ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-15 11:28:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix dictionary and cmin

Browse Source
This commit is contained in:
vanhauser-thc
2023-11-07 10:31:09 +01:00
parent f3d2127fd8
commit ac0ad56348
4 changed files with 70 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
afl-cmin
View File

@ -259,22 +259,20 @@ BEGIN {
# Do a sanity check to discourage the use of /tmp, since we can't really # Do a sanity check to discourage the use of /tmp, since we can't really
# handle this safely from an awk script. # handle this safely from an awk script.
#if (!ENVIRON["AFL_ALLOW_TMP"]) { if (!ENVIRON["AFL_ALLOW_TMP"]) {
# dirlist[0] = in_dir dirlist[0] = in_dir
# dirlist[1] = target_bin dirlist[1] = target_bin
# dirlist[2] = out_dir dirlist[2] = out_dir
# dirlist[3] = stdin_file dirlist[3] = stdin_file
# "pwd" | getline dirlist[4] # current directory "pwd" | getline dirlist[4] # current directory
# for (dirind in dirlist) { for (dirind in dirlist) {
# dir = dirlist[dirind] dir = dirlist[dirind]
# if (dir ~ /^(\/var)?\/tmp/) {
# if (dir ~ /^(\/var)?\/tmp/) { print "[-] Warning: do not use this script in /tmp or /var/tmp for security reasons." > "/dev/stderr"
# print "[-] Error: do not use this script in /tmp or /var/tmp." > "/dev/stderr" }
# exit 1 }
# } delete dirlist
# } }
# delete dirlist
#}
if (threads && stdin_file) { if (threads && stdin_file) {
print "[-] Error: -T and -f cannot be used together." > "/dev/stderr" print "[-] Error: -T and -f cannot be used together." > "/dev/stderr"
@ -430,7 +428,7 @@ BEGIN {
} else { } else {
stat_format = "-f '%z %N'" # *BSD, MacOS stat_format = "-f '%z %N'" # *BSD, MacOS
} }
cmdline = "(cd "in_dir" && find . \\( ! -name \".*\" -a -type d \\) -o -type f -exec stat "stat_format" \\{\\} + | sort -k1n -k2r)" cmdline = "(cd "in_dir" && find . \\( ! -name \".*\" -a -type d \\) -o -type f -exec stat "stat_format" \\{\\} + | sort -k1n -k2r) | grep -Ev '^0'"
#cmdline = "ls "in_dir" | (cd "in_dir" && xargs stat "stat_format" 2>/dev/null) | sort -k1n -k2r" #cmdline = "ls "in_dir" | (cd "in_dir" && xargs stat "stat_format" 2>/dev/null) | sort -k1n -k2r"
#cmdline = "(cd "in_dir" && stat "stat_format" *) | sort -k1n -k2r" #cmdline = "(cd "in_dir" && stat "stat_format" *) | sort -k1n -k2r"
#cmdline = "(cd "in_dir" && ls | xargs stat "stat_format" ) | sort -k1n -k2r" #cmdline = "(cd "in_dir" && ls | xargs stat "stat_format" ) | sort -k1n -k2r"

