From eb4561e3a67231e34f772bdc6b0175e385692d50 Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Sat, 20 Jun 2020 13:09:47 +0200 Subject: afl-plot: fix issue #417, also check relative paths for directories --- afl-plot | 47 +++++++++++++++++++++++++++-------------------- 1 file changed, 27 insertions(+), 20 deletions(-) (limited to 'afl-plot') diff --git a/afl-plot b/afl-plot index 6ad3f790..55745e93 100755 --- a/afl-plot +++ b/afl-plot @@ -15,6 +15,10 @@ # http://www.apache.org/licenses/LICENSE-2.0 # +get_abs_path() { + echo $(cd "`dirname "$1"`" && pwd)/"`basename "$1"`" +} + echo "progress plotting utility for afl-fuzz by Michal Zalewski" echo @@ -40,12 +44,15 @@ _EOF_ fi +inputdir=`get_abs_path "$1"` +outputdir=`get_abs_path "$2"` + if [ "$AFL_ALLOW_TMP" = "" ]; then - echo "$1" | grep -qE '^(/var)?/tmp/' + echo "$inputdir" | grep -qE '^(/var)?/tmp/' T1="$?" - echo "$2" | grep -qE '^(/var)?/tmp/' + echo "$outputdir" | grep -qE '^(/var)?/tmp/' T2="$?" if [ "$T1" = "0" -o "$T2" = "0" ]; then @@ -57,14 +64,14 @@ if [ "$AFL_ALLOW_TMP" = "" ]; then fi -if [ ! -f "$1/plot_data" ]; then +if [ ! -f "$inputdir/plot_data" ]; then echo "[-] Error: input directory is not valid (missing 'plot_data')." 1>&2 exit 1 fi -BANNER="`cat "$1/fuzzer_stats" | grep '^afl_banner ' | cut -d: -f2- | cut -b2-`" +BANNER="`cat "$inputdir/fuzzer_stats" | grep '^afl_banner ' | cut -d: -f2- | cut -b2-`" test "$BANNER" = "" && BANNER="(none)" @@ -77,17 +84,17 @@ if [ "$GNUPLOT" = "" ]; then fi -mkdir "$2" 2>/dev/null +mkdir "$outputdir" 2>/dev/null -if [ ! -d "$2" ]; then +if [ ! -d "$outputdir" ]; then echo "[-] Error: unable to create the output directory - pick another location." 1>&2 exit 1 fi -rm -f "$2/high_freq.png" "$2/low_freq.png" "$2/exec_speed.png" -mv -f "$2/index.html" "$2/index.html.orig" 2>/dev/null +rm -f "$outputdir/high_freq.png" "$outputdir/low_freq.png" "$outputdir/exec_speed.png" +mv -f "$outputdir/index.html" "$outputdir/index.html.orig" 2>/dev/null echo "[*] Generating plots..." @@ -96,7 +103,7 @@ echo "[*] Generating plots..." cat <<_EOF_ set terminal png truecolor enhanced size 1000,300 butt -set output '$2/high_freq.png' +set output '$outputdir/high_freq.png' set xdata time set timefmt '%s' @@ -114,31 +121,31 @@ set key outside set autoscale xfixmin set autoscale xfixmax -plot '$1/plot_data' using 1:4 with filledcurve x1 title 'total paths' linecolor rgb '#000000' fillstyle transparent solid 0.2 noborder, \\ +plot '$inputdir/plot_data' using 1:4 with filledcurve x1 title 'total paths' linecolor rgb '#000000' fillstyle transparent solid 0.2 noborder, \\ '' using 1:3 with filledcurve x1 title 'current path' linecolor rgb '#f0f0f0' fillstyle transparent solid 0.5 noborder, \\ '' using 1:5 with lines title 'pending paths' linecolor rgb '#0090ff' linewidth 3, \\ '' using 1:6 with lines title 'pending favs' linecolor rgb '#c00080' linewidth 3, \\ '' using 1:2 with lines title 'cycles done' linecolor rgb '#c000f0' linewidth 3 set terminal png truecolor enhanced size 1000,200 butt -set output '$2/low_freq.png' +set output '$outputdir/low_freq.png' -plot '$1/plot_data' using 1:8 with filledcurve x1 title '' linecolor rgb '#c00080' fillstyle transparent solid 0.2 noborder, \\ +plot '$inputdir/plot_data' using 1:8 with filledcurve x1 title '' linecolor rgb '#c00080' fillstyle transparent solid 0.2 noborder, \\ '' using 1:8 with lines title ' uniq crashes' linecolor rgb '#c00080' linewidth 3, \\ '' using 1:9 with lines title 'uniq hangs' linecolor rgb '#c000f0' linewidth 3, \\ '' using 1:10 with lines title 'levels' linecolor rgb '#0090ff' linewidth 3 set terminal png truecolor enhanced size 1000,200 butt -set output '$2/exec_speed.png' +set output '$outputdir/exec_speed.png' -plot '$1/plot_data' using 1:11 with filledcurve x1 title '' linecolor rgb '#0090ff' fillstyle transparent solid 0.2 noborder, \\ - '$1/plot_data' using 1:11 with lines title ' execs/sec' linecolor rgb '#0090ff' linewidth 3 smooth bezier; +plot '$inputdir/plot_data' using 1:11 with filledcurve x1 title '' linecolor rgb '#0090ff' fillstyle transparent solid 0.2 noborder, \\ + '$inputdir/plot_data' using 1:11 with lines title ' execs/sec' linecolor rgb '#0090ff' linewidth 3 smooth bezier; _EOF_ ) | gnuplot -if [ ! -s "$2/exec_speed.png" ]; then +if [ ! -s "$outputdir/exec_speed.png" ]; then echo "[-] Error: something went wrong! Perhaps you have an ancient version of gnuplot?" 1>&2 exit 1 @@ -147,10 +154,10 @@ fi echo "[*] Generating index.html..." -cat >"$2/index.html" <<_EOF_ +cat >"$outputdir/index.html" <<_EOF_ - +
Banner:$BANNER
Directory:$1
Directory:$inputdir
Generated on:`date`

@@ -164,8 +171,8 @@ _EOF_ # served by Apache or other HTTP daemon. Since the plots aren't horribly # sensitive, this seems like a reasonable trade-off. -chmod 755 "$2" -chmod 644 "$2/high_freq.png" "$2/low_freq.png" "$2/exec_speed.png" "$2/index.html" +chmod 755 "$outputdir" +chmod 644 "$outputdir/high_freq.png" "$outputdir/low_freq.png" "$outputdir/exec_speed.png" "$outputdir/index.html" echo "[+] All done - enjoy your charts!" -- cgit 1.4.1 From a49b5ef072011cc840c37653d6f6469dc3671968 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Mon, 22 Jun 2020 07:16:24 +0200 Subject: allow /tmp --- afl-cmin.bash | 47 +++++++++++++++++++++++------------------------ afl-plot | 35 ++++++++++++++++------------------- docs/Changelog.md | 1 + src/afl-fuzz-init.c | 15 +++++++++------ src/afl-fuzz-run.c | 2 +- 5 files changed, 50 insertions(+), 50 deletions(-) (limited to 'afl-plot') diff --git a/afl-cmin.bash b/afl-cmin.bash index 1f23f6bc..bdef1edc 100755 --- a/afl-cmin.bash +++ b/afl-cmin.bash @@ -134,7 +134,6 @@ Environment variables used: AFL_KEEP_TRACES: leave the temporary \.traces directory AFL_PATH: path for the afl-showmap binary AFL_SKIP_BIN_CHECK: skip check for target binary -AFL_ALLOW_TMP: allow unsafe use of input/output directories under {/var}/tmp _EOF_ exit 1 fi @@ -142,29 +141,29 @@ fi # Do a sanity check to discourage the use of /tmp, since we can't really # handle this safely from a shell script. -if [ "$AFL_ALLOW_TMP" = "" ]; then - - echo "$IN_DIR" | grep -qE '^(/var)?/tmp/' - T1="$?" - - echo "$TARGET_BIN" | grep -qE '^(/var)?/tmp/' - T2="$?" - - echo "$OUT_DIR" | grep -qE '^(/var)?/tmp/' - T3="$?" - - echo "$STDIN_FILE" | grep -qE '^(/var)?/tmp/' - T4="$?" - - echo "$PWD" | grep -qE '^(/var)?/tmp/' - T5="$?" - - if [ "$T1" = "0" -o "$T2" = "0" -o "$T3" = "0" -o "$T4" = "0" -o "$T5" = "0" ]; then - echo "[-] Error: do not use this script in /tmp or /var/tmp." 1>&2 - exit 1 - fi - -fi +#if [ "$AFL_ALLOW_TMP" = "" ]; then +# +# echo "$IN_DIR" | grep -qE '^(/var)?/tmp/' +# T1="$?" +# +# echo "$TARGET_BIN" | grep -qE '^(/var)?/tmp/' +# T2="$?" +# +# echo "$OUT_DIR" | grep -qE '^(/var)?/tmp/' +# T3="$?" +# +# echo "$STDIN_FILE" | grep -qE '^(/var)?/tmp/' +# T4="$?" +# +# echo "$PWD" | grep -qE '^(/var)?