Skip to content

Commit 3e52a6d

Browse files
schumiloschumilo
committed
fix nyx mode in afl-showmap (read stdin input into a buffer before passing to Nyx)
1 parent 20d2bb3 commit 3e52a6d

File tree

1 file changed

+57
-2
lines changed

1 file changed

+57
-2
lines changed

src/afl-showmap.c

Lines changed: 57 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -63,6 +63,10 @@
6363
#include <sys/stat.h>
6464
#include <sys/types.h>
6565
#include <sys/resource.h>
66+
#ifdef __linux__
67+
#include <poll.h>
68+
#include <unistd.h>
69+
#endif
6670

6771
static afl_state_t *afl;
6872

@@ -537,10 +541,58 @@ static u32 read_file(u8 *in_file) {
537541
}
538542

539543
#ifdef __linux__
540-
/* Execute the target application with an empty input (in Nyx mode). */
544+
#define NYX_STDIN_TMP_BUFFER_SIZE 256
545+
546+
size_t read_stdin_input(u8** out) {
547+
size_t len = 0;
548+
u8* input = NULL;
549+
550+
if (!isatty(STDIN_FILENO)) { /* only process input when passed via pipe */
551+
552+
struct pollfd pfd = { .fd = STDIN_FILENO, .events = POLLIN };
553+
int ready = poll(&pfd, 1, 0);
554+
555+
if (ready == -1) {
556+
FATAL("%s: poll failed\n", __func__);
557+
}
558+
else if (pfd.revents & POLLIN) { // check if there is any data on stdin
559+
560+
u8 tmp[NYX_STDIN_TMP_BUFFER_SIZE];
561+
size_t capacity = NYX_STDIN_TMP_BUFFER_SIZE;
562+
size_t bytes_read;
563+
input = malloc(capacity);
564+
565+
/* copy input from stdin into a buffer to pass it to Nyx */
566+
while ((bytes_read = read(STDIN_FILENO, tmp, NYX_STDIN_TMP_BUFFER_SIZE)) > 0) {
567+
/* resize buffer if needed */
568+
if (len + bytes_read > capacity) {
569+
while (len + bytes_read > capacity)
570+
capacity *= 2;
571+
572+
u8* new_input = realloc(input, capacity);
573+
if (!new_input) {
574+
free(input);
575+
FATAL("%s: realloc failed\n", __func__);
576+
}
577+
input = new_input;
578+
}
579+
580+
memcpy(input + len, tmp, bytes_read);
581+
len += bytes_read;
582+
}
583+
*out = input;
584+
}
585+
}
586+
return len;
587+
}
588+
589+
/* Execute the target application in Nyx mode with piped input from stdin (passed as a buffer). */
541590
static void showmap_run_target_nyx_mode(afl_forkserver_t *fsrv) {
542591

543-
afl_fsrv_write_to_testcase(fsrv, NULL, 0);
592+
u8* input = NULL;
593+
size_t len = read_stdin_input(&input);
594+
595+
afl_fsrv_write_to_testcase(fsrv, input, len);
544596

545597
if (afl_fsrv_run_target(fsrv, fsrv->exec_tmout, &stop_soon) ==
546598
FSRV_RUN_ERROR) {
@@ -549,6 +601,9 @@ static void showmap_run_target_nyx_mode(afl_forkserver_t *fsrv) {
549601

550602
}
551603

604+
if (input != NULL) {
605+
free(input);
606+
}
552607
}
553608

554609
#endif

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy