blob: 1d6307f807c5272a8f8526b36f2af47b10f8e88b (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
|
{ stdenv, fetchurl, bash, callPackage, makeWrapper
, clang, llvm, which, libcgroup }:
let
afl-qemu = callPackage ./qemu.nix {};
qemu-exe-name = if stdenv.system == "x86_64-linux" then "qemu-x86_64"
else if stdenv.system == "i686-linux" then "qemu-i386"
else throw "afl: no support for ${stdenv.system}!";
in
stdenv.mkDerivation rec {
name = "afl-${version}";
version = "2.43b";
src = fetchurl {
url = "http://lcamtuf.coredump.cx/afl/releases/${name}.tgz";
sha256 = "1jv2y9b53k3p8hngm78ikakhcf4vv3yyz6ip17jhg5gsis29gdwx";
};
# Note: libcgroup isn't needed for building, just for the afl-cgroup
# script.
buildInputs = [ makeWrapper clang llvm which ];
buildPhase = ''
make PREFIX=$out
cd llvm_mode
make PREFIX=$out CC=${clang}/bin/clang CXX=${clang}/bin/clang++
cd ..
'';
installPhase = ''
# Do the normal installation
make install PREFIX=$out
# Install the custom QEMU emulator for binary blob fuzzing.
cp ${afl-qemu}/bin/${qemu-exe-name} $out/bin/afl-qemu-trace
# Install the cgroups wrapper for asan-based fuzzing.
cp experimental/asan_cgroups/limit_memory.sh $out/bin/afl-cgroup
chmod +x $out/bin/afl-cgroup
substituteInPlace $out/bin/afl-cgroup \
--replace "cgcreate" "${libcgroup}/bin/cgcreate" \
--replace "cgexec" "${libcgroup}/bin/cgexec" \
--replace "cgdelete" "${libcgroup}/bin/cgdelete"
# Patch shebangs before wrapping
patchShebangs $out/bin
# Wrap afl-clang-fast(++) with a *different* AFL_PATH, because it
# has totally different semantics in that case(?) - and also set a
# proper AFL_CC and AFL_CXX so we don't pick up the wrong one out
# of $PATH.
for x in $out/bin/afl-clang-fast $out/bin/afl-clang-fast++; do
wrapProgram $x \
--prefix AFL_PATH : "$out/lib/afl" \
--prefix AFL_CC : "${clang}/bin/clang" \
--prefix AFL_CXX : "${clang}/bin/clang++"
done
'';
meta = {
description = "Powerful fuzzer via genetic algorithms and instrumentation";
longDescription = ''
American fuzzy lop is a fuzzer that employs a novel type of
compile-time instrumentation and genetic algorithms to
automatically discover clean, interesting test cases that
trigger new internal states in the targeted binary. This
substantially improves the functional coverage for the fuzzed
code. The compact synthesized corpora produced by the tool are
also useful for seeding other, more labor or resource-intensive
testing regimes down the road.
'';
homepage = "http://lcamtuf.coredump.cx/afl/";
license = stdenv.lib.licenses.asl20;
platforms = stdenv.lib.platforms.linux;
maintainers = [ stdenv.lib.maintainers.thoughtpolice ];
};
}
|