rustsoda
A tool to detect stackoverflow vulnerability in Rust crates
Science Score: 44.0%
This score indicates how likely this project is to be science-related based on various indicators:
-
✓CITATION.cff file
Found CITATION.cff file -
✓codemeta.json file
Found codemeta.json file -
✓.zenodo.json file
Found .zenodo.json file -
○DOI references
-
○Academic publication links
-
○Academic email domains
-
○Institutional organization owner
-
○JOSS paper metadata
-
○Scientific vocabulary similarity
Low similarity (9.0%) to scientific vocabulary
Repository
A tool to detect stackoverflow vulnerability in Rust crates
Basic Info
- Host: GitHub
- Owner: Ren-ZY
- License: apache-2.0
- Language: Rust
- Default Branch: main
- Size: 10.6 MB
Statistics
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
- Releases: 0
Metadata Files
README.md
RustSoda -- Rust Stack Overflow Detector
Thank you for noticing our tool!
This tool is designed to find the stackoverflow vulnerabilty in Rust crates. It can find all recursive functions in one crate, including those complicate cross-function recursive calls. e.g.
1. b()->c()->b()
2. a()->b()->c()->d()->a()
These two recursive functions share two same functions: b(), c()
Our tool can detect these two recursive functions, including the call chain and location.
All the recursions appear in the strongly connected components (SCCs),this tool can locate the entry APIs which lead to the SCCs. Each SCC has stack overflow risks and needs to verify.
Now we have used this tool to find all the problematic recursive functions in those stack overflow CVEs, including:
- CVE-2018-20993: Uncontrolled recursion leads to abort in deserialization.
- CVE-2018-20994: Stackoveflow when parsing malicious DNS packet.
- CVE-2019-15542: Uncontrolled recursion leads to abort in HTML serialization.
- CVE-2019-25001: Flaw in CBOR deserializer allows stackoveflow.
- CVE-2020-35857: Stackoverflow when resolving additional records from MX or SRV null targets.
- CVE-2020-35857: Stac koverflow when resolving additional records from MX or SRV null targets.
- CVE-2020-35858: Parsing a specially crafted message can result in a stackoverflow.
Install
1. New a file named [rust-toolchain.toml] in the rusd root directory, then write the following lines into your [rust-toolchain.toml].
[toolchain]
channel = "nightly-2020-08-24"
components = ["rustc-dev", "llvm-tools-preview", "rust-src"]
This file will automatically downlod the toolcahin and components to build RustSoda tool.
2. Run "install_rustsoda.sh" in your rusd root directory.
The RustSoda tool uses a shell script called install_rustsoda.sh to build and install.
You have to switch into the rusd root directory and run it in your bash(Linux)/zsh(MacOS).
Using RustSoda
You can use this tool to detect stackoverflow vulnerability in rust crates after the installation is done.
- Switch into your crate directory.
- copy the
rust-toolchain.tomlfile into your crate directory. - run
cargo rustsodato find all the dangerous APIs in your Rust crates which may cause stackoverflow bugs. - construct the
fuzz targetmanually using the APIs found by our tool. - run
cargo afl fuzzto detect the stack overflow bugs in your Rust crates.
Owner
- Name: RenZY
- Login: Ren-ZY
- Kind: user
- Location: Shanghai
- Company: Fudan University
- Website: https://github.com/Ren-ZY
- Repositories: 1
- Profile: https://github.com/Ren-ZY
Interested in Rust and Machine Learning
Citation (CITATION.cff)
cff-version: 1.2.0
message: "If you use this software, please cite it as below."
authors:
- given-names: Marc
family-names: Heuse
email: mh@mh-sec.de
- given-names: Heiko
family-names: Eißfeldt
email: heiko.eissfeldt@hexco.de
- given-names: Andrea
family-names: Fioraldi
email: andreafioraldi@gmail.com
- given-names: Dominik
family-names: Maier
email: mail@dmnk.co
title: "AFL++"
version: 4.00c
type: software
date-released: 2022-01-26
url: "https://github.com/AFLplusplus/AFLplusplus"
keywords:
- fuzzing
- fuzzer
- fuzz-testing
- instrumentation
- afl-fuzz
- qemu
- llvm
- unicorn-emulator
- securiy
license: AGPL-3.0-or-later