ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-12 01:58:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

allow /tmp

Browse Source
This commit is contained in:
van Hauser
2020-06-22 07:16:24 +02:00
parent 5cad92e57e
commit a49b5ef072
5 changed files with 50 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
afl-cmin.bash
View File

@ -134,7 +134,6 @@ Environment variables used:
AFL_KEEP_TRACES: leave the temporary <out_dir>\.traces directory AFL_KEEP_TRACES: leave the temporary <out_dir>\.traces directory
AFL_PATH: path for the afl-showmap binary AFL_PATH: path for the afl-showmap binary
AFL_SKIP_BIN_CHECK: skip check for target binary AFL_SKIP_BIN_CHECK: skip check for target binary
AFL_ALLOW_TMP: allow unsafe use of input/output directories under {/var}/tmp
_EOF_ _EOF_
exit 1 exit 1
fi fi
@ -142,29 +141,29 @@ fi
# Do a sanity check to discourage the use of /tmp, since we can't really # Do a sanity check to discourage the use of /tmp, since we can't really
# handle this safely from a shell script. # handle this safely from a shell script.
if [ "$AFL_ALLOW_TMP" = "" ]; then #if [ "$AFL_ALLOW_TMP" = "" ]; then
#
echo "$IN_DIR" | grep -qE '^(/var)?/tmp/' # echo "$IN_DIR" | grep -qE '^(/var)?/tmp/'
T1="$?" # T1="$?"
#
echo "$TARGET_BIN" | grep -qE '^(/var)?/tmp/' # echo "$TARGET_BIN" | grep -qE '^(/var)?/tmp/'
T2="$?" # T2="$?"
#
echo "$OUT_DIR" | grep -qE '^(/var)?/tmp/' # echo "$OUT_DIR" | grep -qE '^(/var)?/tmp/'
T3="$?" # T3="$?"
#
echo "$STDIN_FILE" | grep -qE '^(/var)?/tmp/' # echo "$STDIN_FILE" | grep -qE '^(/var)?/tmp/'
T4="$?" # T4="$?"
#
echo "$PWD" | grep -qE '^(/var)?/tmp/' # echo "$PWD" | grep -qE '^(/var)?/tmp/'
T5="$?" # T5="$?"
#
if [ "$T1" = "0" -o "$T2" = "0" -o "$T3" = "0" -o "$T4" = "0" -o "$T5" = "0" ]; then # if [ "$T1" = "0" -o "$T2" = "0" -o "$T3" = "0" -o "$T4" = "0" -o "$T5" = "0" ]; then
echo "[-] Error: do not use this script in /tmp or /var/tmp." 1>&2 # echo "[-] Error: do not use this script in /tmp or /var/tmp." 1>&2
exit 1 # exit 1
fi # fi
#
fi #fi
# If @@ is specified, but there's no -f, let's come up with a temporary input # If @@ is specified, but there's no -f, let's come up with a temporary input
# file name. # file name.

35
afl-plot
View File

@ -35,9 +35,6 @@ an empty directory where this tool can write the resulting plots to.
The program will put index.html and three PNG images in the output directory; The program will put index.html and three PNG images in the output directory;
you should be able to view it with any web browser of your choice. you should be able to view it with any web browser of your choice.
Environment variables used:
AFL_ALLOW_TMP: allow /var/tmp or /tmp for input and output directories
_EOF_ _EOF_
exit 1 exit 1
@ -47,22 +44,22 @@ fi
inputdir=`get_abs_path "$1"` inputdir=`get_abs_path "$1"`
outputdir=`get_abs_path "$2"` outputdir=`get_abs_path "$2"`
if [ "$AFL_ALLOW_TMP" = "" ]; then #if [ "$AFL_ALLOW_TMP" = "" ]; then
#
echo "$inputdir" | grep -qE '^(/var)?/tmp/' # echo "$inputdir" | grep -qE '^(/var)?/tmp/'
T1="$?" # T1="$?"
#
echo "$outputdir" | grep -qE '^(/var)?/tmp/' # echo "$outputdir" | grep -qE '^(/var)?/tmp/'
T2="$?" # T2="$?"
#
if [ "$T1" = "0" -o "$T2" = "0" ]; then # if [ "$T1" = "0" -o "$T2" = "0" ]; then
#
echo "[-] Error: this script shouldn't be used with shared /tmp directories." 1>&2 # echo "[-] Error: this script shouldn't be used with shared /tmp directories." 1>&2
exit 1 # exit 1
#
fi # fi
#
fi #fi
if [ ! -f "$inputdir/plot_data" ]; then if [ ! -f "$inputdir/plot_data" ]; then

1
docs/Changelog.md
View File

@ -44,6 +44,7 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
- Unicornafl - Unicornafl
- Added powerPC support from unicorn/next - Added powerPC support from unicorn/next
- rust bindings! - rust bindings!
- Allow running in /tmp (only unsafe with umask 0)
- persistent mode shared memory testcase handover (instead of via - persistent mode shared memory testcase handover (instead of via
files/stdin) - 10-100% performance increase files/stdin) - 10-100% performance increase
- General support for 64 bit PowerPC, RiscV, Sparc etc. - General support for 64 bit PowerPC, RiscV, Sparc etc.

15
src/afl-fuzz-init.c
View File

@ -2128,14 +2128,17 @@ void check_binary(afl_state_t *afl, u8 *fname) {
/* Check for blatant user errors. */ /* Check for blatant user errors. */
if ((!strncmp(afl->fsrv.target_path, "/tmp/", 5) && /* disabled. not a real-worl scenario where this is a problem.
!strchr(afl->fsrv.target_path + 5, '/')) || if ((!strncmp(afl->fsrv.target_path, "/tmp/", 5) &&
(!strncmp(afl->fsrv.target_path, "/var/tmp/", 9) && !strchr(afl->fsrv.target_path + 5, '/')) ||
!strchr(afl->fsrv.target_path + 9, '/'))) { (!strncmp(afl->fsrv.target_path, "/var/tmp/", 9) &&
!strchr(afl->fsrv.target_path + 9, '/'))) {
FATAL("Please don't keep binaries in /tmp or /var/tmp"); FATAL("Please don't keep binaries in /tmp or /var/tmp");
} }
*/
fd = open(afl->fsrv.target_path, O_RDONLY); fd = open(afl->fsrv.target_path, O_RDONLY);

2
src/afl-fuzz-run.c
View File

@ -533,7 +533,7 @@ void sync_fuzzers(afl_state_t *afl) {
s32 fd; s32 fd;
struct stat st; struct stat st;
snprintf(path, sizeof (path), "%s/%s", qd_path, namelist[o]->d_name); snprintf(path, sizeof(path), "%s/%s", qd_path, namelist[o]->d_name);
afl->syncing_case = next_min_accept; afl->syncing_case = next_min_accept;
next_min_accept++; next_min_accept++;
o--; o--;