search

AngoraFuzzer / Angora

Angora is a mutation-based fuzzer. The main goal of Angora is to increase branch coverage by solving path constraints without symbolic execution.
Apache License 2.0
916 stars 166 forks source link

Fail to build boringssl in google testsuite #66

Open wcventure opened 5 years ago

wcventure commented 5 years ago

Hi, I try to use Angora to build up boringssl in google's fuzzer-test-suite.

But I face some problems. Compilation failed. Some "Unknown command line argument" happened. Thank you very much if you can help.

git clone https://github.com/google/boringssl.git
cd boringssl && git checkout 894a47df2423f0d2b6be57e6d90f2bea88213382
cmake -DBUILD_SHARED_LIBS=OFF -DCMAKE_C_COMPILER="$CC" -DCMAKE_C_FLAGS="$CFLAGS -Wno-deprecated-declarations" -DCMAKE_CXX_COMPILER="$CXX" -DCMAKE_CXX_FLAGS="$CXXFLAGS -Wno-error=main"
USE_TRACK=1 make
Scanning dependencies of target pkcs8
[  0%] Building C object crypto/pkcs8/CMakeFiles/pkcs8.dir/pkcs8.c.o
angora-llvm-pass
[+] Track Mode.
ModName: /home/hjwang/UAF_Object/boringssl/crypto/pkcs8/pkcs8.c -- 240666624
[  0%] Building C object crypto/pkcs8/CMakeFiles/pkcs8.dir/p8_pkey.c.o
angora-llvm-pass
[+] Track Mode.
ModName: /home/hjwang/UAF_Object/boringssl/crypto/pkcs8/p8_pkey.c -- 4124475480
[  0%] Building C object crypto/pkcs8/CMakeFiles/pkcs8.dir/p5_pbe.c.o
angora-llvm-pass
[+] Track Mode.
ModName: /home/hjwang/UAF_Object/boringssl/crypto/pkcs8/p5_pbe.c -- 626395324
[  1%] Building C object crypto/pkcs8/CMakeFiles/pkcs8.dir/p5_pbev2.c.o
angora-llvm-pass
[+] Track Mode.
ModName: /home/hjwang/UAF_Object/boringssl/crypto/pkcs8/p5_pbev2.c -- 821228019
[  1%] Built target pkcs8
Scanning dependencies of target stack
[  1%] Building C object crypto/stack/CMakeFiles/stack.dir/stack.c.o
angora-llvm-pass
[+] Track Mode.
ModName: /home/hjwang/UAF_Object/boringssl/crypto/stack/stack.c -- 2440237580
[  1%] Built target stack
Scanning dependencies of target lhash
[  2%] Building C object crypto/lhash/CMakeFiles/lhash.dir/lhash.c.o
angora-llvm-pass
[+] Track Mode.
ModName: /home/hjwang/UAF_Object/boringssl/crypto/lhash/lhash.c -- 2660896871
[  2%] Built target lhash
[  2%] Generating err_data.c
Reason: 2460 bytes of list and 12186 bytes of string data.
Scanning dependencies of target err
[  3%] Building C object crypto/err/CMakeFiles/err.dir/err.c.o
angora-llvm-pass
[+] Track Mode.
ModName: /home/hjwang/UAF_Object/boringssl/crypto/err/err.c -- 2348727400
[  3%] Building C object crypto/err/CMakeFiles/err.dir/err_data.c.o
angora-llvm-pass
[+] Track Mode.
ModName: /home/hjwang/UAF_Object/boringssl/crypto/err/err_data.c -- 2936448182
[  3%] Built target err
Scanning dependencies of target buf
[  3%] Building C object crypto/buf/CMakeFiles/buf.dir/buf.c.o
angora-llvm-pass
[+] Track Mode.
ModName: /home/hjwang/UAF_Object/boringssl/crypto/buf/buf.c -- 4131668110
[  3%] Built target buf
Scanning dependencies of target base64
[  3%] Building C object crypto/base64/CMakeFiles/base64.dir/base64.c.o
angora-llvm-pass
[+] Track Mode.
ModName: /home/hjwang/UAF_Object/boringssl/crypto/base64/base64.c -- 3877930907
[  3%] Built target base64
Scanning dependencies of target bytestring
[  4%] Building C object crypto/bytestring/CMakeFiles/bytestring.dir/ber.c.o
angora-llvm-pass
[+] Track Mode.
ModName: /home/hjwang/UAF_Object/boringssl/crypto/bytestring/ber.c -- 2952782516
[  4%] Building C object crypto/bytestring/CMakeFiles/bytestring.dir/cbs.c.o
angora-llvm-pass
[+] Track Mode.
ModName: /home/hjwang/UAF_Object/boringssl/crypto/bytestring/cbs.c -- 1020596972
[  4%] Building C object crypto/bytestring/CMakeFiles/bytestring.dir/cbb.c.o
