[*] Binary protection state of lldpd
Full RELRO Canary found NX disabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function strcat tear down of lldpd
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/4325012-58052244.squashfs_v4_le_extract/usr/sbin/lldpd @ 0x18490 */
| #include <stdint.h>
|
; (fcn) fcn.00018490 () | void fcn_00018490 () {
0x00018490 lui gp, 4 |
0x00018494 addiu gp, gp, -0x1b80 |
0x00018498 addu gp, gp, t9 | gp += t9;
0x0001849c addiu sp, sp, -0x2058 |
0x000184a0 lw t9, -0x7a54(gp) | t9 = *((gp - 7829));
0x000184a4 sw s4, 0x2040(sp) | *(arg_2040h) = s4;
0x000184a8 lw s4, -0x794c(gp) | s4 = *((gp - 7763));
0x000184ac sw fp, 0x2050(sp) | *(arg_2050h) = fp;
0x000184b0 move fp, sp | fp = sp;
0x000184b4 lw v0, (s4) | v0 = *(s4);
0x000184b8 sw s1, 0x2034(sp) | *(arg_2034h) = s1;
0x000184bc addiu s1, fp, 0x1028 | s1 = fp + 0x1028;
0x000184c0 sw ra, 0x2054(sp) | *(arg_2054h) = ra;
0x000184c4 sw s5, 0x2044(sp) | *(arg_2044h) = s5;
0x000184c8 sw s3, 0x203c(sp) | *(arg_203ch) = s3;
0x000184cc sw s2, 0x2038(sp) | *(arg_2038h) = s2;
0x000184d0 sw s0, 0x2030(sp) | *(arg_2030h) = s0;
0x000184d4 sw gp, 0x18(sp) | *(var_18h) = gp;
0x000184d8 move s3, a0 | s3 = a0;
0x000184dc addiu a2, zero, 0x1001 | a2 = 0x1001;
0x000184e0 move a1, zero | a1 = 0;
0x000184e4 move a0, s1 | a0 = s1;
0x000184e8 sw s7, 0x204c(sp) | *(arg_204ch) = s7;
0x000184ec sw s6, 0x2048(sp) | *(arg_2048h) = s6;
0x000184f0 sw v0, 0x202c(fp) | *(arg_202ch) = v0;
0x000184f4 addiu s2, fp, 0x24 | s2 = fp + 0x24;
0x000184f8 jalr t9 | t9 ();
0x000184fc lw gp, 0x18(fp) | gp = *(arg_18h);
0x00018500 addiu a2, zero, 0x1001 | a2 = 0x1001;
0x00018504 lw t9, -0x7fb8(gp) | t9 = sym.strlcpy;
0x00018508 move a1, s3 | a1 = s3;
0x0001850c move a0, s2 | a0 = s2;
0x00018510 bal 0x14570 | sym_strlcpy ();
0x00018514 lw gp, 0x18(fp) | gp = *(arg_18h);
0x00018518 move s0, v0 | s0 = v0;
0x0001851c lw t9, -0x7a60(gp) | t9 = sym.imp.__errno_location;
0x00018520 sltiu s0, s0, 0x1001 | s0 = (s0 < 0x1001) ? 1 : 0;
0x00018524 jalr t9 | t9 ();
0x00018528 move s5, v0 | s5 = v0;
0x0001852c lw gp, 0x18(fp) | gp = *(arg_18h);
| if (s0 == 0) {
0x00018530 beqz s0, 0x18888 | goto label_3;
| }
0x00018534 lb v0, 0x24(fp) | v0 = *(arg_24h);
0x00018538 addiu v1, zero, 0x2f | v1 = 0x2f;
| if (v0 != v1) {
0x0001853c beql v0, v1, 0x18544 |
0x00018540 sb v0, 0x1028(fp) | *(arg_1028h) = v0;
