NameError: global name 'numb' is not defined

[rofl0r]

Traceback (most recent call last):
  File "foo.py", line 907, in <module>
    inp = sys.stdin.readline().strip().decode('utf-8')
  File "/lib/python2.7/site-packages/pwnlib/term/readline.py", line 412, in readline
    return readline(size)
  File "/lib/python2.7/site-packages/pwnlib/term/readline.py", line 376, in readline
    keymap.handle_input()
  File "/lib/python2.7/site-packages/pwnlib/term/keymap.py", line 20, in handle_input
    self.send(key.get())
  File "/lib/python2.7/site-packages/pwnlib/term/key.py", line 164, in get
    k = _peek()
  File "/lib/python2.7/site-packages/pwnlib/term/key.py", line 159, in _peek
    return _peek_ti() or _peek_csi() or _peek_simple()
  File "/lib/python2.7/site-packages/pwnlib/term/key.py", line 393, in _peek_csi
    return _peekkey_ss3(2)
  File "/lib/python2.7/site-packages/pwnlib/term/key.py", line 372, in _peekkey_ss3
    _cbuf = _cbuf[numb:] # XXX: numb is not defined
NameError: global name 'numb' is not defined

this happens when i press + and enter on the numeric block without having numlock on.
also kinda weird even that this is handled by pwnlib, since i call a function from sys.

[rofl0r]

from that point on stdin is dead, any try to access it causes this exception, even if caught.

[rofl0r]

this happens quite a lot since sometimes when i enter a command into my program i instinctively hit enter on the numpad. from that point on my application becomes unusable and i have to kill it. no workaround found so far.

[zachriggle]

I can't reproduce this. Please provide steps that I can reproduce in the docker image.

>>> from pwn import *
>>> inp = sys.stdin.readline().strip().decode('utf-8')
asdfasdfasdf
>>> inp
u'asdfasdfasdf'

To run in Docker:

$ docker pull pwntools/pwntools:stable
$ docker run -it pwntools/pwntools:stable
pwntools@e5bc67ee7449:~$ python
Python 2.7.12 (default, Nov 19 2016, 06:48:10)
[GCC 5.4.0 20160609] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> from pwn import *
>>> sys.stdin.readline().strip().decode("utf-8")
Hello, world!
u'Hello, world!'

[rofl0r]

this causes the bug for me:
test.py

from pwn import *
import sys

inp = sys.stdin.readline().strip().decode('utf-8')

python test.py
hit + on numeric block with numlock off

i'm sorry but i cannot use docker, since my custom linux distribution based on musl libc doesn't yet bundle a go compiler. but even if it's not reproducible on a mainstream distro, the bug is real as can be seen from the fat XXX in the comment...

[rofl0r]

note that i cannot reproduce the issue either in an interactive python session - it must be run from a script

[rofl0r]

a member of my team just tried it on debian, and he was able to reproduce the issue running the above script. sigh of relief

[zachriggle]

I still cannot reproduce this on either macOS or Ubuntu 16.04.

$ pwn update
[*] You have the latest version of Pwntools (3.5.1)
$ cat x.py
from pwn import *
import sys

inp = sys.stdin.readline().strip().decode('utf-8')
print(repr(inp))
$ python x.py
asdfasdfasdf
u'asdfasdfasdf'

[zachriggle]

I don't have any computers with a full keyboard, so no number pad to hit the + key on, or to turn NumLock off.

[rofl0r]

it should be sufficient to just hit "+" on numeric block. my friends debian version is

$ cat /etc/debian_version
8.5

[rofl0r]

damn, in that case i guess you won't be able to reproduce it! no usb keyboard lying around somewhere ?

[zachriggle]

Nope! :-\

[zachriggle]

In any case, this is in the term code which I don't touch.

[zachriggle]

It looks like that code (minus the XXX warning, which was added later) comes from ab3d128

commit ab3d128a776ec29faf281f33644fecdb32e79d3e
Author: Morten Brøns-Pedersen <[email protected]>
Date:   Wed Apr 30 14:30:21 2014 +0200

    started working on pwnlib v. 2.0

[rofl0r]

hey @br0ns , do you have an idea why this code is interfering with my invocation of sys code ? this looks like quite a nasty hook to me.

[zachriggle]

You can disable term mode by setting PWNLIB_NOTERM in your environment, or invoking your script with "python foo.py NOTERM". This will disable all animations and fancy terminal things, and also resolve your issue.

…

On Sat, May 6, 2017 at 6:54 PM rofl0r ***@***.***> wrote: hey @br0ns <https://github.com/br0ns> , do you have an idea why this code is interfering with my invocation of sys code ? this looks like quite a nasty hook to me. — You are receiving this because you were assigned. Reply to this email directly, view it on GitHub <#974 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AAG0GEhAxoyNV-cHTQkHjNS6bUCpGwvVks5r3QgWgaJpZM4NSDEH> .

[rofl0r]

thanks! when looking at the issues/PRs here, i have the feeling that assigning @br0ns to a task is about the same as closing it with EWONTFIX.. :)

[rofl0r]

@zachriggle: is there a way to set this from code, rather than changing the environment or script args ? i'd rather do context.term_mode = False in my code and have the issue fixed once and for all, than having to start my program from a shell wrapper so i dont forget to set the env var.

[zachriggle]

Unfortunately the term initialization opt-out *must* pre-empt "from pwn import *"

…

On Sun, May 7, 2017 at 11:07 AM rofl0r ***@***.***> wrote: @zachriggle <https://github.com/zachriggle>: is there a way to set this from code, rather than changing the environment or script args ? i'd rather do context.term_mode = False in my code and have the issue fixed once and for all, than having to start my program from a shell wrapper so i dont forget to set the env var. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#974 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AAG0GG6VnXnwrrpKQi9kf7Ztgok98Exjks5r3ewxgaJpZM4NSDEH> .

[br0ns]

I've made a PR with an attempt at a fix: #978

The code is based on libtermkey.

[rofl0r]

cool! i confirm that the issue is now fixed. if numlock is off, and "+" is being pressed "+k" is shown in the terminal instead of crashing. thank you!

[zachriggle]

Merged to stable in #979; this fix will be in 3.6.1