This evil file cannot be scanned with strings command:

[EMAIL PROTECTED]:/research# strings evil
Violación de segmento   

[EMAIL PROTECTED]:/research# cat evil
%253Cc%253Cc%253Cc%253Cc%253Cc%253Cc%253Cc
[EMAIL PROTECTED]:/research#

(gdb) r evil
Starting program: /usr/bin/strings evil
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)

Program received signal SIGSEGV, Segmentation fault.
0xb7e9ecbd in bfd_hash_lookup () from /usr/lib/libbfd-2.16.1.so
(gdb)

The problem is in bfd_hack_lookup from libbfd-2.16.1.so library, at this snippet
of code:

   1fcb1:       c1 ef 02                shr    $0x2,%edi
   1fcb4:       31 c7                   xor    %eax,%edi
   1fcb6:       89 f8                   mov    %edi,%eax
   1fcb8:       8b 4d 08                mov    0x8(%ebp),%ecx  
   1fcbb:       31 d2                   xor    %edx,%edx
   1fcbd:       f7 71 04                divl   0x4(%ecx)        <--SIGSEGV with
%253Cc%AAAAA%AAAAA%AAAAA%AAAAA%AAAAA%AAAAA
   1fcc0:       01 d2                   add    %edx,%edx
   1fcc2:       01 d2                   add    %edx,%edx
   1fcc4:       89 55 e0                mov    %edx,0xffffffe0(%ebp)


with %253Cc ecx gets 0x54 value, and it cannot access to this address. It seems
there is not exploitable.

Ubuntu:
Linux jolmos 2.6.12-9-386 #1 Mon Oct 10 13:14:36 BST 2005 i686 GNU/Linux

i have tested on other kernels and the result is the same.

Jesús Olmos Gonzalez
Internet Security Auditors
www.isecauditors.com

-- 
           Summary: SIGSEGV in strings tool when the file is crafted.
           Product: binutils
           Version: 2.16
            Status: NEW
          Severity: normal
          Priority: P2
         Component: binutils
        AssignedTo: unassigned at sources dot redhat dot com
        ReportedBy: jolmos at isecauditors dot com
                CC: bug-binutils at gnu dot org
GCC target triplet: strings and libbfd-2.16.1.so


http://sourceware.org/bugzilla/show_bug.cgi?id=2584

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.


_______________________________________________
bug-binutils mailing list
bug-binutils@gnu.org
http://lists.gnu.org/mailman/listinfo/bug-binutils

Reply via email to