[*] Binary protection state of mod_reqtimeout.so

  
  	Full RELRO     Canary found      NX enabled   DSO          No RPATH     No RUNPATH   No Symbols


[*] Function sprintf tear down of mod_reqtimeout.so

    ; assembly                                                   | /* r2dec pseudo code output */
                                                                 | /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-80367616.squashfs_v4_le_extract/usr/lib/apache2/modules/mod_reqtimeout.so @ 0x1028 */
                                                                 | #include <stdint.h>
                                                                 |  
    ; (fcn) fcn.00001028 ()                                      | void fcn_00001028 (int16_t arg1, int16_t arg2, int16_t arg3) {
                                                                 |     int16_t var_0h_2;
                                                                 |     int16_t var_ch;
                                                                 |     char * s2;
                                                                 |     int16_t var_14h;
                                                                 |     char * var_18h;
                                                                 |     int16_t var_1ch;
                                                                 |     char * * endptr;
                                                                 |     int16_t var_4h;
                                                                 |     r0 = arg1;
                                                                 |     r1 = arg2;
                                                                 |     r2 = arg3;
    0x00001028 invalid                                           |     
    0x0000102c ldr r0, [pc, 0x6c]                                |     
    0x0000102e sub sp, 8                                         |     
    0x00001030 mov r4, r1                                        |     r4 = r1;
    0x00001032 mov r5, r2                                        |     r5 = r2;
    0x00001034 ldr r3, [pc, 0x68]                                |     r3 = *(0x10a0);
    0x00001036 movs r2, 0xa                                      |     r2 = 0xa;
    0x00001038 add r0, pc                                        |     r0 = 0x20d8;
    0x0000103a mov r1, sp                                        |     r1 = sp;
    0x0000103c ldr r3, [r0, r3]                                  |     
    0x0000103e mov r0, r4                                        |     r0 = r4;
    0x00001040 ldr r3, [r3]                                      |     r3 = *(0x20d8);
    0x00001042 str r3, [sp, 4]                                   |     var_4h = r3;
    0x00001044 mov.w r3, 0                                       |     r3 = 0;
    0x00001048 blx 0x9cc                                         |     strtol (r0, r1, r2);
    0x0000104c ldr r2, [sp]                                      |     r2 = *(sp);
    0x0000104e str r0, [r5]                                      |     *(r5) = r0;
    0x00001050 cmp r2, r4                                        |     
                                                                 |     if (r2 == r4) {
    0x00001052 beq 0x108a                                        |         goto label_5;
                                                                 |     }
    0x00001054 ldrb r3, [r2]                                     |     r3 = *(r2);
                                                                 |     if (r3 != 0) {
    0x00001056 cbnz r3, 0x107e                                   |         goto label_6;
                                                                 |     }
    0x00001058 cmp r0, 0                                         |     
    0x0000105a it ge                                             |     
                                                                 |     if (r0 < 0) {
    0x0000105c movge r0, r3                                      |         r0 = r3;
                                                                 |     }
    0x0000105e blt 0x1078                                        |     
                                                                 |     while (1) {
                                                                 | label_0:
    0x00001060 ldr r2, [pc, 0x40]                                |         
    0x00001062 ldr r3, [pc, 0x3c]                                |         r3 = *(0x10a2);
    0x00001064 add r2, pc                                        |         r2 = 0x210c;
    0x00001066 ldr r3, [r2, r3]                                  |         r3 = *(0x210c);
    0x00001068 ldr r2, [r3]                                      |         r2 = *(0x210c);
    0x0000106a ldr r3, [sp, 4]                                   |         r3 = var_4h;
