From 1e212430fae9ed52fd2ca42446d192ef7a3f04a3 Mon Sep 17 00:00:00 2001 From: JP3BGY <6635381+JP3BGY@users.noreply.github.com> Date: Tue, 18 Apr 2023 18:19:59 +0900 Subject: [PATCH 1/3] add bash-2018-07-msg00042 --- targets/bash-2018-07-msg00042/README.md | 17 ++++++++++ targets/bash-2018-07-msg00042/build.sh | 30 ++++++++++++++++++ targets/bash-2018-07-msg00042/config.sh | 5 +++ targets/bash-2018-07-msg00042/preinstall.sh | 4 +++ .../root_causes/locations | 2 ++ .../root_causes/predicates | 0 targets/bash-2018-07-msg00042/seeds/default | Bin 0 -> 38 bytes targets/bash-2018-07-msg00042/seeds/seed_38b | Bin 0 -> 38 bytes 8 files changed, 58 insertions(+) create mode 100644 targets/bash-2018-07-msg00042/README.md create mode 100644 targets/bash-2018-07-msg00042/build.sh create mode 100644 targets/bash-2018-07-msg00042/config.sh create mode 100644 targets/bash-2018-07-msg00042/preinstall.sh create mode 100644 targets/bash-2018-07-msg00042/root_causes/locations create mode 100644 targets/bash-2018-07-msg00042/root_causes/predicates create mode 100644 targets/bash-2018-07-msg00042/seeds/default create mode 100644 targets/bash-2018-07-msg00042/seeds/seed_38b diff --git a/targets/bash-2018-07-msg00042/README.md b/targets/bash-2018-07-msg00042/README.md new file mode 100644 index 0000000..e62adf0 --- /dev/null +++ b/targets/bash-2018-07-msg00042/README.md @@ -0,0 +1,17 @@ +# 2018-07-msg00042 +## references +https://lists.gnu.org/archive/html/bug-bash/2018-07/msg00042.html +## description + +In mkseq(), integer overflow detection is incomplete and it can be overflow. + +## patch +https://git.savannah.gnu.org/cgit/bash.git/diff/braces.c?h=devel&id=96efdbb5b489a0f592671593e60fc4355477b7f1 + +## fixed files + +braces.c + +## Source of PoC + +https://lists.gnu.org/archive/html/bug-bash/2018-07/msg00042.html diff --git a/targets/bash-2018-07-msg00042/build.sh b/targets/bash-2018-07-msg00042/build.sh new file mode 100644 index 0000000..52da860 --- /dev/null +++ b/targets/bash-2018-07-msg00042/build.sh @@ -0,0 +1,30 @@ +#!/bin/bash + +. ${TARGET_ROOT}/config.sh + +if [ $# -lt 1 ]; then + echo "Usage: $0 " 1>&2 + exit 1 +fi + +cd $TARGET_ROOT +# Since there is no tag named 'bash-4.4.23' in git repo, follow from 'bash-5.0' tag. +git clone --branch bash-5.0 --depth 2 https://git.savannah.gnu.org/git/bash.git $1 +cd ${TARGET_ROOT}/$1 +git checkout 64447609994bfddeef1061948022c074093e9a9f + +TARGET_DEF_CFLAGS="${TARGET_DEF_CFLAGS-}" +TARGET_DEF_CXXFLAGS="${TARGET_DEF_CXXFLAGS-}" + +ARGS="" +for var in "${!TARGET_DEF_@}"; do + ARGS="${ARGS} ${var#TARGET_DEF_}=\"$(echo ${!var})\"" +done +set -o xtrace +echo ${ARGS} +eval ./configure ${ARGS} --with-static-link --without-bash-malloc +eval make -j$(nproc) + +#set +e +#./bash < ../poc1 +#./bash < ../poc2 diff --git a/targets/bash-2018-07-msg00042/config.sh b/targets/bash-2018-07-msg00042/config.sh new file mode 100644 index 0000000..6bbcccc --- /dev/null +++ b/targets/bash-2018-07-msg00042/config.sh @@ -0,0 +1,5 @@ +#!/bin/bash +set -u + +export RELPATH="bash" +export ARGS="" diff --git a/targets/bash-2018-07-msg00042/preinstall.sh b/targets/bash-2018-07-msg00042/preinstall.sh new file mode 100644 index 0000000..7220228 --- /dev/null +++ b/targets/bash-2018-07-msg00042/preinstall.sh @@ -0,0 +1,4 @@ +#!