Fix ASAN linking #233
Merged
Fix ASAN linking #233
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
maxammann
added a commit
to tlspuffin/openssl-src-rs
that referenced
this pull request
Apr 24, 2023
See tlspuffin/tlspuffin#233 * Do not link against libasan libasan is from GCC and not from LLVM. Also always use -fsanitize=address instead of linking manually. The -f flag makes sure that the correct symbols end up in the final binary. * Remove flags which do nothing (rustc link flags do not apply transitively)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
After upgrading LibAFL from 0.8 to 0.9 the test
tls::vulnerabilities::tests::test_seed_heartbleedstarted to fail. This test checks whether AddressSanitizer is correctly detecting heartbleed in OpenSSL 1.0.The solution is to use -fsanitize=address instead of linking
libasanmanually 😵💫 and using Ubuntu (which uses a libclang_rt.asan with non-dynamic symbol exports). Linking againstlibasanis bad because it is from GCC.Why did ASAN stop working?
LibAFL defines a weak symbol __libafl_asan_region_is_poisoned. The fuzzing target, which is linked to the final Rust binary, is a sanitized (
-fsanitize=address -shared-libasan) static library. Because only this static library is sanitized we have to use the shared DSO version of ASAN.ASAN was linked with the Rust binary and the static library using
-lasan.Now, weak symbols from static libraries are preferred over the dynamic ASAN library.
Therefore, ASAN used the invalid weak symbol from LibAFL. This is valid and not a bug. Linking order does not change this behavior.
Why did this happen with the update from LibAFL 0.8 to 0.9?
The weak
__libafl_asan_region_is_poisonedfrom LibAFL is only included if it is referenced. Else the linker will discard it because it is dead code.Apparently something in LibAFL changed which made it believe that
__libafl_asan_region_is_poisonedis required.How can we solve this?
Two things are involved here:
-fsanitize=addressto the linker. This will make sure that the LLVM libclang_rt is used instead of GCC libasan. On Ubuntu libclang_rt uses the correct__libafl_asan_region_is_poisonedsymbol.libasanthrough e.g. abuild.rsscript orRUSTFLAGS.clangas a linker. By default, Rust will useccas linker binary for x86_64 Linux targets.ccwill link against the GCC ASAN runtime calledlibasan.so. This might be invalid with the sanitization applied to the fuzzing target, which uses LLVM.Enable default-linker-libraries, such that it will automatically link against ASAN. This works because the static library (fuzzing target) is compiled with clang and wants to link against ASAN.LD_LIBRARY_PATH, such that the LLVM runtime is found. / Use rpathMinor hints:
--target, else build scripts will also be sanitized.RUSTDOCFLAGS, else doc tests will not find ASAN symbols.Requires: tlspuffin/openssl-src-rs#2