about summary refs log tree commit diff
diff options
context:
space:
mode:
authorvanhauser-thc <vh@thc.org>2023-11-07 10:31:09 +0100
committervanhauser-thc <vh@thc.org>2023-11-07 10:31:09 +0100
commitac0ad563480e3bf1fb69349e960b7957fffe75df (patch)
tree83ed891190e884fbc9f7f215ae4193577b64ca14
parentf3d2127fd815bed2ec9dfab981123898d11cea65 (diff)
downloadafl++-ac0ad563480e3bf1fb69349e960b7957fffe75df.tar.gz
fix dictionary and cmin
Diffstat
-rwxr-xr-xafl-cmin32


-rwxr-xr-xafl-cmin.bash86


-rw-r--r--docs/Changelog.md2


-rw-r--r--src/afl-fuzz-extras.c5


4 files changed, 70 insertions, 55 deletions
diff --git a/afl-cmin b/afl-cmin
index 23532b63..566f157d 100755
--- a/afl-cmin
+++ b/afl-cmin
@@ -259,22 +259,20 @@ BEGIN {
   # Do a sanity check to discourage the use of /tmp, since we can't really
   # handle this safely from an awk script.
 
-  #if (!ENVIRON["AFL_ALLOW_TMP"]) {
-  #  dirlist[0] = in_dir
-  #  dirlist[1] = target_bin
-  #  dirlist[2] = out_dir
-  #  dirlist[3] = stdin_file
-  #  "pwd" | getline dirlist[4] # current directory
-  #  for (dirind in dirlist) {
-  #    dir = dirlist[dirind]
-  #
-  #      if (dir ~ /^(\/var)?\/tmp/) {
-  #        print "[-] Error: do not use this script in /tmp or /var/tmp." > "/dev/stderr"
-  #        exit 1
-  #      }
-  #    }
-  #  delete dirlist
-  #}
+  if (!ENVIRON["AFL_ALLOW_TMP"]) {
+    dirlist[0] = in_dir
+    dirlist[1] = target_bin
+    dirlist[2] = out_dir
+    dirlist[3] = stdin_file
+    "pwd" | getline dirlist[4] # current directory
+    for (dirind in dirlist) {
+      dir = dirlist[dirind]
+      if (dir ~ /^(\/var)?\/tmp/) {
+        print "[-] Warning: do not use this script in /tmp or /var/tmp for security reasons." > "/dev/stderr"
+      }
+    }
+    delete dirlist
+  }
 
   if (threads && stdin_file) {
     print "[-] Error: -T and -f cannot be used together." > "/dev/stderr"
@@ -430,7 +428,7 @@ BEGIN {
   } else {
     stat_format = "-f '%z %N'" # *BSD, MacOS
   }
-  cmdline = "(cd "in_dir" && find . \\( ! -name \".*\" -a -type d \\) -o -type f -exec stat "stat_format" \\{\\} + | sort -k1n -k2r)"
+  cmdline = "(cd "in_dir" && find . \\( ! -name \".*\" -a -type d \\) -o -type f -exec stat "stat_format" \\{\\} + | sort -k1n -k2r) | grep -Ev '^0'"
   #cmdline = "ls "in_dir" | (cd "in_dir" && xargs stat "stat_format" 2>/dev/null) | sort -k1n -k2r"
   #cmdline = "(cd "in_dir" && stat "stat_format" *) | sort -k1n -k2r"
   #cmdline = "(cd "in_dir" && ls | xargs stat "stat_format" ) | sort -k1n -k2r"
diff --git a/afl-cmin.bash b/afl-cmin.bash
index b326bee8..fda48fb4 100755
--- a/afl-cmin.bash
+++ b/afl-cmin.bash
@@ -167,29 +167,28 @@ fi
 # Do a sanity check to discourage the use of /tmp, since we can't really
 # handle this safely from a shell script.
 
