ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-15 11:28:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor finding binaries

Browse Source
This commit is contained in:
vanhauser-thc
2021-03-19 14:55:25 +01:00
parent 99525dee38
commit e73c7c59c1
5 changed files with 79 additions and 162 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.github/workflows/ci.yml vendored
View File

@ -3,8 +3,8 @@ name: CI
on: on:
push: push:
branches: [ stable, dev ] branches: [ stable, dev ]
# pull_request: pull_request:
# branches: [ stable, dev ] branches: [ stable, dev ]
jobs: jobs:
build: build:

4
.github/workflows/codeql-analysis.yml vendored
View File

@ -3,8 +3,8 @@ name: "CodeQL"
on: on:
push: push:
branches: [ stable, dev ] branches: [ stable, dev ]
# pull_request: pull_request:
# branches: [ stable, dev ] branches: [ stable, dev ]
jobs: jobs:
analyze: analyze:

4
include/common.h
View File

@ -57,6 +57,10 @@ extern u8 *doc_path; /* path to documentation dir */
u8 *find_binary(u8 *fname); u8 *find_binary(u8 *fname);
/* find an afl binary */
u8 *find_afl_binary(u8 *own_loc, u8 *fname);
/* Parses the kill signal environment variable, FATALs on error. /* Parses the kill signal environment variable, FATALs on error.
If the env is not set, sets the env to default_signal for the signal handlers If the env is not set, sets the env to default_signal for the signal handlers
and returns the default_signal. */ and returns the default_signal. */

1
include/envs.h
View File

@ -42,6 +42,7 @@ static char *afl_environment_variables[] = {
"AFL_DEBUG_CHILD", "AFL_DEBUG_CHILD",
"AFL_DEBUG_GDB", "AFL_DEBUG_GDB",
"AFL_DISABLE_TRIM", "AFL_DISABLE_TRIM",
"AFL_DISABLE_LLVM_INSTRUMENTATION",
"AFL_DONT_OPTIMIZE", "AFL_DONT_OPTIMIZE",
"AFL_DRIVER_STDERR_DUPLICATE_FILENAME", "AFL_DRIVER_STDERR_DUPLICATE_FILENAME",
"AFL_DUMB_FORKSRV", "AFL_DUMB_FORKSRV",

