python3.7 support for afl-fuzz py mutator

author: van Hauser <vh@thc.org> 2019-12-03 10:11:39 +0100
committer: van Hauser <vh@thc.org> 2019-12-03 10:11:39 +0100
commit: 674fbc39f8bcac77a543693edace00c843fc411b (patch)
tree: f039d2b98af5d3f8b04e543da17cac9b95a33f26
parent: 2b0cfe1ab53f2a43db098a66e8b585420352677d (diff)
download: afl++-674fbc39f8bcac77a543693edace00c843fc411b.tar.gz
6 files changed, 58 insertions, 14 deletions
diff --git a/Makefile b/Makefile
index ab1b74ec..2203396a 100644
--- a/Makefile
+++ b/Makefile
@@ -39,8 +39,27 @@ CFLAGS     += -Wall -D_FORTIFY_SOURCE=2 -g -Wno-pointer-sign -I include/ \
 
 AFL_FUZZ_FILES = $(wildcard src/afl-fuzz*.c)
 
-PYTHON_INCLUDE	?= /usr/include/python2.7
+PYTHON_INCLUDE	?= $(shell test -e /usr/include/python3.7m && echo /usr/include/python3.7m)
+PYTHON_INCLUDE	?= $(shell test -e /usr/include/python3.7 && echo /usr/include/python3.7)
+PYTHON_INCLUDE	?= $(shell test -e /usr/include/python2.7 && echo /usr/include/python2.7)
 
+ifneq "($filter %3.7m, $(PYTHON_INCLUDE))" ""
+    PYTHON_VERSION=3.7m
+    PYTHON_LIB=-lpython3.7m
+else
+    ifneq "($filter %3.7, $(PYTHON_INCLUDE))" ""
+        PYTHON_VERSION=3.7
+        PYTHON_LIB=
+    else
+        ifneq "($filter %2.7, $(PYTHON_INCLUDE))" ""
+            PYTHON_VERSION=2.7
+            PYTHON_LIB=-lpython2.7
+        else
+            PYTHON_VERSION=none
+            PYTHON_LIB=
+        endif
+    endif
+endif
 
 ifdef SOURCE_DATE_EPOCH
     BUILD_DATE ?= $(shell date -u -d "@$(SOURCE_DATE_EPOCH)" -I 2>/dev/null || date -u -r "$(SOURCE_DATE_EPOCH)" -I 2>/dev/null || date -u -I)
@@ -69,9 +88,9 @@ endif
 COMM_HDR    = include/alloc-inl.h include/config.h include/debug.h include/types.h
 
 
-ifeq "$(shell echo '\#include <Python.h>@int main() {return 0; }' | tr @ '\n' | $(CC) -x c - -o .test -I$(PYTHON_INCLUDE) $(LDFLAGS) -lpython2.7 2>/dev/null && echo 1 || echo 0 )" "1"
+ifeq "$(shell echo '\#include <Python.h>@int main() {return 0; }' | tr @ '\n' | $(CC) -x c - -o .test -I$(PYTHON_INCLUDE) $(LDFLAGS) $(PYTHON_LIB) 2>/dev/null && echo 1 || echo 0 )" "1"
 	PYTHON_OK=1
-	PYFLAGS=-DUSE_PYTHON -I$(PYTHON_INCLUDE) $(LDFLAGS) -lpython2.7
+	PYFLAGS=-DUSE_PYTHON -I$(PYTHON_INCLUDE) $(LDFLAGS) $(PYTHON_LIB)
 else
 	PYTHON_OK=0
 	PYFLAGS=
@@ -171,12 +190,12 @@ ifeq "$(PYTHON_OK)" "1"
 
 test_python27:
 	@rm -f .test 2> /dev/null
-	@echo "[+] Python 2.7 support seems to be working."
+	@echo "[+] Python $(PYTHON_VERSION) support seems to be working."
 
 else
 
 test_python27:
-	@echo "[-] You seem to need to install the package python2.7-dev, but it is optional so we continue"
+	@echo "[-] You seem to need to install the package python3.7-dev or python2.7-dev, but it is optional so we continue"
 
 endif
 
diff --git a/docs/ChangeLog b/docs/ChangeLog
index f42d380f..52821d67 100644
--- a/docs/ChangeLog
+++ b/docs/ChangeLog
@@ -24,6 +24,7 @@ Version ++2.58d (dev):
      - added Radamsa and an optional radamsa stage (-R)
      - CPU affinity support for DragonFly
      - added -u command line option to not unlink the fuzz input file
+     - Python3 support
   - llvm_mode:
      - float splitting is now configured via AFL_LLVM_LAF_SPLIT_FLOATS
      - support for llvm 10 included now (thanks to devnexen)
diff --git a/docs/python_mutators.txt b/docs/python_mutators.txt
index 0d4eef1e..e20a6f58 100644
--- a/docs/python_mutators.txt
+++ b/docs/python_mutators.txt
@@ -9,8 +9,9 @@ Adding custom mutators to AFL using Python modules
 
   Implemented by Christian Holler (:decoder) <choller@mozilla.com>.
 
-  NOTE: This is for Python 2.7 !
-  Anyone who wants to add Python 3.7 support is happily welcome :)
+  NOTE: Python 3.7 and 2.7 are supported so far (3.8 upcomming).
+  Depending on with which version afl-fuzz was compiled, you must use
+  python2 or python3 syntax in your scripts!
 
   For an example and a template see ../python_mutators/
 
@@ -56,16 +57,19 @@ further information about this feature.
 3) How to compile AFLFuzz with Python support
 ---------------------------------------------
 
-You must install the python 2.7 development package of your Linux distribution
-before this will work. On Debian/Ubuntu/Kali this can be done with:
+You must install the python 3.7 or 2.7 development package of your Linux
+distribution before this will work. On Debian/Ubuntu/Kali this can be done
+with either:
+  apt install python3.7-dev
+pr
   apt install python2.7-dev
 
 A prerequisite for using this mode is to compile AFLFuzz with Python support.
 
-The afl Makefile performs some magic and detects Python 2.7 if it is in the
-default path and compiles afl-fuzz with the feature if available (which is
-/usr/include/python2.7 for the Python.h include and /usr/lib/x86_64-linux-gnu
-for the libpython2.7.a library)
+The afl Makefile performs some magic and detects Python 3.7 and 2.7 if it is
+in the default path and compiles afl-fuzz with the feature if available (which
+is /usr/include/python2.7 for the Python.h include and
+/usr/lib/x86_64-linux-gnu for the libpython2.7.a library)
 
 In case your setup is different set the necessary variables like this:
 PYTHON_INCLUDE=/path/to/python2.7/include LDFLAGS=-L/path/to/python2.7/lib make
diff --git a/docs/technical_details.txt b/docs/technical_details.txt
index af6131c1..1604c4d0 100644
--- a/docs/technical_details.txt
+++ b/docs/technical_details.txt
@@ -165,7 +165,7 @@ of new tuples, and the remainder is associated with changes in hit counts.
 
 The following table compares the relative ability to discover file syntax and
 explore program states when using several different approaches to guided
-fuzzing. The instrumented target was GNU patch 2.7.3 compiled with -O3 and
+fuzzing. The instrumented target was GNU patch 2.7k.3 compiled with -O3 and
 seeded with a dummy text file; the session consisted of a single pass over the
 input queue with afl-fuzz:
 
diff --git a/python_mutators/README b/python_mutators/README
index 21a16e52..4e7d62bc 100644
--- a/python_mutators/README
+++ b/python_mutators/README
@@ -1,6 +1,9 @@
 These are example and helper files for the AFL_PYTHON_MODULE feature.
 See docs/python_mutators.txt for more information
 
+Note that if you compile with python3.7 you must use python3 scripts, and if
+you use pyton2.7 to compile python2 scripts!
+
 
 example.py	- this is the template you can use, the functions are there
 		  but they are empty
diff --git a/src/afl-fuzz-python.c b/src/afl-fuzz-python.c
index 70a547d2..c1ee143b 100644
--- a/src/afl-fuzz-python.c
+++ b/src/afl-fuzz-python.c
@@ -35,7 +35,11 @@ int init_py() {
 
   if (module_name) {
 
+#if PY_MAJOR_VERSION >= 3
+    PyObject* py_name = PyUnicode_FromString(module_name);
+#else
     PyObject* py_name = PyString_FromString(module_name);
+#endif
 
     py_module = PyImport_Import(py_name);
     Py_DECREF(py_name);
@@ -91,7 +95,12 @@ int init_py() {
 
       /* Provide the init function a seed for the Python RNG */
       py_args = PyTuple_New(1);
+#if PY_MAJOR_VERSION >= 3
+      py_value = PyLong_FromLong(UR(0xFFFFFFFF));
+#else
       py_value = PyInt_FromLong(UR(0xFFFFFFFF));
+#endif
+
       if (!py_value) {
 
         Py_DECREF(py_args);
@@ -216,7 +225,11 @@ u32 init_trim_py(char* buf, size_t buflen) {
 
   if (py_value != NULL) {
 
+#if PY_MAJOR_VERSION >= 3
+    u32 retcnt = (u32) PyLong_AsLong(py_value);
+#else
     u32 retcnt = PyInt_AsLong(py_value);
+#endif
     Py_DECREF(py_value);
     return retcnt;
 
@@ -250,7 +263,11 @@ u32 post_trim_py(char success) {
 
   if (py_value != NULL) {
 
+#if PY_MAJOR_VERSION >= 3
+    u32 retcnt = (u32) PyLong_AsLong(py_value);
+#else
     u32 retcnt = PyInt_AsLong(py_value);
+#endif
     Py_DECREF(py_value);
     return retcnt;
author	van Hauser <vh@thc.org>	2019-12-03 10:11:39 +0100
committer	van Hauser <vh@thc.org>	2019-12-03 10:11:39 +0100
commit	674fbc39f8bcac77a543693edace00c843fc411b (patch)
tree	f039d2b98af5d3f8b04e543da17cac9b95a33f26
parent	2b0cfe1ab53f2a43db098a66e8b585420352677d (diff)
download	afl++-674fbc39f8bcac77a543693edace00c843fc411b.tar.gz