diff --git a/build.sh b/build.sh index 4e9c4fa..b6a8913 100755 --- a/build.sh +++ b/build.sh @@ -111,7 +111,7 @@ if [[ ! -d "${OE_INSTRUMENTED_BUILD}" ]]; then pushd "${OE_INSTRUMENTED_BUILD}" cmake "${OE_SRC_ROOT}" -GNinja \ -DENABLE_FUZZING=ON \ - -DBUILD_OEGENERATE_TOOL=OFF \ + -DBUILD_OEUTIL_TOOL=OFF \ -DBUILD_TESTS=OFF \ -DCMAKE_C_COMPILER="${CLANG}" \ -DCMAKE_CXX_COMPILER="${CLANG_CPP}" \ diff --git a/src/dynamic/fuzzing/fuzzsupport/enc/enc.c b/src/dynamic/fuzzing/fuzzsupport/enc/enc.c index e3f5826..f087d31 100644 --- a/src/dynamic/fuzzing/fuzzsupport/enc/enc.c +++ b/src/dynamic/fuzzing/fuzzsupport/enc/enc.c @@ -44,7 +44,7 @@ void *__dlsym(void *restrict handle, const char *restrict name, void *restrict s if (result != OE_OK) goto done; - const uint8_t* baseaddr = (const uint8_t*)__oe_get_enclave_base(); + const uint8_t* baseaddr = (const uint8_t*)__oe_get_enclave_base_address(); uint64_t* dest = (uint64_t*)(baseaddr + offset); ret = (void*)dest; diff --git a/src/dynamic/fuzzing/sample/README.md b/src/dynamic/fuzzing/sample/README.md new file mode 100644 index 0000000..bbaf5c4 --- /dev/null +++ b/src/dynamic/fuzzing/sample/README.md @@ -0,0 +1,8 @@ +# Sample enclave fuzzer target + +This is a sample target showing [host](host/host.cpp) and [enclave](enc/enc.cpp) to fuzz ECALL of an enclave. + +1. To implement a enclave target link [fuzzsupport](../fuzzsupport) library in your project which provides functions that are required for enclave libfuzzer. +2. Implement a class which derives from [oe_fuzzer_host](../common/oefuzzer.h) +3. Create and load the enclave in your constructor +4. Override the fuzz fucntion to invoke the target fucntion with approprioate payload data type casting. diff --git a/sut/openenclave b/sut/openenclave index ec7ffed..3aa28c2 160000 --- a/sut/openenclave +++ b/sut/openenclave @@ -1 +1 @@ -Subproject commit ec7ffed167b4c04dd145c12807b4f6184ec0c53c +Subproject commit 3aa28c257500f07d16829694ab4cbc2e2473acbe