/tmp/' +# T5="$?" +# +# if [ "$T1" = "0" -o "$T2" = "0" -o "$T3" = "0" -o "$T4" = "0" -o "$T5" = "0" ]; then +# echo "[-] Error: do not use this script in /tmp or /var/tmp." 1>&2 +# exit 1 +# fi +# +#fi # If @@ is specified, but there's no -f, let's come up with a temporary input # file name. diff --git a/afl-plot b/afl-plot index 55745e93..de344eaa 100755 --- a/afl-plot +++ b/afl-plot @@ -35,9 +35,6 @@ an empty directory where this tool can write the resulting plots to. The program will put index.html and three PNG images in the output directory; you should be able to view it with any web browser of your choice. - -Environment variables used: -AFL_ALLOW_TMP: allow /var/tmp or /tmp for input and output directories _EOF_ exit 1 @@ -47,22 +44,22 @@ fi inputdir=`get_abs_path "$1"` outputdir=`get_abs_path "$2"` -if [ "$AFL_ALLOW_TMP" = "" ]; then - - echo "$inputdir" | grep -qE '^(/var)?/tmp/' - T1="$?" - - echo "$outputdir" | grep -qE '^(/var)?/tmp/' - T2="$?" - - if [ "$T1" = "0" -o "$T2" = "0" ]; then - - echo "[-] Error: this script shouldn't be used with shared /tmp directories." 1>&2 - exit 1 - - fi - -fi +#if [ "$AFL_ALLOW_TMP" = "" ]; then +# +# echo "$inputdir" | grep -qE '^(/var)?/tmp/' +# T1="$?" +# +# echo "$outputdir" | grep -qE '^(/var)?/tmp/' +# T2="$?" +# +# if [ "$T1" = "0" -o "$T2" = "0" ]; then +# +# echo "[-] Error: this script shouldn't be used with shared /tmp directories." 1>&2 +# exit 1 +# +# fi +# +#fi if [ ! -f "$inputdir/plot_data" ]; then diff --git a/docs/Changelog.md b/docs/Changelog.md index efc18ab5..bc91f2ee 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -44,6 +44,7 @@ sending a mail to . - Unicornafl - Added powerPC support from unicorn/next - rust bindings! + - Allow running in /tmp (only unsafe with umask 0) - persistent mode shared memory testcase handover (instead of via files/stdin) - 10-100% performance increase - General support for 64 bit PowerPC, RiscV, Sparc etc. diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index ee96c73c..a2e849dc 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -2128,14 +2128,17 @@ void check_binary(afl_state_t *afl, u8 *fname) { /* Check for blatant user errors. */ - if ((!strncmp(afl->fsrv.target_path, "/tmp/", 5) && - !strchr(afl->fsrv.target_path + 5, '/')) || - (!strncmp(afl->fsrv.target_path, "/var/tmp/", 9) && - !strchr(afl->fsrv.target_path + 9, '/'))) { + /* disabled. not a real-worl scenario where this is a problem. + if ((!strncmp(afl->fsrv.target_path, "/tmp/", 5) && + !strchr(afl->fsrv.target_path + 5, '/')) || + (!strncmp(afl->fsrv.target_path, "/var/tmp/", 9) && + !strchr(afl->fsrv.target_path + 9, '/'))) { - FATAL("Please don't keep binaries in /tmp or /var/tmp"); + FATAL("Please don't keep binaries in /tmp or /var/tmp"); - } + } + + */ fd = open(afl->fsrv.target_path, O_RDONLY); diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index a355ae0f..eb562c60 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -533,7 +533,7 @@ void sync_fuzzers(afl_state_t *afl) { s32 fd; struct stat st; - snprintf(path, sizeof (path), "%s/%s", qd_path, namelist[o]->d_name); + snprintf(path, sizeof(path), "%s/%s", qd_path, namelist[o]->d_name); afl->syncing_case = next_min_accept; next_min_accept++; o--; -- cgit 1.4.1 From da7c5484529edbd2decf1fc4cb910a1420bd7a02 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Fri, 26 Jun 2020 09:53:54 +0200 Subject: afl-plot remove error print --- afl-plot | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'afl-plot') diff --git a/afl-plot b/afl-plot index de344eaa..1074552a 100755 --- a/afl-plot +++ b/afl-plot @@ -68,7 +68,7 @@ if [ ! -f "$inputdir/plot_data" ]; then fi -BANNER="`cat "$inputdir/fuzzer_stats" | grep '^afl_banner ' | cut -d: -f2- | cut -b2-`" +BANNER="`cat "$inputdir/fuzzer_stats" 2> /dev/null | grep '^afl_banner ' | cut -d: -f2- | cut -b2-`" test "$BANNER" = "" && BANNER="(none)" -- cgit 1.4.1