-LISTEN:9000,reuseaddr,fork EXEC:"/service/printdoc",raw,pty,echo=0,stderr'
+
+su -s /bin/sh -c "$servicecmd" service
diff --git a/service/src/printdoc.c b/service/src/printdoc.c
@@ -21,18 +21,23 @@ int save_submission(struct parseinfo *info, char *data, int len);
void cat_cmd(char *arg);
void list_cmd(char *arg);
+void exit_cmd(char *arg);
+void echo_cmd(char *arg);
void submit_cmd(char *arg);
void query_cmd(char *arg);
struct command commands[] = {
{ "cat", cat_cmd },
{ "help", list_cmd },
+ { "exit", exit_cmd },
+ { "echo", echo_cmd },
{ "submit", submit_cmd },
{ "query", query_cmd },
};
struct parseinfo cached;
const char *resultdir;
+int echo = 0;
int
save_submission(struct parseinfo *info, char *stldata, int stlsize)
@@ -97,6 +102,19 @@ list_cmd(char *arg)
}
void
+exit_cmd(char *arg)
+{
+ exit(0);
+}
+
+void
+echo_cmd(char *arg)
+{
+ echo ^= 1;
+ printf("Echo is %s\n", echo ? "enabled" : "disabled");
+}
+
+void
submit_cmd(char *arg)
{
const char *bufp;
@@ -212,6 +230,7 @@ cleanup:
void
cleanexit()
{
+ printf("see you later!\n");
free_info(&cached);
}
@@ -244,6 +263,8 @@ main()
if (linebuf[strlen(linebuf) - 1] == '\n')
linebuf[strlen(linebuf) - 1] = '\0';
+ if (echo) printf("%s\n", linebuf);
+
cp = strchr(linebuf, ' ');
arg = cp ? cp + 1 : NULL;
if (cp) *cp = 0;
@@ -258,7 +279,4 @@ main()
if (i == ARRSIZE(commands) && strlen(linebuf) != 0)
fprintf(stderr, "No such command!\n");
}
-
- printf("see you later!\n");
- free_info(&cached);
}
diff --git a/service/src/stlfile.c b/service/src/stlfile.c
@@ -92,7 +92,7 @@ consume_keyword(char **start)
for (i = 0; i < ARRSIZE(kwmap); i++) {
len = strlen(kwmap[i].str);
if (!strncmp(kwmap[i].str, bp, len) && strchr(wsset, *(bp + len))) {
- printf("GOT: %s\n", kwmap[i].str);
+ // printf("GOT: %s\n", kwmap[i].str);
*start = bp + len + (bp[len] ? 1 : 0);
return kwmap[i].code;
}
diff --git a/service/src/test.sh b/service/src/test.sh
@@ -2,6 +2,11 @@
set -e
+RUN_REMOTE=1
+
+export RESULTDIR="../data/scans"
+export ECHO_INPUT=1
+
announce() {
count=$(echo "$1" | wc -c)
python3 -c "
@@ -24,7 +29,13 @@ checkleaks() {
fi
}
-export RESULTDIR="scans"
+connect() {
+ if [ $RUN_REMOTE ]; then
+ nc localhost 9000
+ else
+ ./printdoc
+ fi
+}
if [ "$1" == "stl" ]; then
@@ -47,25 +58,47 @@ elif [ "$1" == "poc" ]; then
announce "Testing Proof-Of-Concept"
- rm -rf scans/*
+ rm -rf "$RESULTDIR"/*
echo -e "\n--- Uploading target STL ---\n" 1>&2
(
+ echo "echo"
echo "submit"
- cat tests/sample-ascii.stl | wc -c
- cat tests/sample-ascii.stl
- ) | ./printdoc
+ cat tests/flag1.stl | wc -c
+ cat tests/flag1.stl
+ echo "exit"
+ ) | connect
echo -e "\n--- Uploading evil STL ---\n" 1>&2
(
+ echo "echo"
echo "submit"
cat tests/evil1.stl | wc -c
cat tests/evil1.stl
echo -e "AAAA\xff"
- ) | ./printdoc
+ echo "exit"
+ ) | connect
echo -e "\n--- Testing Exploit ---\n" 1>&2
(
+ echo "echo"
+
+ # try index 0
+ echo "query"
+ echo -e "AAAA\xff"
+ echo "0"
+ echo "n"
+
+ echo "query"
+ echo "0"
+ echo "n"
+
+ # reset cached result
+ echo "submit"
+ echo "2"
+ echo "aa"
+
+ # try index 1
echo "query"
echo -e "AAAA\xff"
echo "0"
@@ -73,7 +106,9 @@ elif [ "$1" == "poc" ]; then
echo "query"
echo "1"
- ) | checkleaks
+ echo "n"
+ echo "exit"
+ ) | connect
else
(
@@ -81,6 +116,7 @@ else
echo "2"
echo "AA"
echo "AAAA"
- ) | ./printdoc
+ echo "exit"
+ ) | connect
fi
diff --git a/service/src/tests/flag1.stl b/service/src/tests/flag1.stl
@@ -0,0 +1,16 @@
+solid ENO{TESTFLAG}
+ facet normal 1.0 0 0
+ outer loop
+ vertex 0 1 0
+ vertex 0 1 1
+ vertex 0 0 1
+ endloop
+ endfacet
+ facet normal 0 0 1.0
+ outer loop
+ vertex 1 0 0
+ vertex 1 1 0
+ vertex 0 1 0
+ endloop
+ endfacet
+endsolid
diff --git a/service/src/util.c b/service/src/util.c
@@ -106,7 +106,11 @@ ask(const char *fmtstr, ...)
fail = !fgets(linebuf, sizeof(linebuf), stdin);
- if (!fail) linebuf[strlen(linebuf) - 1] = '\0';
+ if (!fail && *linebuf) {
+ if (linebuf[strlen(linebuf)-1] == '\n')
+ linebuf[strlen(linebuf)-1] = '\0';
+ if (echo) printf("%s\n", linebuf);
+ }
return fail ? "" : linebuf;
}
diff --git a/service/src/util.h b/service/src/util.h
@@ -29,4 +29,6 @@ const char* ask(const char *fmtstr, ...);
void dump(const char *filepath);
int strpfcmp(const char *prefix, const char *str);
+extern int echo;
+
#endif /* UTIL_H */
