diff --git a/casr/src/bin/casr-san.rs b/casr/src/bin/casr-san.rs index 29be269e..d3393f15 100644 --- a/casr/src/bin/casr-san.rs +++ b/casr/src/bin/casr-san.rs @@ -220,7 +220,12 @@ fn main() -> Result<()> { let report_end = san_stderr_list.iter().rposition(|s| !s.is_empty()).unwrap() + 1; report.asan_report = Vec::from(&san_stderr_list[report_start..report_end]); let context = AsanContext(report.asan_report.clone()); - report.execution_class = context.severity()?; + let severity = context.severity(); + if let Ok(severity) = severity { + report.execution_class = severity; + } else { + eprintln!("Couldn't estimate severity. {}", severity.err().unwrap()); + } report.stacktrace = AsanStacktrace::extract_stacktrace(&report.asan_report.join("\n"))?; } else { // Get termination signal. diff --git a/libcasr/src/cluster.rs b/libcasr/src/cluster.rs index d0e45663..9f65d983 100644 --- a/libcasr/src/cluster.rs +++ b/libcasr/src/cluster.rs @@ -2,7 +2,6 @@ use crate::error::*; use crate::stacktrace::*; -use core::f64::MAX; use std::collections::HashMap; use std::path::PathBuf; @@ -272,7 +271,7 @@ fn sil_subcoef_a(num: usize, stacktraces: &[Stacktrace]) -> f64 { /// /// "b" subcoefficient silhouette coefficient fn sil_subcoef_b(num: usize, i: usize, clusters: &[Vec]) -> f64 { - let mut min = MAX; + let mut min = f64::MAX; for (j, cluster) in clusters.iter().enumerate() { if j == i { continue; diff --git a/libcasr/src/execution_class.rs b/libcasr/src/execution_class.rs index 91f6e76a..b1dcee25 100644 --- a/libcasr/src/execution_class.rs +++ b/libcasr/src/execution_class.rs @@ -40,7 +40,7 @@ pub struct ExecutionClass { /// Instances of `ExecutionClass` structure. /// Add new classes to the end of array. /// TODO: Think about adding some ID for array element. -pub const CLASSES: &[(&str, &str, &str, &str); 71] = &[ +pub const CLASSES: &[(&str, &str, &str, &str); 74] = &[ ("EXPLOITABLE", "SegFaultOnPc", "Segmentation fault on program counter", "The target tried to access data at an address that matches the program counter. This likely indicates that the program counter contents are tainted and can be controlled by an attacker."), ("EXPLOITABLE", "ReturnAv", "Access violation during return instruction", "The target crashed on a return instruction, which likely indicates stack corruption."), ("EXPLOITABLE", "BranchAv", "Access violation during branch instruction", "The target crashed on a branch instruction, which may indicate that the control flow is tainted."), @@ -72,6 +72,9 @@ pub const CLASSES: &[(&str, &str, &str, &str); 71] = &[ ("NOT_EXPLOITABLE", "heap-buffer-overflow(read)", "Heap buffer overflow", "The target reads data past the end, or before the beginning, of the intended heap buffer."), ("PROBABLY_EXPLOITABLE", "heap-buffer-overflow", "Heap buffer overflow", "The target attempts to read or write data past the end, or before the beginning, of the intended heap buffer."), ("EXPLOITABLE", "heap-buffer-overflow(write)", "Heap buffer overflow", "The target writes data past the end, or before the beginning, of the intended heap buffer."), + ("NOT_EXPLOITABLE", "dynamic-stack-buffer-overflow(read)", "Dynamic stack buffer overflow", "The target reads data past the end, or before the beginning, of the variable-length array (VLA)."), + ("PROBABLY_EXPLOITABLE", "dynamic-stack-buffer-overflow", "Dynamic stack buffer overflow", "The target attempts to read or write data past the end, or before the beginning, of the variable-length array (VLA)."), + ("EXPLOITABLE", "dynamic-stack-buffer-overflow(write)", "Dynamic stack buffer overflow", "The target writes data past the end, or before the beginning, of the variable-length array (VLA)."), ("NOT_EXPLOITABLE", "global-buffer-overflow(read)", "Global buffer overflow", "The target reads data past the end, or before the beginning, of the intended global buffer."), ("PROBABLY_EXPLOITABLE", "global-buffer-overflow", "Global buffer overflow", "The target attempts to read or write data past the end, or before the beginning, of the intended global buffer."), ("EXPLOITABLE", "global-buffer-overflow(write)", "Global buffer overflow", "The target writes data past the end, or before the beginning, of the intended global buffer."),