angora-llvm-pass
[+] Track Mode.
ModName: /home/hjwang/UAF_Object/boringssl/crypto/bytestring/cbb.c -- 2838317411
[  4%] Built target bytestring
[  5%] Generating sha512-x86_64.S
[  5%] Generating sha1-x86_64.S
[  5%] Generating sha256-x86_64.S
Scanning dependencies of target sha
[  5%] Building C object crypto/sha/CMakeFiles/sha.dir/sha1.c.o
angora-llvm-pass
[+] Track Mode.
ModName: /home/hjwang/UAF_Object/boringssl/crypto/sha/sha1.c -- 2848179106
[  5%] Building C object crypto/sha/CMakeFiles/sha.dir/sha256.c.o
angora-llvm-pass
[+] Track Mode.
ModName: /home/hjwang/UAF_Object/boringssl/crypto/sha/sha256.c -- 2584381592
[  5%] Building C object crypto/sha/CMakeFiles/sha.dir/sha512.c.o
angora-llvm-pass
[+] Track Mode.
ModName: /home/hjwang/UAF_Object/boringssl/crypto/sha/sha512.c -- 2131095811
[  6%] Building ASM object crypto/sha/CMakeFiles/sha.dir/sha1-x86_64.S.o
clang (LLVM option parsing): Unknown command line argument '-TrackMode'.  Try: 'clang (LLVM option parsing) -help'
clang (LLVM option parsing): Did you mean '-max-hsdr'?
clang (LLVM option parsing): Unknown command line argument '-angora-dfsan-abilist=/home/hjwang/Tools/Angora/bin/rules/angora_abilist.txt'.  Try: 'clang (LLVM option parsing) -help'
clang (LLVM option parsing): Did you mean '-dfsan-abilist=/home/hjwang/Tools/Angora/bin/rules/angora_abilist.txt'?
clang (LLVM option parsing): Unknown command line argument '-angora-dfsan-abilist=/home/hjwang/Tools/Angora/bin/rules/dfsan_abilist.txt'.  Try: 'clang (LLVM option parsing) -help'
clang (LLVM option parsing): Did you mean '-dfsan-abilist=/home/hjwang/Tools/Angora/bin/rules/dfsan_abilist.txt'?
clang (LLVM option parsing): Unknown command line argument '-angora-exploitation-list=/home/hjwang/Tools/Angora/bin/rules/exploitation_list.txt'.  Try: 'clang (LLVM option parsing) -help'
clang (LLVM option parsing): Did you mean '-precise-rotation-cost=/home/hjwang/Tools/Angora/bin/rules/exploitation_list.txt'?
clang (LLVM option parsing): Unknown command line argument '-angora-dfsan-abilist2=/home/hjwang/Tools/Angora/bin/rules/angora_abilist.txt'.  Try: 'clang (LLVM option parsing) -help'
clang (LLVM option parsing): Did you mean '-dfsan-abilist=/home/hjwang/Tools/Angora/bin/rules/angora_abilist.txt'?
clang (LLVM option parsing): Unknown command line argument '-angora-dfsan-abilist2=/home/hjwang/Tools/Angora/bin/rules/dfsan_abilist.txt'.  Try: 'clang (LLVM option parsing) -help'
clang (LLVM option parsing): Did you mean '-dfsan-abilist=/home/hjwang/Tools/Angora/bin/rules/dfsan_abilist.txt'?
crypto/sha/CMakeFiles/sha.dir/build.make:164: recipe for target 'crypto/sha/CMakeFiles/sha.dir/sha1-x86_64.S.o' failed
make[2]: *** [crypto/sha/CMakeFiles/sha.dir/sha1-x86_64.S.o] Error 1
CMakeFiles/Makefile2:1007: recipe for target 'crypto/sha/CMakeFiles/sha.dir/all' failed
make[1]: *** [crypto/sha/CMakeFiles/sha.dir/all] Error 2
Makefile:83: recipe for target 'all' failed
make: *** [all] Error 2
hexcoder- commented 5 years ago

Building ASM object ...

It is probably wrong to call angora-clang on an assembler source. Should the wrapper detect assembler sources?

adrianherrera commented 5 years ago

Not sure if people are still struggling with this, but I've made a PR that does exactly what @hexcoder suggested (https://github.com/AngoraFuzzer/Angora/pull/74).

However, this still requires an abilist for libcrypto (because of all the assembly files that DFSan cannot track through). To fix this I'd suggest just adding -DOPENSSL_NO_ASM=True to the CMake command in fuzzer-test-suite/boringssl-2016-02-12/build.sh. The bug still exists with these changes.