void FZ_(syscall_open)(ThreadId tid, UWord *args, UInt nArgs, SysRes res) { if(fengSysFlag){VG_(printf)("feng:entered syscall_open\n");} printArgs(args,nArgs,"open"); Char fdpath[MAX_PATH]={0}; Int fd = sr_Res(res); // Nothing to do if no file tainting // But, if stdin tainting, always taint fd 0... if (!FZ_(clo_taint_file)/* && (fd != 0 || !FL_(clo_taint_stdin))*/) { return; } //populate_guest_args(tid); if (!sr_isError(res) && fd < MAXIMUM_FDS) { resolve_fd(fd, fdpath, MAX_PATH-1); tainted_fds[tid][sr_Res(res)] = (VG_(strncmp)(fdpath, FZ_(clo_file_filter), VG_(strlen)(FZ_(clo_file_filter))) == 0); VG_(printf)("[?] tid %d open(%d) fdpath=%s clo_file_filter=%s\n", tid, fd, fdpath, FZ_(clo_file_filter)); if (tainted_fds[tid][sr_Res(res)]) { VG_(printf)("[+] tid %d open(%d)\n", tid, fd); position_fds[tid][sr_Res(res)] = 0; } /*if (tainted_fds[tid][sr_Res(res)]) { VG_(printf)("tainting file %d\n", sr_Res(res)); } else { VG_(printf)("not tainting file %d\n", sr_Res(res)); }*/ } }
static void fz_post_syscall(ThreadId tid, UInt syscallno, SysRes res) { switch (syscallno) { case __NR_read: FZ_(syscall_read)(tid, res); break; case __NR_open: FZ_(syscall_open)(tid, res); break; case __NR_close: FZ_(syscall_close)(tid, res); break; case __NR_lseek: #ifdef __NR__llseek case __NR__llseek: #endif FZ_(syscall_lseek)(tid, res); break; #ifdef __NR_mmap case __NR_mmap: #endif #ifdef __NR_mmap2 case __NR_mmap2: #endif FZ_(syscall_mmap2)(tid, res); break; case __NR_munmap: FZ_(syscall_munmap)(tid, res); break; default: break; } }
void FZ_(setup_tainted_map)(void) { if(fengSysFlag){VG_(printf)("feng:entered setup_tainted_map\n");} ThreadId t = 0; VG_(memset)(tainted_fds, False, sizeof(tainted_fds)); VG_(memset)(position_fds, 0, sizeof(position_fds)); /* Taint stdin if specified */ if (FZ_(clo_taint_stdin)) { for(t = 0; t < VG_N_THREADS; t++) { tainted_fds[t][0] = True; } } }
static void fz_post_clo_init(void) { FZ_(setup_tainted_map)(); }
FZ_(syscall_mmap2)(tid, res); break; case __NR_munmap: FZ_(syscall_munmap)(tid, res); break; default: break; } } /*------------------------------------------------------------*/ /*--- Command line args ---*/ /*------------------------------------------------------------*/ static Char FZ_(default_file_filter)[] = ""; Char* FZ_(clo_file_filter) = FZ_(default_file_filter); Bool FZ_(clo_taint_file) = False; Bool FZ_(clo_taint_stdin) = False; Bool FZ_(verbose) = False; static Bool fz_process_cmd_line_options(Char* arg) { VG_STR_CLO(arg, "--file-filter", FZ_(clo_file_filter)) else VG_BOOL_CLO(arg, "--taint-stdin", FZ_(clo_taint_stdin)) else VG_BOOL_CLO(arg, "--taint-file", FZ_(clo_taint_file)) //else VG_BOOL_CLO(arg, "--taint-network", FL_(clo_taint_network)) else VG_BOOL_CLO(arg, "--show-ir", FZ_(verbose)) return True; } static void fz_print_usage(void) {