lucetc: add command line option to disable wat translation

pchickey · pchickey · commit 1119211ea151 · 2020-07-29T15:42:06.000-07:00
wat translation is a potential attack vector, since it happens in the
C++ `wabt` library, so we want a way to turn it off if required.
diff --git a/lucetc/lucetc/main.rs b/lucetc/lucetc/main.rs
@@ -143,6 +143,8 @@ pub fn run(opts: &Options) -> Result<(), Error> {
         c.count_instructions(true);
     }
 
+    c.translate_wat(opts.translate_wat);
+
     match opts.codegen {
         CodegenOutput::Obj => c.object_file(&opts.output)?,
         CodegenOutput::SharedObj => c.shared_object_file(&opts.output)?,
diff --git a/lucetc/lucetc/options.rs b/lucetc/lucetc/options.rs
@@ -122,6 +122,7 @@ pub struct Options {
     pub count_instructions: bool,
     pub error_style: ErrorStyle,
     pub target: Triple,
+    pub translate_wat: bool,
 }
 
 impl Options {
@@ -211,6 +212,7 @@ impl Options {
         let sk_path = m.value_of("sk_path").map(PathBuf::from);
         let pk_path = m.value_of("pk_path").map(PathBuf::from);
         let count_instructions = m.is_present("count_instructions");
+        let translate_wat = !m.is_present("no_translate_wat");
 
         let error_style = match m.value_of("error_style") {
             None => ErrorStyle::default(),
@@ -241,6 +243,7 @@ impl Options {
             count_instructions,
             error_style,
             target,
+            translate_wat,
         })
     }
     pub fn get() -> Result<Self, Error> {
@@ -459,6 +462,12 @@ SSE3 but not AVX:
                     .possible_values(&["human", "json"])
                     .help("Style of error reporting (default: human)"),
             )
+            .arg(
+                Arg::with_name("no_translate_wat")
+                    .long("--no-translate-wat")
+                    .takes_value(false)
+                    .help("Disable translating wat input files to wasm")
+            )
             .get_matches();
 
         Self::from_args(&m)
diff --git a/lucetc/src/error.rs b/lucetc/src/error.rs
@@ -20,6 +20,8 @@ pub enum Error {
     IOError(#[from] std::io::Error),
     #[error("Converting to Wasm signature: {0}")]
     SignatureConversion(#[from] SignatureError),
+    #[error("Input does not have Wasm preamble")]
+    MissingWasmPreamble,
     #[error("Wasm validation: {0}")]
     WasmValidation(#[from] wasmparser::BinaryReaderError),
     #[error("Wat input: {0}")]
diff --git a/lucetc/src/lib.rs b/lucetc/src/lib.rs
@@ -46,6 +46,7 @@ pub struct Lucetc {
     pk: Option<PublicKey>,
     sign: bool,
     verify: bool,
+    translate_wat: bool,
 }
 
 pub trait AsLucetc {
@@ -104,6 +105,8 @@ pub trait LucetcOpts {
     fn with_count_instructions(self, enable_count: bool) -> Self;
     fn canonicalize_nans(&mut self, enable_canonicalize_nans: bool);
     fn with_canonicalize_nans(self, enable_canonicalize_nans: bool) -> Self;
+    fn translate_wat(&mut self, enable_translate_wat: bool);
+    fn with_translate_wat(self, enable_translate_wat: bool) -> Self;
 }
 
 impl<T: AsLucetc> LucetcOpts for T {
@@ -258,6 +261,14 @@ impl<T: AsLucetc> LucetcOpts for T {
         self.canonicalize_nans(enable_nans_canonicalization);
         self
     }
+    fn translate_wat(&mut self, enable_translate_wat: bool) {
+        self.as_lucetc().translate_wat = enable_translate_wat;
+    }
+
+    fn with_translate_wat(mut self, enable_translate_wat: bool) -> Self {
+        self.translate_wat(enable_translate_wat);
+        self
+    }
 }
 
 impl Lucetc {
@@ -271,6 +282,7 @@ impl Lucetc {
             sk: None,
             sign: false,
             verify: false,
+            translate_wat: true,
         }
     }
 
@@ -284,13 +296,16 @@ impl Lucetc {
             sk: None,
             sign: false,
             verify: false,
+            translate_wat: false,
         })
     }
 
     fn build(&self) -> Result<(Vec<u8>, Bindings), Error> {
         let module_binary = match &self.input {
             LucetcInput::Bytes(bytes) => bytes.clone(),
-            LucetcInput::Path(path) => read_module(&path, &self.pk, self.verify)?,
+            LucetcInput::Path(path) => {
+                read_module(&path, &self.pk, self.verify, self.translate_wat)?
+            }
         };
 
         // Collect set of Bindings into a single Bindings:
diff --git a/lucetc/src/load.rs b/lucetc/src/load.rs
@@ -7,6 +7,7 @@ pub fn read_module(
     path: impl AsRef<Path>,
     pk: &Option<PublicKey>,
     verify: bool,
+    translate_wat: bool,
 ) -> Result<Vec<u8>, Error> {
     let contents = std::fs::read(&path)?;
     if verify {
@@ -18,7 +19,15 @@ pub fn read_module(
                 .ok_or(Error::Signature("public key is missing".to_string()))?,
         )?;
     }
-    read_bytes(contents)
+    if translate_wat {
+        read_bytes(contents)
+    } else {
+        if wasm_preamble(&contents) {
+            Ok(contents)
+        } else {
+            Err(Error::MissingWasmPreamble)
+        }
+    }
 }
 
 pub fn read_bytes(bytes: Vec<u8>) -> Result<Vec<u8>, Error> {
@@ -39,7 +48,7 @@ pub fn read_bytes(bytes: Vec<u8>) -> Result<Vec<u8>, Error> {
                 },
                 _ => { }
             };
-            crate::error::Error::Input(result)
+            Error::Input(result)
         })
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -143,6 +143,8 @@ pub fn run(opts: &Options) -> Result<(), Error> {`
`143`	`143`	`c.count_instructions(true);`
`144`	`144`	`}`
`145`	`145`
	`146`	`+ c.translate_wat(opts.translate_wat);`
	`147`	`+`
`146`	`148`	`match opts.codegen {`
`147`	`149`	`CodegenOutput::Obj => c.object_file(&opts.output)?,`
`148`	`150`	`CodegenOutput::SharedObj => c.shared_object_file(&opts.output)?,`