diff --git a/data_augmentation/methods/ConcFuzz/crash_tags.yaml b/data_augmentation/methods/ConcFuzz/crash_tags.yaml index 6c9365b..dc20b53 100644 --- a/data_augmentation/methods/ConcFuzz/crash_tags.yaml +++ b/data_augmentation/methods/ConcFuzz/crash_tags.yaml @@ -1,3 +1,4 @@ +bash-2018-07-msg00042: asan;1;braces.c:596 libtiff_cve-2016-10094: asan;2;tools/tiff2pdf.c:2901 lua_cve-2019-6706: asan;0;lapi.c:1294 libjpeg_cve-2018-19664: asan;0;oracle_source/wrbmp.c:145 diff --git a/targets/bash-2018-07-msg00042/README.md b/targets/bash-2018-07-msg00042/README.md new file mode 100644 index 0000000..e62adf0 --- /dev/null +++ b/targets/bash-2018-07-msg00042/README.md @@ -0,0 +1,17 @@ +# 2018-07-msg00042 +## references +https://lists.gnu.org/archive/html/bug-bash/2018-07/msg00042.html +## description + +In mkseq(), integer overflow detection is incomplete and it can be overflow. + +## patch +https://git.savannah.gnu.org/cgit/bash.git/diff/braces.c?h=devel&id=96efdbb5b489a0f592671593e60fc4355477b7f1 + +## fixed files + +braces.c + +## Source of PoC + +https://lists.gnu.org/archive/html/bug-bash/2018-07/msg00042.html diff --git a/targets/bash-2018-07-msg00042/build.sh b/targets/bash-2018-07-msg00042/build.sh new file mode 100755 index 0000000..52da860 --- /dev/null +++ b/targets/bash-2018-07-msg00042/build.sh @@ -0,0 +1,30 @@ +#!/bin/bash + +. ${TARGET_ROOT}/config.sh + +if [ $# -lt 1 ]; then + echo "Usage: $0 " 1>&2 + exit 1 +fi + +cd $TARGET_ROOT +# Since there is no tag named 'bash-4.4.23' in git repo, follow from 'bash-5.0' tag. +git clone --branch bash-5.0 --depth 2 https://git.savannah.gnu.org/git/bash.git $1 +cd ${TARGET_ROOT}/$1 +git checkout 64447609994bfddeef1061948022c074093e9a9f + +TARGET_DEF_CFLAGS="${TARGET_DEF_CFLAGS-}" +TARGET_DEF_CXXFLAGS="${TARGET_DEF_CXXFLAGS-}" + +ARGS="" +for var in "${!TARGET_DEF_@}"; do + ARGS="${ARGS} ${var#TARGET_DEF_}=\"$(echo ${!var})\"" +done +set -o xtrace +echo ${ARGS} +eval ./configure ${ARGS} --with-static-link --without-bash-malloc +eval make -j$(nproc) + +#set +e +#./bash < ../poc1 +#./bash < ../poc2 diff --git a/targets/bash-2018-07-msg00042/config.sh b/targets/bash-2018-07-msg00042/config.sh new file mode 100755 index 0000000..6bbcccc --- /dev/null +++ b/targets/bash-2018-07-msg00042/config.sh @@ -0,0 +1,5 @@ +#!/bin/bash +set -u + +export RELPATH="bash" +export ARGS="" diff --git a/targets/bash-2018-07-msg00042/preinstall.sh b/targets/bash-2018-07-msg00042/preinstall.sh new file mode 100755 index 0000000..7eff090 --- /dev/null +++ b/targets/bash-2018-07-msg00042/preinstall.sh @@ -0,0 +1,4 @@ +#!/bin/bash + +apt-get update +apt-get install -y --no-install-recommends build-essential bison autoconf autotools-dev diff --git a/targets/bash-2018-07-msg00042/root_causes/locations b/targets/bash-2018-07-msg00042/root_causes/locations new file mode 100644 index 0000000..8be2d2e --- /dev/null +++ b/targets/bash-2018-07-msg00042/root_causes/locations @@ -0,0 +1,2 @@ +braces.c:423 +braces.c:424 diff --git a/targets/bash-2018-07-msg00042/root_causes/predicates b/targets/bash-2018-07-msg00042/root_causes/predicates new file mode 100644 index 0000000..e69de29 diff --git a/targets/bash-2018-07-msg00042/seeds/default b/targets/bash-2018-07-msg00042/seeds/default new file mode 100644 index 0000000..9e6d83d Binary files /dev/null and b/targets/bash-2018-07-msg00042/seeds/default differ diff --git a/targets/bash-2018-07-msg00042/seeds/seed_38b b/targets/bash-2018-07-msg00042/seeds/seed_38b new file mode 100644 index 0000000..6764c7b Binary files /dev/null and b/targets/bash-2018-07-msg00042/seeds/seed_38b differ