diff options
| author | vanhauser-thc <vh@thc.org> | 2021-09-07 17:15:54 +0200 |
|---|---|---|
| committer | vanhauser-thc <vh@thc.org> | 2021-09-07 17:16:23 +0200 |
| commit | f760e80729412a2cd44a12e76b81ccb433626e60 (patch) | |
| tree | d41b373b341d5503f6e2d6fdd1247053259cb670 | |
| parent | cb01d566167b8c0d02a19485d13fdd05c1b8347b (diff) | |
| download | afl++-f760e80729412a2cd44a12e76b81ccb433626e60.tar.gz | |
add check_binary_signatures for afl-* utils
| -rw-r--r-- | docs/Changelog.md | 3 | ||||
| -rw-r--r-- | include/common.h | 1 | ||||
| -rw-r--r-- | src/afl-analyze.c | 1 | ||||
| -rw-r--r-- | src/afl-common.c | 64 | ||||
| -rw-r--r-- | src/afl-showmap.c | 2 | ||||
| -rw-r--r-- | src/afl-tmin.c | 1 |
6 files changed, 71 insertions, 1 deletions
diff --git a/docs/Changelog.md b/docs/Changelog.md index 0ffbef05..de217c2e 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -15,7 +15,8 @@ sending a mail to <afl-users+subscribe@googlegroups.com>. information on how to deal with instrumenting libraries - fix a regression introduced in 3.10 that resulted in less coverage being detected. thanks to Collin May for reporting! - + - afl-showmap, afl-tmin and afl-analyze now honor persistent mode + for more speed. thanks to dloffre-snl for reporting! - afl-cc: - fix for shared linking on MacOS - llvm and LTO mode verified to work with new llvm 14-dev diff --git a/include/common.h b/include/common.h index 7bba9e91..2ca44301 100644 --- a/include/common.h +++ b/include/common.h @@ -38,6 +38,7 @@ #define STRINGIFY_VAL_SIZE_MAX (16) +u32 check_binary_signatures(u8 *fn); void detect_file_args(char **argv, u8 *prog_in, bool *use_stdin); void print_suggested_envs(char *mispelled_env); void check_environment_vars(char **env); diff --git a/src/afl-analyze.c b/src/afl-analyze.c index e19df3ce..eef08494 100644 --- a/src/afl-analyze.c +++ b/src/afl-analyze.c @@ -1093,6 +1093,7 @@ int main(int argc, char **argv_orig, char **envp) { parse_afl_kill_signal_env(getenv("AFL_KILL_SIGNAL"), SIGKILL); read_initial_file(); + (void)check_binary_signatures(fsrv.target_path); ACTF("Performing dry run (mem limit = %llu MB, timeout = %u ms%s)...", mem_limit, exec_tmout, edges_only ? ", edges only" : ""); diff --git a/src/afl-common.c b/src/afl-common.c index 9ca2b3e8..db19f0a7 100644 --- a/src/afl-common.c +++ b/src/afl-common.c @@ -25,8 +25,12 @@ #include <stdlib.h> #include <stdio.h> +#define _GNU_SOURCE +#define __USE_GNU +#include <string.h> #include <strings.h> #include <math.h> +#include <sys/mman.h> #include "debug.h" #include "alloc-inl.h" @@ -51,6 +55,66 @@ u8 last_intr = 0; #define AFL_PATH "/usr/local/lib/afl/" #endif +u32 check_binary_signatures(u8 *fn) { + + int ret = 0, fd = open(fn, O_RDONLY); + if (fd < 0) { PFATAL("Unable to open '%s'", fn); } + struct stat st; + if (fstat(fd, &st) < 0) { PFATAL("Unable to fstat '%s'", fn); } + u32 f_len = st.st_size; + u8 *f_data = mmap(0, f_len, PROT_READ, MAP_PRIVATE, fd, 0); + if (f_data == MAP_FAILED) { PFATAL("Unable to mmap file '%s'", fn); } + close(fd); + + if (memmem(f_data, f_len, PERSIST_SIG, strlen(PERSIST_SIG) + 1)) { + + if (!be_quiet) { OKF(cPIN "Persistent mode binary detected."); } + setenv(PERSIST_ENV_VAR, "1", 1); + ret = 1; + + } else if (getenv("AFL_PERSISTENT")) { + + if (!be_quiet) { + + WARNF("AFL_PERSISTENT is no longer supported and may misbehave!"); + + } + + } else if (getenv("AFL_FRIDA_PERSISTENT_ADDR")) { + + if (!be_quiet) { + + OKF("FRIDA Persistent mode configuration options detected."); + + } + + setenv(PERSIST_ENV_VAR, "1", 1); + ret = 1; + + } + + if (memmem(f_data, f_len, DEFER_SIG, strlen(DEFER_SIG) + 1)) { + + if (!be_quiet) { OKF(cPIN "Deferred forkserver binary detected."); } + setenv(DEFER_ENV_VAR, "1", 1); + ret += 2; + + } else if (getenv("AFL_DEFER_FORKSRV")) { + + if (!be_quiet) { + + WARNF("AFL_DEFER_FORKSRV is no longer supported and may misbehave!"); + + } + + } + + if (munmap(f_data, f_len)) { PFATAL("unmap() failed"); } + + return ret; + +} + void detect_file_args(char **argv, u8 *prog_in, bool *use_stdin) { u32 i = 0; diff --git a/src/afl-showmap.c b/src/afl-showmap.c index 9122cd25..27b1e14a 100644 --- a/src/afl-showmap.c +++ b/src/afl-showmap.c @@ -1189,6 +1189,8 @@ int main(int argc, char **argv_orig, char **envp) { } + (void)check_binary_signatures(fsrv->target_path); + shm_fuzz = ck_alloc(sizeof(sharedmem_t)); /* initialize cmplog_mode */ diff --git a/src/afl-tmin.c b/src/afl-tmin.c index 792770e0..dff51e84 100644 --- a/src/afl-tmin.c +++ b/src/afl-tmin.c @@ -1209,6 +1209,7 @@ int main(int argc, char **argv_orig, char **envp) { fsrv->shmem_fuzz = map + sizeof(u32); read_initial_file(); + (void)check_binary_signatures(fsrv->target_path); if (!fsrv->qemu_mode && !unicorn_mode) { |