Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Detect LD_PRELOAD failures in fuzz tests #4947

Open
jouho opened this issue Dec 4, 2024 · 0 comments
Open

Detect LD_PRELOAD failures in fuzz tests #4947

jouho opened this issue Dec 4, 2024 · 0 comments
Labels
priority/low Rank 4 size/small

Comments

@jouho
Copy link
Contributor

jouho commented Dec 4, 2024

Security issue notifications

If you discover a potential security issue in s2n we ask that you notify
AWS Security via our vulnerability reporting page. Please do not create a public github issue.

Problem:

Currently, it is very difficult to tell what the root cause is when fuzz tests fail due to incorrect LD_PRELOAD setup. For example, s2n_memory_leak_negative_test fails with the following message when overriding functions are not correctly linked to libs2n:

...
INFO: Running with entropic power schedule (0xFF, 100).
INFO: Seed: 1058415475
INFO: Loaded 3 modules   (163253 inline 8-bit counters): 155976 [0x7822ed06e9c0, 0x7822ed094b08), 6940 [0x7822ed789680, 0x7822ed78b19c), 337 [0x6045bd149d38, 0x6045bd149e89), 
INFO: Loaded 3 PC tables (163253 PCs): 155976 [0x7822ed094b08,0x7822ed2f5f88), 6940 [0x7822ed78b1a0,0x7822ed7a6360), 337 [0x6045bd149e90,0x6045bd14b3a0), 
INFO:        2 files found in /tmp/tmp.GuqZgmcnTn
INFO: seed corpus: files: 2 min: 4096b max: 4096b total: 8192b rss: 67Mb
#4      pulse  cov: 3155 ft: 3290 corp: 1/4096b exec/s: 2 rss: 141Mb
#4      INITED cov: 3180 ft: 3290 corp: 2/8192b exec/s: 2 rss: 141Mb
#5      NEW    cov: 3180 ft: 3348 corp: 3/12288b lim: 4096 exec/s: 2 rss: 164Mb L: 4096/4096 MS: 1 ChangeBit-
#6      NEW    cov: 3180 ft: 3371 corp: 4/16Kb lim: 4096 exec/s: 2 rss: 186Mb L: 4096/4096 MS: 1 ChangeASCIIInt-
#8      pulse  cov: 3180 ft: 3397 corp: 5/20Kb lim: 4096 exec/s: 2 rss: 231Mb
#16     pulse  cov: 3180 ft: 3500 corp: 10/38Kb lim: 4096 exec/s: 1 rss: 407Mb
#32     pulse  cov: 3180 ft: 3568 corp: 19/73Kb lim: 4096 exec/s: 1 rss: 561Mb
#34     RELOAD cov: 3180 ft: 3633 corp: 21/81Kb lim: 4096 exec/s: 1 rss: 562Mb
#34     DONE   cov: 3180 ft: 3633 corp: 21/81Kb lim: 4096 exec/s: 1 rss: 562Mb
Done 34 runs in 19 second(s)
stat::number_of_executed_units: 34
stat::average_exec_per_sec:     1
stat::new_units_added:          2
stat::slowest_unit_time_sec:    0
stat::peak_rss_mb:              562
FAILED 440 tests, 44 test/sec,   3696 features covered


0% tests passed, 1 tests failed out of 1

Label Time Summary:
fuzz    =  21.97 sec*proc (1 test)

Total Test time (real) =  21.98 sec

The following tests FAILED:
        292 - s2n_memory_leak_negative_test (Failed)
Errors while running CTest
gmake: *** [Makefile:71: test] Error 8

This makes debugging much harder. There should be an obvious indication when function overrides are not linked properly.

Solution:

Write a new fuzz test whose only role is to check function overrides are linked properly. This test should pass if functions are overridden correctly, and fail with a clear message to indicate something is wrong with function overrides, if not overridden correctly.

Requirements / Acceptance Criteria:

Test duration should be minimal to avoid increasing too much overhead for fuzz tests
@lrstewart lrstewart changed the title add a new fuzz test to check for correct function overrides Detect LD_PRELOAD failures in fuzz tests Dec 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
priority/low Rank 4 size/small
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lrstewart @jouho