| }
0x00018544 lw s0, -0x7fbc(gp) | s0 = *((gp - 8175));
0x00018548 lw t9, -0x7a88(gp) | t9 = sym.imp.strtok;
0x0001854c addiu a1, s0, -0x7204 | a1 = s0 + -0x7204;
0x00018550 move a0, s2 | a0 = s2;
0x00018554 jalr t9 | t9 ();
0x00018558 lw gp, 0x18(fp) | gp = *(arg_18h);
| if (v0 == 0) {
0x0001855c beqz v0, 0x185d4 | goto label_4;
| }
0x00018560 addiu s6, zero, 0x11 | s6 = 0x11;
0x00018564 addiu s0, s0, -0x7204 | s0 += -0x7204;
| do {
0x00018568 lw t9, -0x78ec(gp) | t9 = sym.imp.__strcat_chk
0x0001856c addiu a2, zero, 0x1001 | a2 = 0x1001;
0x00018570 move a1, v0 | a1 = v0;
0x00018574 move a0, s1 | a0 = s1;
0x00018578 jalr t9 | t9 ();
0x0001857c lw gp, 0x18(fp) | gp = *(arg_18h);
0x00018580 addiu a1, zero, 0x1ed | a1 = 0x1ed;
0x00018584 lw t9, -0x7a58(gp) | t9 = sym.imp.mkdir;
0x00018588 move a0, s1 | a0 = s1;
0x0001858c jalr t9 | t9 ();
0x00018590 lw gp, 0x18(fp) | gp = *(arg_18h);
| if (v0 != 0) {
0x00018594 beqz v0, 0x185a4 |
0x00018598 lw v0, (s5) | v0 = *(s5);
0x0001859c lw a1, -0x7fbc(gp) | a1 = *((gp - 8175));
| if (v0 != s6) {
0x000185a0 bne v0, s6, 0x18894 | goto label_5;
| }
| }
0x000185a4 lw t9, -0x78ec(gp) | t9 = sym.imp.__strcat_chk
0x000185a8 addiu a2, zero, 0x1001 | a2 = 0x1001;
0x000185ac move a1, s0 | a1 = s0;
0x000185b0 move a0, s1 | a0 = s1;
0x000185b4 jalr t9 | t9 ();
0x000185b8 lw gp, 0x18(fp) | gp = *(arg_18h);
0x000185bc move a1, s0 | a1 = s0;
0x000185c0 lw t9, -0x7a88(gp) | t9 = sym.imp.strtok;
0x000185c4 move a0, zero | a0 = 0;
0x000185c8 jalr t9 | t9 ();
0x000185cc lw gp, 0x18(fp) | gp = *(arg_18h);
0x000185d0 bnez v0, 0x18568 |
| } while (v0 != 0);
| label_4:
0x000185d4 lw v0, -0x7fbc(gp) | v0 = *((gp - 8175));
0x000185d8 lw t9, -0x78fc(gp) | t9 = sym.imp.__snprintf_chk;
| /* str._s_etc_localtime */
0x000185dc addiu v0, v0, -0x6344 | v0 += -0x6344;
0x000185e0 sw zero, (s5) | *(s5) = 0;
0x000185e4 addiu a3, zero, 0x400 | a3 = aav.0x00000400;
0x000185e8 sw s3, 0x14(sp) | *(var_14h) = s3;
0x000185ec sw v0, 0x10(sp) | *(var_10h_5) = v0;
0x000185f0 addiu a2, zero, 1 | a2 = 1;
0x000185f4 addiu a1, zero, 0x400 | a1 = aav.0x00000400;
0x000185f8 move a0, s2 | a0 = s2;
0x000185fc jalr t9 | t9 ();
0x00018600 sltiu v0, v0, 0x400 | v0 = (v0 < aav.0x00000400) ? 1 : 0;
0x00018604 lw gp, 0x18(fp) | gp = *(arg_18h);
0x00018608 bnez v0, 0x1864c |
| while (v1 == v0) {
| label_0:
0x0001860c lw v1, 0x202c(fp) | v1 = *(arg_202ch);
