1 files changed, 22 insertions, 5 deletions

diff --git a/pkgs/tools/security/afl/default.nix b/pkgs/tools/security/afl/default.nix
index 93c5988b55d..ef9fa1f8022 100644
--- a/pkgs/tools/security/afl/default.nix
+++ b/pkgs/tools/security/afl/default.nix
@@ -1,4 +1,5 @@
-{ stdenv, fetchurl, bash, callPackage, makeWrapper }:
+{ stdenv, fetchurl, bash, callPackage, makeWrapper
+, clang, llvm, which, libcgroup }:
 
 let
   afl-qemu = callPackage ./qemu.nix {};
@@ -8,16 +9,21 @@ let
 in
 stdenv.mkDerivation rec {
   name    = "afl-${version}";
-  version = "1.58b";
+  version = "1.63b";
 
   src = fetchurl {
     url    = "http://lcamtuf.coredump.cx/afl/releases/${name}.tgz";
-    sha256 = "1szggm4x9i9bsrcb99s5vbgncagp7jvhz8cg9amkx7p6mp2x4pld";
+    sha256 = "1v3py0g52j687qacwhri8jbz2h0ggh3zqknp011z5ijf820vc09g";
   };
 
-  buildInputs  = [ makeWrapper ];
+  # Note: libcgroup isn't needed for building, just for the afl-cgroup
+  # script.
+  buildInputs  = [ makeWrapper clang llvm which ];
 
-  buildPhase   = "make PREFIX=$out";
+  buildPhase   = ''
+    make PREFIX=$out
+    cd llvm_mode && make && cd ..
+  '';
   installPhase = ''
     # Do the normal installation
     make install PREFIX=$out
@@ -25,6 +31,17 @@ stdenv.mkDerivation rec {
     # Install the custom QEMU emulator for binary blob fuzzing.
     cp ${afl-qemu}/bin/${qemu-exe-name} $out/bin/afl-qemu-trace
 
+    # Install the cgroups wrapper for asan-based fuzzing.
+    cp experimental/asan_cgroups/limit_memory.sh $out/bin/afl-cgroup
+    chmod +x $out/bin/afl-cgroup
+    substituteInPlace $out/bin/afl-cgroup \
+      --replace "cgcreate" "${libcgroup}/bin/cgcreate" \
+      --replace "cgexec"   "${libcgroup}/bin/cgexec" \
+      --replace "cgdelete" "${libcgroup}/bin/cgdelete"
+
+    # Patch shebangs before wrapping
+    patchShebangs $out/bin
+
     # Wrap every program with a custom $AFL_PATH; I believe there is a
     # bug in afl which causes it to fail to find `afl-qemu-trace`
     # relative to `afl-fuzz` or `afl-showmap`, so we instead set