bumped enochecker to handle closed connections correctly, fixed added code that prevented exploiting flagstore 2

4 files changed, 12 insertions, 8 deletions

diff --git a/checker/src/checker.py b/checker/src/checker.py
index 8f9334d..f65a033 100644
--- a/checker/src/checker.py
+++ b/checker/src/checker.py
@@ -371,7 +371,7 @@ class STLDoctorChecker(BaseChecker):
                 self.debug(b"Retrieving file " + fhash + b" at index " + index_dict[fhash])
                 conn.write(index_dict[fhash] + b"\ny\n")
                 fileinfo = conn.recvuntil(self.prompt)
-                # self.debug("File contents:\n" + fileinfo.decode("latin1"))
+                #self.debug("File contents:\n" + fileinfo.decode("latin1"))
                 found = self.search_flag_bytes(fileinfo)
                 if found is not None or i == len(targets) - 1:
                     break
diff --git a/checker/src/requirements.txt b/checker/src/requirements.txt
index 0668404..38a6e0b 100644
--- a/checker/src/requirements.txt
+++ b/checker/src/requirements.txt
@@ -4,7 +4,7 @@ click==7.1.2
 dnspython==1.16.0
 # enochecker==0.4.2
 # git+https://github.com/enowars/enochecker@37981175f3125bd552c3c351494186fe9ce35e0b
-git+https://github.com/Sinitax/enochecker@3bd2e698e9421f4a67e60a2377ac6f40e65b18a7
+git+https://github.com/Sinitax/enochecker@f04cab0fd57fbc927809e88c97a1dd37579089ee
 enochecker-cli==0.7.0
 enochecker-core==0.10.0
 eventlet==0.30.2
diff --git a/service/src/main.c b/service/src/main.c
index 24279c5..751f2ef 100644
--- a/service/src/main.c
+++ b/service/src/main.c
@@ -204,7 +204,7 @@ search_cmd(const char *arg)
 	dirstart = telldir(d);
 	for (pathc = 0; (de = readdir(d));) {
 		if (access_authorized(de->d_name)
-		    && !strpfcmp(hash, de->d_name + loggedin)) {
+		    && !strpfcmp(hash, de->d_name + (loggedin ? 1 : 0))) {
 			printf("%i : %s\n", pathc, de->d_name);
 			paths[pathc++] = checkp(strdup(de->d_name));
 			if (pathc == pathcap) {
@@ -347,15 +347,17 @@ cleanexit()
 int
 main()
 {
-	const char *cmd;
+	const char *cmd, *envstr;
 	char *cp, *arg;
 	int exit, i, cmdlen;
 
-	if (!(resultdir = checkp(strdup(getenv("RESULTDIR"))))) {
+	if (!(envstr = getenv("RESULTDIR"))) {
 		printf("RESULTDIR not defined\n");
 		return 1;
 	}
 
+	resultdir = checkp(strdup(envstr));
+
 	setvbuf(stdin, NULL, _IONBF, 0);
 	setvbuf(stdout, NULL, _IONBF, 0);
 	setvbuf(stderr, NULL, _IONBF, 0);
diff --git a/src/main.c b/src/main.c
index ff30df3..b1d4e9c 100644
--- a/src/main.c
+++ b/src/main.c
@@ -204,7 +204,7 @@ search_cmd(const char *arg)
 	dirstart = telldir(d);
 	for (pathc = 0; (de = readdir(d));) {
 		if (access_authorized(de->d_name)
-		    && !strpfcmp(hash, de->d_name + loggedin)) {
+		    && !strpfcmp(hash, de->d_name + (loggedin ? 1 : 0))) {
 			printf("%i : %s\n", pathc, de->d_name);
 			paths[pathc++] = checkp(strdup(de->d_name));
 			if (pathc == pathcap) {
@@ -347,15 +347,17 @@ cleanexit()
 int
 main()
 {
-	const char *cmd;
+	const char *cmd, *envstr;
 	char *cp, *arg;
 	int exit, i, cmdlen;
 
-	if (!(resultdir = checkp(strdup(getenv("RESULTDIR"))))) {
+	if (!(envstr = getenv("RESULTDIR"))) {
 		fprintf(stderr, "RESULTDIR not defined\n");
 		return 1;
 	}
 
+	resultdir = checkp(strdup(envstr));
+
 	setvbuf(stdin, NULL, _IONBF, 0);
 	setvbuf(stdout, NULL, _IONBF, 0);
 	setvbuf(stderr, NULL, _IONBF, 0);