ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-16 11:58:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Remove AFL_LLVM_WHITELIST_FNMATCH env variable

Browse Source
This commit is contained in:
Sebastian Österlund
2020-05-29 15:47:34 +02:00
parent 84df805ed3
commit 8bb0232ace
3 changed files with 14 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
llvm_mode/README.whitelist.md
View File

@ -75,31 +75,5 @@ required anymore (and might hurt performance and crash detection, so better not
use -g). use -g).
## 4) UNIX-style filename pattern matching ## 4) UNIX-style filename pattern matching
By default you need to add all the files you want to whitelist to the file You can add UNIX-style pattern matching in the whitelist entries. See `man
specified by AFL_LLVM_WHITELIST. By setting the env variable fnmatch` for the syntax. We do not set any of the `fnmatch` flags.
AFL_LLVM_WHITELIST_FNMATCH, afl++ allows use of wildcards and other
matching features available through `fnmatch` (we use `fnmatch` with no flags
set). Note that setting AFL_LLVM_WHITELIST_FNMATCH might
break backwards-compatibility with existing whitelists, since it does not match
on the end of the file entry anymore, but rather matches on the full filename
path.
The behavior should be the same if you prepend `*/` to every line.
For example, the entry:
```
*/a*.cpp
```
Would now match:
```
feature_a/a1.cpp
feature_a/a2.cpp
```
But
```
a*.cpp
```
Would not match any of the files in the previous example.

36
llvm_mode/afl-llvm-common.cc
View File

@ -147,29 +147,19 @@ bool isInWhitelist(llvm::Function *F) {
/* Continue only if we know where we actually are */ /* Continue only if we know where we actually are */
if (!instFilename.str().empty()) { if (!instFilename.str().empty()) {
char *enable_fnmatch = getenv("AFL_LLVM_WHITELIST_FNMATCH");
for (std::list<std::string>::iterator it = myWhitelist.begin(); for (std::list<std::string>::iterator it = myWhitelist.begin();
it != myWhitelist.end(); ++it) { it != myWhitelist.end(); ++it) {
/* We don't check for filename equality here because /* We don't check for filename equality here because
* filenames might actually be full paths. Instead we * filenames might actually be full paths. Instead we
* check that the actual filename ends in the filename * check that the actual filename ends in the filename
* specified in the list. Enable UNIX-style pattern * specified in the list. We also allow UNIX-style pattern
* matching if AFL_LLVM_WHITELIST_FNMATCH is set */ * matching */
if (instFilename.str().length() >= it->length()) { if (instFilename.str().length() >= it->length()) {
if (enable_fnmatch && if (fnmatch(("*" + *it).c_str(), instFilename.str().c_str(), 0) ==
fnmatch((*it).c_str(), instFilename.str().c_str(), 0) == 0) { 0) {
return true;
} else if (!enable_fnmatch &&
instFilename.str().compare(
instFilename.str().length() - it->length(),
it->length(), *it) == 0) {
return true; return true;
@ -195,29 +185,19 @@ bool isInWhitelist(llvm::Function *F) {
/* Continue only if we know where we actually are */ /* Continue only if we know where we actually are */
if (!instFilename.str().empty()) { if (!instFilename.str().empty()) {
char *enable_fnmatch = getenv("AFL_LLVM_WHITELIST_FNMATCH");
for (std::list<std::string>::iterator it = myWhitelist.begin(); for (std::list<std::string>::iterator it = myWhitelist.begin();
it != myWhitelist.end(); ++it) { it != myWhitelist.end(); ++it) {
/* We don't check for filename equality here because /* We don't check for filename equality here because
* filenames might actually be full paths. Instead we * filenames might actually be full paths. Instead we
* check that the actual filename ends in the filename * check that the actual filename ends in the filename
* specified in the list. Enable UNIX-style pattern * specified in the list. We also allow UNIX-style pattern
* matching if AFL_LLVM_WHITELIST_FNMATCH is set */ * matching */
if (instFilename.str().length() >= it->length()) { if (instFilename.str().length() >= it->length()) {
if (enable_fnmatch && if (fnmatch(("*" + *it).c_str(), instFilename.str().c_str(), 0) ==
fnmatch((*it).c_str(), instFilename.str().c_str(), 0) == 0) { 0) {
return true;
} else if (!enable_fnmatch &&
instFilename.str().compare(
instFilename.str().length() - it->length(),
it->length(), *it) == 0) {
return true; return true;

9
src/afl-common.c
View File

@ -69,11 +69,10 @@ char *afl_environment_variables[] = {
"AFL_LLVM_LAF_SPLIT_FLOATS", "AFL_LLVM_LAF_SPLIT_SWITCHES", "AFL_LLVM_LAF_SPLIT_FLOATS", "AFL_LLVM_LAF_SPLIT_SWITCHES",
"AFL_LLVM_LAF_ALL", "AFL_LLVM_LAF_TRANSFORM_COMPARES", "AFL_LLVM_MAP_ADDR", "AFL_LLVM_LAF_ALL", "AFL_LLVM_LAF_TRANSFORM_COMPARES", "AFL_LLVM_MAP_ADDR",
"AFL_LLVM_MAP_DYNAMIC", "AFL_LLVM_NGRAM_SIZE", "AFL_NGRAM_SIZE", "AFL_LLVM_MAP_DYNAMIC", "AFL_LLVM_NGRAM_SIZE", "AFL_NGRAM_SIZE",
"AFL_LLVM_NOT_ZERO", "AFL_LLVM_WHITELIST", "AFL_LLVM_WHITELIST_FNMATCH", "AFL_LLVM_NOT_ZERO", "AFL_LLVM_WHITELIST", "AFL_LLVM_SKIP_NEVERZERO",
"AFL_LLVM_SKIP_NEVERZERO", "AFL_NO_AFFINITY", "AFL_LLVM_LTO_STARTID", "AFL_NO_AFFINITY", "AFL_LLVM_LTO_STARTID", "AFL_LLVM_LTO_DONTWRITEID",
"AFL_LLVM_LTO_DONTWRITEID", "AFL_NO_ARITH", "AFL_NO_BUILTIN", "AFL_NO_ARITH", "AFL_NO_BUILTIN", "AFL_NO_CPU_RED", "AFL_NO_FORKSRV",
"AFL_NO_CPU_RED", "AFL_NO_FORKSRV", "AFL_NO_UI", "AFL_NO_PYTHON", "AFL_NO_UI", "AFL_NO_PYTHON", "AFL_UNTRACER_FILE", "AFL_LLVM_USE_TRACE_PC",
"AFL_UNTRACER_FILE", "AFL_LLVM_USE_TRACE_PC",
"AFL_NO_X86", // not really an env but we dont want to warn on it "AFL_NO_X86", // not really an env but we dont want to warn on it
"AFL_MAP_SIZE", "AFL_MAPSIZE", "AFL_PATH", "AFL_PERFORMANCE_FILE", "AFL_MAP_SIZE", "AFL_MAPSIZE", "AFL_PATH", "AFL_PERFORMANCE_FILE",
//"AFL_PERSISTENT", // not implemented anymore, so warn additionally //"AFL_PERSISTENT", // not implemented anymore, so warn additionally