Introduction
Okay,These days,I got a task and need to learn how to use the honggfuzz to fuzz some program.
So,I decide to start form the example in honggfuzz src.
honggfuzz/example/openssl
Let follow the README.md in honggfuzz/example/openssl
1.Compile honggfuzz
emmmm,nothing need to explain
2. Clone OpenSSL
1 | $ mkdir honggfuzz/example/openssl-master |
3.Use ‘compile_hfuzz_openssl_master.sh’ to configure OpenSSL
1 | $ cd honggfuzz/example/openssl-master/openssl |
Now,we will meet some trouble:
Follow up in the compile_hfuzz_openssl_master.sh as you see in the follow png
what u need to do is:1
2
3
4
51. delete`enable-tls13downgrade`
2. change the `CC` and `CXX`
if u sudo install honggfuzz,u can set
CC = hfuzz-clang
CXX = hfuzz-clang++
after you finish this operate,exec the command again:1
$ ./compile_hfuzz_openssl_master.sh [enable-asan|enable-msan|enable-ubsan]
U will see it
4.Compile OpenSSL
Through the observation above, i guess all the CC and CXX in the file need to edit.
So the first things to do is edit the Makefile in honggfuzz/example/openssl-master/openssl and then exec1
$ make
Oh shit, there are errors here again,Let see what happen
emmmm,we should find the source of the error,let find it
This command is the source of the source,undefined reference meant that we can not find the define of “__sanitizer_cov_trace_pc_guard” and it is the function should be include in hfuzzlib
So,let us include honggfuzz/libhfuzz/libhfuzz.a in it
vim xxx and put the content in it,which is the error command content and i add ‘~/honggfuzz-master/libhfuzz/libhfuzz.a’ in it1
2
3
4
5
6
7file:xxx
hfuzz-clang -fPIC -pthread -m64 -Wall -O0 -g -O0 -fno-sanitize=alignment -ggdb -gdwarf-4 -fno-omit-frame-pointer -z defs -Wl,-znodelete -shared -Wl,-Bsymbolic \
-o providers/fips.so -Wl,--version-script=providers/fips.ld \
providers/fips/fips-dso-fipsprov.o \
providers/fips/fips-dso-selftest.o \
providers/libimplementations.a providers/libcommon.a providers/libfips.a ~/honggfuzz-master/libhfuzz/libhfuzz.a -lz -ldl -pthread -lm
run it and we can see
OK,it seem that still lack some lib,let we grep it out1
2$ cd ../../
$ grep "logInitLogFile" -r -n
And,we find the lib:libhfcommon/libhfcommon.a
Again,we add libhfcommon/libhfcommon.a in xxx and try again1
2
3
4
5
6
7file:xxx
hfuzz-clang -fPIC -pthread -m64 -Wall -O0 -g -O0 -fno-sanitize=alignment -ggdb -gdwarf-4 -fno-omit-frame-pointer -z defs -Wl,-znodelete -shared -Wl,-Bsymbolic \
-o providers/fips.so -Wl,--version-script=providers/fips.ld \
providers/fips/fips-dso-fipsprov.o \
providers/fips/fips-dso-selftest.o \
providers/libimplementations.a providers/libcommon.a providers/libfips.a ~/honggfuzz-master/libhfuzz/libhfuzz.a ~/honggfuzz-master/libhfcommon/libhfcommon.a -lz -ldl -pthread -lm
buggggggg come out again!!!
but it is easy to fix,let me add OPTION -lrt1
2
3
4
5
6
7file:xxx
hfuzz-clang -fPIC -pthread -m64 -Wall -O0 -g -O0 -fno-sanitize=alignment -ggdb -gdwarf-4 -fno-omit-frame-pointer -z defs -Wl,-znodelete -shared -Wl,-Bsymbolic \
-o providers/fips.so -Wl,--version-script=providers/fips.ld \
providers/fips/fips-dso-fipsprov.o \
providers/fips/fips-dso-selftest.o \
providers/libimplementations.a providers/libcommon.a providers/libfips.a ~/honggfuzz-master/libhfuzz/libhfuzz.a ~/honggfuzz-master/libhfcommon/libhfcommon.a -lz -ldl -pthread -lm -lrt
Great!!We do that!!
OK,the fix is1
2
3
4
5
6
7
8
9
10
111.
add `~/honggfuzz-master/libhfuzz/libhfuzz.a ~/honggfuzz-master/libhfcommon/libhfcommon.a`
into Makefile "providers/fips.so" "providers/legacy.so" "test/p_test.so"
2.
add `-lrt`
into EX_LIBS
3.
$ make clean
$ make
5. Prepare fuzzing binaries
Again,edit CC and CCX1
make.sh <directory-with-open/libre/boring-ssl> [address|memory|undefined]
The bug is
The fix is1
move the -lFuzzer
6. Fuzzing
1 | $ honggfuzz -i corpus_server/ -P -- ./openssl-master.address.server |
Final
