Skip to content

Ensure argv[0] is not NULL#281

Merged
msutovsky-r7 merged 1 commit into
rapid7:masterfrom
dledda-r7:fix/memfd_null_argv0
Jul 3, 2025
Merged

Ensure argv[0] is not NULL#281
msutovsky-r7 merged 1 commit into
rapid7:masterfrom
dledda-r7:fix/memfd_null_argv0

Conversation

@dledda-r7

Copy link
Copy Markdown
Contributor

This fixes a bug discovered during the testing of rapid7/metasploit-framework#19799

Specifically, with the introduction of the in_memory_loader, used to convert the ELF file to a shellcode (mainly to be able to prepend code on it) we deliver an elf file that execute the original mettle stageless payload by creating a file descriptor with memfd_create and executing it with execve/execveat. In this scenario, some systems (eg. Ubuntu 16.04 x86) receive an NULL inside the argv[0] making the payload segfault. This PR fixes this issue.

@msutovsky-r7 msutovsky-r7 merged commit 7263aea into rapid7:master Jul 3, 2025
34 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants