Merge branch 'stable' into beta

Author: Arusekk

.github/workflows/changelog.yml

@@ -17,4 +17,13 @@ jobs:
 
     - name: Check changelog for updates
       run: |
-        git log --stat ${GITHUB_BASE}..HEAD | grep CHANGELOG.md
+        if git log --stat ${GITHUB_BASE}..HEAD | grep CHANGELOG.md; then
+           echo 'Changelog updated :D'
+        else
+           if git log --stat ${GITHUB_BASE}..HEAD | grep '++\|--'; then
+              echo 'Major changes detected, changelog required!'
+              false
+           else
+              echo 'Minor changes detected, no changelog required!'
+           fi
+        fi

.github/workflows/ci.yml

@@ -2,7 +2,7 @@ name: Continuous Integration
 on: [push, pull_request]
 
 jobs:
-  build:
+  test:
     strategy:
       matrix:
         python-version: [2.7, 3.8]
@@ -194,7 +194,7 @@ jobs:
   staging-merge:
     runs-on: ubuntu-latest
     if: github.repository_owner == 'Gallopsled' && github.event_name == 'push' && startsWith(github.event.ref, 'refs/heads/') && endsWith(github.event.ref, '-staging')
-    needs: build
+    needs: test
     steps:
     - uses: actions/checkout@v2
       with:
@@ -212,7 +212,7 @@ jobs:
   pypi:
     runs-on: ubuntu-latest
     if: github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags')
-    needs: build
+    needs: test
     steps:
     - name: Download artifacts
       uses: actions/download-artifact@v2

.github/workflows/lint.yml

@@ -2,7 +2,7 @@ name: Lint
 on: [push, pull_request]
 
 jobs:
-  build:
+  lint:
     strategy:
       matrix:
         python-version: [3.8]

CHANGELOG.md

@@ -106,8 +106,11 @@ The table below shows which release corresponds to each branch, and what date th
 ## 4.2.1 (`stable`)
 
 - [#1625][1625] GDB now properly loads executables with QEMU
+- [#1663][1663] Change lookup algorithm of `adb.which`
+- [#1699][1699] Fix broken linux shellcraft templates
 
 [1625]: https://github.com/Gallopsled/pwntools/pull/1625
+[1699]: https://github.com/Gallopsled/pwntools/pull/1699
 
 ## 4.2.0
 

pwnlib/adb/adb.py

@@ -827,10 +827,12 @@ def which(name, all = False, *a, **kw):
     """
     # Unfortunately, there is no native 'which' on many phones.
     which_cmd = '''
-echo $PATH | while read -d: directory; do
-    [ -x "$directory/{name}" ] || continue;
-    echo -n "$directory/{name}\\x00";
-done
+(IFS=:
+  for directory in $PATH; do
+      [ -x "$directory/{name}" ] || continue;
+      echo -n "$directory/{name}\\x00";
+  done
+)
 [ -x "{name}" ] && echo -n "$PWD/{name}\\x00"
 '''.format(name=name)
 

pwnlib/elf/config.py

@@ -21,8 +21,8 @@ def __init__(self, name, title, requires=[], excludes=[], minver=0, maxver=99):
         self.excludes = set(excludes)
 
         #: Kernel version that this check should be enforced on
-        self.minver = map(int, str(minver).split('.'))
-        self.maxver = map(int, str(maxver).split('.'))
+        self.minver = list(map(int, str(minver).split('.')))
+        self.maxver = list(map(int, str(maxver).split('.')))
 
     def relevant(self, config):
 

pwnlib/elf/elf.py

@@ -319,7 +319,7 @@ def __init__(self, path, checksec=True):
                 config = gz.read()
 
             if config:
-                self.config = parse_kconfig(config)
+                self.config = parse_kconfig(config.decode())
 
