Add a temporary patch to compare-transform-pass.

cf. AFLplusplus/AFLplusplus#1848 This patch fixes a problem that causes laf-intel DA to fail against libxml2_cve-2017-5969. However, the DA has not yet worked for mruby_hackerone-reports-185041.
RICSecLab · Sep 1, 2023 · 223b609 · 223b609
1 parent 5d39b18
commit 223b609
Show file tree

Hide file tree

Showing 2 changed files with 35 additions and 0 deletions.
diff --git a/data_augmentation/methods/laf-intel/build.sh b/data_augmentation/methods/laf-intel/build.sh
@@ -13,6 +13,7 @@ git checkout 4.07c
 # apply the Aurora patch (TODO)
 #
 patch -p1 < "${DA_ROOT}/aflppcem.patch"
+patch -p1 < "${DA_ROOT}/compare-transform-pass.patch"
 
 #
 # build AFL++

diff --git a/data_augmentation/methods/laf-intel/compare-transform-pass.patch b/data_augmentation/methods/laf-intel/compare-transform-pass.patch
@@ -0,0 +1,34 @@
+diff --git a/instrumentation/compare-transform-pass.so.cc b/instrumentation/compare-transform-pass.so.cc
+index 5dd705cf..6e20135e 100644
+--- a/instrumentation/compare-transform-pass.so.cc
++++ b/instrumentation/compare-transform-pass.so.cc
+@@ -226,10 +226,7 @@ bool CompareTransform::transformCmps(Module &M, const bool processStrcmp,
+           StringRef FuncName = Callee->getName();
+           isStrcmp &=
+               (!FuncName.compare("strcmp") || !FuncName.compare("xmlStrcmp") ||
+-               !FuncName.compare("xmlStrEqual") ||
+-               !FuncName.compare("g_strcmp0") ||
+-               !FuncName.compare("curl_strequal") ||
+-               !FuncName.compare("strcsequal"));
++               !FuncName.compare("g_strcmp0"));
+           isMemcmp &=
+               (!FuncName.compare("memcmp") || !FuncName.compare("bcmp") ||
+                !FuncName.compare("CRYPTO_memcmp") ||
+@@ -237,8 +234,7 @@ bool CompareTransform::transformCmps(Module &M, const bool processStrcmp,
+                !FuncName.compare("memcmp_const_time") ||
+                !FuncName.compare("memcmpct"));
+           isStrncmp &= (!FuncName.compare("strncmp") ||
+-                        !FuncName.compare("xmlStrncmp") ||
+-                        !FuncName.compare("curl_strnequal"));
++                        !FuncName.compare("xmlStrncmp"));
+           isStrcasecmp &= (!FuncName.compare("strcasecmp") ||
+                            !FuncName.compare("stricmp") ||
+                            !FuncName.compare("ap_cstr_casecmp") ||
+@@ -472,7 +468,6 @@ bool CompareTransform::transformCmps(Module &M, const bool processStrcmp,
+
+       if (isMemcmp || !Callee->getName().compare("strncmp") ||
+           !Callee->getName().compare("xmlStrncmp") ||
+-          !Callee->getName().compare("curl_strnequal") ||
+           !Callee->getName().compare("strncasecmp") ||
+           !Callee->getName().compare("strnicmp") ||
+           !Callee->getName().compare("ap_cstr_casecmpn") ||