diff options
| author | van Hauser <vh@thc.org> | 2023-12-30 10:58:01 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-12-30 10:58:01 +0100 |
| commit | 1a60e35a2ac5c23aa632cf0830d87e2497673ee9 (patch) | |
| tree | 19553169a33d1506c3a6bac675caa60adf24bff3 /src | |
| parent | 88cbaeb3e14de3ee5960ca78564e41741e7bd85b (diff) | |
| parent | 2260a065f41d055d7e1515c620c18772ae7915d6 (diff) | |
| download | afl++-1a60e35a2ac5c23aa632cf0830d87e2497673ee9.tar.gz | |
Merge pull request #1945 from AFLplusplus/stable
push back to dev
Diffstat (limited to 'src')
| -rw-r--r-- | src/afl-cc.c | 24 | ||||
| -rw-r--r-- | src/afl-fuzz.c | 28 |
2 files changed, 52 insertions, 0 deletions
diff --git a/src/afl-cc.c b/src/afl-cc.c index 22cce2cd..54c733c9 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -1139,6 +1139,26 @@ static void edit_params(u32 argc, char **argv, char **envp) { } + if (getenv("AFL_LLVM_INJECTIONS_ALL") || + getenv("AFL_LLVM_INJECTIONS_SQL") || + getenv("AFL_LLVM_INJECTIONS_LDAP") || + getenv("AFL_LLVM_INJECTIONS_XSS")) { + +#if LLVM_MAJOR >= 11 + #if LLVM_MAJOR < 16 + cc_params[cc_par_cnt++] = "-fexperimental-new-pass-manager"; + #endif + cc_params[cc_par_cnt++] = + alloc_printf("-fpass-plugin=%s/injection-pass.so", obj_path); +#else + cc_params[cc_par_cnt++] = "-Xclang"; + cc_params[cc_par_cnt++] = "-load"; + cc_params[cc_par_cnt++] = "-Xclang"; + cc_params[cc_par_cnt++] = alloc_printf("%s/injection-pass.so", obj_path); +#endif + + } + // cc_params[cc_par_cnt++] = "-Qunused-arguments"; } @@ -2275,6 +2295,10 @@ int main(int argc, char **argv, char **envp) { "comparisons\n" " AFL_LLVM_DICT2FILE_NO_MAIN: skip parsing main() for the " "dictionary\n" + " AFL_LLVM_INJECTIONS_ALL: enables all injections hooking\n" + " AFL_LLVM_INJECTIONS_SQL: enables SQL injections hooking\n" + " AFL_LLVM_INJECTIONS_LDAP: enables LDAP injections hooking\n" + " AFL_LLVM_INJECTIONS_XSS: enables XSS injections hooking\n" " AFL_LLVM_LAF_ALL: enables all LAF splits/transforms\n" " AFL_LLVM_LAF_SPLIT_COMPARES: enable cascaded comparisons\n" " AFL_LLVM_LAF_SPLIT_COMPARES_BITW: size limit (default 8)\n" diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index dd990e71..17949fd7 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -1749,6 +1749,34 @@ int main(int argc, char **argv_orig, char **envp) { } + // Marker: ADD_TO_INJECTIONS + if (getenv("AFL_LLVM_INJECTIONS_ALL") || getenv("AFL_LLVM_INJECTIONS_SQL") || + getenv("AFL_LLVM_INJECTIONS_LDAP") || getenv("AFL_LLVM_INJECTIONS_XSS")) { + + OKF("Adding injection tokens to dictionary."); + if (getenv("AFL_LLVM_INJECTIONS_ALL") || + getenv("AFL_LLVM_INJECTIONS_SQL")) { + + add_extra(afl, "'\"\"'", 4); + + } + + if (getenv("AFL_LLVM_INJECTIONS_ALL") || + getenv("AFL_LLVM_INJECTIONS_LDAP")) { + + add_extra(afl, "*)(1=*))(|", 10); + + } + + if (getenv("AFL_LLVM_INJECTIONS_ALL") || + getenv("AFL_LLVM_INJECTIONS_XSS")) { + + add_extra(afl, "1\"><\"", 5); + + } + + } + OKF("Generating fuzz data with a length of min=%u max=%u", afl->min_length, afl->max_length); u32 min_alloc = MAX(64U, afl->min_length); |