Cmplog should search for unprefixed target in PATH, not PWD #1643
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
This fixes a bug in cmplog, where, if afl-fuzz is called with an unprefixed-path target (eg
-- targetappinstead of-- /path/to/targetapp), while afl-fuzz itself will correctly look fortargetinPATH, cmplog instead looks for it inPWD.If the target does not happen to be in PWD, then it will fail with the confusing error message:
This bug is present in standard instrumented mode and Frida mode, but not QEMU mode.
Inasmuch as it violates the general principle and expectation that unprefixed executables should be executed by PATH rather than PWD, this bug being fixed also constitutes a security vulnerability, which could theoretically be exploited by placing a malicious executable of the same name into the user's working directory.