[ragg2] exit on invalid input

[zonkzonk]

$ export CFLAGS+="-g"
$ ulimit -c 10000
$ ragg2 -x -e xor -c key=64 -B `ragg2-cc -x n.c`
clang: warning: argument unused during compilation: '-pie'
n.c:2:1: warning: implicit declaration of function 'system' is invalid in C99 [-Wimplicit-function-declaration]
system("/usr/bin/nc -e/bin/sh -lvunp6666");
^
1 warning generated.
/tmp/n-wGGxK7.o(.text+0xd): error: undefined reference to 'system'
clang: error: linker command failed with exit code 1 (use -v to see invocation)
ragg2: option requires an argument -- 'B'
Segmentation fault (core dumped)
$ gdb -q `which ragg2` core.1964
Reading symbols from /usr/local/bin/ragg2...done.
[New LWP 1964]

warning: Could not load shared library symbols for linux-vdso.so.1.
Do you need "set solib-search-path" or "set sysroot"?
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib/libthread_db.so.1".

warning: no loadable sections found in added symbol-file system-supplied DSO at 0x7fff49ffe000
Core was generated by `ragg2 -x -e xor -c key 64 -B'.
Program terminated with signal 11, Segmentation fault.
#0  0x0000000001031011 in ?? ()
(gdb) bt full
#0  0x0000000001031011 in ?? ()
No symbol table info available.
#1  0x00007f71e11bc074 in r_sys_run (buf=0x10306c0 "j", len=24) at sys.c:525
        sz = 4096
        pdelta = 1760
        ret = 0
        cb = 0x1031000
        ptr = 0x1031000 "j"
        p = 0x10306e0 ""
#2  0x00007f71e2ddfa5a in r_egg_run (egg=0x101c010) at egg.c:289
No locals.
#3  0x0000000000402497 in main (argc=7, argv=0x7fff49f868a8) at ragg2.c:321
        file = 0x0
        padding = 0x0
        bytes = 0x0
        contents = 0x0
        arch = 0x402bec "x86"
        os = 0x402bf0 "linux"
        format = 0x402bf6 "raw"
        show_execute = 1
        show_hex = 1
        show_asm = 0
        show_raw = 0
        shellcode = 0x0
        encoder = 0x7fff49f87da4 "xor"
        bits = 32
        ofile = 0x0
        ofileauto = 0
        b = 0x1030660
        c = -1
        i = 1241016552
        egg = 0x101c010

(gdb) x/i $pc
=> 0x1031011:   xor    %bl,(%rsi)

ragg2 should not continue if input is invalid?!1:

$ ragg2-cc -x n.c
clang: warning: argument unused during compilation: '-pie'
n.c:2:1: warning: implicit declaration of function 'system' is invalid in C99 [-Wimplicit-function-declaration]
system("/usr/bin/nc -e/bin/sh -lvunp6666");
^
1 warning generated.
/tmp/n-wGGxK7.o(.text+0xd): error: undefined reference to 'system'
clang: error: linker command failed with exit code 1 (use -v to see invocation)
ragg2: option requires an argument -- 'B'
Segmentation fault (core dumped)
$ gdb -q `which ragg2` core.1964
Reading symbols from /usr/local/bin/ragg2...done.
[New LWP 1964]

warning: Could not load shared library symbols for linux-vdso.so.1.
Do you need "set solib-search-path" or "set sysroot"?
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib/libthread_db.so.1".

warning: no loadable sections found in added symbol-file system-supplied DSO at 0x7fff49ffe000
Core was generated by `ragg2 -x -e xor -c key 64 -B'.
Program terminated with signal 11, Segmentation fault.
#0  0x0000000001031011 in ?? ()
(gdb) bt full
#0  0x0000000001031011 in ?? ()
No symbol table info available.
#1  0x00007f71e11bc074 in r_sys_run (buf=0x10306c0 "j", len=24) at sys.c:525
        sz = 4096
        pdelta = 1760
        ret = 0
        cb = 0x1031000
        ptr = 0x1031000 "j"
        p = 0x10306e0 ""
#2  0x00007f71e2ddfa5a in r_egg_run (egg=0x101c010) at egg.c:289
No locals.
#3  0x0000000000402497 in main (argc=7, argv=0x7fff49f868a8) at ragg2.c:321
        file = 0x0
        padding = 0x0
        bytes = 0x0
        contents = 0x0
        arch = 0x402bec "x86"
        os = 0x402bf0 "linux"
        format = 0x402bf6 "raw"
        show_execute = 1
        show_hex = 1
        show_asm = 0
        show_raw = 0
        shellcode = 0x0
        encoder = 0x7fff49f87da4 "xor"
        bits = 32
        ofile = 0x0
        ofileauto = 0
        b = 0x1030660
        c = -1
        i = 1241016552
        egg = 0x101c010

(gdb) x/i $pc
=> 0x1031011:   xor    %bl,(%rsi)

ragg2 should not continue if input is invalid?!1:

$ ragg2-cc -x n.c
clang: warning: argument unused during compilation: '-pie'
n.c:2:1: warning: implicit declaration of function 'system' is invalid in C99 [-Wimplicit-function-declaration]
system("/usr/bin/nc -e/bin/sh -lvunp6666");
^
1 warning generated.
/tmp/n-lSxpFJ.o(.text+0xd): error: undefined reference to 'system'
clang: error: linker command failed with exit code 1 (use -v to see invocation)


$ ragg2 -v
ragg2 0.9.5git /usr/local/include/libr/sflib
$ radare2 -v
radare2 0.9.5git @ linux-little-x86-64 git.0.9.4-481-g49bbd39
commit: 49bbd3963936d38b163e1fce0a53c40bafd61f1f build: 2013-10-13

[zonkzonk]

,git diff 1e1f84c ragg2/ragg2.c
diff --git a/binr/ragg2/ragg2.c b/binr/ragg2/ragg2.c
index 8bf5882..ae23d3c 100644
--- a/binr/ragg2/ragg2.c
+++ b/binr/ragg2/ragg2.c
@@ -224,7 +224,7 @@ int main(int argc, char **argv) {
}
}

•   if (optind == argc && !shellcode && !bytes && !contents && !encoder && !padding) {
  

•   if (optind == argc && ( !shellcode || !bytes || !contents || !encoder || !padding)) {
          return usage (0);
  } else file = argv[optind];
  

[zonkzonk]

Hm, that makes the segfault go away, but also breaks -B :/

[radare]

You can only use syscalls in ragg2-cc, system() is not a valid call unless you define the pointer somewhere. The error is correct.

[radare]

The segfault is because you are using a xor encoder which is only valid for shellcodes, not executables, unless you set rwx perms to the text section, which is not valid for any modern system. (that's what the '=> 0x1031011: xor %bl,(%rsi)' does)