Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add nasm_cve-2019-8343 #17

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

add nasm_cve-2019-8343 #17

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions data_augmentation/methods/ConcFuzz/crash_tags.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,4 +4,5 @@ libjpeg_cve-2018-19664: asan;0;oracle_source/wrbmp.c:145
libjpeg_cve-2017-15232: asan;0;oracle_source/jquant1.c:536
libxml2_cve-2017-5969: asan;0;oracle_source/valid.c:1181
readelf_cve-2019-9077: asan;0;binutils/readelf.c:16204
nasm_cve-2019-8343: asan;1;asm/preproc.c:3820
mruby_hackerone-reports-185041: asan;4;error.c:290
20 changes: 20 additions & 0 deletions targets/nasm_cve-2019-8343/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
# CVE-2019-8343
## reference
https://bugzilla.nasm.us/show_bug.cgi?id=3392556

## description
use after free in paste_tokens()

## patch

https://github.com/netwide-assembler/nasm/commit/f24d97500847ed02b62f04dc5d93e1b237c282de

https://github.com/netwide-assembler/nasm/commit/f7dbdb2e136db99051b14403a0f29c5155bbf7d8

## fixed files

asm/preproc.c is the only file that is patched in above commits.

## Source of PoC

https://bugzilla.nasm.us/show_bug.cgi?id=3392556
23 changes: 23 additions & 0 deletions targets/nasm_cve-2019-8343/build.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
#!/bin/bash

cd $TARGET_ROOT

. ${TARGET_ROOT}/config.sh

git clone --branch nasm-2.14.02 --depth 1 https://github.com/netwide-assembler/nasm.git $1
cd ${TARGET_ROOT}/$1
sh autogen.sh

TARGET_DEF_CFLAGS="${TARGET_DEF_CFLAGS-} "
TARGET_DEF_CXXFLAGS="${TARGET_DEF_CXXFLAGS-} "
ARGS=""
for var in "${!TARGET_DEF_@}"; do
ARGS="${ARGS} ${var#TARGET_DEF_}=\"$(echo ${!var})\""
done

eval ./configure 'CFLAGS="-static -static-libasan"'

eval make ${ARGS} -j$(nproc) nasm

#set +e
#./nasm -f bin ../poc -o ./tmp
5 changes: 5 additions & 0 deletions targets/nasm_cve-2019-8343/config.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
#!/bin/bash
set -eux

export RELPATH=nasm
export ARGS="-f bin @@ -o /tmp/test"
4 changes: 4 additions & 0 deletions targets/nasm_cve-2019-8343/preinstall.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
#!/bin/bash

apt-get update
apt-get install -y --no-install-recommends build-essential autoconf
16 changes: 16 additions & 0 deletions targets/nasm_cve-2019-8343/root_causes/locations
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
preproc.c:3780
preproc.c:3782
preproc.c:3783
preproc.c:3785
preproc.c:3786
preproc.c:3789
preproc.c:3790
preproc.c:3809
preproc.c:3810
preproc.c:3811
preproc.c:3812
preproc.c:3813
preproc.c:3817
preproc.c:3818
preproc.c:3819
preproc.c:3820
1 change: 1 addition & 0 deletions targets/nasm_cve-2019-8343/seeds/default
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
r%{]%%%[ %+}%+`