SYS-OSS/FRET-LibAFL
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix strncmp hook to only check the length of the string (#434)

Browse Source
This commit is contained in:
s1341 2021-12-28 11:00:44 +02:00 committed by GitHub
parent 6384f1da95
commit eeac0f4f06
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
libafl_frida/src/asan/hook_funcs.rs
View File

@ -768,8 +768,9 @@ impl AsanRuntime {
pub fn hook_strncmp(&mut self, s1: *const c_char, s2: *const c_char, n: usize) -> i32 {
extern "C" {
fn strncmp(s1: *const c_char, s2: *const c_char, n: usize) -> i32;
fn strnlen(s: *const c_char, n: usize) -> usize;
}
if !(self.shadow_check_func().unwrap())(s1 as *const c_void, n) {
if !(self.shadow_check_func().unwrap())(s1 as *const c_void, unsafe { strnlen(s1, n) }) {
AsanErrors::get_mut().report_error(AsanError::BadFuncArgRead((
"strncmp".to_string(),
self.real_address_for_stalked(AsanRuntime::pc()),
@ -778,7 +779,7 @@ impl AsanRuntime {
Backtrace::new(),
)));
}
if !(self.shadow_check_func().unwrap())(s2 as *const c_void, n) {
if !(self.shadow_check_func().unwrap())(s2 as *const c_void, unsafe { strnlen(s2, n) }) {
AsanErrors::get_mut().report_error(AsanError::BadFuncArgRead((
"strncmp".to_string(),
self.real_address_for_stalked(AsanRuntime::pc()),