224
src/afl-common.c
View File

@ -158,10 +158,6 @@ char **get_qemu_argv(u8 *own_loc, u8 **target_path_p, int argc, char **argv) {
} }
if (!unlikely(own_loc)) { FATAL("BUG: param own_loc is NULL"); }
u8 *tmp, *cp = NULL, *rsl, *own_copy;
char **new_argv = ck_alloc(sizeof(char *) * (argc + 4)); char **new_argv = ck_alloc(sizeof(char *) * (argc + 4));
if (unlikely(!new_argv)) { FATAL("Illegal amount of arguments specified"); } if (unlikely(!new_argv)) { FATAL("Illegal amount of arguments specified"); }
@ -173,81 +169,15 @@ char **get_qemu_argv(u8 *own_loc, u8 **target_path_p, int argc, char **argv) {
/* Now we need to actually find the QEMU binary to put in argv[0]. */ /* Now we need to actually find the QEMU binary to put in argv[0]. */
tmp = getenv("AFL_PATH"); *target_path_p = new_argv[0] = find_afl_binary(own_loc, "afl-qemu-trace");
if (tmp) {
cp = alloc_printf("%s/afl-qemu-trace", tmp);
if (access(cp, X_OK)) { FATAL("Unable to find '%s'", tmp); }
*target_path_p = new_argv[0] = cp;
return new_argv; return new_argv;
}
own_copy = ck_strdup(own_loc);
rsl = strrchr(own_copy, '/');
if (rsl) {
*rsl = 0;
cp = alloc_printf("%s/afl-qemu-trace", own_copy);
ck_free(own_copy);
if (!access(cp, X_OK)) {
*target_path_p = new_argv[0] = cp;
return new_argv;
}
} else {
ck_free(own_copy);
}
if (!access(BIN_PATH "/afl-qemu-trace", X_OK)) {
if (cp) { ck_free(cp); }
*target_path_p = new_argv[0] = ck_strdup(BIN_PATH "/afl-qemu-trace");
return new_argv;
}
SAYF("\n" cLRD "[-] " cRST
"Oops, unable to find the 'afl-qemu-trace' binary. The binary must be "
"built\n"
" separately by following the instructions in "
"qemu_mode/README.md. "
"If you\n"
" already have the binary installed, you may need to specify "
"AFL_PATH in the\n"
" environment.\n\n"
" Of course, even without QEMU, afl-fuzz can still work with "
"binaries that are\n"
" instrumented at compile time with afl-gcc. It is also possible to "
"use it as a\n"
" traditional non-instrumented fuzzer by specifying '-n' in the "
"command "
"line.\n");
FATAL("Failed to locate 'afl-qemu-trace'.");
} }
/* Rewrite argv for Wine+QEMU. */ /* Rewrite argv for Wine+QEMU. */
char **get_wine_argv(u8 *own_loc, u8 **target_path_p, int argc, char **argv) { char **get_wine_argv(u8 *own_loc, u8 **target_path_p, int argc, char **argv) {
if (!unlikely(own_loc)) { FATAL("BUG: param own_loc is NULL"); }
u8 *tmp, *cp = NULL, *rsl, *own_copy;
char **new_argv = ck_alloc(sizeof(char *) * (argc + 3)); char **new_argv = ck_alloc(sizeof(char *) * (argc + 3));
if (unlikely(!new_argv)) { FATAL("Illegal amount of arguments specified"); } if (unlikely(!new_argv)) { FATAL("Illegal amount of arguments specified"); }
@ -258,93 +188,11 @@ char **get_wine_argv(u8 *own_loc, u8 **target_path_p, int argc, char **argv) {
/* Now we need to actually find the QEMU binary to put in argv[0]. */ /* Now we need to actually find the QEMU binary to put in argv[0]. */
tmp = getenv("AFL_PATH"); u8 *tmp = find_afl_binary(own_loc, "afl-qemu-trace");
ck_free(tmp);
if (tmp) { *target_path_p = new_argv[0] = find_afl_binary(own_loc, "afl-wine-trace");
cp = alloc_printf("%s/afl-qemu-trace", tmp);
if (access(cp, X_OK)) { FATAL("Unable to find '%s'", tmp); }
ck_free(cp);
cp = alloc_printf("%s/afl-wine-trace", tmp);
if (access(cp, X_OK)) { FATAL("Unable to find '%s'", tmp); }
*target_path_p = new_argv[0] = cp;
return new_argv; return new_argv;
}
own_copy = ck_strdup(own_loc);
rsl = strrchr(own_copy, '/');
if (rsl) {
*rsl = 0;
cp = alloc_printf("%s/afl-qemu-trace", own_copy);
if (cp && !access(cp, X_OK)) {
ck_free(cp);
cp = alloc_printf("%s/afl-wine-trace", own_copy);
if (!access(cp, X_OK)) {
*target_path_p = new_argv[0] = cp;
return new_argv;
}
}
ck_free(own_copy);
} else {
ck_free(own_copy);
}
u8 *ncp = BIN_PATH "/afl-qemu-trace";
if (!access(ncp, X_OK)) {
ncp = BIN_PATH "/afl-wine-trace";
if (!access(ncp, X_OK)) {
*target_path_p = new_argv[0] = ck_strdup(ncp);
return new_argv;
}
}
SAYF("\n" cLRD "[-] " cRST
"Oops, unable to find the '%s' binary. The binary must be "
"built\n"
" separately by following the instructions in "
"qemu_mode/README.md. "
"If you\n"
" already have the binary installed, you may need to specify "
"AFL_PATH in the\n"
" environment.\n\n"
" Of course, even without QEMU, afl-fuzz can still work with "
"binaries that are\n"
" instrumented at compile time with afl-gcc. It is also possible to "
"use it as a\n"
" traditional non-instrumented fuzzer by specifying '-n' in the "
"command "
"line.\n",
ncp);
FATAL("Failed to locate '%s'.", ncp);
} }
/* Find binary, used by analyze, showmap, tmin /* Find binary, used by analyze, showmap, tmin
@ -437,6 +285,70 @@ u8 *find_binary(u8 *fname) {
} }
u8 *find_afl_binary(u8 *own_loc, u8 *fname) {
u8 *afl_path = NULL, *target_path, *own_copy;
if ((afl_path = getenv("AFL_PATH"))) {
target_path = alloc_printf("%s/%s", afl_path, fname);
if (!access(target_path, X_OK)) {
return target_path;
} else {
ck_free(target_path);
}
}
if (own_loc) {
own_copy = ck_strdup(own_loc);
u8 *rsl = strrchr(own_copy, '/');
if (rsl) {
*rsl = 0;
target_path = alloc_printf("%s/%s", own_copy, fname);
ck_free(own_copy);
if (!access(target_path, X_OK)) {
return target_path;
} else {
ck_free(target_path);
}
} else {
ck_free(own_copy);
}
}
target_path = alloc_printf("%s/%s", BIN_PATH, fname);
if (!access(target_path, X_OK)) {
return target_path;
} else {
ck_free(target_path);
}
return find_binary(fname);
}
/* Parses the kill signal environment variable, FATALs on error. /* Parses the kill signal environment variable, FATALs on error.
If the env is not set, sets the env to default_signal for the signal handlers If the env is not set, sets the env to default_signal for the signal handlers
and returns the default_signal. */ and returns the default_signal. */