diff options
| author | van Hauser <vh@thc.org> | 2019-12-02 15:25:17 +0100 |
|---|---|---|
| committer | van Hauser <vh@thc.org> | 2019-12-02 15:25:17 +0100 |
| commit | f8bc9b54dabc759e9ad1eb82e5ee36af3bb4e1a6 (patch) | |
| tree | 25ca944fe68f932c68cae788fb5da6f36f6449c6 | |
| parent | 60c8121c1d4172528f5713c486d5dd3f809ec8ac (diff) | |
| download | afl++-f8bc9b54dabc759e9ad1eb82e5ee36af3bb4e1a6.tar.gz | |
added -N no_unlink option
| -rw-r--r-- | docs/ChangeLog | 6 | ||||
| -rw-r--r-- | include/afl-fuzz.h | 4 | ||||
| -rw-r--r-- | src/afl-fuzz-globals.c | 4 | ||||
| -rw-r--r-- | src/afl-fuzz-run.c | 33 | ||||
| -rw-r--r-- | src/afl-fuzz.c | 13 |
5 files changed, 48 insertions, 12 deletions
diff --git a/docs/ChangeLog b/docs/ChangeLog index e0042f24..cc742797 100644 --- a/docs/ChangeLog +++ b/docs/ChangeLog @@ -20,7 +20,10 @@ Version ++2.58d (dev): - qbdi_mode: fuzz android native libraries via QBDI framework - afl-analyze: added AFL_SKIP_BIN_CHECK support - better random numbers for gcc_plugin and llvm_mode (thanks to devnexen) - - afl-fuzz: CPU affinity support for DragonFly + - afl-fuzz: + - added Radamsa and an optional radamsa stage (-R) + - CPU affinity support for DragonFly + - added -u command line option to not unlink the fuzz input file - llvm_mode: float splitting is now configured via AFL_LLVM_LAF_SPLIT_FLOATS - libtokencap: support for *BSD/OSX added - compcov: floating point splitting support for QEMU on x86 targets @@ -30,7 +33,6 @@ Version ++2.58d (dev): download succeeded. f*ckin travis fails downloading 40% of the time! - added the few Android stuff we didnt have already from Google afl repository - removed unnecessary warnings - - added the radamsa stage -------------------------- diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index c85883dd..0d759a19 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -265,7 +265,9 @@ extern u32 hang_tmout; /* Timeout used for hang det (ms) */ extern u64 mem_limit; /* Memory cap for child (MB) */ extern u8 cal_cycles, /* Calibration cycles defaults */ - cal_cycles_long, debug, /* Debug mode */ + cal_cycles_long, /* Calibration cycles defaults */ + no_unlink, /* do not unlink cur_input */ + debug, /* Debug mode */ custom_only, /* Custom mutator only mode */ python_only; /* Python-only mode */ diff --git a/src/afl-fuzz-globals.c b/src/afl-fuzz-globals.c index 5c36eb0b..de716098 100644 --- a/src/afl-fuzz-globals.c +++ b/src/afl-fuzz-globals.c @@ -83,7 +83,9 @@ u32 hang_tmout = EXEC_TIMEOUT; /* Timeout used for hang det (ms) */ u64 mem_limit = MEM_LIMIT; /* Memory cap for child (MB) */ u8 cal_cycles = CAL_CYCLES, /* Calibration cycles defaults */ - cal_cycles_long = CAL_CYCLES_LONG, debug, /* Debug mode */ + cal_cycles_long = CAL_CYCLES_LONG, /* Calibration cycles defaults */ + debug, /* Debug mode */ + no_unlink, /* do not unlink cur_input */ custom_only, /* Custom mutator only mode */ python_only; /* Python-only mode */ diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index 8fa91afd..8f72d0fe 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -288,9 +288,16 @@ void write_to_testcase(void* mem, u32 len) { if (out_file) { - unlink(out_file); /* Ignore errors. */ + if (no_unlink) { - fd = open(out_file, O_WRONLY | O_CREAT | O_EXCL, 0600); + fd = open(out_file, O_WRONLY | O_CREAT | O_TRUNC, 0600); + + } else { + + unlink(out_file); /* Ignore errors. */ + fd = open(out_file, O_WRONLY | O_CREAT | O_EXCL, 0600); + + } if (fd < 0) PFATAL("Unable to create '%s'", out_file); @@ -330,9 +337,16 @@ void write_with_gap(void* mem, u32 len, u32 skip_at, u32 skip_len) { if (out_file) { - unlink(out_file); /* Ignore errors. */ + if (no_unlink) { + + fd = open(out_file, O_WRONLY | O_CREAT | O_TRUNC, 0600); + + } else { - fd = open(out_file, O_WRONLY | O_CREAT | O_EXCL, 0600); + unlink(out_file); /* Ignore errors. */ + fd = open(out_file, O_WRONLY | O_CREAT | O_EXCL, 0600); + + } if (fd < 0) PFATAL("Unable to create '%s'", out_file); @@ -760,9 +774,16 @@ u8 trim_case(char** argv, struct queue_entry* q, u8* in_buf) { s32 fd; - unlink(q->fname); /* ignore errors */ + if (no_unlink) { + + fd = open(q->fname, O_WRONLY | O_CREAT | O_TRUNC, 0600); - fd = open(q->fname, O_WRONLY | O_CREAT | O_EXCL, 0600); + } else { + + unlink(q->fname); /* ignore errors */ + fd = open(q->fname, O_WRONLY | O_CREAT | O_EXCL, 0600); + + } if (fd < 0) PFATAL("Unable to create '%s'", q->fname); diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index bdbc48e0..3a5b0b4e 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -122,9 +122,11 @@ static void usage(u8* argv0) { " a recommended value is 10-60. see docs/README.MOpt\n\n" "Fuzzing behavior settings:\n" + " -N - do not unlink the fuzzing input file\n" " -d - quick & dirty mode (skips deterministic steps)\n" " -n - fuzz without instrumentation (dumb mode)\n" - " -x dir - optional fuzzer dictionary (see README)\n\n" + " -x dir - optional fuzzer dictionary (see README, its really " + "good!)\n\n" "Testing settings:\n" " -s seed - use a fixed seed for the RNG\n" @@ -195,7 +197,7 @@ int main(int argc, char** argv) { init_seed = tv.tv_sec ^ tv.tv_usec ^ getpid(); while ((opt = getopt(argc, argv, - "+i:I:o:f:m:t:T:dnCB:S:M:x:QUWe:p:s:V:E:L:hR")) > 0) + "+i:I:o:f:m:t:T:dnCB:S:M:x:QNUWe:p:s:V:E:L:hR")) > 0) switch (opt) { @@ -426,6 +428,13 @@ int main(int argc, char** argv) { break; + case 'N': /* Unicorn mode */ + + if (no_unlink) FATAL("Multiple -N options not supported"); + no_unlink = 1; + + break; + case 'U': /* Unicorn mode */ if (unicorn_mode) FATAL("Multiple -U options not supported"); |