Skip to content

Commit

Permalink
make pylint happy again
Browse files Browse the repository at this point in the history
  • Loading branch information
Kyle-Kyle committed Jul 27, 2023
1 parent 22fd6f9 commit aa86ed4
Show file tree
Hide file tree
Showing 3 changed files with 6 additions and 3 deletions.
3 changes: 2 additions & 1 deletion rex/crash_tracer/dumb_tracer.py
Original file line number Diff line number Diff line change
Expand Up @@ -275,7 +275,8 @@ def bootstrap_state(self, state, **kwargs):
word_size = self.project.arch.bytes

# we operate on concrete memory so far, so it is safe to load and eval concrete memory
data = crashing_state.solver.eval(crashing_state.memory.load(self._save_ip_addr, len(self.testcase)), cast_to=bytes)
sim_data = crashing_state.memory.load(self._save_ip_addr, len(self.testcase))
data = crashing_state.solver.eval(sim_data, cast_to=bytes)
assert data[:word_size] in self.testcase, "PC is not overwritten!"

# identify marker from the original input on stack
Expand Down
2 changes: 1 addition & 1 deletion rex/exploit/technique.py
Original file line number Diff line number Diff line change
Expand Up @@ -516,7 +516,7 @@ def _ip_overwrite_with_chain(self, chain, state=None, assert_next_ip_controlled=
jumps_to = sp + (gadget.stack_change - self.crash.project.arch.bytes)

# does it hit the controlled region?
if not (addr <= jumps_to < addr + symbolic_stack[addr]):
if not addr <= jumps_to < addr + symbolic_stack[addr]:
continue

# it lands in a controlled region, but does our chain fit?
Expand Down
4 changes: 3 additions & 1 deletion rex/exploit/techniques/ret2libc.py
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,9 @@
l = logging.getLogger("rex.exploit.techniques.ret2libc")

class Ret2Libc(Technique):
"""
A technique to ROP and invoke system in libc
"""

name = "ret2libc"
applicable_to = ['unix']
Expand All @@ -32,7 +35,6 @@ def contain_bad_byte(self, ptr):

def _find_libs_system_addrs(self):
system_addrs = []
state = self.crash.state
libc_name = os.path.basename(self.crash.libc_binary)

# angr does not handle PLT well for some architectures,
Expand Down

0 comments on commit aa86ed4

Please sign in to comment.