/bin/bash + +apt-get update +apt-get install -y --no-install-recommends build-essential bison diff --git a/targets/bash-2018-07-msg00042/root_causes/locations b/targets/bash-2018-07-msg00042/root_causes/locations new file mode 100644 index 0000000..8be2d2e --- /dev/null +++ b/targets/bash-2018-07-msg00042/root_causes/locations @@ -0,0 +1,2 @@ +braces.c:423 +braces.c:424 diff --git a/targets/bash-2018-07-msg00042/root_causes/predicates b/targets/bash-2018-07-msg00042/root_causes/predicates new file mode 100644 index 0000000..e69de29 diff --git a/targets/bash-2018-07-msg00042/seeds/default b/targets/bash-2018-07-msg00042/seeds/default new file mode 100644 index 0000000000000000000000000000000000000000..9e6d83d71c3061ac10d7b7622be16b31428f7af6 GIT binary patch literal 38 scmcDk)-|xy)6+FGu`o5XFg7tWHZe3dH8e3Y0g4(})~X1{sW3PI0H9h2^#A|> literal 0 HcmV?d00001 diff --git a/targets/bash-2018-07-msg00042/seeds/seed_38b b/targets/bash-2018-07-msg00042/seeds/seed_38b new file mode 100644 index 0000000000000000000000000000000000000000..6764c7b215c797f28082a4922bc4fdd26c6d7b86 GIT binary patch literal 38 tcmcDk)-|xy)6+FKGB&m}Ftao;G%+)_Fts$ctW{BpQ;BB^R^noC005$)2lW5| literal 0 HcmV?d00001 From f2d7ee5d35030943111707a49b68dbdf1e20ec43 Mon Sep 17 00:00:00 2001 From: JP3BGY <6635381+JP3BGY@users.noreply.github.com> Date: Thu, 11 May 2023 09:31:00 +0000 Subject: [PATCH 2/3] fix some issue on ConcFuzz --- targets/bash-2018-07-msg00042/build.sh | 0 targets/bash-2018-07-msg00042/config.sh | 0 targets/bash-2018-07-msg00042/preinstall.sh | 2 +- 3 files changed, 1 insertion(+), 1 deletion(-) mode change 100644 => 100755 targets/bash-2018-07-msg00042/build.sh mode change 100644 => 100755 targets/bash-2018-07-msg00042/config.sh mode change 100644 => 100755 targets/bash-2018-07-msg00042/preinstall.sh diff --git a/targets/bash-2018-07-msg00042/build.sh b/targets/bash-2018-07-msg00042/build.sh old mode 100644 new mode 100755 diff --git a/targets/bash-2018-07-msg00042/config.sh b/targets/bash-2018-07-msg00042/config.sh old mode 100644 new mode 100755 diff --git a/targets/bash-2018-07-msg00042/preinstall.sh b/targets/bash-2018-07-msg00042/preinstall.sh old mode 100644 new mode 100755 index 7220228..7eff090 --- a/targets/bash-2018-07-msg00042/preinstall.sh +++ b/targets/bash-2018-07-msg00042/preinstall.sh @@ -1,4 +1,4 @@ #!/bin/bash apt-get update -apt-get install -y --no-install-recommends build-essential bison +apt-get install -y --no-install-recommends build-essential bison autoconf autotools-dev From a1d6815381fa509253ca5cc88eb96ee831b02cb5 Mon Sep 17 00:00:00 2001 From: JP3BGY <6635381+JP3BGY@users.noreply.github.com> Date: Thu, 11 May 2023 09:31:38 +0000 Subject: [PATCH 3/3] add crash tag for ConcFuzz --- data_augmentation/methods/ConcFuzz/crash_tags.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/data_augmentation/methods/ConcFuzz/crash_tags.yaml b/data_augmentation/methods/ConcFuzz/crash_tags.yaml index 6c9365b..dc20b53 100644 --- a/data_augmentation/methods/ConcFuzz/crash_tags.yaml +++ b/data_augmentation/methods/ConcFuzz/crash_tags.yaml @@ -1,3 +1,4 @@ +bash-2018-07-msg00042: asan;1;braces.c:596 libtiff_cve-2016-10094: asan;2;tools/tiff2pdf.c:2901 lua_cve-2019-6706: asan;0;lapi.c:1294 libjpeg_cve-2018-19664: asan;0;oracle_source/wrbmp.c:145