0x00018610 lw v0, (s4) | v0 = *(s4);
0x00018614 lw ra, 0x2054(fp) | ra = *(arg_bp_2054h);
| if (v1 != v0) {
0x00018618 bne v1, v0, 0x18920 | goto label_6;
| }
0x0001861c move sp, fp |
0x00018620 lw fp, 0x2050(sp) | fp = *(arg_2050h);
0x00018624 lw s7, 0x204c(sp) | s7 = *(arg_204ch);
0x00018628 lw s6, 0x2048(sp) | s6 = *(arg_2048h);
0x0001862c lw s5, 0x2044(sp) | s5 = *(arg_2044h);
0x00018630 lw s4, 0x2040(sp) | s4 = *(arg_2040h);
0x00018634 lw s3, 0x203c(sp) | s3 = *(arg_203ch);
0x00018638 lw s2, 0x2038(sp) | s2 = *(arg_2038h);
0x0001863c lw s1, 0x2034(sp) | s1 = *(arg_2034h);
0x00018640 lw s0, 0x2030(sp) | s0 = *(arg_2030h);
0x00018644 addiu sp, sp, 0x2058 |
0x00018648 jr ra | return v0;
0x0001864c lw a0, -0x7fbc(gp) | a0 = *((gp - 8175));
0x00018650 lw t9, -0x7a14(gp) | t9 = sym.imp.open;
0x00018654 move a1, zero | a1 = 0;
| /* esilref: '/etc/localtime' */
0x00018658 addiu a0, a0, -0x6300 | a0 += -0x6300;
0x0001865c jalr t9 | t9 ();
0x00018660 addiu s6, zero, -1 | s6 = -1;
0x00018664 lw gp, 0x18(fp) | gp = *(arg_18h);
0x00018668 move s0, v0 | s0 = v0;
| if (v0 != s6) {
0x0001866c bne v0, s6, 0x1869c | goto label_7;
| }
0x00018670 lw v1, (s5) | v1 = *(s5);
0x00018674 addiu v0, zero, 2 | v0 = 2;
0x00018678 lw a1, -0x7fbc(gp) | a1 = *((gp - 8175));
0x0001867c beq v1, v0, 0x1860c |
| }
0x00018680 lw a0, -0x7fbc(gp) | a0 = *((gp - 8175));
0x00018684 lw t9, -0x7f7c(gp) | t9 = sym.log_warn;
| /* str.cannot_read__etc_localtime */
0x00018688 addiu a1, a1, -0x630c | a1 += -0x630c;
| /* str.privsep */
0x0001868c addiu a0, a0, -0x755c | a0 += -0x755c;
0x00018690 bal 0x14020 | sym_log_warn ();
0x00018694 lw gp, 0x18(fp) | gp = *(arg_18h);
0x00018698 b 0x1860c | goto label_0;
| label_7:
0x0001869c lw t9, -0x7a28(gp) | t9 = sym.imp.strlen;
0x000186a0 move a0, s3 | a0 = s3;
0x000186a4 jalr t9 | t9 ();
0x000186a8 lw gp, 0x18(fp) | gp = *(arg_18h);
0x000186ac addiu v1, fp, 0x2030 | v1 = fp + 0x2030;
0x000186b0 addu v0, v1, v0 | v0 = v1 + v0;
0x000186b4 lw t9, -0x7a58(gp) | t9 = sym.imp.mkdir;
0x000186b8 addiu a1, zero, 0x1ed | a1 = 0x1ed;
0x000186bc move a0, s2 | a0 = s2;
0x000186c0 sb zero, -0x2008(v0) | *((v0 - 8200)) = 0;
0x000186c4 jalr t9 | t9 ();
0x000186c8 lw gp, 0x18(fp) | gp = *(arg_18h);
| if (v0 == s6) {
0x000186cc bne v0, s6, 0x186e0 |
0x000186d0 lw v1, (s5) | v1 = *(s5);
0x000186d4 addiu v0, zero, 0x11 | v0 = 0x11;
