* Filter string to avoid escaped commands execution (r_str_unscape)

* More chars filtered in rabin2 -z (flag ..)
* Parse PLT in order to find matching ordinal in rgot.vala

binr/rabin2/rabin2.c

@@ -95,7 +95,6 @@ static int rabin_show_entrypoints() {
 
 static int rabin_show_main() {
 	RBinAddr *binmain;
-
 	ut64 baddr = gbaddr?gbaddr:r_bin_get_baddr (bin);
 
 	if ((binmain = r_bin_get_main (bin)) == NULL)
@@ -113,9 +112,7 @@ static int rabin_show_main() {
 }
 
 static int rabin_extract() {
-	int n;
-
-	n = r_bin_extract (bin);
+	int n = r_bin_extract (bin);
 	if (n != 0) {
 		if (!rad) printf ("%i bins extracted\n", n);
 		return R_TRUE;

libr/bin/bin.c

@@ -267,9 +267,9 @@ R_API RBin* r_bin_new() {
 
 	bin = R_NEW (RBin);
 	if (bin) {
-		memset (bin, 0, sizeof(RBin));
+		memset (bin, 0, sizeof (RBin));
 		INIT_LIST_HEAD (&bin->bins);
-		for (i=0;bin_static_plugins[i];i++) {
+		for (i=0; bin_static_plugins[i]; i++) {
 			static_plugin = R_NEW (RBinPlugin);
 			memcpy (static_plugin, bin_static_plugins[i], sizeof (RBinPlugin));
 			r_bin_add (bin, static_plugin);

libr/core/cmd.c

@@ -219,7 +219,11 @@ static void r_print_disasm(RPrint *p, RCore *core, ut64 addr, ut8 *buf, int len,
 		switch (mi->type) {
 		case R_META_STRING:
 			// TODO: filter string (r_str_unscape)
-			r_cons_printf ("string(%"PFMT64d"): \"%s\"\n", mi->size, mi->str);
+			{
+			char *out = r_str_unscape (mi->str);
+			r_cons_printf ("string(%"PFMT64d"): \"%s\"\n", mi->size, out);
+			free (out);
+			}
 			ret = (int)mi->size;
 			free (line);
 			continue;
@@ -2554,7 +2558,8 @@ static int cmd_meta(void *data, const char *input) {
 		if (input[1]==' ') input++;
 		if (input[1]=='-')
 			r_meta_del (core->meta, R_META_COMMENT, core->offset, core->offset, input+2);
-		else r_meta_add (core->meta, R_META_COMMENT, core->offset, core->offset, input+1);
+		else if (input[1])
+			r_meta_add (core->meta, R_META_COMMENT, core->offset, core->offset, input+1);
 		break;
 	case '!':
 		r_meta_sync (core->meta);

libr/flags/name.c

@@ -5,7 +5,7 @@
 #define IS_PRINTABLE(x) (x>=' '&&x<='~')
 
 static int r_flag_name_validate_char(const char ch) {
-	switch(ch) {
+	switch (ch) {
 	case '*':
 	case '/':
 	case '+':
@@ -14,14 +14,19 @@ static int r_flag_name_validate_char(const char ch) {
 	case ';':
 	case '>':
 	case '<':
+	case '"':
+	case '#':
+	case '%':
+	case '(':
+	case ')':
 	case '`':
 	case '\'':
-	case '"':
 	case '-':
 	case ' ':
 	case '\n':
 	case '\t':
 	case '[':
+	case ']':
 	case '@':
 		return 0;
 	default:

swig/vapi/t/rgot.vala

@@ -3,11 +3,18 @@
 
 using Radare;
 
+// only for 32 bit ELFs
 struct Rel {
 	uint32 r_offset;
 	uint16 r_info;
 }
 
+// not used
+struct Rel64 {
+	uint64 r_offset;
+	uint16 r_info;
+}
+
 void main(string[] args) {
 	if (args.length != 2)
 		error ("Usage: %s <file>\n", args[0]);
@@ -35,14 +42,20 @@ void main(string[] args) {
 		error ("Cannot find .rel.plt\n");
 
 	var relpltp = RFile.slurp_range (file, relplt, relpltsz, out relpltsz);
-	// only for 32 bit ELFs
+
 	Rel *ptr = relpltp;
+	Rel *ptrend = (Rel*)(((uint8*)relpltp) + relpltsz);
 
 	foreach (var sym in bin.get_imports ()) {
-		Rel gotrel = (Rel) ptr [(sym.ordinal-1)];
-		uint64 got = gotrel.r_offset;
-		//int nfo = gotrel.r_info >> 8;
-		//stderr.print ("nfo %d\n", nfo);
+		int n;
+		uint64 got = 0;
+		for (n=0, ptr = relpltp; ptr < ptrend; ptr++) {
+			if ((ptr->r_info>>8) == sym.ordinal) {
+				got = ptr->r_offset;
+				break;
+			}
+			n++;
+		}
 		if (got >= gotaddr && got <= gotaddr+gotsize)
 			print ("f got.%s @ 0x%08"+uint64.FORMAT_MODIFIER+"x\n", sym.name, got);
 		else stderr.printf ("Cannot resolve GOT address for import '%s'\n", sym.name);