-#if [ "$AFL_ALLOW_TMP" = "" ]; then
-#
-#  echo "$IN_DIR" | grep -qE '^(/var)?/tmp/'
-#  T1="$?"
-#
-#  echo "$TARGET_BIN" | grep -qE '^(/var)?/tmp/'
-#  T2="$?"
-#
-#  echo "$OUT_DIR" | grep -qE '^(/var)?/tmp/'
-#  T3="$?"
-#
-#  echo "$STDIN_FILE" | grep -qE '^(/var)?/tmp/'
-#  T4="$?"
-#
-#  echo "$PWD" | grep -qE '^(/var)?/tmp/'
-#  T5="$?"
-#
-#  if [ "$T1" = "0" -o "$T2" = "0" -o "$T3" = "0" -o "$T4" = "0" -o "$T5" = "0" ]; then
-#    echo "[-] Error: do not use this script in /tmp or /var/tmp." 1>&2
-#    exit 1
-#  fi
-#
-#fi
+if [ "$AFL_ALLOW_TMP" = "" ]; then
+
+  echo "$IN_DIR" | grep -qE '^(/var)?/tmp/'
+  T1="$?"
+
+  echo "$TARGET_BIN" | grep -qE '^(/var)?/tmp/'
+  T2="$?"
+
+  echo "$OUT_DIR" | grep -qE '^(/var)?/tmp/'
+  T3="$?"
+
+  echo "$STDIN_FILE" | grep -qE '^(/var)?/tmp/'
+  T4="$?"
+
+  echo "$PWD" | grep -qE '^(/var)?/tmp/'
+  T5="$?"
+
+  if [ "$T1" = "0" -o "$T2" = "0" -o "$T3" = "0" -o "$T4" = "0" -o "$T5" = "0" ]; then
+    echo "[-] Warning: do not use this script in /tmp or /var/tmp for security reasons." 1>&2
+  fi
+
+fi
 
 # If @@ is specified, but there's no -f, let's come up with a temporary input
 # file name.
@@ -423,10 +422,14 @@ if [ "$THREADS" = "" ]; then
 
     ls "$IN_DIR" | while read -r fn; do
 
-      CUR=$((CUR+1))
-      printf "\\r    Processing file $CUR/$IN_COUNT... "
+      if [ -s "$IN_DIR/$fn" ]; then
 
-      "$SHOWMAP" -m "$MEM_LIMIT" -t "$TIMEOUT" -o "$TRACE_DIR/$fn" -Z $EXTRA_PAR -- "$@" <"$IN_DIR/$fn"
+        CUR=$((CUR+1))
+        printf "\\r    Processing file $CUR/$IN_COUNT... "
+
+        "$SHOWMAP" -m "$MEM_LIMIT" -t "$TIMEOUT" -o "$TRACE_DIR/$fn" -Z $EXTRA_PAR -- "$@" <"$IN_DIR/$fn"
+      
+      fi
 
     done
 
@@ -434,11 +437,15 @@ if [ "$THREADS" = "" ]; then
 
     ls "$IN_DIR" | while read -r fn; do
 
-      CUR=$((CUR+1))
-      printf "\\r    Processing file $CUR/$IN_COUNT... "
+      if [ -s "$IN_DIR/$fn" ]; then
+
+        CUR=$((CUR+1))
+        printf "\\r    Processing file $CUR/$IN_COUNT... "
+
+        cp "$IN_DIR/$fn" "$STDIN_FILE"
+        "$SHOWMAP" -m "$MEM_LIMIT" -t "$TIMEOUT" -o "$TRACE_DIR/$fn" -Z $EXTRA_PAR -H "$STDIN_FILE" -- "$@" </dev/null
 
