-
Notifications
You must be signed in to change notification settings - Fork 18
/
CVE-2018-20623.sh
executable file
·51 lines (47 loc) · 3.26 KB
/
CVE-2018-20623.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
#!/bin/bash
PUT="CVE-2018-20623"
runmode=$1
timeout=$2
targets=$3
# Checkout source code
git clone git://sourceware.org/git/binutils-gdb.git $PUT
cd $PUT; export SUBJECT=$PWD;
git checkout 923c6a7
# Compile source code
rm -rf obj; mkdir obj; cd obj
CFLAGS="-m32 -DFORTIFY_SOURCE=2 -fstack-protector-all -fno-omit-frame-pointer -g -Wno-error $ADDITIONAL" LDFLAGS="-ldl -lutil" ../configure --disable-shared --disable-gdb --disable-libdecnumber --disable-readline --disable-sim --disable-ld
make clean; make
cd $SUBJECT; rm -rf obj-asan; mkdir obj-asan; cd obj-asan
CFLAGS="-m32 -fsanitize=address -DFORTIFY_SOURCE=2 -fstack-protector-all -fno-omit-frame-pointer -g -Wno-error $ADDITIONAL" LDFLAGS="-ldl -lutil" ../configure --disable-shared --disable-gdb --disable-libdecnumber --disable-readline --disable-sim --disable-ld
make clean; make
# Prepare working directories
cd $SUBJECT; rm -rf obj-$runmode; mkdir obj-$runmode; export FUZZ_DIR=$SUBJECT/obj-$runmode; cd $FUZZ_DIR
mkdir in; cp $UAFBENCH_PATH/seeds/$PUT/* in
# Fuzzing
if [ $runmode = "aflqemu" ]; then
cp $SUBJECT/obj/binutils/readelf .
timeout -sHUP ${timeout}m $UAFUZZ_PATH/scripts/run_afl.py -f $FUZZ_DIR/readelf -Q -i $FUZZ_DIR/in -o run -r "$FUZZ_DIR/readelf -a @@" -to $timeout
elif [ $runmode = "aflgo" ]; then
SECONDS=0
export AFL_PATH=$HOME/aflgo; export AFLGO=$AFL_PATH
mkdir temp; export TMP_DIR=$FUZZ_DIR/temp
export CC=$AFLGO/afl-clang-fast; export CXX=$AFLGO/afl-clang-fast++
export LDFLAGS=-lpthread
export ADDITIONAL="-targets=$TMP_DIR/BBtargets.txt -outdir=$TMP_DIR -flto -fuse-ld=gold -Wl,-plugin-opt=save-temps"
echo $'readelf.c:19664\nreadelf.c:19588\nreadelf.c:19435\nelfcomm.c:906\nreadelf.c:19524\nreadelf.c:19409\nelfcomm.c:43' > $TMP_DIR/BBtargets.txt
CFLAGS="-DFORTIFY_SOURCE=2 -fstack-protector-all -fno-omit-frame-pointer -g -Wno-error $ADDITIONAL" LDFLAGS="-ldl -lutil" ../configure --disable-shared --disable-gdb --disable-libdecnumber --disable-readline --disable-sim --disable-ld
make clean; make
cat $TMP_DIR/BBnames.txt | rev | cut -d: -f2- | rev | sort | uniq > $TMP_DIR/BBnames2.txt && mv $TMP_DIR/BBnames2.txt $TMP_DIR/BBnames.txt
cat $TMP_DIR/BBcalls.txt | sort | uniq > $TMP_DIR/BBcalls2.txt && mv $TMP_DIR/BBcalls2.txt $TMP_DIR/BBcalls.txt
cd $FUZZ_DIR/binutils; $AFLGO/scripts/genDistance.sh $SUBJECT $TMP_DIR readelf
cd $SUBJECT; mkdir obj-dist; export FUZZ_DIR=$SUBJECT/obj-dist; cd $FUZZ_DIR; # work around because cannot run make distclean
CFLAGS="-DFORTIFY_SOURCE=2 -fstack-protector-all -fno-omit-frame-pointer -g -Wno-error -distance=$TMP_DIR/distance.cfg.txt" LDFLAGS="-ldl -lutil" ../configure --disable-shared --disable-gdb --disable-libdecnumber --disable-readline --disable-sim --disable-ld
make clean; make
pp_aflgo_time=$SECONDS; echo "pp_aflgo_time: $pp_aflgo_time (s)."
mkdir in; cp $UAFBENCH_PATH/seeds/$PUT/* in
timeout -sHUP "${timeout}m" $AFLGO/afl-fuzz -m none -z exp -c 45m -i $FUZZ_DIR/in -o out $FUZZ_DIR/binutils/readelf -a @@
elif [ $1 = "aflgob" ] || [ $1 = "heb" ] || [ $1 = "uafuzz" ]; then
cp $SUBJECT/obj/binutils/readelf $PUT; cp $targets .
$UAFUZZ_PATH/scripts/preprocess.py -f $PUT -v $targets -o $FUZZ_DIR
$UAFUZZ_PATH/scripts/run_uafuzz.py -f $FUZZ_DIR/$PUT -M fuzz -i $FUZZ_DIR/in -o run -r "$FUZZ_DIR/$PUT -a @@" -I $runmode -T "$FUZZ_DIR/$PUT.tgt" -to $timeout
fi