From 00e5449ad6f7ed4ffd62f905722af9862c336e30 Mon Sep 17 00:00:00 2001 From: GRAUX Pierre Date: Mon, 9 Jun 2025 16:33:16 +0200 Subject: [PATCH] fix and clean UID/GID modification --- src/afl-forkserver.c | 18 ++++++++++++++++++ src/afl-fuzz-init.c | 2 -- utils/afl_network_proxy/afl-network-server.c | 15 +++++++++++++-- 3 files changed, 31 insertions(+), 4 deletions(-) diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index a8bb8ca9..fb129fa3 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -235,6 +235,24 @@ static void fsrv_exec_child(afl_forkserver_t *fsrv, char **argv) { } + if (fsrv->chown_needed && fsrv->out_file != NULL) { + + if (access(fsrv->out_file, R_OK) == -1) { + + if (errno == EACCES) { + + FATAL( + "Access to the file to fuzz denied. Most likely the requested\n" + " UID and/or GID is denied search permission ('x') for one of " + "the directories\n in the path prefix of \"%s\".", + fsrv->out_file); + + } + + } + + } + execv(fsrv->target_path, argv); WARNF("Execv failed in forkserver: %s.", strerror(errno)); diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index 14f36802..9268984a 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -2273,8 +2273,6 @@ void setup_dirs_fds(afl_state_t *afl) { } - printf("out_dir = %s\n", afl->out_dir); - if (mkdir(afl->out_dir, afl->dir_perm)) { if (errno != EEXIST) { PFATAL("Unable to create '%s'", afl->out_dir); } diff --git a/utils/afl_network_proxy/afl-network-server.c b/utils/afl_network_proxy/afl-network-server.c index 19619b5b..1e692a81 100644 --- a/utils/afl_network_proxy/afl-network-server.c +++ b/utils/afl_network_proxy/afl-network-server.c @@ -179,7 +179,17 @@ static void set_up_environment(afl_forkserver_t *fsrv) { unlink(out_file); - fsrv->out_fd = open(out_file, O_RDWR | O_CREAT | O_EXCL, 0600); + fsrv->out_fd = open(out_file, O_RDWR | O_CREAT | O_EXCL, fsrv->perm); + + if (fsrv->chown_needed) { + + if (fchown(fsrv->out_fd, -1, fsrv->gid) == -1) { + + PFATAL("fchown() failed"); + + } + + } if (fsrv->out_fd < 0) { PFATAL("Unable to create '%s'", out_file); } @@ -526,7 +536,8 @@ int main(int argc, char **argv_orig, char **envp) { check_environment_vars(envp); sharedmem_t shm = {0}; - fsrv->trace_bits = afl_shm_init(&shm, map_size, 0); + fsrv->trace_bits = afl_shm_init(&shm, map_size, 0, fsrv->perm, + fsrv->chown_needed ? fsrv->gid : -1); in_data = afl_realloc((void **)&in_data, 65536); if (unlikely(!in_data)) { PFATAL("Alloc"); }