From 8bf4f8ef0253d6a2e2bc31d0e968b036ebeefca3 Mon Sep 17 00:00:00 2001
From: lip234 <lip23@mymacewan.ca>
Date: Sat, 6 Jul 2024 20:00:49 -0600
Subject: [PATCH] Fixes #1736

Fixes issue in the implant where `ps` command leads to infinite loop on Darwin under certain conditions.
---
 implant/sliver/ps/ps_darwin.go | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/implant/sliver/ps/ps_darwin.go b/implant/sliver/ps/ps_darwin.go
index 19b973fd42..af304d6fe5 100644
--- a/implant/sliver/ps/ps_darwin.go
+++ b/implant/sliver/ps/ps_darwin.go
@@ -227,12 +227,9 @@ func getArgvFromPid(pid int) ([]string, error) {
 		errStr := unix.ErrnoName(errno)
 		return []string{""}, fmt.Errorf("%s", errStr)
 	}
-	buffer := bytes.NewBuffer(processArgs)
-	numberOfArgs, err := binary.ReadUvarint(buffer)
-	if err != nil {
-		return []string{""}, err
-	}
-	buffer.Next(3)                         // skip  sizeof(int32), the number of args
+	buffer := bytes.NewBuffer(processArgs[0:size])
+	numberOfArgsBytes := buffer.Next(4)
+	numberOfArgs := binary.LittleEndian.Uint32(numberOfArgsBytes)
 	argv := make([]string, numberOfArgs+1) // executable name is present twice
 
 	// There's probably a way to optimize that loop.
@@ -248,7 +245,7 @@ func getArgvFromPid(pid int) ([]string, error) {
 	for {
 		arg, err := buffer.ReadString(0x00)
 		if err != nil {
-			continue
+			break
 		}
 		if strings.ReplaceAll(arg, "\x00", "") != "" {
 			argv[i] = arg