Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Don't skip over symbol at start of file in _populate_symbols #2451

Draft
wants to merge 2 commits into
base: stable
Choose a base branch
from

Conversation

ThijsRay
Copy link

@ThijsRay ThijsRay commented Aug 28, 2024

Lets say we have an ELF with the following symbols

Symbol table '.symtab' contains 5 entries:
   Num:    Value          Size Type    Bind   Vis      Ndx Name
     0: 0000000000000000     0 NOTYPE  LOCAL  DEFAULT  UND
     1: 0000000000000035     0 NOTYPE  LOCAL  DEFAULT    2 aaaa
     2: 0000000000000022     0 NOTYPE  LOCAL  DEFAULT    2 bbbb
     3: 0000000000000000     0 NOTYPE  GLOBAL DEFAULT    2 cccc
     4: 0000000000000054     0 NOTYPE  GLOBAL DEFAULT    2 dddd

Then pwnlib's ELF(binary).symbols will be {'aaaa': 53, 'bbbb': 34, 'dddd': 84}. This is missing the symbol cccc, because its value is 0.

This change checks the name instead of the value, because the value can be 0 if the symbol points to the beginning.

The new and correct value of pwnlib's ELF(binary).symbols will be {'aaaa': 53, 'cccc': 0, 'bbbb': 34, 'dddd': 84}.

Pwntools Pull Request

Thanks for contributing to Pwntools! Take a moment to look at CONTRIBUTING.md to make sure you're familiar with Pwntools development.

Please provide a high-level explanation of what this pull request is for.

Testing

Pull Requests that introduce new code should try to add doctests for that code. See TESTING.md for more information.

Target Branch

Depending on what the PR is for, it needs to target a different branch.

You can always change the branch after you create the PR if it's against the wrong branch.

Branch Type of PR
dev New features, and enhancements
dev Documentation fixes and new tests
stable Bug fixes that affect the current stable branch
beta Bug fixes that affect the current beta branch, but not stable
dev Bug fixes for code that has never been released

Changelog

After creating your Pull Request, please add and push a commit that updates the changelog for the appropriate branch.
You can look at the existing changelog for examples of how to do this.

@ThijsRay ThijsRay changed the base branch from dev to stable August 28, 2024 21:53
@ThijsRay ThijsRay changed the base branch from stable to dev August 28, 2024 21:53
@ThijsRay ThijsRay force-pushed the fix_missing_start_symbol branch from 675d221 to 9e00ad7 Compare August 28, 2024 21:57
@ThijsRay ThijsRay changed the base branch from dev to stable August 28, 2024 21:57
Lets say we have an ELF with the following symbols

```
Symbol table '.symtab' contains 5 entries:
   Num:    Value          Size Type    Bind   Vis      Ndx Name
     0: 0000000000000000     0 NOTYPE  LOCAL  DEFAULT  UND
     1: 0000000000000035     0 NOTYPE  LOCAL  DEFAULT    2 aaaa
     2: 0000000000000022     0 NOTYPE  LOCAL  DEFAULT    2 bbbb
     3: 0000000000000000     0 NOTYPE  GLOBAL DEFAULT    2 cccc
     4: 0000000000000054     0 NOTYPE  GLOBAL DEFAULT    2 dddd
```

Then pwnlib's ELF(binary).symbols will be `{'aaaa': 53, 'bbbb': 34, 'dddd': 84}`.
This is missing the symbol `cccc`, because its value is 0.

This change checks the name instead of the value, because the value can
be 0 if the symbol points to the beginning.

The new and correct value of pwnlib's ELF(binary).symbols will be
`{'aaaa': 53, 'cccc': 0, 'bbbb': 34, 'dddd': 84}`.
@ThijsRay ThijsRay force-pushed the fix_missing_start_symbol branch from 9e00ad7 to 0829371 Compare August 28, 2024 22:03
@peace-maker
Copy link
Member

Thank you for your contribution! Some tests are failing now so this doesn't seem to be enough. Can you investigate please?

@peace-maker
Copy link
Member

Actually, there appears to be a different issue causing tests to fail.

@peace-maker
Copy link
Member

I think the remaining failing tests are actually caused by this PR.

e.g. the address 0 now is assigned some symbol 0x0008: 0x0 read@@GLIBC_2.2.5 which seems incorrect.

@ThijsRay
Copy link
Author

ThijsRay commented Oct 1, 2024

It seems like my fix does not actually fix the right thing then. It is tricky because a value of 0 is used in both cases where the symbol starts at address 0, or that the symbol does not have a value. I will try to find a correct fix for this, but that might take some time as I am not very familiar with the code base of pwntools.

@peace-maker
Copy link
Member

Maybe we can restrict to some other attribute of Elf_Sym. The ELF structure you access in that code comes from pyelftools. The symbol.entry is a Elf_Sym struct where you can access the info you see in that objdump output you pasted. So you don't have to dig too much in other parts of pwntools.

https://github.com/eliben/pyelftools/blob/59ad15ecfdec821a078405c2ad6bbf079c101268/elftools/elf/structs.py#L300

@peace-maker peace-maker marked this pull request as draft October 24, 2024 15:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants