afl should not store object files inside $CARGO_HOME !

Question

afl should not store object files inside $CARGO_HOME !

matthiaskrgr opened this issue 2 years ago · comments

Found by accident here: https://internals.rust-lang.org/t/what-will-happen-if-someone-insert-malicious-code-to-local-std-or-crates-from-crates-io-source-code/18003/22

Apparently, afl stores c objects files inside the cargo home, they are supposed to go into the projects target dir, not the $CARGO_HOME 😄

~/.cargo/registry/src/github.com-1ecc6299db9ec823/afl-0.12.10

afl-0.12.10/AFLplusplus/instrumentation/afl-common.o, afl-0.12.10/AFLplusplus/src/afl-common.o, afl-0.12.10/AFLplusplus/src/afl-sharedmem.o, afl-0.12.10/AFLplusplus/src/afl-forkserver.o, afl-0.12.10/AFLplusplus/src/afl-performance.o, afl-0.12.10/AFLplusplus/utils/aflpp_driver/aflpp_driver.o, afl-0.12.10/AFLplusplus/utils/aflpp_driver/libAFLDriver.a, afl-0.12.10/AFLplusplus/utils/aflpp_driver/aflpp_qemu_driver.o, afl-0.12.10/AFLplusplus/utils/aflpp_driver/libAFLQemuDriver.a, afl-0.12.10/AFLplusplus/afl-fuzz, afl-0.12.10/AFLplusplus/afl-showmap, afl-0.12.10/AFLplusplus/afl-tmin, afl-0.12.10/AFLplusplus/afl-gotcpu, afl-0.12.10/AFLplusplus/afl-analyze, afl-0.12.10/AFLplusplus/afl-as, afl-0.12.10/AFLplusplus/afl-cc, afl-0.12.10/AFLplusplus/afl-compiler-rt.o, afl-0.12.10/AFLplusplus/afl-compiler-rt-32.o, afl-0.12.10/AFLplusplus/afl-compiler-rt-64.o, afl-0.12.10/AFLplusplus/afl-cc.8, afl-0.12.10/AFLplusplus/afl-gcc-pass.so, afl-0.12.10/AFLplusplus/afl-gcc-cmplog-pass.so, afl-0.12.10/AFLplusplus/afl-gcc-cmptrs-pass.so, afl-0.12.10/AFLplusplus/libAFLDriver.a, afl-0.12.10/AFLplusplus/libAFLQemuDriver.a, afl-0.12.10/AFLplusplus/afl-fuzz.8, afl-0.12.10/AFLplusplus/afl-showmap.8, afl-0.12.10/AFLplusplus/afl-tmin.8, afl-0.12.10/AFLplusplus/afl-gotcpu.8, afl-0.12.10/AFLplusplus/afl-analyze.8, afl-0.12.10/AFLplusplus/afl-plot.8, afl-0.12.10/AFLplusplus/afl-cmin.8, afl-0.12.10/AFLplusplus/afl-cmin.bash.8, afl-0.12.10/AFLplusplus/afl-whatsup.8, afl-0.12.10/AFLplusplus/afl-system-config.8, afl-0.12.10/AFLplusplus/afl-persistent-config.8, afl-0.12.10/AFLplusplus/afl-as.8

can be reproduced by cargo install afl

Samuel Moelius · Answer 1 · Wed Dec 21 2022 18:08:50 GMT+0800 (China Standard Time)

Thanks for the report, @matthiaskrgr.

I think is a consequence of: AFLplusplus is a git submodule of afl.rs, and make is simply run in the submodule's directory.

When building for docs.rs, we copy the submodule directory to a temporary directory, and run make there. We could probably do something similar when we're in $CARGO_HOME.

I'll look into this more within the next few days.

Samuel Moelius · Answer 2 · Thu Feb 09 2023 09:59:33 GMT+0800 (China Standard Time)

@matthiaskrgr I think this should be fixed, but perhaps you could confirm?

Matthias Krüger · Answer 3 · Sat Feb 11 2023 02:08:24 GMT+0800 (China Standard Time)

Looks good, checked afl-0.12.14. Thanks!

Samuel Moelius · Answer 4 · Sat Feb 11 2023 02:40:01 GMT+0800 (China Standard Time)

Thank you!