From 9d4f8aaceda37364748a4be8238ffde4c137a19c Mon Sep 17 00:00:00 2001 From: Louis Burda Date: Thu, 13 May 2021 13:55:07 +0200 Subject: added cleanup script, improved poc test, addec echo for debugging and small fixes --- service/src/printdoc.c | 24 ++++++++++++++++++--- service/src/stlfile.c | 2 +- service/src/test.sh | 52 ++++++++++++++++++++++++++++++++++++++------- service/src/tests/flag1.stl | 16 ++++++++++++++ service/src/util.c | 6 +++++- service/src/util.h | 2 ++ 6 files changed, 89 insertions(+), 13 deletions(-) create mode 100644 service/src/tests/flag1.stl (limited to 'service/src') diff --git a/service/src/printdoc.c b/service/src/printdoc.c index 0eb3127..1e549c9 100644 --- a/service/src/printdoc.c +++ b/service/src/printdoc.c @@ -21,18 +21,23 @@ int save_submission(struct parseinfo *info, char *data, int len); void cat_cmd(char *arg); void list_cmd(char *arg); +void exit_cmd(char *arg); +void echo_cmd(char *arg); void submit_cmd(char *arg); void query_cmd(char *arg); struct command commands[] = { { "cat", cat_cmd }, { "help", list_cmd }, + { "exit", exit_cmd }, + { "echo", echo_cmd }, { "submit", submit_cmd }, { "query", query_cmd }, }; struct parseinfo cached; const char *resultdir; +int echo = 0; int save_submission(struct parseinfo *info, char *stldata, int stlsize) @@ -96,6 +101,19 @@ list_cmd(char *arg) printf("\n"); } +void +exit_cmd(char *arg) +{ + exit(0); +} + +void +echo_cmd(char *arg) +{ + echo ^= 1; + printf("Echo is %s\n", echo ? "enabled" : "disabled"); +} + void submit_cmd(char *arg) { @@ -212,6 +230,7 @@ cleanup: void cleanexit() { + printf("see you later!\n"); free_info(&cached); } @@ -244,6 +263,8 @@ main() if (linebuf[strlen(linebuf) - 1] == '\n') linebuf[strlen(linebuf) - 1] = '\0'; + if (echo) printf("%s\n", linebuf); + cp = strchr(linebuf, ' '); arg = cp ? cp + 1 : NULL; if (cp) *cp = 0; @@ -258,7 +279,4 @@ main() if (i == ARRSIZE(commands) && strlen(linebuf) != 0) fprintf(stderr, "No such command!\n"); } - - printf("see you later!\n"); - free_info(&cached); } diff --git a/service/src/stlfile.c b/service/src/stlfile.c index 72868f8..60f8b40 100644 --- a/service/src/stlfile.c +++ b/service/src/stlfile.c @@ -92,7 +92,7 @@ consume_keyword(char **start) for (i = 0; i < ARRSIZE(kwmap); i++) { len = strlen(kwmap[i].str); if (!strncmp(kwmap[i].str, bp, len) && strchr(wsset, *(bp + len))) { - printf("GOT: %s\n", kwmap[i].str); + // printf("GOT: %s\n", kwmap[i].str); *start = bp + len + (bp[len] ? 1 : 0); return kwmap[i].code; } diff --git a/service/src/test.sh b/service/src/test.sh index 86bce92..f8e7196 100644 --- a/service/src/test.sh +++ b/service/src/test.sh @@ -2,6 +2,11 @@ set -e +RUN_REMOTE=1 + +export RESULTDIR="../data/scans" +export ECHO_INPUT=1 + announce() { count=$(echo "$1" | wc -c) python3 -c " @@ -24,7 +29,13 @@ checkleaks() { fi } -export RESULTDIR="scans" +connect() { + if [ $RUN_REMOTE ]; then + nc localhost 9000 + else + ./printdoc + fi +} if [ "$1" == "stl" ]; then @@ -47,25 +58,47 @@ elif [ "$1" == "poc" ]; then announce "Testing Proof-Of-Concept" - rm -rf scans/* + rm -rf "$RESULTDIR"/* echo -e "\n--- Uploading target STL ---\n" 1>&2 ( + echo "echo" echo "submit" - cat tests/sample-ascii.stl | wc -c - cat tests/sample-ascii.stl - ) | ./printdoc + cat tests/flag1.stl | wc -c + cat tests/flag1.stl + echo "exit" + ) | connect echo -e "\n--- Uploading evil STL ---\n" 1>&2 ( + echo "echo" echo "submit" cat tests/evil1.stl | wc -c cat tests/evil1.stl echo -e "AAAA\xff" - ) | ./printdoc + echo "exit" + ) | connect echo -e "\n--- Testing Exploit ---\n" 1>&2 ( + echo "echo" + + # try index 0 + echo "query" + echo -e "AAAA\xff" + echo "0" + echo "n" + + echo "query" + echo "0" + echo "n" + + # reset cached result + echo "submit" + echo "2" + echo "aa" + + # try index 1 echo "query" echo -e "AAAA\xff" echo "0" @@ -73,7 +106,9 @@ elif [ "$1" == "poc" ]; then echo "query" echo "1" - ) | checkleaks + echo "n" + echo "exit" + ) | connect else ( @@ -81,6 +116,7 @@ else echo "2" echo "AA" echo "AAAA" - ) | ./printdoc + echo "exit" + ) | connect fi diff --git a/service/src/tests/flag1.stl b/service/src/tests/flag1.stl new file mode 100644 index 0000000..f2a3854 --- /dev/null +++ b/service/src/tests/flag1.stl @@ -0,0 +1,16 @@ +solid ENO{TESTFLAG} + facet normal 1.0 0 0 + outer loop + vertex 0 1 0 + vertex 0 1 1 + vertex 0 0 1 + endloop + endfacet + facet normal 0 0 1.0 + outer loop + vertex 1 0 0 + vertex 1 1 0 + vertex 0 1 0 + endloop + endfacet +endsolid diff --git a/service/src/util.c b/service/src/util.c index 9f91f6b..c53f92b 100644 --- a/service/src/util.c +++ b/service/src/util.c @@ -106,7 +106,11 @@ ask(const char *fmtstr, ...) fail = !fgets(linebuf, sizeof(linebuf), stdin); - if (!fail) linebuf[strlen(linebuf) - 1] = '\0'; + if (!fail && *linebuf) { + if (linebuf[strlen(linebuf)-1] == '\n') + linebuf[strlen(linebuf)-1] = '\0'; + if (echo) printf("%s\n", linebuf); + } return fail ? "" : linebuf; } diff --git a/service/src/util.h b/service/src/util.h index d012f25..3496461 100644 --- a/service/src/util.h +++ b/service/src/util.h @@ -29,4 +29,6 @@ const char* ask(const char *fmtstr, ...); void dump(const char *filepath); int strpfcmp(const char *prefix, const char *str); +extern int echo; + #endif /* UTIL_H */ -- cgit v1.2.3-71-gd317