crashwalk icon indicating copy to clipboard operation
crashwalk copied to clipboard
verified publisher icon bnagy

AFL -f Option Parsing Bug

Open zachbthomas opened this issue 7 years ago • 1 comments

Overview

If the -f option is used in AFL to output a specific filename and extension and the -afl flag is used with cwtriage, crashwalk.go will throw a fatal error if a filename is given without a path.

Example AFL command: $ afl-fuzz -i ../afl-in -o ../afl-out -f testFile.pdf -- fuzzedProg @@ cwtriage bug: 2018/08/13 23:17:33 bad directory for tempfile: mkdir : no such file or directory

Bug Information

Lies in crashwalk.go lines 273-280: Line 273: base, _ := path.Split(job.OutFile) path.Split returns an empty string if no "/" character exists in argument, so base == "" if job.Outfile == testFile.pdf which will cause os.MkdirAll(base, 0700) to return an error.

Proposed Fix

if base == "" {
    base = "./"
}

Or some other way of accepting a filename to the -f option that includes those written to the current directory.

zachbthomas avatar Aug 14 '18 18:08 zachbthomas

Thanks for the bug! Off the top of my head, I can't see a problem with your fix, but I'm not coding this year. If you test it and shoot me a PR it should be OK to merge.

bnagy avatar Sep 03 '18 22:09 bnagy