check for mistyped env vars

2025-06-14 02:58:08 +00:00 · 2020-02-16 18:16:10 +01:00
parent 4cccdb89c0
commit 204059c61a
11 changed files with 75 additions and 16 deletions
--- a/docs/Changelog.md
+++ b/docs/Changelog.md
@ -12,6 +12,7 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
 ### Version ++2.60d (develop):
  - use -march=native if available
  - most tools now check for mistyped environment variables
  - afl-fuzz:
     - now prints the real python version support compiled in
     - set stronger performance compile options and little tweaks
--- a/gcc_plugin/Makefile
+++ b/gcc_plugin/Makefile
@ -25,7 +25,7 @@ HELPER_PATH  = $(PREFIX)/lib/afl
 BIN_PATH     = $(PREFIX)/bin
 CFLAGS      ?= -O3 -g -funroll-loops
-CFLAGS      += -Wall -D_FORTIFY_SOURCE=2 -Wno-pointer-sign \
+CFLAGS      += -Wall -I../include -D_FORTIFY_SOURCE=2 -Wno-pointer-sign \
               -DAFL_PATH=\"$(HELPER_PATH)\" -DBIN_PATH=\"$(BIN_PATH)\" \
 CXXFLAGS    ?= -O3 -g -funroll-loops
@ -81,8 +81,11 @@ test_deps:
 	@test -f ../afl-showmap || ( echo "[-] Oops, can't find '../afl-showmap'. Be sure to compile AFL first."; exit 1 )
 	@echo "[+] All set and ready to build."
-../afl-gcc-fast: afl-gcc-fast.c | test_deps
+afl-common.o: ../src/afl-common.c
-	$(CC) -DAFL_GCC_CC=\"$(CC)\" -DAFL_GCC_CXX=\"$(CXX)\" $(CFLAGS) $< -o $@ $(LDFLAGS)
+	$(CC) $(CFLAGS) -c $< -o $@ $(LDFLAGS)
 ../afl-gcc-fast: afl-gcc-fast.c afl-common.o | test_deps
 	$(CC) -DAFL_GCC_CC=\"$(CC)\" -DAFL_GCC_CXX=\"$(CXX)\" $(CFLAGS) $< afl-common.o -o $@ $(LDFLAGS)
 	ln -sf afl-gcc-fast ../afl-g++-fast
 ../afl-gcc-pass.so: afl-gcc-pass.so.cc | test_deps
--- a/gcc_plugin/afl-gcc-fast.c
+++ b/gcc_plugin/afl-gcc-fast.c
@ -26,10 +26,11 @@
 #define AFL_MAIN
-#include "../config.h"
+#include "config.h"
-#include "../types.h"
+#include "types.h"
-#include "../include/debug.h"
+#include "debug.h"
-#include "../include/alloc-inl.h"
+#include "common.h"
 #include "alloc-inl.h"
 #include <stdio.h>
 #include <unistd.h>
@ -39,6 +40,7 @@
 static u8*  obj_path;                  /* Path to runtime libraries         */
 static u8** cc_params;                 /* Parameters passed to the real CC  */
 static u32  cc_par_cnt = 1;            /* Param count, including argv0      */
 u8          use_stdin = 0;                                         /* dummy */
 /* Try to find the runtime libraries. If that fails, abort. */
@ -294,7 +296,7 @@ static void edit_params(u32 argc, char** argv) {
 /* Main entry point */
-int main(int argc, char** argv) {
+int main(int argc, char** argv, char** envp) {
  if (argc < 2 || strcmp(argv[1], "-h") == 0) {
@ -344,6 +346,8 @@ int main(int argc, char** argv) {
  }
  check_environment_vars(envp);
  find_obj(argv[0]);
  edit_params(argc, argv);
--- a/include/common.h
+++ b/include/common.h
@ -30,6 +30,7 @@
 extern u8* target_path;                 /* Path to target binary            */
 void detect_file_args(char** argv, u8* prog_in);
 void check_environment_vars(char** env);
 char** get_qemu_argv(u8* own_loc, char** argv, int argc);
 char** get_wine_argv(u8* own_loc, char** argv, int argc);
--- a/llvm_mode/Makefile
+++ b/llvm_mode/Makefile
@ -197,8 +197,11 @@ endif
 	@test -f ../afl-showmap || ( echo "[-] Oops, can't find '../afl-showmap'. Be sure to compile AFL first."; exit 1 )
 	@echo "[+] All set and ready to build."
-../afl-clang-fast: afl-clang-fast.c | test_deps
+afl-common.o: ../src/afl-common.c
-	$(CC) $(CFLAGS) $< -o $@ $(LDFLAGS)
+	$(CC) $(CFLAGS) -c $< -o $@ $(LDFLAGS)
 ../afl-clang-fast: afl-clang-fast.c afl-common.o | test_deps
 	$(CC) $(CFLAGS) $< afl-common.o -o $@ $(LDFLAGS)
 	ln -sf afl-clang-fast ../afl-clang-fast++
 ../libLLVMInsTrim.so: LLVMInsTrim.so.cc MarkNodes.cc | test_deps
@ -275,4 +278,4 @@ vpath  % ..
 clean:
 	rm -f *.o *.so *~ a.out core core.[1-9][0-9]* .test2 test-instr .test-instr0 .test-instr1 afl-llvm-pass.dwo
-	rm -f $(PROGS) ../afl-clang-fast++ ../afl-clang-fast*.8
+	rm -f $(PROGS) afl-common.o ../afl-clang-fast++ ../afl-clang-fast*.8
--- a/llvm_mode/afl-clang-fast.c
+++ b/llvm_mode/afl-clang-fast.c
@ -24,6 +24,7 @@
 #define AFL_MAIN
 #include "common.h"
 #include "config.h"
 #include "types.h"
 #include "debug.h"
@ -41,6 +42,7 @@ static u8** cc_params;                 /* Parameters passed to the real CC  */
 static u32  cc_par_cnt = 1;            /* Param count, including argv0      */
 static u8   llvm_fullpath[PATH_MAX];
 static u8   cmplog_mode;
 u8          use_stdin = 0;                                         /* dummy */
 /* Try to find the runtime libraries. If that fails, abort. */
@ -454,7 +456,7 @@ static void edit_params(u32 argc, char** argv) {
 /* Main entry point */
-int main(int argc, char** argv) {
+int main(int argc, char** argv, char** envp) {
  if (argc < 2 || strcmp(argv[1], "-h") == 0) {
@ -509,6 +511,8 @@ int main(int argc, char** argv) {
  }
  check_environment_vars(envp);
  cmplog_mode = getenv("AFL_CMPLOG") || getenv("AFL_LLVM_CMPLOG");
  if (cmplog_mode) printf("CmpLog mode by <andreafioraldi@gmail.com>\n");
--- a/src/afl-analyze.c
+++ b/src/afl-analyze.c
@ -863,7 +863,7 @@ static void find_binary(u8* fname) {
 /* Main entry point */
-int main(int argc, char** argv) {
+int main(int argc, char** argv, char** envp) {
  s32    opt;
  u8     mem_limit_given = 0, timeout_given = 0, unicorn_mode = 0, use_wine = 0;
@ -985,6 +985,7 @@ int main(int argc, char** argv) {
  use_hex_offsets = !!getenv("AFL_ANALYZE_HEX");
  check_environment_vars(envp);
  setup_shm(0);
  atexit(at_exit_handler);
  setup_signal_handlers();
--- a/src/afl-common.c
+++ b/src/afl-common.c
@ -29,6 +29,7 @@
 #include "debug.h"
 #include "alloc-inl.h"
 #include "envs.h"
 /* Detect @@ in args. */
 #ifndef __glibc__
@ -276,3 +277,39 @@ char** get_wine_argv(u8* own_loc, char** argv, int argc) {
 }
 void check_environment_vars(char** envp) {
  int   index = 0, found = 0;
  char* env;
  while ((env = envp[index++]) != NULL) {
    if (strncmp(env, "ALF_", 4) == 0) {
      WARNF("Potentially mistyped AFL environment variable: %s", env);
      found++;
    } else if (strncmp(env, "AFL_", 4) == 0) {
      int i = 0, match = 0;
      while (match == 0 && afl_environment_variables[i] != NULL)
        if (strncmp(env, afl_environment_variables[i],
                    strlen(afl_environment_variables[i])) == 0 &&
            env[strlen(afl_environment_variables[i])] == '=')
          match = 1;
        else
          i++;
      if (match == 0) {
        WARNF("Mistyped AFL environment variable: %s", env);
        found++;
      }
    }
  }
  if (found) sleep(2);
 }
--- a/src/afl-fuzz.c
+++ b/src/afl-fuzz.c
@ -172,7 +172,7 @@ static int stricmp(char const* a, char const* b) {
 /* Main entry point */
-int main(int argc, char** argv) {
+int main(int argc, char** argv, char** envp) {
  s32    opt;
  u64    prev_queued = 0;
@ -609,6 +609,8 @@ int main(int argc, char** argv) {
  OKF("afl-tmin fork server patch from github.com/nccgroup/TriforceAFL");
  OKF("MOpt Mutator from github.com/puppet-meteor/MOpt-AFL");
  check_environment_vars(envp);
  if (fixed_seed) OKF("Running with fixed seed: %u", (u32)init_seed);
  srandom((u32)init_seed);
--- a/src/afl-showmap.c
+++ b/src/afl-showmap.c
@ -712,7 +712,7 @@ static void find_binary(u8* fname) {
 /* Main entry point */
-int main(int argc, char** argv) {
+int main(int argc, char** argv, char** envp) {
  s32    opt, i;
  u8     mem_limit_given = 0, timeout_given = 0, unicorn_mode = 0, use_wine = 0;
@ -882,6 +882,8 @@ int main(int argc, char** argv) {
  if (optind == argc || !out_file) usage(argv[0]);
  check_environment_vars(envp);
  setup_shm(0);
  setup_signal_handlers();
--- a/src/afl-tmin.c
+++ b/src/afl-tmin.c
@ -1056,7 +1056,7 @@ static void read_bitmap(u8* fname) {
 /* Main entry point */
-int main(int argc, char** argv) {
+int main(int argc, char** argv, char** envp) {
  s32    opt;
  u8     mem_limit_given = 0, timeout_given = 0, unicorn_mode = 0, use_wine = 0;
@ -1208,6 +1208,7 @@ int main(int argc, char** argv) {
  if (optind == argc || !in_file || !output_file) usage(argv[0]);
  check_environment_vars(envp);
  setup_shm(0);
  atexit(at_exit_handler);
  setup_signal_handlers();