Improved Fuzzing Technique for Detecting Stack Overflow Bugs in Rust

detect stack overflow bugs in rust via improved n.w
1 / 32
Embed
Share

Learn how to detect stack overflow bugs more effectively in Rust through an enhanced fuzzing technique to address vulnerabilities and potential consequences of stack overflow issues.

  • Rust Programming
  • Fuzzing Technique
  • Stack Overflow Bugs
  • Vulnerabilities
  • Security
rayaanacharya
att_tex Follow

Uploaded on | 1 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Detect Stack Overflow Bugs in Rust via Improved Fuzzing Technique Zhiyong Ren Zhiyong Ren Fudan University Fudan University July 5, 2023 July 5, 2023

  2. Motivation

  3. Motivation Rust suffers from stackoverflow problem

  4. Motivation e.g. CVE-2018-20993: Uncontrolled recursion Rust suffers from stackoverflow problem recursion leads to abort in deserialization CVE-2018-20994: Stackoverflow Stackoverflow when parsing malicious DNS packet CVE-2019-15542: Uncontrolled recursion recursion leads to abort in HTML serialization CVE-2019-25001: Flaw in CBOR deserializer allows stackoverflow stackoverflow CVE-2020-35857: Stackoverflow Stackoverflow when resolving additional records from MX or SRV null targets CVE-2020-35858: Parsing a specially crafted message can result in a stackoverflow stackoverflow

  5. Motivation e.g. CVE-2018-20993: Uncontrolled recursion Rust suffers from stackoverflow problem recursion leads to abort in deserialization CVE-2018-20994: Stackoverflow Stackoverflow when parsing malicious DNS packet CVE-2019-15542: Uncontrolled recursion recursion leads to abort in HTML serialization CVE-2019-25001: Flaw in CBOR deserializer allows stackoverflow stackoverflow CVE-2020-35857: Stackoverflow Stackoverflow when resolving additional records from MX or SRV null targets CVE-2020-35858: Parsing a specially crafted message can result in a stackoverflow stackoverflow Stackoverflow has serious consequence

  6. Examples simplest recursion simplest recursion

  7. Examples simplest recursion simplest recursion fibonacci recursion

  8. Examples simplest recursion simplest recursion tree traversal recursion fibonacci recursion

  9. Approach

  10. Approach call graph construction

  11. Approach search for dangerous API c d i h b g e j f a d a b c

  12. Approach search for dangerous API c d i h b g e j f a d a b c

  13. Approach search for dangerous API c d i h b g e j f a d a b c

  14. Approach search for dangerous API c d i h b g e j f a d a b c

  15. Approach search for dangerous API c d i h b g e j f a d a b c

  16. Approach search for dangerous API c d i h b g e j f a d a b c

  17. Approach construct fuzz target

  18. Approach accelerate fuzzing process Instrumentation: extraly instrument at the entry of each function and record the number of Instrumentation: extraly instrument at the entry of each function and record the number of function call times in each fuzzing process (trace_bits[0]). function call times in each fuzzing process (trace_bits[0]).

  19. Approach accelerate fuzzing process Instrumentation: extraly instrument at the entry of each function and record the number of Instrumentation: extraly instrument at the entry of each function and record the number of function call times in each fuzzing process. function call times in each fuzzing process. Seed Selection: use a global variable to record maximum function call times. If a seed increases Seed Selection: use a global variable to record maximum function call times. If a seed increases the maximum function call times after one fuzz loop, it will be added into the test queue for next the maximum function call times after one fuzz loop, it will be added into the test queue for next mutation. Or it will be selected only if it increases the branch coverage. mutation. Or it will be selected only if it increases the branch coverage.

  20. Experiments

  21. Experiments Experiment Data: Experiment Data: Eight stack overflow related CVEs from RUSTSEC Eight stack overflow related CVEs from RUSTSEC Experiment Machine: Experiment Machine: Dell CPU CPU Dell- -OptiPlex OptiPlex- -7070 with 32GB memory and Intel Core i7 7070 with 32GB memory and Intel Core i7- -9700T 2.00GHz 9700T 2.00GHz

  22. Experiments RQ1: How many dangerous APIs are there in our experiemntal crates? RQ2: Can our approach trigger stack overflow bugs successfully? RQ3: How much does our approach speed up the fuzzing process?

  23. Experiments RQ1: How many dangerous APIs are there in our experiemntal crates?

  24. Experiments RQ1: How many dangerous APIs are there in our experiemntal crates?

  25. Experiments RQ2: Can our approach trigger stack overflow bugs successfully?

  26. Experiments RQ2: Can our approach trigger stack overflow bugs successfully?

  27. Experiments RQ3: How much does our approach speed up the fuzzing process?

  28. Experiments RQ3: How much does our approach speed up the fuzzing process?

  29. Experiments RQ3: How much does our approach speed up the fuzzing process? First Crash: modified 10 minute unmodified 25 minute

  30. Limitations & Future Works Linux default stack size 8MB

  31. Limitations & Future Works Linux default stack size 8MB Experiment on Rust projects

  32. Thanks!

Related


No related presentations.

More Related Content