diff options
| author | Sergej Schumilo <sergej@schumilo.de> | 2023-08-04 12:13:06 +0200 |
|---|---|---|
| committer | Sergej Schumilo <sergej@schumilo.de> | 2023-08-04 12:13:06 +0200 |
| commit | 08a6fd7c29489f5477f50b94d7a0e425f64fef34 (patch) | |
| tree | db2968fbb507ce964fd807a4a80ae97e4168438e | |
| parent | 1fd1f0d8ce0db7e5ccee4462c85c264dcfca328d (diff) | |
| download | afl++-08a6fd7c29489f5477f50b94d7a0e425f64fef34.tar.gz | |
update the old nyx env var naming scheme
(to have a more consistent naming overall)
| -rw-r--r-- | include/envs.h | 2 | ||||
| -rw-r--r-- | nyx_mode/README.md | 6 | ||||
| -rw-r--r-- | src/afl-forkserver.c | 27 | ||||
| -rw-r--r-- | src/afl-fuzz.c | 3 |
4 files changed, 21 insertions, 17 deletions
diff --git a/include/envs.h b/include/envs.h index 0ef331ae..ff303387 100644 --- a/include/envs.h +++ b/include/envs.h @@ -190,6 +190,8 @@ static char *afl_environment_variables[] = { "AFL_NO_X86", // not really an env but we dont want to warn on it "AFL_NOOPT", "AFL_NYX_AUX_SIZE", + "AFL_NYX_DISABLE_SNAPSHOT_MODE", + "AFL_NYX_REUSE_SNAPSHOT", "AFL_PASSTHROUGH", "AFL_PATH", "AFL_PERFORMANCE_FILE", diff --git a/nyx_mode/README.md b/nyx_mode/README.md index 0565331b..aee9879e 100644 --- a/nyx_mode/README.md +++ b/nyx_mode/README.md @@ -150,12 +150,12 @@ afl-cmin -i in_dir -o out_dir -X -- ./PACKAGE-DIRECTORY On each program startup of one the AFL++ tools in Nyx mode, a Nyx VM is spawned, and a bootstrapping procedure is performed inside the VM to prepare the target environment. As a consequence, due to the bootstrapping procedure, the launch performance is much slower compared to other modes. However, this can be optimized by reusing an existing fuzzing snapshot to avoid the slow re-execution of the bootstrap procedure. -A fuzzing snapshot is automatically created and stored in the output directory at `out_dir/workdir/snapshot/` by the first parent process of `afl-fuzz` if parallel mode is used. To enable this feature, set the path to an existing snapshot directory in the `NYX_REUSE_SNAPSHOT` environment variable and use the tools as usual: +A fuzzing snapshot is automatically created and stored in the output directory at `out_dir/workdir/snapshot/` by the first parent process of `afl-fuzz` if parallel mode is used. To enable this feature, set the path to an existing snapshot directory in the `AFL_NYX_REUSE_SNAPSHOT` environment variable and use the tools as usual: ```shell afl-fuzz -i ./in_dir -o ./out_dir -Y -M 0 ./PACKAGE-DIRECTORY -NYX_REUSE_SNAPSHOT=./out_dir/workdir/snapshot/ afl-analyze -i in_file -X -- ./PACKAGE-DIRECTORY +AFL_NYX_REUSE_SNAPSHOT=./out_dir/workdir/snapshot/ afl-analyze -i in_file -X -- ./PACKAGE-DIRECTORY ``` @@ -311,7 +311,7 @@ command: ``` If you want to disable fast snapshots (except for crashes), you can simply set -the `NYX_DISABLE_SNAPSHOT_MODE` environment variable. +the `AFL_NYX_DISABLE_SNAPSHOT_MODE` environment variable. ### Nyx crash reports diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index e90ea460..717898d1 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -606,23 +606,23 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, } - if (getenv("NYX_REUSE_SNAPSHOT") != NULL) { + if (getenv("AFL_NYX_REUSE_SNAPSHOT") != NULL) { - if (access(getenv("NYX_REUSE_SNAPSHOT"), F_OK) == -1) { + if (access(getenv("AFL_NYX_REUSE_SNAPSHOT"), F_OK) == -1) { - NYX_PRE_FATAL(fsrv, "NYX_REUSE_SNAPSHOT path does not exist"); + NYX_PRE_FATAL(fsrv, "AFL_NYX_REUSE_SNAPSHOT path does not exist"); } /* stupid sanity check to avoid passing an empty or invalid snapshot * directory */ char *snapshot_file_path = - alloc_printf("%s/global.state", getenv("NYX_REUSE_SNAPSHOT")); + alloc_printf("%s/global.state", getenv("AFL_NYX_REUSE_SNAPSHOT")); if (access(snapshot_file_path, R_OK) == -1) { - NYX_PRE_FATAL( - fsrv, - "NYX_REUSE_SNAPSHOT path does not contain a valid Nyx snapshot"); + NYX_PRE_FATAL(fsrv, + "AFL_NYX_REUSE_SNAPSHOT path does not contain a valid " + "Nyx snapshot"); } @@ -634,13 +634,14 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, char *workdir_snapshot_path = alloc_printf("%s/workdir/snapshot", outdir_path_absolute); char *reuse_snapshot_path_real = - realpath(getenv("NYX_REUSE_SNAPSHOT"), NULL); + realpath(getenv("AFL_NYX_REUSE_SNAPSHOT"), NULL); if (strcmp(workdir_snapshot_path, reuse_snapshot_path_real) == 0) { - NYX_PRE_FATAL(fsrv, - "NYX_REUSE_SNAPSHOT path is located in current workdir " - "(use another output directory)"); + NYX_PRE_FATAL( + fsrv, + "AFL_NYX_REUSE_SNAPSHOT path is located in current workdir " + "(use another output directory)"); } @@ -648,7 +649,7 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, ck_free(workdir_snapshot_path); fsrv->nyx_handlers->nyx_config_set_reuse_snapshot_path( - nyx_config, getenv("NYX_REUSE_SNAPSHOT")); + nyx_config, getenv("AFL_NYX_REUSE_SNAPSHOT")); } @@ -670,7 +671,7 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, fsrv->nyx_handlers->nyx_get_bitmap_buffer(fsrv->nyx_runner); fsrv->nyx_handlers->nyx_option_set_reload_mode( - fsrv->nyx_runner, getenv("NYX_DISABLE_SNAPSHOT_MODE") == NULL); + fsrv->nyx_runner, getenv("AFL_NYX_DISABLE_SNAPSHOT_MODE") == NULL); fsrv->nyx_handlers->nyx_option_apply(fsrv->nyx_runner); fsrv->nyx_handlers->nyx_option_set_timeout(fsrv->nyx_runner, 2, 0); diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 29659013..3d7adf41 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -302,7 +302,8 @@ static void usage(u8 *argv0, int more_help) { "AFL_NYX_AUX_SIZE: size of the Nyx auxiliary buffer. Must be a multiple of 4096.\n" " Increase this value in case the crash reports are truncated.\n" " Default value is 4096.\n" - + "AFL_NYX_DISABLE_SNAPSHOT_MODE: disable snapshot mode (must be supported by the agent)\n" + "AFL_NYX_REUSE_SNAPSHOT: reuse an existing Nyx root snapshot\n" DYN_COLOR "AFL_PATH: path to AFL support binaries\n" |