From acba89b92a4b3e2478d87ee6ef489c07fbb5d20c Mon Sep 17 00:00:00 2001 From: Dongjia Zhang Date: Wed, 23 Mar 2022 19:30:20 +0900 Subject: [PATCH] Makefile.toml for frida fuzzer (#566) * frida makefile.toml * makefile.toml --- fuzzers/frida_libpng/Cargo.toml | 3 +- fuzzers/frida_libpng/Makefile.toml | 106 +++++++++++++++++ fuzzers/frida_libpng/README.md | 8 +- fuzzers/frida_libpng/build.rs | 184 ----------------------------- 4 files changed, 110 insertions(+), 191 deletions(-) create mode 100644 fuzzers/frida_libpng/Makefile.toml delete mode 100644 fuzzers/frida_libpng/build.rs diff --git a/fuzzers/frida_libpng/Cargo.toml b/fuzzers/frida_libpng/Cargo.toml index ca77303189..99f4ce9268 100644 --- a/fuzzers/frida_libpng/Cargo.toml +++ b/fuzzers/frida_libpng/Cargo.toml @@ -1,9 +1,8 @@ [package] -name = "frida_libpng" +name = "frida_fuzzer" version = "0.7.1" authors = ["Andrea Fioraldi ", "Dominik Maier "] edition = "2021" -build = "build.rs" [features] default = ["std"] diff --git a/fuzzers/frida_libpng/Makefile.toml b/fuzzers/frida_libpng/Makefile.toml new file mode 100644 index 0000000000..abf1155f4e --- /dev/null +++ b/fuzzers/frida_libpng/Makefile.toml @@ -0,0 +1,106 @@ +# Variables +[env] +FUZZER_NAME='frida_fuzzer' +FUZZER = './target/release/${FUZZER_NAME}' +PROJECT_DIR = { script = ["pwd"] } + +[tasks.unsupported] +script_runner="@shell" +script=''' +echo "Cargo-make not integrated yet on this" +''' + +# libpng +[tasks.libpng] +linux_alias = "libpng_unix" +mac_alias = "libpng_unix" +windows_alias = "unsupported" + +[tasks.libpng_unix] +condition = { files_not_exist = ["./libpng-1.6.37"]} +script_runner="@shell" +script=''' +wget https://deac-fra.dl.sourceforge.net/project/libpng/libpng16/1.6.37/libpng-1.6.37.tar.xz +tar -xvf libpng-1.6.37.tar.xz +''' + +# Library +[tasks.lib] +linux_alias = "lib_unix" +mac_alias = "lib_unix" +windows_alias = "unsupported" + +[tasks.lib_unix] +script_runner="@shell" +script=''' +cd libpng-1.6.37 && ./configure --enable-shared=no --with-pic=yes --enable-hardware-optimizations=yes +cd "${PROJECT_DIR}" +make -C libpng-1.6.37 +''' +dependencies = [ "libpng" ] + +# Harness +[tasks.harness] +linux_alias = "harness_unix" +mac_alias = "harness_unix" +windows_alias = "unsupported" + +[tasks.harness_unix] +script_runner="@shell" +script=''' +clang++ -O3 -c -fPIC harness.cc -o harness.o +clang++ -O3 harness.o libpng-1.6.37/.libs/libpng16.a -shared -lz -o libpng-harness.so +''' +dependencies = [ "lib" ] + + +# Fuzzer +[tasks.fuzzer] +script_runner="@shell" +script=''' +cargo build --release +cp ./target/release/${FUZZER_NAME} . +''' + +# Run the fuzzer +[tasks.run] +linux_alias = "run_unix" +mac_alias = "run_unix" +windows_alias = "unsupported" + +[tasks.run_unix] +script_runner = "@shell" +script=''' +./${FUZZER_NAME} -F LLVMFuzzerTestOneInput -H ./libpng-harness.so -l ./libpng-harness.so +''' +dependencies = [ "fuzzer", "harness" ] + +# Test +[tasks.test] +linux_alias = "test_unix" +mac_alias = "test_unix" +windows_alias = "unsupported" + +[tasks.test_unix] +script_runner = "@shell" +script=''' +rm -rf libafl_unix_shmem_server || true +timeout 10s ./${FUZZER_NAME} -F LLVMFuzzerTestOneInput -H ./libpng-harness.so -l ./libpng-harness.so & +''' +dependencies = [ "fuzzer", "harness" ] + +# Clean up +[tasks.clean] +linux_alias = "clean_unix" +mac_alias = "clean_unix" +windows_alias = "unsupported" + +[tasks.clean_unix] +# Disable default `clean` definition +clear = true +script_runner="@shell" +script=''' +rm -f ./${FUZZER_NAME} +make -C libpng-1.6.37 clean +cargo clean +''' \ No newline at end of file diff --git a/fuzzers/frida_libpng/README.md b/fuzzers/frida_libpng/README.md index dfff37fc50..b59c2ad189 100644 --- a/fuzzers/frida_libpng/README.md +++ b/fuzzers/frida_libpng/README.md @@ -31,15 +31,13 @@ After building the libpng-harness, too, you can run `find . -name libpng-harness `./target/release/frida_libpng ./libpng-harness.so LLVMFuzzerTestOneInput ./libpng-harness.so --cores=0 --input=./corpus` ## Windows -You can also fuzz libpng-1.6.37 on windows with frida mode! (still experimental, we have an issue on frida-gum.) +You can also fuzz libpng-1.6.37 on windows with frida mode ### To build it with visual studio 1. Install clang for windows (make sure you add LLVM to the system path!) [https://github.com/llvm/llvm-project/releases/tag/llvmorg-12.0.1](https://github.com/llvm/llvm-project/releases/tag/llvmorg-12.0.1) -2. Run build, this will download and extract libpng-1.6.37 directory. -``` -cargo build --release -``` +2. Download libpng-1.6.37[https://deac-fra.dl.sourceforge.net/project/libpng/libpng16/1.6.37/libpng-1.6.37.tar.xz] and zlib [https://zlib.net/zlib-1.2.11.tar.gz] into this directory, and rename `zlib-1.2.11` directory to `zlib`. + 3. Build libpng1.6.37 - Open libpng-1.6.37/projects/vstudio/vstudio.sln - Open Build->Configuration Manager diff --git a/fuzzers/frida_libpng/build.rs b/fuzzers/frida_libpng/build.rs deleted file mode 100644 index 27af7786f6..0000000000 --- a/fuzzers/frida_libpng/build.rs +++ /dev/null @@ -1,184 +0,0 @@ -// build.rs - -use std::{ - env, - fs::{rename, File}, - io, - path::Path, - process::{exit, Command}, -}; - -use which::which; - -use flate2::read::GzDecoder; -use tar::Archive; -use xz::read::XzDecoder; - -const LIBPNG_URL: &str = - "https://deac-fra.dl.sourceforge.net/project/libpng/libpng16/1.6.37/libpng-1.6.37.tar.xz"; -const ZLIB_URL: &str = "https://zlib.net/zlib-1.2.11.tar.gz"; - -fn build_dep_check(tools: &[&str]) { - for tool in tools { - println!("Checking for build tool {}...", tool); - - if let Ok(path) = which(tool) { - println!("Found build tool {}", path.to_str().unwrap()); - } else { - println!("ERROR: missing build tool {}", tool); - exit(1); - }; - } -} - -fn main() { - if cfg!(windows) { - let cwd = env::current_dir().unwrap().to_string_lossy().to_string(); - println!("cargo:rerun-if-changed=build.rs"); - println!("cargo:rerun-if-changed=../libfuzzer_runtime/rt.c",); - println!("cargo:rerun-if-changed=harness.cc"); - - let libpng = format!("{}/libpng-1.6.37", &cwd); - let libpng_path = Path::new(&libpng); - let libpng_tar = format!("{}/libpng-1.6.37.tar.xz", &cwd); - - let zlib = format!("{}/zlib", &cwd); - let zlib_1_2_11 = format!("{}/zlib-1.2.11", &cwd); - let zlib_path = Path::new(&zlib); - let zlib_tar = format!("{}/zlib-1.2.11.tar.gz", &cwd); - - if !libpng_path.is_dir() && !Path::new(&libpng_tar).is_file() { - println!("cargo:warning=Libpng not found, downloading..."); - // Download libpng - let mut resp = reqwest::blocking::get(LIBPNG_URL).expect("Libpng download failed"); - let mut out = File::create(&libpng_tar).expect("Libpng download failed"); - io::copy(&mut resp, &mut out).expect("Libpng downlaod failed"); - - let tar_xz = File::open(&libpng_tar).expect("Libpng extraction failed"); - let tar = XzDecoder::new(tar_xz); - let mut archive = Archive::new(tar); - archive.unpack(&cwd).expect("Libpng extraction failed"); - } - if !zlib_path.is_dir() && !Path::new(&zlib_tar).is_file() { - println!