From ff260ba7f894d75731d4d76b2e4c87d510425dda Mon Sep 17 00:00:00 2001 From: JP3BGY <6635381+JP3BGY@users.noreply.github.com> Date: Mon, 12 Jun 2023 10:41:59 +0000 Subject: [PATCH] add nasm_cve-2019-8343 --- .../methods/ConcFuzz/crash_tags.yaml | 1 + targets/nasm_cve-2019-8343/README.md | 20 ++++++++++++++++ targets/nasm_cve-2019-8343/build.sh | 23 +++++++++++++++++++ targets/nasm_cve-2019-8343/config.sh | 5 ++++ targets/nasm_cve-2019-8343/preinstall.sh | 4 ++++ .../nasm_cve-2019-8343/root_causes/locations | 16 +++++++++++++ targets/nasm_cve-2019-8343/seeds/default | 1 + 7 files changed, 70 insertions(+) create mode 100644 targets/nasm_cve-2019-8343/README.md create mode 100755 targets/nasm_cve-2019-8343/build.sh create mode 100755 targets/nasm_cve-2019-8343/config.sh create mode 100755 targets/nasm_cve-2019-8343/preinstall.sh create mode 100644 targets/nasm_cve-2019-8343/root_causes/locations create mode 100644 targets/nasm_cve-2019-8343/seeds/default diff --git a/data_augmentation/methods/ConcFuzz/crash_tags.yaml b/data_augmentation/methods/ConcFuzz/crash_tags.yaml index 6c9365b..d5eac14 100644 --- a/data_augmentation/methods/ConcFuzz/crash_tags.yaml +++ b/data_augmentation/methods/ConcFuzz/crash_tags.yaml @@ -4,4 +4,5 @@ libjpeg_cve-2018-19664: asan;0;oracle_source/wrbmp.c:145 libjpeg_cve-2017-15232: asan;0;oracle_source/jquant1.c:536 libxml2_cve-2017-5969: asan;0;oracle_source/valid.c:1181 readelf_cve-2019-9077: asan;0;binutils/readelf.c:16204 +nasm_cve-2019-8343: asan;1;asm/preproc.c:3820 mruby_hackerone-reports-185041: asan;4;error.c:290 diff --git a/targets/nasm_cve-2019-8343/README.md b/targets/nasm_cve-2019-8343/README.md new file mode 100644 index 0000000..b7336c5 --- /dev/null +++ b/targets/nasm_cve-2019-8343/README.md @@ -0,0 +1,20 @@ +# CVE-2019-8343 +## reference +https://bugzilla.nasm.us/show_bug.cgi?id=3392556 + +## description +use after free in paste_tokens() + +## patch + +https://github.com/netwide-assembler/nasm/commit/f24d97500847ed02b62f04dc5d93e1b237c282de + +https://github.com/netwide-assembler/nasm/commit/f7dbdb2e136db99051b14403a0f29c5155bbf7d8 + +## fixed files + +asm/preproc.c is the only file that is patched in above commits. + +## Source of PoC + +https://bugzilla.nasm.us/show_bug.cgi?id=3392556 diff --git a/targets/nasm_cve-2019-8343/build.sh b/targets/nasm_cve-2019-8343/build.sh new file mode 100755 index 0000000..d2cfc75 --- /dev/null +++ b/targets/nasm_cve-2019-8343/build.sh @@ -0,0 +1,23 @@ +#!/bin/bash + +cd $TARGET_ROOT + +. ${TARGET_ROOT}/config.sh + +git clone --branch nasm-2.14.02 --depth 1 https://github.com/netwide-assembler/nasm.git $1 +cd ${TARGET_ROOT}/$1 +sh autogen.sh + +TARGET_DEF_CFLAGS="${TARGET_DEF_CFLAGS-} " +TARGET_DEF_CXXFLAGS="${TARGET_DEF_CXXFLAGS-} " +ARGS="" +for var in "${!TARGET_DEF_@}"; do + ARGS="${ARGS} ${var#TARGET_DEF_}=\"$(echo ${!var})\"" +done + +eval ./configure 'CFLAGS="-static -static-libasan"' + +eval make ${ARGS} -j$(nproc) nasm + +#set +e +#./nasm -f bin ../poc -o ./tmp diff --git a/targets/nasm_cve-2019-8343/config.sh b/targets/nasm_cve-2019-8343/config.sh new file mode 100755 index 0000000..f1f86d7 --- /dev/null +++ b/targets/nasm_cve-2019-8343/config.sh @@ -0,0 +1,5 @@ +#!/bin/bash +set -eux + +export RELPATH=nasm +export ARGS="-f bin @@ -o /tmp/test" diff --git a/targets/nasm_cve-2019-8343/preinstall.sh b/targets/nasm_cve-2019-8343/preinstall.sh new file mode 100755 index 0000000..b728598 --- /dev/null +++ b/targets/nasm_cve-2019-8343/preinstall.sh @@ -0,0 +1,4 @@ +#!/bin/bash + +apt-get update +apt-get install -y --no-install-recommends build-essential autoconf diff --git a/targets/nasm_cve-2019-8343/root_causes/locations b/targets/nasm_cve-2019-8343/root_causes/locations new file mode 100644 index 0000000..edeb01d --- /dev/null +++ b/targets/nasm_cve-2019-8343/root_causes/locations @@ -0,0 +1,16 @@ +preproc.c:3780 +preproc.c:3782 +preproc.c:3783 +preproc.c:3785 +preproc.c:3786 +preproc.c:3789 +preproc.c:3790 +preproc.c:3809 +preproc.c:3810 +preproc.c:3811 +preproc.c:3812 +preproc.c:3813 +preproc.c:3817 +preproc.c:3818 +preproc.c:3819 +preproc.c:3820 diff --git a/targets/nasm_cve-2019-8343/seeds/default b/targets/nasm_cve-2019-8343/seeds/default new file mode 100644 index 0000000..c9b1621 --- /dev/null +++ b/targets/nasm_cve-2019-8343/seeds/default @@ -0,0 +1 @@ +r%{]%%%[ %+}%+`