    0x0000106c eors r2, r3                                       |         r2 ^= r3;
    0x0000106e mov.w r3, 0                                       |         r3 = 0;
                                                                 |         if (r2 != r3) {
    0x00001072 bne 0x1096                                        |             goto label_7;
                                                                 |         }
    0x00001074 add sp, 8                                         |         
    0x00001076 pop {r4, r5, r6, pc}                              |         
    0x00001078 ldr r0, [pc, 0x2c]                                |         
    0x0000107a add r0, pc                                        |         r0 = 0x2126;
    0x0000107c b 0x1060                                          |         
                                                                 |     }
                                                                 | label_6:
    0x0000107e ldr r1, [pc, 0x2c]                                |     
    0x00001080 mov r0, r6                                        |     r0 = r6;
    0x00001082 add r1, pc                                        |     r1 = 0x2134;
    0x00001084 blx 0xaa4                                         |     loc_imp_apr_psprintf ()
    0x00001088 b 0x1060                                          |     goto label_0;
                                                                 | label_5:
    0x0000108a ldr r1, [pc, 0x24]                                |     
    0x0000108c mov r0, r6                                        |     r0 = r6;
    0x0000108e add r1, pc                                        |     r1 = 0x2144;
    0x00001090 blx 0xaa4                                         |     loc_imp_apr_psprintf ()
    0x00001094 b 0x1060                                          |     goto label_0;
                                                                 | label_7:
    0x00001096 blx 0x9e4                                         |     stack_chk_fail ();
    0x0000109a nop                                               |     
    0x0000109c subs r4, r2, 4                                    |     r4 = r2 - 4;
    0x0000109e movs r0, r0                                       |     
    0x000010a0 lsls r4, r3, 2                                    |     r4 = r3 << 2;
    0x000010a2 movs r0, r0                                       |     
    0x000010a4 subs r0, r5, 3                                    |     r0 = r5 - 3;
    0x000010a6 movs r0, r0                                       |     
    0x000010a8 lsrs r6, r3, 6                                    |     r6 = r3 >> 6;
    0x000010aa movs r0, r0                                       |     
    0x000010ac lsrs r6, r1, 7                                    |     r6 = r1 >> 7;
    0x000010ae movs r0, r0                                       |     
    0x000010b0 lsrs r6, r4, 6                                    |     r6 = r4 >> 6;
    0x000010b2 movs r0, r0                                       |     
    0x000010b4 ldr r3, [pc, 0x174]                               |     
    0x000010b6 ldr r1, [pc, 0x178]                               |     r1 = *(0x1232);
    0x000010b8 push.w {r4, r5, r6, r7, r8, sb, sl, fp, lr}       |     
    0x000010bc sub sp, 0x24                                      |     
    0x000010be str r2, [sp, 0x1c]                                |     var_1ch = r2;
    0x000010c0 add r3, pc                                        |     
    0x000010c2 mov r8, r0                                        |     r8 = r0;
    0x000010c4 ldr r2, [pc, 0x16c]                               |     
    0x000010c6 ldr r3, [r3, r1]                                  |     r3 = *(0x22f0);
    0x000010c8 ldr r0, [r0, 0x30]                                |     r0 = *((r0 + 0x30));
    0x000010ca add r2, pc                                        |     r2 = 0x2302;
    0x000010cc ldr.w fp, [pc, 0x168]                             |     
    0x000010d0 str r2, [sp, 0x10]                                |     s2 = r2;
    0x000010d2 ldr r2, [r3, 8]                                   |     r2 = *(0x22f8);
    0x000010d4 ldr r3, [r0, 0x18]                                |     r3 = *((r0 + 0x18));
    0x000010d6 add fp, pc                                        |     fp = 0x2312;
    0x000010d8 ldr.w sl, [r3, r2, lsl 2]                         |     sl = *(0x22f0);
    0x000010dc ldr r3, [pc, 0x15c]                               |     
    0x000010de add r3, pc                                        |     r3 = 0x231e;
    0x000010e0 str r3, [sp, 0x18]                                |     var_18h = r3;
    0x000010e2 ldr r3, [pc, 0x15c]                               |     
    0x000010e4 add r3, pc                                        |     r3 = 0x232a;
    0x000010e6 str r3, [sp, 0xc]                                 |     var_ch = r3;