0x000186d8 lw a1, -0x7fbc(gp) | a1 = *((gp - 8175));
| if (v1 != v0) {
0x000186dc bne v1, v0, 0x18858 | goto label_8;
| }
| }
0x000186e0 lw t9, -0x7a28(gp) | t9 = sym.imp.strlen;
0x000186e4 move a0, s3 | a0 = s3;
0x000186e8 jalr t9 | t9 ();
0x000186ec lw gp, 0x18(fp) | gp = *(arg_18h);
0x000186f0 addiu v1, fp, 0x2030 | v1 = fp + 0x2030;
0x000186f4 addu v0, v1, v0 | v0 = v1 + v0;
0x000186f8 addiu v1, zero, 0x2f | v1 = 0x2f;
0x000186fc lw t9, -0x7b08(gp) | t9 = sym.imp.umask;
0x00018700 addiu a0, zero, 0x12 | a0 = 0x12;
0x00018704 sb v1, -0x2008(v0) | *((v0 - 8200)) = v1;
0x00018708 jalr t9 | t9 ();
0x0001870c lw gp, 0x18(fp) | gp = *(arg_18h);
0x00018710 addiu a2, zero, 0x1b6 | a2 = 0x1b6;
0x00018714 addiu a1, zero, 0x701 | a1 = 0x701;
0x00018718 lw t9, -0x7a14(gp) | t9 = sym.imp.open;
0x0001871c move a0, s2 | a0 = s2;
0x00018720 move s6, v0 | s6 = v0;
0x00018724 jalr t9 | t9 ();
0x00018728 move s3, v0 | s3 = v0;
0x0001872c addiu v0, zero, -1 | v0 = -1;
0x00018730 lw gp, 0x18(fp) | gp = *(arg_18h);
| if (s3 == v0) {
0x00018734 beq s3, v0, 0x18804 | goto label_9;
| }
0x00018738 lw t9, -0x7b08(gp) | t9 = sym.imp.umask;
0x0001873c move a0, s6 | a0 = s6;
0x00018740 jalr t9 | t9 ();
0x00018744 lw gp, 0x18(fp) | gp = *(arg_18h);
0x00018748 lw t9, -0x791c(gp) | t9 = sym.imp.read;
| label_1:
0x0001874c addiu a2, zero, 0x400 | a2 = aav.0x00000400;
0x00018750 move a1, s1 | a1 = s1;
0x00018754 move a0, s0 | a0 = s0;
0x00018758 jalr t9 | t9 ();
0x0001875c move s7, v0 | s7 = v0;
0x00018760 lw gp, 0x18(fp) | gp = *(arg_18h);
| if (v0 <= 0) {
0x00018764 blez v0, 0x188a8 | goto label_10;
| }
0x00018768 move s6, s1 | s6 = s1;
| do {
0x0001876c lw t9, -0x7a30(gp) | t9 = sym.imp.write;
| label_2:
0x00018770 move a2, s7 | a2 = s7;
0x00018774 move a1, s6 | a1 = s6;
0x00018778 move a0, s3 | a0 = s3;
0x0001877c jalr t9 | t9 ();
0x00018780 addiu v1, zero, -1 | v1 = -1;
0x00018784 lw gp, 0x18(fp) | gp = *(arg_18h);
| if (v0 == v1) {
0x00018788 beq v0, v1, 0x187a0 | goto label_11;
| }
0x0001878c subu s7, s7, v0 | __asm ("subu s7, s7, v0");
0x00018790 addu s6, s6, v0 | s6 += v0;
0x00018794 bgtz s7, 0x1876c |
| } while (s7 > 0);
0x00018798 lw t9, -0x791c(gp) | t9 = sym.imp.read;
0x0001879c b 0x1874c | goto label_1;
| label_11:
0x000187a0 lw v0, (s5) | v0 = *(s5);
0x000187a4 addiu v1, zero, 4 | v1 = 4;
0x000187a8 lw t9, -0x7a30(gp) | t9 = sym.imp.write;
