magma
magma copied to clipboard
HexHive
Timeout when running openssl asn1
I am trying to run OpenSSL asn1 with the latest AFL++, but I got the below errors. I have already enabled export AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 when running. Is it a must to use sudo bash -c 'echo core > /proc/sys/kernel/core_pattern' ?
[1;91m[-] [0mOops, the program crashed with one of the test cases provided. There are
several possible explanations:
- The test case causes known crashes under normal working conditions. If
so, please remove it. The fuzzer should be seeded with interesting
inputs - but not ones that cause an outright crash.
- In QEMU persistent mode the selected address(es) for the loop are not
properly cleaning up variables and memory. Try adding
AFL_QEMU_PERSISTENT_GPR=1 or select better addresses in the binary.
- Least likely, there is a horrible bug in the fuzzer. If other options
fail, poke the Awesome Fuzzing Discord for troubleshooting tips.
[1;93m[!] [1;97mWARNING: [0mTest case 'id:000666,time:0,execs:0,orig:bece85993aa19016c54de28126db072411b4388b' results in a crash, skipping[0m
[1;94m[*] [0mAttempting dry run with 'id:000667,time:0,execs:0,orig:bf13fae01ab5f64d7a29d2d3c510dfc41a868eee'...[0m
[1;91m[-] [0mThe program took more than 1000 ms to process one of the initial test cases.
This is bad news; raising the limit with the -t option is possible, but
will probably make the fuzzing process extremely slow.
If this test case is just a fluke, the other option is to just avoid it
altogether, and find one that is less of a CPU hog.
[?25h[0m[1;91m
[-] PROGRAM ABORT : [0mTest case 'id:000667,time:0,execs:0,orig:bf13fae01ab5f64d7a29d2d3c510dfc41a868eee' results in a timeout[1;91m
Location : [0mperform_dry_run(), src/afl-fuzz-init.c:975```
This does not look like a timeout. It looks like something has been misconfigured and is crashing the fuzzer. I would recommend extracting the asn1 binary from the docker container and poking around with it. Otherwise, if you share changes you've made to AFL++ I may be able to take a Quick Look. But currently, there isn't enough information for me to diagnose this issue.
Sure, I just added a custom mutator to send and receive seeds through IPC and add some parameters to afl_state_t, nothing else changes to AFL++ itself. I think this error raise may because the incorrect configuration. I basically reuse the config in /fuzzers/aflplusplus. Two change I made are
- In fetch.sh
#!/bin/bash
set -e
git clone https://github.com/SecurityLab-UCD/AFLplusplus.git "$FUZZER/repo"
git -c advice.detachedHead=false -C "$FUZZER/repo" checkout a8d85a52c95b2dabe329fcf7cebee93824a5feb3
- In run.sh
I removed
export AFL_DRIVER_DONT_DEFER=1
Ok cool, thanks.
Can you confirm that the custom mutator works in isolation (ie outside of magma)? Can you also confirm that if you run the new AFL++ without the custom mutator that it also works? I think you need to do some debugging to work out the root cause of your issue; there's not much I can do, unfortunately.
Yes, the custom mutator works in isolation, and the new AFL++ without the custom mutator also works. But both of them cause the same issue when running openssl asn1.
Of course, I am looking into that.
Thanks for the help.
Ok great. Sorry, I'm just checking, because sometimes the issue is with people's own changes ;)
From memory (sorry in my phone right now) there are some sed commands (or similar) that are used to rewrite some afl++ files. I would try removing them, because it is likely not required for the newer versions. Also dont replace any of the afl++ files with magma files (this was needed for older versions of afl++)
Is the issue just for asn1?
Also for openssl cms. and build failed in poppler. All others can be successfully run.
So I did my own update of AFL++ here and it seems to work fine for all targets (including openssl and poppler targets). It is based on the latest stable AFL++ (775861e). I'm also doing some other updates so I'll merge this into the main Magma repo eventually.
Maybe compare this to your version to see what's different?
Thank you for your help.
I tried your script with the AFL++ version 775861e, but I still can not compile poppler from my end. It raise the same error message.
Detecting C compile features - failed
12.65 -- Check for working CXX compiler: /magma/fuzzers/aflplusplus_new/repo/afl-clang-fast++
12.88 -- Check for working CXX compiler: /magma/fuzzers/aflplusplus_new/repo/afl-clang-fast++ -- works
12.88 -- Detecting CXX compiler ABI info
13.12 -- Detecting CXX compiler ABI info - done
13.15 -- Detecting CXX compile features
14.26 -- Detecting CXX compile features - done
14.26 -- Found PkgConfig: /usr/bin/pkg-config (found version "0.29.1")
14.26 -- Looking for pthread.h
14.46 -- Looking for pthread.h - not found
14.46 -- Could NOT find Threads (missing: Threads_FOUND)
14.46 -- Check if the system is big endian
14.46 -- Searching 16 bit integer
14.46 -- Looking for sys/types.h
14.66 -- Looking for sys/types.h - not found
14.66 -- Looking for stdint.h
14.85 -- Looking for stdint.h - not found
14.85 -- Looking for stddef.h
15.04 -- Looking for stddef.h - not found
15.04 -- Check size of unsigned short
15.24 -- Check size of unsigned short - failed
15.24 -- Check size of unsigned int
15.43 -- Check size of unsigned int - failed
15.43 -- Check size of unsigned long
15.62 -- Check size of unsigned long - failed
15.62 CMake Error at /usr/share/cmake-3.10/Modules/TestBigEndian.cmake:49 (message):
15.62 no suitable type found
15.62 Call Stack (most recent call first):
15.62 CMakeLists.txt:19 (test_big_endian)
15.62
15.62
15.63 -- Configuring incomplete, errors occurred!