-      cp "$IN_DIR/$fn" "$STDIN_FILE"
-      "$SHOWMAP" -m "$MEM_LIMIT" -t "$TIMEOUT" -o "$TRACE_DIR/$fn" -Z $EXTRA_PAR -H "$STDIN_FILE" -- "$@" </dev/null
+      fi
 
     done
 
@@ -460,19 +467,26 @@ else
 
     cat $inputs | while read -r fn; do
 
-      "$SHOWMAP" -m "$MEM_LIMIT" -t "$TIMEOUT" -o "$TRACE_DIR/$fn" -Z $EXTRA_PAR -- "$@" <"$IN_DIR/$fn"
+      if [ -s "$IN_DIR/$fn" ]; then
+
+        "$SHOWMAP" -m "$MEM_LIMIT" -t "$TIMEOUT" -o "$TRACE_DIR/$fn" -Z $EXTRA_PAR -- "$@" <"$IN_DIR/$fn"
+
+      fi
 
     done
 
   else
 
-    STDIN_FILE="$inputs.$$"
-    cat $inputs | while read -r fn; do
+    if [ -s "$IN_DIR/$fn" ]; then
+      STDIN_FILE="$inputs.$$"
+      cat $inputs | while read -r fn; do
 
-      cp "$IN_DIR/$fn" "$STDIN_FILE"
-      "$SHOWMAP" -m "$MEM_LIMIT" -t "$TIMEOUT" -o "$TRACE_DIR/$fn" -Z $EXTRA_PAR -H "$STDIN_FILE" -- "$@" </dev/null
+        cp "$IN_DIR/$fn" "$STDIN_FILE"
+        "$SHOWMAP" -m "$MEM_LIMIT" -t "$TIMEOUT" -o "$TRACE_DIR/$fn" -Z $EXTRA_PAR -H "$STDIN_FILE" -- "$@" </dev/null
 
-    done
+      done
+
+    fi
 
   fi
 
diff --git a/docs/Changelog.md b/docs/Changelog.md
index bf1a7d87..c74a9ad7 100644
--- a/docs/Changelog.md
+++ b/docs/Changelog.md
@@ -12,6 +12,7 @@
     - allow -S/-M naming up to 50 characters (from 24)
     - added scale support to CMPLOG (-l S)
     - added --version and --help command line parameters
+    - fixed endless loop when reading malformed dictionaries
   - afl-whatsup:
     - detect instanced that are starting up and show them as such as not dead
     - now also shows coverage reached
@@ -21,6 +22,7 @@
     - fix for a few string compare transform functions for LAF
   - frida_mode:
     - fixes support for large map offsets
+  - afl-cmin/afl-cmin.bash: prevent unneeded file errors
   - added new tool afl-addseeds that adds new seeds to a running campaign
   - added benchmark/benchmark.sh if you want to see how good your fuzzing
     speed is in comparison to other setups.
diff --git a/src/afl-fuzz-extras.c b/src/afl-fuzz-extras.c
index f6de11ae..905431d1 100644
--- a/src/afl-fuzz-extras.c
+++ b/src/afl-fuzz-extras.c
@@ -176,6 +176,8 @@ void load_extras_file(afl_state_t *afl, u8 *fname, u32 *min_len, u32 *max_len,
     afl->extras =
         afl_realloc((void **)&afl->extras,
                     (afl->extras_cnt + 1) * sizeof(struct extra_data));
+    char *hexdigits = "0123456789abcdef";
+
     if (unlikely(!afl->extras)) { PFATAL("alloc"); }
 
     wptr = afl->extras[afl->extras_cnt].data = ck_alloc(rptr - lptr);
@@ -184,13 +186,12 @@ void load_extras_file(afl_state_t *afl, u8 *fname, u32 *min_len, u32 *max_len,
 
     while (*lptr) {
 
-      char *hexdigits = "0123456789abcdef";
-
       switch (*lptr) {
 
         case 1 ... 31:
         case 128 ... 255:
           WARNF("Non-printable characters in line %u.", cur_line);
+          ++lptr;
           continue;
           break;
 

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-05-19 04:14:25 +0000