enforce mandatary custom functions

author: van Hauser <vh@thc.org> 2020-05-12 17:05:12 +0200
committer: van Hauser <vh@thc.org> 2020-05-12 17:05:12 +0200
commit: 060f4ea320b2417bab2f153779b248698544f536 (patch)
tree: ce326b3bae0f992008ebf8833bbdcbedee67ac5c
parent: 61779547733699dfe6710a74529e02d515364aa4 (diff)
download: afl++-060f4ea320b2417bab2f153779b248698544f536.tar.gz
3 files changed, 26 insertions, 10 deletions
diff --git a/docs/custom_mutators.md b/docs/custom_mutators.md
index 3cd874b9..c044be0c 100644
--- a/docs/custom_mutators.md
+++ b/docs/custom_mutators.md
@@ -84,13 +84,16 @@ def queue_new_entry(filename_new_queue, filename_orig_queue):
 
 - `queue_get` (optional):
 
-    This method determines whether the fuzzer should fuzz the current queue
-    entry or not
+    This method determines whether the custom fuzzer should fuzz the current
+    queue entry or not
 
-- `fuzz` (required):
+- `fuzz` (optional):
 
     This method performs custom mutations on a given input. It also accepts an
     additional test case.
+    Note that this function is optional - but it makes sense to use it.
+    You would only skip this if `pre_send` is used to fix checksums etc.
+    so you are using it e.g. as a post processing library.
 
 - `havoc_mutation` and `havoc_mutation_probability` (optional):
 
@@ -114,6 +117,13 @@ def queue_new_entry(filename_new_queue, filename_orig_queue):
 
     This methods is called after adding a new test case to the queue.
 
+- `deinit`:
+
+    The last method to be called, deinitializing the state.
+
+Note that there are also three functions for trimming as described in the
+next section.
+
 ### Trimming Support
 
 The generic trimming routines implemented in AFL++ can easily destroy the
@@ -160,10 +170,8 @@ trimmed input. Here's a quick API description:
     In any case, this method must return the next trim iteration index (from 0
     to the maximum amount of steps you returned in `init_trim`).
 
-`deinit` the last method to be called, deinitializing the state.
-
-Omitting any of three methods will cause the trimming to be disabled and trigger
-a fallback to the builtin default trimming routine.
+Omitting any of three trimming methods will cause the trimming to be disabled
+and trigger a fallback to the builtin default trimming routine.
 
 ### Environment Variables
 
diff --git a/src/afl-fuzz-mutators.c b/src/afl-fuzz-mutators.c
index 6bd13e2b..2c2efc94 100644
--- a/src/afl-fuzz-mutators.c
+++ b/src/afl-fuzz-mutators.c
@@ -151,7 +151,7 @@ struct custom_mutator *load_custom_mutator(afl_state_t *afl, const char *fn) {
   /* Mutator */
   /* "afl_custom_init", optional for backward compatibility */
   mutator->afl_custom_init = dlsym(dh, "afl_custom_init");
-  if (!mutator->afl_custom_init) WARNF("Symbol 'afl_custom_init' not found.");
+  if (!mutator->afl_custom_init) FATAL("Symbol 'afl_custom_init' not found.");
 
   /* "afl_custom_fuzz" or "afl_custom_mutator", required */
   mutator->afl_custom_fuzz = dlsym(dh, "afl_custom_fuzz");
@@ -162,13 +162,13 @@ struct custom_mutator *load_custom_mutator(afl_state_t *afl, const char *fn) {
 
     mutator->afl_custom_fuzz = dlsym(dh, "afl_custom_mutator");
     if (!mutator->afl_custom_fuzz)
-      FATAL("Symbol 'afl_custom_mutator' not found.");
+      WARNF("Symbol 'afl_custom_mutator' not found.");
 
   }
 
   /* "afl_custom_deinit", optional for backward compatibility */
   mutator->afl_custom_deinit = dlsym(dh, "afl_custom_deinit");
-  if (!mutator->afl_custom_deinit) WARNF("Symbol 'afl_custom_init' not found.");
+  if (!mutator->afl_custom_deinit) FATAL("Symbol 'afl_custom_init' not found.");
 
   /* "afl_custom_pre_save", optional */
   mutator->afl_custom_pre_save = dlsym(dh, "afl_custom_pre_save");
diff --git a/src/afl-fuzz-python.c b/src/afl-fuzz-python.c
index 1084e4f1..460d6683 100644
--- a/src/afl-fuzz-python.c
+++ b/src/afl-fuzz-python.c
@@ -135,7 +135,13 @@ static py_mutator_t *init_py_module(afl_state_t *afl, u8 *module_name) {
     u8 py_notrim = 0, py_idx;
     /* init, required */
     py_functions[PY_FUNC_INIT] = PyObject_GetAttrString(py_module, "init");
+    if (!py_functions[PY_FUNC_INIT])
+      FATAL("init function not found in python module");
     py_functions[PY_FUNC_FUZZ] = PyObject_GetAttrString(py_module, "fuzz");
+    if (!py_functions[PY_FUNC_FUZZ])
+      py_functions[PY_FUNC_FUZZ] = PyObject_GetAttrString(py_module, "mutate");
+    if (!py_functions[PY_FUNC_FUZZ])
+      WARNF("fuzz function not found in python module");
     py_functions[PY_FUNC_PRE_SAVE] =
         PyObject_GetAttrString(py_module, "pre_save");
     py_functions[PY_FUNC_INIT_TRIM] =
@@ -152,6 +158,8 @@ static py_mutator_t *init_py_module(afl_state_t *afl, u8 *module_name) {
     py_functions[PY_FUNC_QUEUE_NEW_ENTRY] =
         PyObject_GetAttrString(py_module, "queue_new_entry");
     py_functions[PY_FUNC_DEINIT] = PyObject_GetAttrString(py_module, "deinit");
+    if (!py_functions[PY_FUNC_DEINIT])
+      FATAL("deinit function not found in python module");
 
     for (py_idx = 0; py_idx < PY_FUNC_COUNT; ++py_idx) {
author	van Hauser <vh@thc.org>	2020-05-12 17:05:12 +0200
committer	van Hauser <vh@thc.org>	2020-05-12 17:05:12 +0200
commit	060f4ea320b2417bab2f153779b248698544f536 (patch)
tree	ce326b3bae0f992008ebf8833bbdcbedee67ac5c
parent	61779547733699dfe6710a74529e02d515364aa4 (diff)
download	afl++-060f4ea320b2417bab2f153779b248698544f536.tar.gz