From dd3eaafc83f277f1701e7a8ce4a6c217e6a52037 Mon Sep 17 00:00:00 2001
From: jdh8d <jdh8d@git.zephyr-software.com>
Date: Tue, 15 Mar 2011 20:44:37 +0000
Subject: [PATCH] Variety of random small changes to keep concolic up-to-date
with grammatech's working versions
---
.gitattributes | 4 +-
examples/Makefile | 4 +-
examples/dumbledore_file.c | 46 +++++++++++++++++++
examples/dumbledore_file_with_fopen_check.c | 46 +++++++++++++++++++
examples/{dumbledore.c => dumbledore_stdin.c} | 3 ++
tools/do_concolic.sh | 6 +--
tools/ps_analyze.sh | 3 +-
tools/ps_run.sh | 18 +++++++-
8 files changed, 123 insertions(+), 7 deletions(-)
create mode 100644 examples/dumbledore_file.c
create mode 100644 examples/dumbledore_file_with_fopen_check.c
rename examples/{dumbledore.c => dumbledore_stdin.c} (90%)
diff --git a/.gitattributes b/.gitattributes
index ca55419c5..802375e2f 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -22,8 +22,10 @@ examples/Makefile -text
examples/block_copy.c -text
examples/cmd_args_005.c -text
examples/concolic_test_handshake.c -text
-examples/dumbledore.c -text
examples/dumbledore_cmd.c -text
+examples/dumbledore_file.c -text
+examples/dumbledore_file_with_fopen_check.c -text
+examples/dumbledore_stdin.c -text
examples/fptest.c -text
examples/globalfield.c -text
examples/hanoi.c -text
diff --git a/examples/Makefile b/examples/Makefile
index 50eb753dd..410262d95 100644
--- a/examples/Makefile
+++ b/examples/Makefile
@@ -9,7 +9,7 @@ LD=DO_NOT_USE
.SUFFIXES: .o .c .cpp .exe
-exes=hanoi.exe hanoi_overrun.exe hanoi_heap_overrun.exe hanoi_stack_overrun.exe print_ptr.exe malloc.exe block_copy.exe hello.exe hanoi_overrun_tainted.exe hanoi_overrun_taintedenv.exe memcpy.exe cmd_args_005.exe dumbledore.exe dumbledore_cmd.exe
+exes=hanoi.exe hanoi_overrun.exe hanoi_heap_overrun.exe hanoi_stack_overrun.exe print_ptr.exe malloc.exe block_copy.exe hello.exe hanoi_overrun_tainted.exe hanoi_overrun_taintedenv.exe memcpy.exe cmd_args_005.exe dumbledore_stdin.exe dumbledore_cmd.exe dumbledore_file.exe
all: env_check ${exes}
@@ -32,6 +32,8 @@ all: env_check ${exes}
chopzero:
@ if [ ! -f chopzero ]; then gcc chopzero.c -o chopzero -O3 ; fi
+$(exes): ${STRATA}/lib/x86_linux/libstrata.a
+
env_check:
diff --git a/examples/dumbledore_file.c b/examples/dumbledore_file.c
new file mode 100644
index 000000000..f7c5e203b
--- /dev/null
+++ b/examples/dumbledore_file.c
@@ -0,0 +1,46 @@
+#include <stdio.h>
+#include <sys/mman.h>
+#include <string.h>
+#include <stdlib.h>
+
+enum {BUFSIZE = 98};
+
+char grade = 'D';
+char Name[BUFSIZE];
+FILE *f;
+
+void readString(char *s) {
+ char buf[BUFSIZE];
+ int i = 0;
+ int c;
+
+ for (;;)
+ {
+ c = fgetc(f);
+ if ((c == EOF) || (c == '\n'))
+ break;
+ buf[i] = c;
+ i++;
+ }
+ buf[i] = '\0';
+
+ for (i = 0; i < BUFSIZE; i++)
+ s[i] = buf[i];
+}
+
+
+int main(void)
+{
+ f = fopen("data.txt", "r");
+
+ readString(Name);
+
+ if (strcmp(Name, "Wizard in Training") == 0)
+ grade = 'B';
+
+ printf("Thank you, %s.\n", Name);
+ printf("I recommend that you get a grade of %c on this assignment.\n", grade);
+
+ exit(0);
+}
+
diff --git a/examples/dumbledore_file_with_fopen_check.c b/examples/dumbledore_file_with_fopen_check.c
new file mode 100644
index 000000000..06d056a74
--- /dev/null
+++ b/examples/dumbledore_file_with_fopen_check.c
@@ -0,0 +1,46 @@
+#include <stdio.h>
+#include <sys/mman.h>
+#include <string.h>
+#include <stdlib.h>
+
+enum {BUFSIZE = 98};
+
+char grade = 'D';
+char Name[BUFSIZE];