15.63 See also "/magma/targets/poppler/work/poppler/CMakeFiles/CMakeOutput.log".
15.63 See also "/magma/targets/poppler/work/poppler/CMakeFiles/CMakeError.log".
------
Dockerfile:86
--------------------
84 | ENV LDFLAGS -L"${OUT}" -g
85 |
86 | >>> RUN ${FUZZER}/instrument.sh
87 |
88 | ENTRYPOINT "${MAGMA}/run.sh"
--------------------
ERROR: failed to solve: process "/bin/sh -c ${FUZZER}/instrument.sh" did not complete successfully: exit code: 1
Hmmm very weird. I will clear the docket cache and try rebuild again from scratch.
On Sun, 10 Mar 2024 at 3:28 pm, harrison4ride @.***> wrote:
Thank you for your help.
I tried your script with the AFL++ version 775861e, but I still can not compile poppler from my end. It raise the same error message.
Detecting C compile features - failed 12.65 -- Check for working CXX compiler: /magma/fuzzers/aflplusplus_new/repo/afl-clang-fast++ 12.88 -- Check for working CXX compiler: /magma/fuzzers/aflplusplus_new/repo/afl-clang-fast++ -- works 12.88 -- Detecting CXX compiler ABI info 13.12 -- Detecting CXX compiler ABI info - done 13.15 -- Detecting CXX compile features 14.26 -- Detecting CXX compile features - done 14.26 -- Found PkgConfig: /usr/bin/pkg-config (found version "0.29.1") 14.26 -- Looking for pthread.h 14.46 -- Looking for pthread.h - not found 14.46 -- Could NOT find Threads (missing: Threads_FOUND) 14.46 -- Check if the system is big endian 14.46 -- Searching 16 bit integer 14.46 -- Looking for sys/types.h 14.66 -- Looking for sys/types.h - not found 14.66 -- Looking for stdint.h 14.85 -- Looking for stdint.h - not found 14.85 -- Looking for stddef.h 15.04 -- Looking for stddef.h - not found 15.04 -- Check size of unsigned short 15.24 -- Check size of unsigned short - failed 15.24 -- Check size of unsigned int 15.43 -- Check size of unsigned int - failed 15.43 -- Check size of unsigned long 15.62 -- Check size of unsigned long - failed 15.62 CMake Error at /usr/share/cmake-3.10/Modules/TestBigEndian.cmake:49 (message): 15.62 no suitable type found 15.62 Call Stack (most recent call first): 15.62 CMakeLists.txt:19 (test_big_endian) 15.62 15.62 15.63 -- Configuring incomplete, errors occurred! 15.63 See also "/magma/targets/poppler/work/poppler/CMakeFiles/CMakeOutput.log". 15.63 See also "/magma/targets/poppler/work/poppler/CMakeFiles/CMakeError.log".
Dockerfile:86
84 | ENV LDFLAGS -L"${OUT}" -g 85 | 86 | >>> RUN ${FUZZER}/instrument.sh 87 | 88 | ENTRYPOINT "${MAGMA}/run.sh"
ERROR: failed to solve: process "/bin/sh -c ${FUZZER}/instrument.sh" did not complete successfully: exit code: 1
— Reply to this email directly, view it on GitHub https://github.com/HexHive/magma/issues/166#issuecomment-1987083322, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACB2DEQUMWNE4U37PUMKTADYXPOQBAVCNFSM6AAAAABEKAK6CSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSOBXGA4DGMZSGI . You are receiving this because you commented.Message ID: @.***>
For the update, I tried to compile with the same script on another machine, but I still got the same error.
Another update, I can manually build and run openssl asn1 with my script successfully, but when I use ./run.sh the program aborted and raised the error above.
Ok thanks. I haven't had a chance to try again, unfortuntally, hopefully I can get some time one evening or on the weekend.
On Tue, 12 Mar 2024 at 10:14, harrison4ride @.***> wrote:
Another update, I can manually build and run openssl asn1 with my script successfully, but when I use ./run.sh the program aborted and raised the error above.
— Reply to this email directly, view it on GitHub https://github.com/HexHive/magma/issues/166#issuecomment-1989619850, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACB2DEUE4H7GI54GI6F4JWLYXZCGPAVCNFSM6AAAAABEKAK6CSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSOBZGYYTSOBVGA . You are receiving this because you commented.Message ID: @.***>
Ok thanks. I haven't had a chance to try again, unfortuntally, hopefully I can get some time one evening or on the weekend. … On Tue, 12 Mar 2024 at 10:14, harrison4ride @.> wrote: Another update, I can manually build and run openssl asn1 with my script successfully, but when I use ./run.sh the program aborted and raised the error above. — Reply to this email directly, view it on GitHub <#166 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACB2DEUE4H7GI54GI6F4JWLYXZCGPAVCNFSM6AAAAABEKAK6CSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSOBZGYYTSOBVGA . You are receiving this because you commented.Message ID: @.>
Thank you very much for the help. I will keep looking into it as well.