         #: ``True`` if the ELF is a statically linked executable
         self.statically_linked = bool(self.elftype == 'EXEC' and self.load_addr)
@@ -1055,7 +1055,10 @@ def _populate_kernel_version(self):
             return
 
         banner = self.string(self.symbols.linux_banner)
-
+        
+        # convert banner into a utf-8 string since re.search does not accept bytes anymore
+        banner = banner.decode('utf-8')
+        
         # 'Linux version 3.18.31-gd0846ecc
         regex = r'Linux version (\S+)'
         match = re.search(regex, banner)

pwnlib/rop/rop.py

@@ -1129,15 +1129,15 @@ def __load(self):
         #
         # - leave
         # - pop reg
-        # - add $sp, value
+        # - add $sp, <hexadecimal value>
         # - ret
         #
         # Currently, ROPgadget does not detect multi-byte "C2" ret.
         # https://github.com/JonathanSalwan/ROPgadget/issues/53
         #
 
         pop   = re.compile(r'^pop (.{3})')
-        add   = re.compile(r'^add [er]sp, (\S+)$')
+        add   = re.compile(r'^add [er]sp, ((?:0[xX])?[0-9a-fA-F]+)$')
         ret   = re.compile(r'^ret$')
         leave = re.compile(r'^leave$')
         int80 = re.compile(r'int +0x80')
@@ -1153,6 +1153,8 @@ def __load(self):
         # False
         # >>> valid('add esp, 0x24')
         # True
+        # >>> valid('add esp, esi')
+        # False
         #
         valid = lambda insn: any(map(lambda pattern: pattern.match(insn), [pop,add,ret,leave,int80,syscall,sysenter]))
 

pwnlib/shellcraft/templates/i386/linux/acceptloop_ipv4.asm

@@ -20,22 +20,22 @@ ${acceptloop}:
     /*  Socket file descriptor is placed in EBP */
 
     /*  sock = socket(AF_INET, SOCK_STREAM, 0) */
-    ${i386.linux.push(0)}
-    ${i386.linux.push('SOCK_STREAM')}
-    ${i386.linux.push('AF_INET')}
+    ${i386.push(0)}
+    ${i386.push('SOCK_STREAM')}
+    ${i386.push('AF_INET')}
     ${i386.linux.syscall('SYS_socketcall', 'SYS_socketcall_socket', 'esp')}
 
-    ${i386.linux.mov('esi', 'eax')}      /* keep socket fd */
+    ${i386.mov('esi', 'eax')}      /* keep socket fd */
 
     /*  bind(sock, &addr, sizeof addr); // sizeof addr == 0x10 */
-    ${i386.linux.push(0)}
+    ${i386.push(0)}
     /* ${htons(port)} == htons(${port}) */
-    ${i386.linux.push('AF_INET | (%d << 16)' % htons(port))}
-    ${i386.linux.mov('ecx', 'esp')}
+    ${i386.push('AF_INET | (%d << 16)' % htons(port))}
+    ${i386.mov('ecx', 'esp')}
 
-    ${i386.linux.push(0x10)}    /* sizeof addr */
-    ${i386.linux.push('ecx')}   /* &addr */
-    ${i386.linux.push('eax')}   /* sock */
+    ${i386.push(0x10)}    /* sizeof addr */
+    ${i386.push('ecx')}   /* &addr */
+    ${i386.push('eax')}   /* sock */
     ${i386.linux.syscall('SYS_socketcall', 'SYS_socketcall_bind', 'esp')}
 
     /*  listen(sock, whatever) */
@@ -44,17 +44,17 @@ ${acceptloop}:
 
 ${looplabel}:
     /*  accept(sock, NULL, NULL) */
-    ${i386.linux.push(0x0)}
-    ${i386.linux.push('esi')} /* sock */
+    ${i386.push(0x0)}
+    ${i386.push('esi')} /* sock */
     ${i386.linux.syscall('SYS_socketcall', 'SYS_socketcall_accept', 'esp')}
 
-    ${i386.linux.mov('ebp', 'eax')}      /* keep in-coming socket fd */
+    ${i386.mov('ebp', 'eax')}      /* keep in-coming socket fd */
 
     ${i386.linux.syscall('SYS_fork')}
     xchg eax, edi
 
     test edi, edi
-    ${i386.linux.mov('ebx', 'ebp')}
+    ${i386.mov('ebx', 'ebp')}
     cmovz ebx, esi /*  on child we close the server sock instead */
 
     /*  close(sock) */

pwnlib/shellcraft/templates/i386/linux/mprotect_all.asm

@@ -22,6 +22,6 @@
 %endif
 ${label}:
     ${i386.linux.syscall('SYS_mprotect', 'ebx', 'ecx', 'PROT_READ | PROT_WRITE | PROT_EXEC')}
-    ${i386.linux.mov('ecx', 0x1000)}
+    ${i386.mov('ecx', 0x1000)}
     add ebx, ecx
     jnz ${label}