From 01ad7610beaf772063c9011daae5fa3a3232494c Mon Sep 17 00:00:00 2001
From: realmadsci <71108352+realmadsci@users.noreply.github.com>
Date: Mon, 15 Mar 2021 11:45:58 -0400
Subject: Remove AFL_PRELOAD and AFL_USE_QASAN handlers

These are now processed in afl-qemu-trace so that the "copy+paste" code
that is in all of the other AFL tools can be removed.

This also allows the AFL_USE_QASAN flag to work the same when used
with tools like afl-fuzz as it does with afl-qemu-trace. This is
important in situations where loading the QASAN library changes
the address of your desired entrypoint, or for crash validation
using the same environment that afl-fuzz was using.

With this change, the same set of environment variables can be used
in exactly the same way between afl-fuzz, afl-showmap, and
afl-qemu-trace, and you will get exactly the same guest environment.
---
 utils/afl_network_proxy/afl-network-server.c | 33 +---------------------------
 1 file changed, 1 insertion(+), 32 deletions(-)

(limited to 'utils')

diff --git a/utils/afl_network_proxy/afl-network-server.c b/utils/afl_network_proxy/afl-network-server.c
index fe225416..0dfae658 100644
--- a/utils/afl_network_proxy/afl-network-server.c
+++ b/utils/afl_network_proxy/afl-network-server.c
@@ -237,38 +237,7 @@ static void set_up_environment(afl_forkserver_t *fsrv) {
 
     if (fsrv->qemu_mode) {
 
-      u8 *qemu_preload = getenv("QEMU_SET_ENV");
-      u8 *afl_preload = getenv("AFL_PRELOAD");
-      u8 *buf;
-
-      s32 i, afl_preload_size = strlen(afl_preload);
-      for (i = 0; i < afl_preload_size; ++i) {
-
-        if (afl_preload[i] == ',') {
-
-          PFATAL(
-              "Comma (',') is not allowed in AFL_PRELOAD when -Q is "
-              "specified!");
-
-        }
-
-      }
-
-      if (qemu_preload) {
-
-        buf = alloc_printf("%s,LD_PRELOAD=%s,DYLD_INSERT_LIBRARIES=%s",
-                           qemu_preload, afl_preload, afl_preload);
-
-      } else {
-
-        buf = alloc_printf("LD_PRELOAD=%s,DYLD_INSERT_LIBRARIES=%s",
-                           afl_preload, afl_preload);
-
-      }
-
-      setenv("QEMU_SET_ENV", buf, 1);
-
-      afl_free(buf);
+      /* afl-qemu-trace takes care of converting AFL_PRELOAD. */
 
     } else {
 
-- 
cgit v1.2.3


From 862cb3217f5983e5cfff6568f6b31fcf1e960802 Mon Sep 17 00:00:00 2001
From: vanhauser-thc <vh@thc.org>
Date: Tue, 16 Mar 2021 14:38:13 +0100
Subject: fix cmplog rtn

---
 utils/aflpp_driver/aflpp_driver.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'utils')

diff --git a/utils/aflpp_driver/aflpp_driver.c b/utils/aflpp_driver/aflpp_driver.c
index 9c97607c..f0f3a47d 100644
--- a/utils/aflpp_driver/aflpp_driver.c
+++ b/utils/aflpp_driver/aflpp_driver.c
@@ -208,6 +208,16 @@ int main(int argc, char **argv) {
       "======================================================\n",
       argv[0], argv[0]);
 
+  if (getenv("AFL_GDB")) {
+
+    char cmd[64];
+    snprintf(cmd, sizeof(cmd), "cat /proc/%d/maps", getpid());
+    system(cmd);
+    fprintf(stderr, "DEBUG: aflpp_driver pid is %d\n", getpid());
+    sleep(1);
+
+  }
+
   output_file = stderr;
   maybe_duplicate_stderr();
   maybe_close_fd_mask();
-- 
cgit v1.2.3


From 6840e8fd2adfd8364787665b7df2fd7b742a580c Mon Sep 17 00:00:00 2001
From: hexcoder <hexcoder-@users.noreply.github.com>
Date: Tue, 16 Mar 2021 22:58:10 +0100
Subject: fix two bugs in error message

$1 and $2 have been modified here by two previous shift commands.
---
 utils/crash_triage/triage_crashes.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'utils')

diff --git a/utils/crash_triage/triage_crashes.sh b/utils/crash_triage/triage_crashes.sh
index bf763cba..4e8f09a0 100755
--- a/utils/crash_triage/triage_crashes.sh
+++ b/utils/crash_triage/triage_crashes.sh
@@ -60,12 +60,12 @@ if
 fi
 
 if [ ! -f "$BIN" -o ! -x "$BIN" ]; then
-  echo "[-] Error: binary '$2' not found or is not executable." 1>&2
+  echo "[-] Error: binary '$BIN' not found or is not executable." 1>&2
   exit 1
 fi
 
 if [ ! -d "$DIR/queue" ]; then
-  echo "[-] Error: directory '$1' not found or not created by afl-fuzz." 1>&2
+  echo "[-] Error: directory '$DIR/queue' not found or not created by afl-fuzz." 1>&2
   exit 1
 fi
 
-- 
cgit v1.2.3


From a7797f0cb98fa372c0838053ae9e6fb7ff98b7d4 Mon Sep 17 00:00:00 2001
From: hexcoder <hexcoder-@users.noreply.github.com>
Date: Wed, 17 Mar 2021 08:04:29 +0100
Subject: fix is now closer to original statement

---
 utils/crash_triage/triage_crashes.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'utils')

diff --git a/utils/crash_triage/triage_crashes.sh b/utils/crash_triage/triage_crashes.sh
index 4e8f09a0..a752458d 100755
--- a/utils/crash_triage/triage_crashes.sh
+++ b/utils/crash_triage/triage_crashes.sh
@@ -65,7 +65,7 @@ if [ ! -f "$BIN" -o ! -x "$BIN" ]; then
 fi
 
 if [ ! -d "$DIR/queue" ]; then
-  echo "[-] Error: directory '$DIR/queue' not found or not created by afl-fuzz." 1>&2
+  echo "[-] Error: directory '$DIR' not found or not created by afl-fuzz." 1>&2
   exit 1
 fi
 
-- 
cgit v1.2.3