("cargo:warning=Zlib not found, downloading..."); - // Download Zlib - let mut resp = reqwest::blocking::get(ZLIB_URL).expect("Zlib download failed"); - let mut out = File::create(&zlib_tar).expect("Zlib download failed"); - io::copy(&mut resp, &mut out).expect("Zlib downlaod failed"); - - let tar_gz = File::open(&zlib_tar).expect("Zlib extraction failed"); - let tar = GzDecoder::new(tar_gz); - let mut archive = Archive::new(tar); - archive.unpack(&cwd).expect("Zlib extraction failed"); - rename(zlib_1_2_11, zlib).expect("Zlib extraction failed"); - } - - println!("cargo:warning=Now compile libpng with either visual studio or msys2"); - } else { - let out_dir = env::var_os("OUT_DIR").unwrap(); - let cwd = env::current_dir().unwrap().to_string_lossy().to_string(); - let out_dir = out_dir.to_string_lossy().to_string(); - let out_dir_path = Path::new(&out_dir); - std::fs::create_dir_all(&out_dir) - .unwrap_or_else(|_| panic!("Failed to create {}", &out_dir)); - - println!("cargo:rerun-if-changed=build.rs"); - println!("cargo:rerun-if-changed=../libfuzzer_runtime/rt.c",); - println!("cargo:rerun-if-changed=harness.cc"); - - build_dep_check(&["clang", "clang++", "wget", "tar", "make"]); - - let libpng = format!("{}/libpng-1.6.37", &out_dir); - let libpng_path = Path::new(&libpng); - let libpng_tar = format!("{}/libpng-1.6.37.tar.xz", &cwd); - - // Enforce clang for its -fsanitize-coverage support. - let clang = match env::var("CLANG_PATH") { - Ok(path) => path, - Err(_) => "clang".to_string(), - }; - let clangpp = format!("{}++", &clang); - std::env::set_var("CC", &clang); - std::env::set_var("CXX", &clangpp); - let ldflags = match env::var("LDFLAGS") { - Ok(val) => val, - Err(_) => "".to_string(), - }; - - // println!("cargo:warning=output path is {}", libpng); - if !libpng_path.is_dir() { - if !Path::new(&libpng_tar).is_file() { - println!("cargo:warning=Libpng not found, downloading..."); - // Download libpng - Command::new("wget") - .arg("-c") - .arg(LIBPNG_URL) - .arg("-O") - .arg(&libpng_tar) - .status() - .unwrap(); - } - Command::new("tar") - .current_dir(&out_dir_path) - .arg("xvf") - .arg(&libpng_tar) - .status() - .unwrap(); - Command::new("./configure") - .current_dir(&libpng_path) - .args(&[ - "--disable-shared", - &format!("--host={}", env::var("TARGET").unwrap())[..], - ]) - .env("CC", &clang) - .env("CXX", &clangpp) - .env( - "CFLAGS", - "-O3 -g -D_DEFAULT_SOURCE -fPIC -fno-omit-frame-pointer", - ) - .env( - "CXXFLAGS", - "-O3 -g -D_DEFAULT_SOURCE -fPIC -fno-omit-frame-pointer", - ) - .env( - "LDFLAGS", - //format!("-g -fPIE -fsanitize=address {}", ldflags), - format!("-g -fPIE {}", ldflags), - ) - .status() - .unwrap(); - Command::new("make") - .current_dir(&libpng_path) - .status() - .unwrap(); - } - - let status = cc::Build::new() - .cpp(true) - .get_compiler() - .to_command() - .current_dir(&cwd) - .arg("-I") - .arg(&libpng) - //.arg("-D") - //.arg("HAS_DUMMY_CRASH=1") - .arg("-fPIC") - .arg("-shared") - .arg("-O3") - //.arg("-fomit-frame-pointer") - .arg(if env::var("CARGO_CFG_TARGET_OS").unwrap() == "android" { - "-static-libstdc++" - } else { - "" - }) - .arg("-o") - .arg(format!("{}/libpng-harness.so", &out_dir)) - .arg("./harness.cc") - .arg(format!("{}/.libs/libpng16.a", &libpng)) - .arg("-l") - .arg("z") - .status() - .unwrap(); - assert!(status.success()); - } -}