                                                                 | label_3:
    0x000010e8 ldr r3, [sp, 0x1c]                                |     r3 = var_1ch;
    0x000010ea ldrb r0, [r3]                                     |     r0 = *(r3);
    0x000010ec cmp r0, 0                                         |     
                                                                 |     if (r0 == 0) {
    0x000010ee beq 0x118c                                        |         goto label_8;
                                                                 |     }
    0x000010f0 add r1, sp, 0x1c                                  |     r1 += var_1ch;
    0x000010f2 ldr.w r0, [r8, 0x2c]                              |     r0 = *((r8 + 0x2c));
    0x000010f6 blx 0xa38                                         |     loc_imp_ap_getword_conf ();
    0x000010fa movs r1, 0x3d                                     |     r1 = 0x3d;
    0x000010fc mov r6, r0                                        |     r6 = r0;
    0x000010fe blx 0xa80                                         |     r0 = strchr (r0, r1);
    0x00001102 mov r4, r0                                        |     r4 = r0;
    0x00001104 cmp r0, 0                                         |     
                                                                 |     if (r0 == 0) {
    0x00001106 beq.w 0x1220                                      |         goto label_9;
                                                                 |     }
    0x0000110a movs r3, 0                                        |     r3 = 0;
    0x0000110c mov r1, fp                                        |     r1 = fp;
    0x0000110e strb r3, [r4], 1                                  |     *(r4) = r3;
                                                                 |     r4++;
    0x00001112 mov r0, r6                                        |     r0 = r6;
    0x00001114 ldr.w r7, [r8, 0x28]                              |     r7 = *((r8 + 0x28));
    0x00001116 strb r0, [r5]                                     |     *(r5) = r0;
    0x00001118 mov r5, sl                                        |     r5 = sl;
    0x0000111a blx 0x9fc                                         |     r0 = strcasecmp (r0, r1);
                                                                 |     if (r0 != 0) {
    0x0000111e cbz r0, 0x113e                                    |         
    0x00001120 ldr r1, [sp, 0x10]                                |         r1 = s2;
    0x00001122 mov r0, r6                                        |         r0 = r6;
    0x00001124 add.w r5, sl, 0x18                                |         r5 = sl + 0x18;
    0x00001128 blx 0x9fc                                         |         r0 = strcasecmp (r0, r1);
                                                                 |         if (r0 == 0) {
    0x0000112c cbz r0, 0x113e                                    |             goto label_10;
                                                                 |         }
    0x0000112e ldr r1, [sp, 0x18]                                |         r1 = var_18h;
    0x00001130 mov r0, r6                                        |         r0 = r6;
    0x00001132 blx 0x9fc                                         |         r0 = strcasecmp (r0, r1);
    0x00001136 cmp r0, 0                                         |         
                                                                 |         if (r0 != 0) {
    0x00001138 bne 0x1214                                        |             goto label_11;
                                                                 |         }
    0x0000113a add.w r5, sl, 0x30                                |         r5 = sl + 0x30;
                                                                 |     }
                                                                 | label_10:
    0x0000113e movs r3, 0                                        |     r3 = 0;
    0x00001140 ldr r1, [sp, 0xc]                                 |     r1 = var_ch;
    0x00001142 mov r0, r4                                        |     r0 = r4;
    0x00001144 str r3, [r5]                                      |     *(r5) = r3;
    0x00001146 str r3, [r5, 4]                                   |     *((r5 + 4)) = r3;
    0x00001148 str r3, [r5, 8]                                   |     *((r5 + 8)) = r3;
    0x0000114a str r3, [r5, 0xc]                                 |     *((r5 + 0xc)) = r3;
    0x0000114c str r3, [r5, 0x10]                                |     *((r5 + 0x10)) = r3;
    0x0000114e str r3, [r5, 0x14]                                |     *((r5 + 0x14)) = r3;
    0x00001150 blx 0x9f0                                         |     r0 = loc_imp_ap_strcasestr ();
    0x00001154 mov sb, r0                                        |     sb = r0;
    0x00001156 cmp r0, 0                                         |     