| if (v0 == v1) {
0x000187ac beq v0, v1, 0x18770 | goto label_2;
| }
0x000187b0 lw a1, -0x7fbc(gp) | a1 = *((gp - 8175));
0x000187b4 lw a0, -0x7fbc(gp) | a0 = *((gp - 8175));
0x000187b8 lw t9, -0x7f7c(gp) | t9 = sym.log_warn;
0x000187bc move a2, s2 | a2 = s2;
| /* str.cannot_write_to__s */
0x000187c0 addiu a1, a1, -0x62bc | a1 += -0x62bc;
| /* str.privsep */
0x000187c4 addiu a0, a0, -0x755c | a0 += -0x755c;
0x000187c8 bal 0x14020 | sym_log_warn ();
0x000187cc lw gp, 0x18(fp) | gp = *(arg_18h);
0x000187d0 lw t9, -0x7b28(gp) | t9 = sym.imp.close;
0x000187d4 move a0, s0 | a0 = s0;
0x000187d8 jalr t9 | t9 ();
0x000187dc lw gp, 0x18(fp) | gp = *(arg_18h);
0x000187e0 lw t9, -0x7b28(gp) | t9 = sym.imp.close;
0x000187e4 move a0, s3 | a0 = s3;
0x000187e8 jalr t9 | t9 ();
0x000187ec lw gp, 0x18(fp) | gp = *(arg_18h);
0x000187f0 lw t9, -0x799c(gp) | t9 = sym.imp.unlink;
0x000187f4 move a0, s2 | a0 = s2;
0x000187f8 jalr t9 | t9 ();
0x000187fc lw gp, 0x18(fp) | gp = *(arg_18h);
0x00018800 b 0x1860c | goto label_0;
| label_9:
0x00018804 lw v1, (s5) | v1 = *(s5);
0x00018808 addiu v0, zero, 0x11 | v0 = 0x11;
0x0001880c lw a1, -0x7fbc(gp) | a1 = *((gp - 8175));
0x00018810 bne v1, v0, 0x18838 |
| while (1) {
0x00018814 lw t9, -0x7b28(gp) | t9 = sym.imp.close;
0x00018818 move a0, s0 | a0 = s0;
0x0001881c jalr t9 | t9 ();
0x00018820 lw gp, 0x18(fp) | gp = *(arg_18h);
0x00018824 lw t9, -0x7b08(gp) | t9 = sym.imp.umask;
0x00018828 move a0, s6 | a0 = s6;
0x0001882c jalr t9 | t9 ();
0x00018830 lw gp, 0x18(fp) | gp = *(arg_18h);
0x00018834 b 0x1860c | goto label_0;
0x00018838 lw a0, -0x7fbc(gp) | a0 = *((gp - 8175));
0x0001883c lw t9, -0x7f7c(gp) | t9 = sym.log_warn;
0x00018840 move a2, s2 | a2 = s2;
| /* str.cannot_create__s */
0x00018844 addiu a1, a1, -0x62d0 | a1 += -0x62d0;
| /* str.privsep */
0x00018848 addiu a0, a0, -0x755c | a0 += -0x755c;
0x0001884c bal 0x14020 | sym_log_warn ();
0x00018850 lw gp, 0x18(fp) | gp = *(arg_18h);
0x00018854 b 0x18814 |
| }
| label_8:
0x00018858 lw a0, -0x7fbc(gp) | a0 = *((gp - 8175));
0x0001885c lw t9, -0x7f7c(gp) | t9 = sym.log_warn;
0x00018860 move a2, s2 | a2 = s2;
| /* str.unable_to_create__s_directory */
0x00018864 addiu a1, a1, -0x62f0 | a1 += -0x62f0;
| /* str.privsep */
0x00018868 addiu a0, a0, -0x755c | a0 += -0x755c;
0x0001886c bal 0x14020 | sym_log_warn ();
