diff options
| author | fuzzah <fuzzah@tuta.io> | 2021-03-17 01:51:40 +0300 |
|---|---|---|
| committer | fuzzah <fuzzah@tuta.io> | 2021-03-20 01:32:28 +0300 |
| commit | d7e121e2c99c02d4b6984f21ba837d44bce9c77c (patch) | |
| tree | 2263044f6ce1e845226245b0ba7381ab99490976 /src | |
| parent | 65b90001f6e731f22178cb592b9812639bff4cb5 (diff) | |
| download | afl++-d7e121e2c99c02d4b6984f21ba837d44bce9c77c.tar.gz | |
add AFL_TARGET_ENV to afl-fuzz
Diffstat (limited to 'src')
| -rw-r--r-- | src/afl-common.c | 96 | ||||
| -rw-r--r-- | src/afl-fuzz.c | 8 |
2 files changed, 104 insertions, 0 deletions
diff --git a/src/afl-common.c b/src/afl-common.c index 27b63434..72a95fbc 100644 --- a/src/afl-common.c +++ b/src/afl-common.c @@ -706,6 +706,102 @@ char *get_afl_env(char *env) { } +u8 extract_and_set_env(u8 *env_str) { + + if (!env_str) { return 0; } + + u8 *p = ck_strdup(env_str); + + u8 *end = p + strlen((char *)p); + + u8 ret_val = 0; // return false by default + + u8 *rest = p; + u8 *key = p; + u8 *val = p; + + u8 closing_sym = ' '; + u8 c; + + size_t num_pairs = 0; + + while (rest < end) { + + while (*rest == ' ') { + + rest++; + + } + + if (rest + 1 >= end) break; + + key = rest; + // env variable names may not start with numbers or '=' + if (*key == '=' || (*key >= '0' && *key <= '9')) { goto free_and_return; } + + while (rest < end && *rest != '=' && *rest != ' ') { + + c = *rest; + // lowercase is bad but we may still allow it + if ((c < 'A' || c > 'Z') && (c < 'a' || c > 'z') && + (c < '0' || c > '9') && c != '_') { + + goto free_and_return; + + } + + rest++; + + } + + if (*rest != '=') { goto free_and_return; } + + *rest = '\0'; // done with variable name + + rest += 1; + if (rest >= end || *rest == ' ') { goto free_and_return; } + + val = rest; + if (*val == '\'' || *val == '"') { + + closing_sym = *val; + val += 1; + rest += 1; + if (rest >= end) { goto free_and_return; } + + } else { + + closing_sym = ' '; + + } + + while (rest < end && *rest != closing_sym) { + + rest++; + + } + + if (closing_sym != ' ' && *rest != closing_sym) { goto free_and_return; } + + *rest = '\0'; // done with variable value + + rest += 1; + if (rest < end && *rest != ' ') { goto free_and_return; } + + num_pairs += 1; + + setenv(key, val, 1); + + } + + if (num_pairs > 0) { ret_val = 1; } + +free_and_return: + ck_free(p); + return ret_val; + +} + /* Read mask bitmap from file. This is for the -B option. */ void read_bitmap(u8 *fname, u8 *map, size_t len) { diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index cfb507a7..9ea1fb34 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -223,6 +223,7 @@ static void usage(u8 *argv0, int more_help) { "AFL_PYTHON_MODULE: mutate and trim inputs with the specified Python module\n" "AFL_QUIET: suppress forkserver status messages\n" "AFL_PRELOAD: LD_PRELOAD / DYLD_INSERT_LIBRARIES settings for target\n" + "AFL_TARGET_ENV: pass extra environment variables to target\n" "AFL_SHUFFLE_QUEUE: reorder the input queue randomly on startup\n" "AFL_SKIP_BIN_CHECK: skip the check, if the target is an executable\n" "AFL_SKIP_CPUFREQ: do not warn about variable cpu clocking\n" @@ -1303,6 +1304,13 @@ int main(int argc, char **argv_orig, char **envp) { } + u8 *extra_env = (u8 *)getenv("AFL_TARGET_ENV"); + if (extra_env && !extract_and_set_env(extra_env)) { + + FATAL("Bad value of AFL_TARGET_ENV"); + + } + save_cmdline(afl, argc, argv); fix_up_banner(afl, argv[optind]); |