60
afl-cmin.bash
View File

@ -167,29 +167,28 @@ fi
# Do a sanity check to discourage the use of /tmp, since we can't really # Do a sanity check to discourage the use of /tmp, since we can't really
# handle this safely from a shell script. # handle this safely from a shell script.
#if [ "$AFL_ALLOW_TMP" = "" ]; then if [ "$AFL_ALLOW_TMP" = "" ]; then
#
# echo "$IN_DIR" | grep -qE '^(/var)?/tmp/' echo "$IN_DIR" | grep -qE '^(/var)?/tmp/'
# T1="$?" T1="$?"
#
# echo "$TARGET_BIN" | grep -qE '^(/var)?/tmp/' echo "$TARGET_BIN" | grep -qE '^(/var)?/tmp/'
# T2="$?" T2="$?"
#
# echo "$OUT_DIR" | grep -qE '^(/var)?/tmp/' echo "$OUT_DIR" | grep -qE '^(/var)?/tmp/'
# T3="$?" T3="$?"
#
# echo "$STDIN_FILE" | grep -qE '^(/var)?/tmp/' echo "$STDIN_FILE" | grep -qE '^(/var)?/tmp/'
# T4="$?" T4="$?"
#
# echo "$PWD" | grep -qE '^(/var)?/tmp/' echo "$PWD" | grep -qE '^(/var)?/tmp/'
# T5="$?" T5="$?"
#
# if [ "$T1" = "0" -o "$T2" = "0" -o "$T3" = "0" -o "$T4" = "0" -o "$T5" = "0" ]; then if [ "$T1" = "0" -o "$T2" = "0" -o "$T3" = "0" -o "$T4" = "0" -o "$T5" = "0" ]; then
# echo "[-] Error: do not use this script in /tmp or /var/tmp." 1>&2 echo "[-] Warning: do not use this script in /tmp or /var/tmp for security reasons." 1>&2
# exit 1 fi
# fi
# fi
#fi
# If @@ is specified, but there's no -f, let's come up with a temporary input # If @@ is specified, but there's no -f, let's come up with a temporary input
# file name. # file name.
@ -423,23 +422,31 @@ if [ "$THREADS" = "" ]; then
ls "$IN_DIR" | while read -r fn; do ls "$IN_DIR" | while read -r fn; do
if [ -s "$IN_DIR/$fn" ]; then
CUR=$((CUR+1)) CUR=$((CUR+1))
printf "\\r Processing file $CUR/$IN_COUNT... " printf "\\r Processing file $CUR/$IN_COUNT... "
"$SHOWMAP" -m "$MEM_LIMIT" -t "$TIMEOUT" -o "$TRACE_DIR/$fn" -Z $EXTRA_PAR -- "$@" <"$IN_DIR/$fn" "$SHOWMAP" -m "$MEM_LIMIT" -t "$TIMEOUT" -o "$TRACE_DIR/$fn" -Z $EXTRA_PAR -- "$@" <"$IN_DIR/$fn"
fi
done done
else else
ls "$IN_DIR" | while read -r fn; do ls "$IN_DIR" | while read -r fn; do
if [ -s "$IN_DIR/$fn" ]; then
CUR=$((CUR+1)) CUR=$((CUR+1))
printf "\\r Processing file $CUR/$IN_COUNT... " printf "\\r Processing file $CUR/$IN_COUNT... "
cp "$IN_DIR/$fn" "$STDIN_FILE" cp "$IN_DIR/$fn" "$STDIN_FILE"
"$SHOWMAP" -m "$MEM_LIMIT" -t "$TIMEOUT" -o "$TRACE_DIR/$fn" -Z $EXTRA_PAR -H "$STDIN_FILE" -- "$@" </dev/null "$SHOWMAP" -m "$MEM_LIMIT" -t "$TIMEOUT" -o "$TRACE_DIR/$fn" -Z $EXTRA_PAR -H "$STDIN_FILE" -- "$@" </dev/null
fi
done done
fi fi
@ -460,12 +467,17 @@ else
cat $inputs | while read -r fn; do cat $inputs | while read -r fn; do
if [ -s "$IN_DIR/$fn" ]; then
"$SHOWMAP" -m "$MEM_LIMIT" -t "$TIMEOUT" -o "$TRACE_DIR/$fn" -Z $EXTRA_PAR -- "$@" <"$IN_DIR/$fn" "$SHOWMAP" -m "$MEM_LIMIT" -t "$TIMEOUT" -o "$TRACE_DIR/$fn" -Z $EXTRA_PAR -- "$@" <"$IN_DIR/$fn"
fi
done done
else else
if [ -s "$IN_DIR/$fn" ]; then
STDIN_FILE="$inputs.$$" STDIN_FILE="$inputs.$$"
cat $inputs | while read -r fn; do cat $inputs | while read -r fn; do
@ -476,6 +488,8 @@ else
fi fi
fi
) & ) &
PIDS="$PIDS $!" PIDS="$PIDS $!"

2
docs/Changelog.md
View File

@ -12,6 +12,7 @@
- allow -S/-M naming up to 50 characters (from 24) - allow -S/-M naming up to 50 characters (from 24)
- added scale support to CMPLOG (-l S) - added scale support to CMPLOG (-l S)
- added --version and --help command line parameters - added --version and --help command line parameters
- fixed endless loop when reading malformed dictionaries
- afl-whatsup: - afl-whatsup:
- detect instanced that are starting up and show them as such as not dead - detect instanced that are starting up and show them as such as not dead
- now also shows coverage reached - now also shows coverage reached
@ -21,6 +22,7 @@
- fix for a few string compare transform functions for LAF - fix for a few string compare transform functions for LAF
- frida_mode: - frida_mode:
- fixes support for large map offsets - fixes support for large map offsets
- afl-cmin/afl-cmin.bash: prevent unneeded file errors
- added new tool afl-addseeds that adds new seeds to a running campaign - added new tool afl-addseeds that adds new seeds to a running campaign
- added benchmark/benchmark.sh if you want to see how good your fuzzing - added benchmark/benchmark.sh if you want to see how good your fuzzing
speed is in comparison to other setups. speed is in comparison to other setups.

5
src/afl-fuzz-extras.c
View File

@ -176,6 +176,8 @@ void load_extras_file(afl_state_t *afl, u8 *fname, u32 *min_len, u32 *max_len,
afl->extras = afl->extras =
afl_realloc((void **)&afl->extras, afl_realloc((void **)&afl->extras,
(afl->extras_cnt + 1) * sizeof(struct extra_data)); (afl->extras_cnt + 1) * sizeof(struct extra_data));
char *hexdigits = "0123456789abcdef";
if (unlikely(!afl->extras)) { PFATAL("alloc"); } if (unlikely(!afl->extras)) { PFATAL("alloc"); }
wptr = afl->extras[afl->extras_cnt].data = ck_alloc(rptr - lptr); wptr = afl->extras[afl->extras_cnt].data = ck_alloc(rptr - lptr);
@ -184,13 +186,12 @@ void load_extras_file(afl_state_t *afl, u8 *fname, u32 *min_len, u32 *max_len,
while (*lptr) { while (*lptr) {
char *hexdigits = "0123456789abcdef";
switch (*lptr) { switch (*lptr) {
case 1 ... 31: case 1 ... 31:
case 128 ... 255: case 128 ... 255:
WARNF("Non-printable characters in line %u.", cur_line); WARNF("Non-printable characters in line %u.", cur_line);
++lptr;
continue; continue;
break; break;