0x00018870 lw gp, 0x18(fp) | gp = *(arg_18h);
0x00018874 lw t9, -0x7b28(gp) | t9 = sym.imp.close;
0x00018878 move a0, s0 | a0 = s0;
0x0001887c jalr t9 | t9 ();
0x00018880 lw gp, 0x18(fp) | gp = *(arg_18h);
0x00018884 b 0x1860c | goto label_0;
| label_3:
0x00018888 addiu v0, zero, 0x4e | v0 = 0x4e;
0x0001888c sw v0, (s5) | *(s5) = v0;
0x00018890 lw a1, -0x7fbc(gp) | a1 = *((gp - 8175));
| label_5:
0x00018894 lw a0, -0x7fbc(gp) | a0 = *((gp - 8175));
0x00018898 lw t9, -0x7f5c(gp) | t9 = sym.fatal;
| /* str.unable_to_create_chroot_directory */
0x0001889c addiu a1, a1, -0x6330 | a1 += -0x6330;
| /* str.privsep */
0x000188a0 addiu a0, a0, -0x755c | a0 += -0x755c;
0x000188a4 bal 0x143f4 | sym_fatal ();
| label_10:
0x000188a8 addiu v0, zero, -1 | v0 = -1;
0x000188ac lw a1, -0x7fbc(gp) | a1 = *((gp - 8175));
| if (s7 == v0) {
0x000188b0 beq s7, v0, 0x188f0 | goto label_12;
| }
0x000188b4 lw a0, -0x7fbc(gp) | a0 = *((gp - 8175));
0x000188b8 lw t9, -0x7fb4(gp) | t9 = sym.log_info;
| /* str._etc_localtime_copied_to_chroot */
0x000188bc addiu a1, a1, -0x62a8 | a1 += -0x62a8;
| /* str.privsep */
0x000188c0 addiu a0, a0, -0x755c | a0 += -0x755c;
0x000188c4 bal 0x14214 | sym_log_info ();
0x000188c8 lw gp, 0x18(fp) | gp = *(arg_18h);
| do {
0x000188cc lw t9, -0x7b28(gp) | t9 = sym.imp.close;
0x000188d0 move a0, s0 | a0 = s0;
0x000188d4 jalr t9 | t9 ();
0x000188d8 lw gp, 0x18(fp) | gp = *(arg_18h);
0x000188dc lw t9, -0x7b28(gp) | t9 = sym.imp.close;
0x000188e0 move a0, s3 | a0 = s3;
0x000188e4 jalr t9 | t9 ();
0x000188e8 lw gp, 0x18(fp) | gp = *(arg_18h);
0x000188ec b 0x1860c | goto label_0;
| label_12:
0x000188f0 lw a1, -0x7fbc(gp) | a1 = *((gp - 8175));
0x000188f4 lw a0, -0x7fbc(gp) | a0 = *((gp - 8175));
0x000188f8 lw t9, -0x7f7c(gp) | t9 = sym.log_warn;
| /* str.cannot_read__etc_localtime */
0x000188fc addiu a1, a1, -0x630c | a1 += -0x630c;
| /* str.privsep */
0x00018900 addiu a0, a0, -0x755c | a0 += -0x755c;
0x00018904 bal 0x14020 | sym_log_warn ();
0x00018908 lw gp, 0x18(fp) | gp = *(arg_18h);
0x0001890c lw t9, -0x799c(gp) | t9 = sym.imp.unlink;
0x00018910 move a0, s2 | a0 = s2;
0x00018914 jalr t9 | t9 ();
0x00018918 lw gp, 0x18(fp) | gp = *(arg_18h);
0x0001891c b 0x188cc |
| } while (1);
| label_6:
0x00018920 lw t9, -0x7984(gp) | t9 = sym.imp.__stack_chk_fail;
0x00018924 jalr t9 | t9 ();
0x00018928 nop |
| }
[*] Function strcat used 3 times lldpd
