[cryptofuzz] Use Golang development version (#10480)

Switch Go from the one that the OSS-Fuzz image supplies via `install_go.sh` to the latest development version cloned from Git. The OSS-Fuzz Go is an older version which still has [CVE-2023-24532](golang/go#58647) which keeps getting found by the fuzzer. Additionaly by using the latest upstream version, bugs in Go will be detected quickly after being introduced. Additionally this PR fixes the 32 bit build. The 32 bit build is currently not enabled on OSS-Fuzz because it leads to OOM bugs, but I still like to build it myself for local testing. --------- Co-authored-by: Oliver Chang <[email protected]>
google · Jun 8, 2023 · 11a6ac2 · 11a6ac2
1 parent 0d99caf
commit 11a6ac2
Show file tree

Hide file tree

Showing 2 changed files with 61 additions and 28 deletions.
diff --git a/projects/cryptofuzz/Dockerfile b/projects/cryptofuzz/Dockerfile
@@ -16,13 +16,12 @@
 
 FROM gcr.io/oss-fuzz-base/base-builder-rust
 
-ENV GOPATH /root/go
-ENV PATH $PATH:/root/.go/bin:$GOPATH/bin
-RUN install_go.sh
-
 RUN apt-get update && \
     apt-get install -y software-properties-common wget make autoconf automake libtool build-essential cmake mercurial gyp ninja-build zlib1g-dev libsqlite3-dev bison flex texinfo lzip bsdmainutils
 
+RUN wget https://go.dev/dl/go1.20.4.linux-amd64.tar.gz
+RUN wget https://go.dev/dl/go1.20.4.linux-386.tar.gz
+RUN git clone --depth 1 https://github.com/golang/go
 RUN git clone --depth 1 https://github.com/guidovranken/cryptofuzz
 RUN git clone --depth 1 https://github.com/guidovranken/cryptofuzz-corpora
 RUN git clone --depth 1 https://github.com/openssl/openssl

diff --git a/projects/cryptofuzz/build.sh b/projects/cryptofuzz/build.sh
@@ -20,6 +20,33 @@
 
 export GO111MODULE=off
 
+# Install Go stable binaries
+mkdir $SRC/go-bootstrap
+cd $SRC/go-bootstrap
+if [[ $CFLAGS = *-m32* ]]
+then
+    tar zxf $SRC/go1.20.4.linux-386.tar.gz
+else
+    tar zxf $SRC/go1.20.4.linux-amd64.tar.gz
+fi
+mkdir $SRC/go-bootstrap/go/packages/
+
+# Compile and install Go development version
+cd $SRC/go/src/
+export GOROOT=$SRC/go-bootstrap/go/
+export GOPATH=$GOROOT/packages
+export OLD_PATH=$PATH
+export PATH=$GOROOT/bin:$PATH
+export PATH=$GOROOT/packages/bin:$PATH
+./make.bash
+export PATH=$OLD_PATH
+unset OLD_PATH
+export GOROOT=$(realpath ../)
+export GOPATH=$GOROOT/packages
+export PATH=$GOROOT/bin:$PATH
+export PATH=$GOROOT/packages/bin:$PATH
+rm -rf $SRC/go-bootstrap/
+
 if [[ $CFLAGS != *sanitize=memory* && $CFLAGS != *-m32* ]]
 then
     # Install nodejs/npm
@@ -45,6 +72,10 @@ CFLAGS="" CXXFLAGS="" ./b2 headers
 cp -R boost/ /usr/include/
 
 export LINK_FLAGS=""
+if [[ $CFLAGS = *-m32* ]]
+then
+    export LINK_FLAGS="$LINK_FLAGS -latomic"
+fi
 export INCLUDE_PATH_FLAGS=""
 
 # Generate lookup tables. This only needs to be done once.
@@ -222,36 +253,39 @@ make -B -j$(nproc)
 #fi
 
 ## Compile SymCrypt
-cd $SRC/SymCrypt/
+if [[ $CFLAGS != *-m32* ]]
+then
+    cd $SRC/SymCrypt/
 
-# Disable speculative load hardening because
-# this results in MSAN false positives
-sed -i '/.*x86-speculative-load-hardening.*/d' lib/CMakeLists.txt
-sed -i '/.*x86-speculative-load-hardening.*/d' modules_linux/common/ModuleCommon.cmake
+    # Disable speculative load hardening because
+    # this results in MSAN false positives
+    sed -i '/.*x86-speculative-load-hardening.*/d' lib/CMakeLists.txt
+    sed -i '/.*x86-speculative-load-hardening.*/d' modules_linux/common/ModuleCommon.cmake
 
 
-# Unittests don't build with clang and are not needed anyway
-sed -i "s/^add_subdirectory(unittest)$//g" CMakeLists.txt
+    # Unittests don't build with clang and are not needed anyway
+    sed -i "s/^add_subdirectory(unittest)$//g" CMakeLists.txt
 
-mkdir b/
-cd b/
-if [[ $CFLAGS = *sanitize=memory* ]]
-then
-    cmake -DSYMCRYPT_USE_ASM=off ../
-else
-    cmake ../
-fi
+    mkdir b/
+    cd b/
+    if [[ $CFLAGS = *sanitize=memory* ]]
+    then
+        cmake -DSYMCRYPT_USE_ASM=off ../
+    else
+        cmake ../
+    fi
 
-make symcrypt_common symcrypt_generic -j$(nproc)
+    make symcrypt_common symcrypt_generic -j$(nproc)
 
-export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_SYMCRYPT"
-export SYMCRYPT_INCLUDE_PATH=$(realpath ../inc/)
-export LIBSYMCRYPT_COMMON_A_PATH=$(realpath lib/libsymcrypt_common.a)
-export SYMCRYPT_GENERIC_A_PATH=$(realpath lib/symcrypt_generic.a)
+    export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_SYMCRYPT"
+    export SYMCRYPT_INCLUDE_PATH=$(realpath ../inc/)
+    export LIBSYMCRYPT_COMMON_A_PATH=$(realpath lib/libsymcrypt_common.a)
+    export SYMCRYPT_GENERIC_A_PATH=$(realpath lib/symcrypt_generic.a)
 
-# Compile Cryptofuzz SymCrypt module
-cd $SRC/cryptofuzz/modules/symcrypt
-make -B
+    # Compile Cryptofuzz SymCrypt module
+    cd $SRC/cryptofuzz/modules/symcrypt
+    make -B
+fi
 
 # Compile libgmp
 cd $SRC/libgmp/
@@ -460,7 +494,7 @@ make -B
 
 ##############################################################################
 # Compile Cryptofuzz Golang module
-if [[ $CFLAGS != *sanitize=memory* ]]
+if [[ $CFLAGS != *sanitize=memory* && $CFLAGS != *-m32* ]]
 then
     export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_GOLANG"
     cd $SRC/cryptofuzz/modules/golang