diff options
Diffstat (limited to 'nixpkgs/pkgs/tools/security/aflplusplus')
5 files changed, 311 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/tools/security/aflplusplus/default.nix b/nixpkgs/pkgs/tools/security/aflplusplus/default.nix new file mode 100644 index 00000000000..f99be6d7575 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/aflplusplus/default.nix @@ -0,0 +1,146 @@ +{ stdenv, stdenvNoCC, fetchFromGitHub, callPackage, makeWrapper +, clang_9, llvm_9, gcc, which, libcgroup, python, perl, gmp +, file, cmocka, wine ? null, fetchpatch +}: + +# wine fuzzing is only known to work for win32 binaries, and using a mixture of +# 32 and 64-bit libraries ... complicates things, so it's recommended to build +# a full 32bit version of this package if you want to do wine fuzzing +assert (wine != null) -> (stdenv.targetPlatform.system == "i686-linux"); + +let + aflplusplus-qemu = callPackage ./qemu.nix { inherit aflplusplus; }; + qemu-exe-name = if stdenv.targetPlatform.system == "x86_64-linux" then "qemu-x86_64" + else if stdenv.targetPlatform.system == "i686-linux" then "qemu-i386" + else throw "aflplusplus: no support for ${stdenv.targetPlatform.system}!"; + libdislocator = callPackage ./libdislocator.nix { inherit aflplusplus; }; + libtokencap = callPackage ./libtokencap.nix { inherit aflplusplus; }; + aflplusplus = stdenvNoCC.mkDerivation rec { + pname = "aflplusplus"; + version = "2.64c"; + + src = fetchFromGitHub { + owner = "AFLplusplus"; + repo = "AFLplusplus"; + rev = version; + sha256 = "0n618pk6nlmkcbv1qm05fny4mnhcprrw0ppmra1phvk1y22iildj"; + }; + enableParallelBuilding = true; + + # build of unsigaction32 broken in 2.64c: + # https://github.com/AFLplusplus/AFLplusplus/commit/079fdbf9bc5be1adba19e4bd08be965bd4dd79dc#commitcomment-38428357 + # The applied patch fixes it. + patches = [ + (fetchpatch { + url = "https://github.com/AFLplusplus/AFLplusplus/commit/5b9928f1a9d4b017ea04365ca8b522fde71236eb.patch"; + sha256 = "1m4w9w4jaxb2mjkwvr6r4qa2j5cdzzpchjphpwd95861h0zvb6hh"; + }) + ]; + + # Note: libcgroup isn't needed for building, just for the afl-cgroup + # script. + nativeBuildInputs = [ makeWrapper which clang_9 gcc ]; + buildInputs = [ llvm_9 python gmp ] + ++ stdenv.lib.optional (wine != null) python.pkgs.wrapPython; + + + postPatch = '' + # Replace the CLANG_BIN variables with the correct path + substituteInPlace llvm_mode/afl-clang-fast.c \ + --replace "CLANGPP_BIN" '"${clang_9}/bin/clang++"' \ + --replace "CLANG_BIN" '"${clang_9}/bin/clang"' \ + --replace 'getenv("AFL_PATH")' "(getenv(\"AFL_PATH\") ? getenv(\"AFL_PATH\") : \"$out/lib/afl\")" + + # Replace "gcc" and friends with full paths in afl-gcc + # Prevents afl-gcc picking up any (possibly incorrect) gcc from the path + substituteInPlace src/afl-gcc.c \ + --replace '"gcc"' '"${gcc}/bin/gcc"' \ + --replace '"g++"' '"${gcc}/bin/g++"' \ + --replace '"gcj"' '"gcj-UNSUPPORTED"' \ + --replace '"clang"' '"clang-UNSUPPORTED"' \ + --replace '"clang++"' '"clang++-UNSUPPORTED"' + ''; + + makeFlags = [ "PREFIX=$(out)" ]; + buildPhase = '' + common="$makeFlags -j$NIX_BUILD_CORES" + make all $common + make radamsa $common + make -C gcc_plugin CC=${gcc}/bin/gcc CXX=${gcc}/bin/g++ $common + make -C llvm_mode $common + make -C qemu_mode/libcompcov $common + make -C qemu_mode/unsigaction $common + ''; + + postInstall = '' + # remove afl-clang(++) which are just symlinks to afl-clang-fast + rm $out/bin/afl-clang $out/bin/afl-clang++ + + # the makefile neglects to install unsigaction + cp qemu_mode/unsigaction/unsigaction*.so $out/lib/afl/ + + # Install the custom QEMU emulator for binary blob fuzzing. + cp ${aflplusplus-qemu}/bin/${qemu-exe-name} $out/bin/afl-qemu-trace + + # give user a convenient way of accessing libcompconv.so, libdislocator.so, libtokencap.so + cat > $out/bin/get-afl-qemu-libcompcov-so <<END + #!${stdenv.shell} + echo $out/lib/afl/libcompcov.so + END + chmod +x $out/bin/get-afl-qemu-libcompcov-so + cp ${libdislocator}/bin/get-libdislocator-so $out/bin/ + cp ${libtokencap}/bin/get-libtokencap-so $out/bin/ + + # Install the cgroups wrapper for asan-based fuzzing. + cp examples/asan_cgroups/limit_memory.sh $out/bin/afl-cgroup + chmod +x $out/bin/afl-cgroup + substituteInPlace $out/bin/afl-cgroup \ + --replace "cgcreate" "${libcgroup}/bin/cgcreate" \ + --replace "cgexec" "${libcgroup}/bin/cgexec" \ + --replace "cgdelete" "${libcgroup}/bin/cgdelete" + + patchShebangs $out/bin + + '' + stdenv.lib.optionalString (wine != null) '' + substitute afl-wine-trace $out/bin/afl-wine-trace \ + --replace "qemu_mode/unsigaction" "$out/lib/afl" + chmod +x $out/bin/afl-wine-trace + + # qemu needs to be fed ELFs, not wrapper scripts, so we have to cheat a bit if we + # detect a wrapped wine + for winePath in ${wine}/bin/.wine ${wine}/bin/wine; do + if [ -x $winePath ]; then break; fi + done + makeWrapperArgs="--set-default 'AFL_WINE_PATH' '$winePath'" \ + wrapPythonProgramsIn $out/bin ${python.pkgs.pefile} + ''; + + installCheckInputs = [ perl file cmocka ]; + doInstallCheck = true; + installCheckPhase = '' + # replace references to tools in build directory with references to installed locations + substituteInPlace test/test.sh \ + --replace '../libcompcov.so' '`$out/bin/get-afl-qemu-libcompcov-so`' \ + --replace '../libdislocator.so' '`$out/bin/get-libdislocator-so`' \ + --replace '../libtokencap.so' '`$out/bin/get-libtokencap-so`' + perl -pi -e 's|(?<!\.)(\.\./)([^\s\/]+?)(?<!\.c)(?<!\.s?o)(?=\s)|\$out/bin/\2|g' test/test.sh + cd test && ./test.sh + ''; + + passthru = { + inherit libdislocator libtokencap; + qemu = aflplusplus-qemu; + }; + + meta = { + description = '' + AFL++ is a heavily enhanced version of AFL, incorporating many features and + improvements from the community. + ''; + homepage = "https://aflplus.plus"; + license = stdenv.lib.licenses.asl20; + platforms = ["x86_64-linux" "i686-linux"]; + maintainers = with stdenv.lib.maintainers; [ ris mindavi ]; + }; + }; +in aflplusplus diff --git a/nixpkgs/pkgs/tools/security/aflplusplus/libdislocator.nix b/nixpkgs/pkgs/tools/security/aflplusplus/libdislocator.nix new file mode 100644 index 00000000000..6f947a7280a --- /dev/null +++ b/nixpkgs/pkgs/tools/security/aflplusplus/libdislocator.nix @@ -0,0 +1,37 @@ +{ stdenv, aflplusplus}: + +stdenv.mkDerivation { + version = stdenv.lib.getVersion aflplusplus; + pname = "libdislocator"; + + src = aflplusplus.src; + postUnpack = "chmod -R +w ${aflplusplus.src.name}"; + sourceRoot = "${aflplusplus.src.name}/libdislocator"; + + makeFlags = [ "PREFIX=$(out)" ]; + + preInstall = '' + mkdir -p $out/lib/afl + # issue is fixed upstream: https://github.com/AFLplusplus/AFLplusplus/commit/2a60ceb6944a7ca273057ddf64dcf837bf7f9521 + sed -i 's/README\.dislocator\.md/README\.md/g' Makefile + ''; + postInstall = '' + mkdir $out/bin + cat > $out/bin/get-libdislocator-so <<END + #!${stdenv.shell} + echo $out/lib/afl/libdislocator.so + END + chmod +x $out/bin/get-libdislocator-so + ''; + + meta = with stdenv.lib; { + homepage = "https://github.com/vanhauser-thc/AFLplusplus"; + description = '' + Drop-in replacement for the libc allocator which improves + the odds of bumping into heap-related security bugs in + several ways. + ''; + license = stdenv.lib.licenses.asl20; + maintainers = with maintainers; [ ris ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/aflplusplus/libtokencap.nix b/nixpkgs/pkgs/tools/security/aflplusplus/libtokencap.nix new file mode 100644 index 00000000000..9421ee0d1e2 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/aflplusplus/libtokencap.nix @@ -0,0 +1,32 @@ +{ stdenv, aflplusplus}: + +stdenv.mkDerivation { + version = stdenv.lib.getVersion aflplusplus; + pname = "libtokencap"; + + src = aflplusplus.src; + postUnpack = "chmod -R +w ${aflplusplus.src.name}"; + sourceRoot = "${aflplusplus.src.name}/libtokencap"; + + makeFlags = [ "PREFIX=$(out)" ]; + + preInstall = '' + mkdir -p $out/lib/afl + mkdir -p $out/share/doc/afl + ''; + postInstall = '' + mkdir $out/bin + cat > $out/bin/get-libtokencap-so <<END + #!${stdenv.shell} + echo $out/lib/afl/libtokencap.so + END + chmod +x $out/bin/get-libtokencap-so + ''; + + meta = with stdenv.lib; { + homepage = "https://github.com/vanhauser-thc/AFLplusplus"; + description = "strcmp & memcmp token capture library"; + license = stdenv.lib.licenses.asl20; + maintainers = with maintainers; [ ris ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/aflplusplus/qemu-no-etc-install.patch b/nixpkgs/pkgs/tools/security/aflplusplus/qemu-no-etc-install.patch new file mode 100644 index 00000000000..5dfbfd780f1 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/aflplusplus/qemu-no-etc-install.patch @@ -0,0 +1,13 @@ +diff --git a/Makefile b/Makefile +index d6b9dc1..ce7c493 100644 +--- a/Makefile ++++ b/Makefile +@@ -601,7 +601,7 @@ install-localstatedir: + endif + + +-install: all $(if $(BUILD_DOCS),install-doc) install-datadir install-localstatedir ++install: all $(if $(BUILD_DOCS),install-doc) install-datadir + ifneq ($(TOOLS),) + $(call install-prog,$(subst qemu-ga,qemu-ga$(EXESUF),$(TOOLS)),$(DESTDIR)$(bindir)) + endif diff --git a/nixpkgs/pkgs/tools/security/aflplusplus/qemu.nix b/nixpkgs/pkgs/tools/security/aflplusplus/qemu.nix new file mode 100644 index 00000000000..c51c839afe8 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/aflplusplus/qemu.nix @@ -0,0 +1,83 @@ +{ stdenv, fetchurl, aflplusplus, python2, zlib, pkgconfig, glib, perl +, texinfo, libuuid, flex, bison, pixman, autoconf +}: + +with stdenv.lib; + +let + qemuName = "qemu-3.1.0"; + cpuTarget = if stdenv.targetPlatform.system == "x86_64-linux" then "x86_64-linux-user" + else if stdenv.targetPlatform.system == "i686-linux" then "i386-linux-user" + else throw "aflplusplus: no support for ${stdenv.targetPlatform.system}!"; +in +stdenv.mkDerivation { + name = "aflplusplus-${qemuName}"; + + srcs = [ + (fetchurl { + url = "http://wiki.qemu.org/download/${qemuName}.tar.bz2"; + sha256 = "08frr1fdjx8qcfh3fafn10kibdwbvkqqvfl7hpqbm7i9dg4f1zlq"; + }) + aflplusplus.src + ]; + + sourceRoot = qemuName; + + postUnpack = '' + chmod -R +w ${aflplusplus.src.name} + for f in ${aflplusplus.src.name}/qemu_mode/patches/* ; do + sed -E -i 's|(\.\./)+patches/([a-z-]+\.h)|\2|g' $f + sed -E -i 's|\.\./\.\./config\.h|afl-config.h|g' $f + sed -E -i 's|\.\./\.\./include/cmplog\.h|afl-cmplog.h|g' $f + done + cp ${aflplusplus.src.name}/qemu_mode/patches/*.h $sourceRoot/ + cp ${aflplusplus.src.name}/types.h $sourceRoot/afl-types.h + substitute ${aflplusplus.src.name}/config.h $sourceRoot/afl-config.h \ + --replace "types.h" "afl-types.h" + substitute ${aflplusplus.src.name}/include/cmplog.h $sourceRoot/afl-cmplog.h \ + --replace "config.h" "afl-config.h" \ + --replace "forkserver.h" "afl-forkserver.h" + substitute ${aflplusplus.src.name}/include/forkserver.h $sourceRoot/afl-forkserver.h \ + --replace "types.h" "afl-types.h" + + cat ${aflplusplus.src.name}/qemu_mode/patches/*.diff > all.patch + ''; + + nativeBuildInputs = [ + python2 perl pkgconfig flex bison autoconf texinfo + ]; + + buildInputs = [ + zlib glib pixman libuuid + ]; + + enableParallelBuilding = true; + + patches = [ + # patches extracted from aflplusplus source + "../all.patch" + # nix-specific patches to make installation more well-behaved + ./qemu-no-etc-install.patch + ]; + + configureFlags = + [ "--disable-system" + "--enable-linux-user" + "--disable-gtk" + "--disable-sdl" + "--disable-vnc" + "--disable-kvm" + "--target-list=${cpuTarget}" + "--enable-pie" + "--sysconfdir=/etc" + "--localstatedir=/var" + ]; + + meta = with stdenv.lib; { + homepage = "https://www.qemu.org/"; + description = "Fork of QEMU with AFL++ instrumentation support"; + license = licenses.gpl2Plus; + maintainers = with maintainers; [ ris ]; + platforms = platforms.linux; + }; +} |