+FILE *f;
+
+void readString(char *s) {
+ char buf[BUFSIZE];
+ int i = 0;
+ int c;
+
+ for (;;)
+ {
+ c = fgetc(f);
+ if ((c == EOF) || (c == '\n'))
+ break;
+ buf[i] = c;
+ i++;
+ }
+ buf[i] = '\0';
+
+ for (i = 0; i < BUFSIZE; i++)
+ s[i] = buf[i];
+}
+
+
+int main(void)
+{
+ f = fopen("data.txt", "r");
+
+ readString(Name);
+
+ if (strcmp(Name, "Wizard in Training") == 0)
+ grade = 'B';
+
+ printf("Thank you, %s.\n", Name);
+ printf("I recommend that you get a grade of %c on this assignment.\n", grade);
+
+// exit(0);
+}
+
diff --git a/examples/dumbledore.c b/examples/dumbledore_stdin.c
similarity index 90%
rename from examples/dumbledore.c
rename to examples/dumbledore_stdin.c
index 02e2f05c1..44c93c0b3 100644
--- a/examples/dumbledore.c
+++ b/examples/dumbledore_stdin.c
@@ -32,8 +32,11 @@ void readString(char *s) {
int main(void)
{
+#if 0
+/* needed for some exploit, but not really part of the program! */
mprotect((void*)((unsigned int)Name & 0xfffff000), 1,
PROT_READ | PROT_WRITE | PROT_EXEC);
+#endif
readString(Name);
if (strcmp(Name, "Wizard in Training") == 0)
diff --git a/tools/do_concolic.sh b/tools/do_concolic.sh
index 5a58b6b2f..0890767b5 100755
--- a/tools/do_concolic.sh
+++ b/tools/do_concolic.sh
@@ -13,7 +13,7 @@ whoami=`whoami`
# simple error checking
#
if [ $GRACE_HOME"X" = "X" ]; then echo Failed to set GRACE_HOME; exit 2; fi
-if [ ! -f $GRACE_HOME/concolic/src/util/linux/meds_annot_to_grace ]; then
+if [ ! -f $GRACE_HOME/concolic/src/util/linux/objdump_to_grace ]; then
echo "Failed to set GRACE_HOME properly (i.e. wrong path)"
exit 3
fi
@@ -28,7 +28,7 @@ line=`cat $annot|egrep " FUNC GLOBAL exit"|sed "s/ */ /g"`
stop_ea=`echo $line |cut -d" " -f1`
# assume grace_home env is set.
-$GRACE_HOME/concolic/src/util/linux/meds_annot_to_grace $annot
+$GRACE_HOME/concolic/src/util/linux/objdump_to_grace $strata_exe
if [ ! -f $sym ]; then
echo Failed to produce .sym file
exit 1;
@@ -39,7 +39,7 @@ for i in `ipcs -q|grep $whoami |cut -d" " -f 2`;
do
ipcrm -q $i
done
-STRATA_GRACE=1 controller $extra_args --start $start_ea --stop $stop_ea --symbols $sym $strata_exe
+STRATA_GRACE=1 controller $extra_args --start $start_ea --stop $stop_ea --symbols $sym --outputs replay $strata_exe
echo cleaning up
killall -q controller
diff --git a/tools/ps_analyze.sh b/tools/ps_analyze.sh
index 4a70487ef..527d18348 100755
--- a/tools/ps_analyze.sh
+++ b/tools/ps_analyze.sh
@@ -69,7 +69,8 @@ $SMPSA_HOME/SMP-analyze.sh a.ncexe
echo Done.
echo Running concolic testing to generate inputs ...
-$PEASOUP_HOME/tools/do_concolic.sh a 2>&1 |egrep -e "INPUT VECTOR:" -e "1: argc ="
+$PEASOUP_HOME/tools/do_concolic.sh a --iterations 50 --logging tracer
+# 2>&1 |egrep -e "INPUT VECTOR:" -e "1: argc ="
# >/dev/null 2>&1
echo Done.
diff --git a/tools/ps_run.sh b/tools/ps_run.sh
index d10b42bbb..83e7f77a8 100755
--- a/tools/ps_run.sh
+++ b/tools/ps_run.sh
@@ -1,8 +1,24 @@
#!/bin/sh
+#
+# determine the directory that contains the files for peasoup
+#
datapath=$1
+
+#
+# grab the rest of the args in $*
+#
shift;
-STRATA_ANNOT_FILE=$datapath/a.ncexe.annot STRATA_PC_CONFINE=1 $datapath/a.stratafied $*
+#
+# Run the program with the proper env. vars set., and the arguments to the program specified
+#
+STRATA_DOUBLE_FREE=1 \
+ STRATA_HEAPRAND=1 \
+ STRATA_PC_CONFINE=1 \
+ STRATA_PC_CONFINE_XOR=1 \
+ STRATA_PC_CONFINE_XOR_KEY_LENGTH=1024 \
+ STRATA_ANNOT_FILE=$datapath/a.ncexe.annot \
+ $datapath/a.stratafied $*
--
GitLab