1. Target: Xpdf 3.02
2. Method: Fuzzing
Diff
복사
1. 환경 설정
1.1 Xpdf 설치
$ mkdir fuzzing_xpdf && cd fuzzing_xpdf/
$ wget https://dl.xpdfreader.com/old/xpdf-3.02.tar.gz
$ tar -xvzf xpdf-3.02.tar.gz
$ cd xpdf-3.02
$ ./configure --prefix="$HOME/fuzzing_xpdf/install/"
$ make
$ make install
Bash
복사
Xpdf 설치
$ cd $HOME/fuzzing_xpdf
$ mkdir pdf_examples && cd pdf_examples
$ wget https://github.com/mozilla/pdf.js-sample-files/raw/master/helloworld.pdf
$ wget http://www.africau.edu/images/default/sample.pdf
$ wget https://www.melbpc.org.au/wp-content/uploads/2017/10/small-example-pdf-file.pdf
Bash
복사
PDF 예제 다운
╭─wogh8732@wogh8732-virtual-machine ~/Desktop/fuzzing101/fuzzing_xpdf
╰─$ ./install/bin/pdfinfo -box -meta ./pdf_examples/helloworld.pdf
Tagged: no
Pages: 1
Encrypted: no
Page size: 200 x 200 pts
MediaBox: 0.00 0.00 200.00 200.00
CropBox: 0.00 0.00 200.00 200.00
BleedBox: 0.00 0.00 200.00 200.00
TrimBox: 0.00 0.00 200.00 200.00
ArtBox: 0.00 0.00 200.00 200.00
File size: 678 bytes
Optimized: no
PDF version: 1.7
Bash
복사
Xpdf 빌드 후 pdfinfo 명령어 테스트
1.2 AFL++ 설치
sudo apt-get update
sudo apt-get install -y build-essential python3-dev automake git flex bison libglib2.0-dev libpixman-1-dev python3-setuptools
sudo apt-get install -y lld-11 llvm-11 llvm-11-dev clang-11 || sudo apt-get install -y lld llvm llvm-dev clang
sudo apt-get install -y gcc-$(gcc --version|head -n1|sed 's/.* //'|sed 's/\..*//')-plugin-dev libstdc++-$(gcc --version|head -n1|sed 's/.* //'|sed 's/\..*//')-dev
Bash
복사
종속성 설치
cd $HOME
git clone https://github.com/AFLplusplus/AFLplusplus && cd AFLplusplus
export LLVM_CONFIG="llvm-config-11"
make distrib
sudo make install
Bash
복사
AFL++ 설치
1.3 Xpdf build with afl-clang-fast
rm -r $HOME/fuzzing_xpdf/install
cd $HOME/fuzzing_xpdf/xpdf-3.02/
make clean
Bash
복사
기존 설치한 Xpdf 삭제
export LLVM_CONFIG="llvm-config-11"
CC=$HOME/AFLplusplus/afl-clang-fast CXX=$HOME/AFLplusplus/afl-clang-fast++ ./configure --prefix="$HOME/fuzzing_xpdf/install/"
make
make install
Bash
복사
afl-clang-fast를 이용하여 Xpdf 빌드
2. Fuzzing
afl-fuzz -i $HOME/fuzzing_xpdf/pdf_examples/ -o $HOME/fuzzing_xpdf/out/ -s 123 -- $HOME/fuzzing_xpdf/install/bin/pdftotext @@ $HOME/fuzzing_xpdf/output
Bash
복사
퍼징 결과 - 초당 1200번 정도 실행
3. Root Cause 분석
╭─wogh8732@wogh8732-virtual-machine ~/Desktop/fuzzing101/fuzzing_xpdf/out/default/crashes
╰─$ ls
id:000000,sig:11,src:000972,time:73483,execs:90171,op:havoc,rep:8 id:000002,sig:11,src:002102+000034,time:1777284,execs:2007644,op:splice,rep:4 README.txt
id:000001,sig:11,src:001598,time:587295,execs:706946,op:havoc,rep:4 id:000003,sig:11,src:002538,time:1890370,execs:2123589,op:havoc,rep:4
Bash
복사
•
50분 정도 돌린 결과 4개의 유니크한 크래시 발생.
•
