diff options
Diffstat (limited to 'afl-cmin.bash')
| -rwxr-xr-x | afl-cmin.bash | 86 |
1 files changed, 50 insertions, 36 deletions
diff --git a/afl-cmin.bash b/afl-cmin.bash index b326bee8..fda48fb4 100755 --- a/afl-cmin.bash +++ b/afl-cmin.bash @@ -167,29 +167,28 @@ fi # Do a sanity check to discourage the use of /tmp, since we can't really # handle this safely from a shell script. -#if [ "$AFL_ALLOW_TMP" = "" ]; then -# -# echo "$IN_DIR" | grep -qE '^(/var)?/tmp/' -# T1="$?" -# -# echo "$TARGET_BIN" | grep -qE '^(/var)?/tmp/' -# T2="$?" -# -# echo "$OUT_DIR" | grep -qE '^(/var)?/tmp/' -# T3="$?" -# -# echo "$STDIN_FILE" | grep -qE '^(/var)?/tmp/' -# T4="$?" -# -# echo "$PWD" | grep -qE '^(/var)?/tmp/' -# T5="$?" -# -# if [ "$T1" = "0" -o "$T2" = "0" -o "$T3" = "0" -o "$T4" = "0" -o "$T5" = "0" ]; then -# echo "[-] Error: do not use this script in /tmp or /var/tmp." 1>&2 -# exit 1 -# fi -# -#fi +if [ "$AFL_ALLOW_TMP" = "" ]; then + + echo "$IN_DIR" | grep -qE '^(/var)?/tmp/' + T1="$?" + + echo "$TARGET_BIN" | grep -qE '^(/var)?/tmp/' + T2="$?" + + echo "$OUT_DIR" | grep -qE '^(/var)?/tmp/' + T3="$?" + + echo "$STDIN_FILE" | grep -qE '^(/var)?/tmp/' + T4="$?" + + echo "$PWD" | grep -qE '^(/var)?/tmp/' + T5="$?" + + if [ "$T1" = "0" -o "$T2" = "0" -o "$T3" = "0" -o "$T4" = "0" -o "$T5" = "0" ]; then + echo "[-] Warning: do not use this script in /tmp or /var/tmp for security reasons." 1>&2 + fi + +fi # If @@ is specified, but there's no -f, let's come up with a temporary input # file name. @@ -423,10 +422,14 @@ if [ "$THREADS" = "" ]; then ls "$IN_DIR" | while read -r fn; do - CUR=$((CUR+1)) - printf "\\r Processing file $CUR/$IN_COUNT... " + if [ -s "$IN_DIR/$fn" ]; then - "$SHOWMAP" -m "$MEM_LIMIT" -t "$TIMEOUT" -o "$TRACE_DIR/$fn" -Z $EXTRA_PAR -- "$@" <"$IN_DIR/$fn" + CUR=$((CUR+1)) + printf "\\r Processing file $CUR/$IN_COUNT... " + + "$SHOWMAP" -m "$MEM_LIMIT" -t "$TIMEOUT" -o "$TRACE_DIR/$fn" -Z $EXTRA_PAR -- "$@" <"$IN_DIR/$fn" + + fi done @@ -434,11 +437,15 @@ if [ "$THREADS" = "" ]; then ls "$IN_DIR" | while read -r fn; do - CUR=$((CUR+1)) - printf "\\r Processing file $CUR/$IN_COUNT... " + if [ -s "$IN_DIR/$fn" ]; then + + CUR=$((CUR+1)) + printf "\\r Processing file $CUR/$IN_COUNT... " + + cp "$IN_DIR/$fn" "$STDIN_FILE" + "$SHOWMAP" -m "$MEM_LIMIT" -t "$TIMEOUT" -o "$TRACE_DIR/$fn" -Z $EXTRA_PAR -H "$STDIN_FILE" -- "$@" </dev/null - cp "$IN_DIR/$fn" "$STDIN_FILE" - "$SHOWMAP" -m "$MEM_LIMIT" -t "$TIMEOUT" -o "$TRACE_DIR/$fn" -Z $EXTRA_PAR -H "$STDIN_FILE" -- "$@" </dev/null + fi done @@ -460,19 +467,26 @@ else cat $inputs | while read -r fn; do - "$SHOWMAP" -m "$MEM_LIMIT" -t "$TIMEOUT" -o "$TRACE_DIR/$fn" -Z $EXTRA_PAR -- "$@" <"$IN_DIR/$fn" + if [ -s "$IN_DIR/$fn" ]; then + + "$SHOWMAP" -m "$MEM_LIMIT" -t "$TIMEOUT" -o "$TRACE_DIR/$fn" -Z $EXTRA_PAR -- "$@" <"$IN_DIR/$fn" + + fi done else - STDIN_FILE="$inputs.$$" - cat $inputs | while read -r fn; do + if [ -s "$IN_DIR/$fn" ]; then + STDIN_FILE="$inputs.$$" + cat $inputs | while read -r fn; do - cp "$IN_DIR/$fn" "$STDIN_FILE" - "$SHOWMAP" -m "$MEM_LIMIT" -t "$TIMEOUT" -o "$TRACE_DIR/$fn" -Z $EXTRA_PAR -H "$STDIN_FILE" -- "$@" </dev/null + cp "$IN_DIR/$fn" "$STDIN_FILE" + "$SHOWMAP" -m "$MEM_LIMIT" -t "$TIMEOUT" -o "$TRACE_DIR/$fn" -Z $EXTRA_PAR -H "$STDIN_FILE" -- "$@" </dev/null - done + done + + fi fi |