                                                                 |     if (r0 == 0) {
    0x00001158 beq 0x11f6                                        |         goto label_12;
                                                                 |     }
    0x0000115a subs r2, r0, r4                                   |     r2 = r0 - r4;
    0x0000115c mov r1, r4                                        |     r1 = r4;
    0x0000115e mov r0, r7                                        |     r0 = r7;
    0x00001160 blx 0xb04                                         |     loc_imp_apr_pstrndup ();
    0x00001164 add.w r1, sb, 9                                   |     r1 = sb + 9;
    0x00001168 add.w r2, r5, 8                                   |     r2 = r5 + 8;
    0x0000116c mov sb, r0                                        |     sb = r0;
    0x0000116e mov r0, r7                                        |     r0 = r7;
    0x00001170 bl 0x1028                                         |     r0 = fcn_00001028 (r0, r1, r2);
    0x00001174 mov r3, r0                                        |     r3 = r0;
    0x00001176 cbz r0, 0x1192                                    |     
                                                                 |     while (r0 != 0) {
                                                                 | label_1:
    0x00001178 mov r7, r3                                        |         r7 = r3;
                                                                 | label_2:
    0x0000117a ldr r1, [pc, 0xc8]                                |         
    0x0000117c mov r3, r4                                        |         r3 = r4;
    0x0000117e ldr.w r0, [r8, 0x2c]                              |         r0 = *((r8 + 0x2c));
    0x00001182 mov r2, r6                                        |         r2 = r6;
    0x00001184 str r7, [sp]                                      |         *(sp) = r7;
    0x00001186 add r1, pc                                        |         r1 = 0x23d0;
    0x00001188 blx 0xaa4                                         |         loc_imp_apr_psprintf ()
                                                                 | label_8:
    0x0000118c add sp, 0x24                                      |         
    0x0000118e pop.w {r4, r5, r6, r7, r8, sb, sl, fp, pc}        |         
    0x00001192 ldr r2, [r5, 8]                                   |         r2 = *((r5 + 8));
    0x00001194 str r0, [sp, 0x14]                                |         var_14h = r0;
    0x00001196 cmp r2, 0                                         |         
                                                                 |         if (r2 == 0) {
    0x00001198 beq 0x121a                                        |             goto label_13;
                                                                 |         }
    0x0000119a movs r1, 0x2d                                     |         r1 = 0x2d;
    0x0000119c mov r0, sb                                        |         r0 = sb;
    0x0000119e blx 0xa80                                         |         strchr (r0, r1);
    0x000011a2 ldr r3, [sp, 0x14]                                |         r3 = var_14h;
    0x000011a4 mov r1, r0                                        |         r1 = r0;
                                                                 |         if (r0 == 0) {
    0x000011a6 cbz r0, 0x11ba                                    |             goto label_14;
                                                                 |         }
    0x000011a8 strb r3, [r1], 1                                  |         *(r1) = r3;
                                                                 |         r1++;
    0x000011ac adds r2, r5, 4                                    |         r2 = r5 + 4;
    0x000011ae mov r0, r7                                        |         r0 = r7;
    0x000011b0 bl 0x1028                                         |         r0 = fcn_00001028 (r0, r1, r2);
    0x000011b4 mov r3, r0                                        |         r3 = r0;
    0x000011b6 cmp r0, 0                                         |         
    0x000011b8 bne 0x1178                                        |         
                                                                 |     }
                                                                 | label_14:
    0x000011ba mov r1, sb                                        |     r1 = sb;
    0x000011bc mov r0, r7                                        |     r0 = r7;
    0x000011be mov r2, r5                                        |     r2 = r5;
    0x000011c0 bl 0x1028                                         |     r0 = fcn_00001028 (r0, r1, r2);
    0x000011c4 mov r3, r0                                        |     r3 = r0;
                                                                 | label_4:
    0x000011c6 cmp r3, 0                                         |     
                                                                 |     if (r3 != 0) {
    0x000011c8 bne 0x1178                                        |         goto label_1;
                                                                 |     }
    0x000011ca ldr r3, [r5, 4]                                   |     r3 = *((r5 + 4));
                                                                 |     if (r3 != 0) {
    0x000011cc cbz r3, 0x11da                                    |         
    0x000011ce ldr r2, [r5]                                      |         r2 = *(r5);
    0x000011d0 cmp r3, r2                                        |         
                                                                 |         if (r3 > r2) {
    0x000011d2 bgt 0x11da                                        |             goto label_15;
                                                                 |         }
    0x000011d4 ldr r7, [pc, 0x70]                                |         
    0x000011d6 add r7, pc                                        |         r7 = 0x2422;
    0x000011d8 b 0x117a                                          |         goto label_2;
                                                                 |     }
                                                                 | label_15:
    0x000011da ldr r2, [r5, 8]                                   |     r2 = *((r5 + 8));
    0x000011dc cmp r2, 0                                         |     
                                                                 |     if (r2 == 0) {
    0x000011de beq 0x10e8                                        |         goto label_3;
                                                                 |     }
    0x000011e0 movw r0, 0x4240                                   |     
    0x000011e4 asrs r3, r2, 0x1f                                 |     r3 = r2 >> 0x1f;
    0x000011e6 movt r0, 0xf                                      |     r0 = 0xf4240;
    0x000011ea movs r1, 0                                        |     r1 = 0;
    0x000011ec bl 0x17b4                                         |     fcn_000017b4 (r0, r1, r2, r3);
    0x000011f0 strd r0, r1, [r5, 0x10]                           |     __asm ("strd r0, r1, [r5, 0x10]");
    0x000011f4 b 0x10e8                                          |     goto label_3;
                                                                 | label_12:
    0x000011f6 movs r1, 0x2d                                     |     r1 = 0x2d;
    0x000011f8 mov r0, r4                                        |     r0 = r4;
    0x000011fa blx 0xa80                                         |     r0 = strchr (r0, r1);
                                                                 |     if (r0 != 0) {
    0x000011fe cbz r0, 0x1206                                    |         
    0x00001200 ldr r7, [pc, 0x48]                                |         
    0x00001202 add r7, pc                                        |         r7 = 0x2452;
    0x00001204 b 0x117a                                          |         goto label_2;
                                                                 |     }
    0x00001206 mov r0, r7                                        |     r0 = r7;
    0x00001208 mov r2, r5                                        |     r2 = r5;
    0x0000120a mov r1, r4                                        |     r1 = r4;
    0x0000120c bl 0x1028                                         |     r0 = fcn_00001028 (r0, r1, r2);
    0x00001210 mov r3, r0                                        |     r3 = r0;
    0x00001212 b 0x11c6                                          |     goto label_4;
                                                                 | label_11:
    0x00001214 ldr r7, [pc, 0x38]                                |     
    0x00001216 add r7, pc                                        |     r7 = 0x246a;
    0x00001218 b 0x117a                                          |     goto label_2;
                                                                 | label_13:
    0x0000121a ldr r7, [pc, 0x38]                                |     
    0x0000121c add r7, pc                                        |     r7 = 0x2476;
    0x0000121e b 0x117a                                          |     goto label_2;
                                                                 | label_9:
    0x00001220 ldr r0, [pc, 0x34]                                |     
    0x00001222 add r0, pc                                        |     r0 = 0x247e;
    0x00001224 add sp, 0x24                                      |     
    0x00001226 pop.w {r4, r5, r6, r7, r8, sb, sl, fp, pc}        |     
                                                                 | }

[*] Function sprintf used 4 times mod_reqtimeout.so