diff options
| author | Andrea Fioraldi <andreafioraldi@gmail.com> | 2019-12-25 10:35:49 +0100 |
|---|---|---|
| committer | Andrea Fioraldi <andreafioraldi@gmail.com> | 2019-12-25 10:35:49 +0100 |
| commit | 9ed4bfbca86ee6ff923e47deca0ebd5ae7a08b77 (patch) | |
| tree | db4bed50fdfa837afe829b1ef4b0655e3a3cfe9d | |
| parent | 67b6298895e8db0cc91c3bbd0bc29c48f8572c2e (diff) | |
| download | afl++-9ed4bfbca86ee6ff923e47deca0ebd5ae7a08b77.tar.gz | |
AFL_PRELOAD -> QEMU_SET_ENV for afl-fuzz,afl-showmap,afl-analyze,afl-tmin
| -rw-r--r-- | src/afl-analyze.c | 33 | ||||
| -rw-r--r-- | src/afl-fuzz.c | 27 | ||||
| -rw-r--r-- | src/afl-showmap.c | 33 | ||||
| -rw-r--r-- | src/afl-tmin.c | 33 |
4 files changed, 105 insertions, 21 deletions
diff --git a/src/afl-analyze.c b/src/afl-analyze.c index b82e124d..0a9b4785 100644 --- a/src/afl-analyze.c +++ b/src/afl-analyze.c @@ -82,6 +82,8 @@ static u8 edges_only, /* Ignore hit counts? */ static volatile u8 stop_soon, /* Ctrl-C pressed? */ child_timed_out; /* Child timed out? */ +static u8 qemu_mode; + /* Constants used for describing byte behavior. */ #define RESP_NONE 0x00 /* Changing byte is a no-op. */ @@ -709,8 +711,33 @@ static void set_up_environment(void) { if (getenv("AFL_PRELOAD")) { - setenv("LD_PRELOAD", getenv("AFL_PRELOAD"), 1); - setenv("DYLD_INSERT_LIBRARIES", getenv("AFL_PRELOAD"), 1); + if (qemu_mode) { + + u8* qemu_preload = getenv("QEMU_SET_ENV"); + u8* afl_preload = getenv("AFL_PRELOAD"); + u8* buf; + + s32 i, afl_preload_size = strlen(afl_preload); + for (i = 0; i < afl_preload_size; ++i) { + if (afl_preload[i] == ',') + PFATAL("Comma (',') is not allowed in AFL_PRELOAD when -Q is specified!"); + } + + if (qemu_preload) + buf = alloc_printf("%s,LD_PRELOAD=%s", qemu_preload, afl_preload); + else + buf = alloc_printf("LD_PRELOAD=%s", afl_preload); + + setenv("QEMU_SET_ENV", buf, 1); + + ck_free(buf); + + } else { + + setenv("LD_PRELOAD", getenv("AFL_PRELOAD"), 1); + setenv("DYLD_INSERT_LIBRARIES", getenv("AFL_PRELOAD"), 1); + + } } @@ -835,7 +862,7 @@ static void find_binary(u8* fname) { int main(int argc, char** argv) { s32 opt; - u8 mem_limit_given = 0, timeout_given = 0, qemu_mode = 0, unicorn_mode = 0, + u8 mem_limit_given = 0, timeout_given = 0, unicorn_mode = 0, use_wine = 0; char** use_argv; diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 54fdcc25..7df82b12 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -714,21 +714,24 @@ int main(int argc, char** argv) { if (qemu_mode) { - char* qemu_preload = getenv("QEMU_SET_ENV"); - char buf[4096]; - - if (qemu_preload) { - - snprintf(buf, sizeof(buf), "%s,LD_PRELOAD=%s", qemu_preload, - getenv("AFL_PRELOAD")); - - } else { - - snprintf(buf, sizeof(buf), "LD_PRELOAD=%s", getenv("AFL_PRELOAD")); - + u8* qemu_preload = getenv("QEMU_SET_ENV"); + u8* afl_preload = getenv("AFL_PRELOAD"); + u8* buf; + + s32 i, afl_preload_size = strlen(afl_preload); + for (i = 0; i < afl_preload_size; ++i) { + if (afl_preload[i] == ',') + PFATAL("Comma (',') is not allowed in AFL_PRELOAD when -Q is specified!"); } + if (qemu_preload) + buf = alloc_printf("%s,LD_PRELOAD=%s", qemu_preload, afl_preload); + else + buf = alloc_printf("LD_PRELOAD=%s", afl_preload); + setenv("QEMU_SET_ENV", buf, 1); + + ck_free(buf); } else { diff --git a/src/afl-showmap.c b/src/afl-showmap.c index b54ac2b0..0e3e5351 100644 --- a/src/afl-showmap.c +++ b/src/afl-showmap.c @@ -83,6 +83,8 @@ static volatile u8 stop_soon, /* Ctrl-C pressed? */ child_timed_out, /* Child timed out? */ child_crashed; /* Child crashed? */ +static u8 qemu_mode; + /* Classify tuple counts. Instead of mapping to individual bits, as in afl-fuzz.c, we map to more user-friendly numbers between 1 and 8. */ @@ -358,8 +360,33 @@ static void set_up_environment(void) { if (getenv("AFL_PRELOAD")) { - setenv("LD_PRELOAD", getenv("AFL_PRELOAD"), 1); - setenv("DYLD_INSERT_LIBRARIES", getenv("AFL_PRELOAD"), 1); + if (qemu_mode) { + + u8* qemu_preload = getenv("QEMU_SET_ENV"); + u8* afl_preload = getenv("AFL_PRELOAD"); + u8* buf; + + s32 i, afl_preload_size = strlen(afl_preload); + for (i = 0; i < afl_preload_size; ++i) { + if (afl_preload[i] == ',') + PFATAL("Comma (',') is not allowed in AFL_PRELOAD when -Q is specified!"); + } + + if (qemu_preload) + buf = alloc_printf("%s,LD_PRELOAD=%s", qemu_preload, afl_preload); + else + buf = alloc_printf("LD_PRELOAD=%s", afl_preload); + + setenv("QEMU_SET_ENV", buf, 1); + + ck_free(buf); + + } else { + + setenv("LD_PRELOAD", getenv("AFL_PRELOAD"), 1); + setenv("DYLD_INSERT_LIBRARIES", getenv("AFL_PRELOAD"), 1); + + } } @@ -498,7 +525,7 @@ static void find_binary(u8* fname) { int main(int argc, char** argv) { s32 opt; - u8 mem_limit_given = 0, timeout_given = 0, qemu_mode = 0, unicorn_mode = 0, + u8 mem_limit_given = 0, timeout_given = 0, unicorn_mode = 0, use_wine = 0; u32 tcnt = 0; char** use_argv; diff --git a/src/afl-tmin.c b/src/afl-tmin.c index a72e1dda..3230c952 100644 --- a/src/afl-tmin.c +++ b/src/afl-tmin.c @@ -96,6 +96,8 @@ static u8 crash_mode, /* Crash-centric mode? */ static volatile u8 stop_soon; /* Ctrl-C pressed? */ +static u8 qemu_mode; + /* * forkserver section */ @@ -882,8 +884,33 @@ static void set_up_environment(void) { if (getenv("AFL_PRELOAD")) { - setenv("LD_PRELOAD", getenv("AFL_PRELOAD"), 1); - setenv("DYLD_INSERT_LIBRARIES", getenv("AFL_PRELOAD"), 1); + if (qemu_mode) { + + u8* qemu_preload = getenv("QEMU_SET_ENV"); + u8* afl_preload = getenv("AFL_PRELOAD"); + u8* buf; + + s32 i, afl_preload_size = strlen(afl_preload); + for (i = 0; i < afl_preload_size; ++i) { + if (afl_preload[i] == ',') + PFATAL("Comma (',') is not allowed in AFL_PRELOAD when -Q is specified!"); + } + + if (qemu_preload) + buf = alloc_printf("%s,LD_PRELOAD=%s", qemu_preload, afl_preload); + else + buf = alloc_printf("LD_PRELOAD=%s", afl_preload); + + setenv("QEMU_SET_ENV", buf, 1); + + ck_free(buf); + + } else { + + setenv("LD_PRELOAD", getenv("AFL_PRELOAD"), 1); + setenv("DYLD_INSERT_LIBRARIES", getenv("AFL_PRELOAD"), 1); + + } } @@ -1026,7 +1053,7 @@ static void read_bitmap(u8* fname) { int main(int argc, char** argv) { s32 opt; - u8 mem_limit_given = 0, timeout_given = 0, qemu_mode = 0, unicorn_mode = 0, + u8 mem_limit_given = 0, timeout_given = 0, unicorn_mode = 0, use_wine = 0; char** use_argv; |