diff options
| author | hexcoder- <heiko@hexco.de> | 2019-09-28 18:03:42 +0200 |
|---|---|---|
| committer | hexcoder- <heiko@hexco.de> | 2019-09-28 18:03:42 +0200 |
| commit | b89d10025d75aadbc2eff6e5a8e91b5de9066a1e (patch) | |
| tree | b52c430ef909e9babbb81b2fb349a21521f70c1f | |
| parent | edb33cba0c8992815685f101b81862c7c6ed891e (diff) | |
| parent | 783e5fa42f4560c6f82ea4c2f51719e9a1219548 (diff) | |
| download | afl++-b89d10025d75aadbc2eff6e5a8e91b5de9066a1e.tar.gz | |
Merge branch 'master' of https://github.com/vanhauser-thc/AFLplusplus
| -rw-r--r-- | .gitignore | 13 | ||||
| -rw-r--r-- | Makefile | 2 | ||||
| -rwxr-xr-x | afl-system-config | 8 | ||||
| -rw-r--r-- | llvm_mode/Makefile | 2 | ||||
| -rwxr-xr-x | test/test.sh | 58 |
5 files changed, 64 insertions, 19 deletions
diff --git a/.gitignore b/.gitignore index 43b8ad4b..f7907c76 100644 --- a/.gitignore +++ b/.gitignore @@ -17,6 +17,19 @@ afl-gotcpu afl-qemu-trace afl-showmap afl-tmin +afl-analyze.8 +afl-clang-fast++.8 +afl-clang-fast.8 +afl-cmin.8 +afl-fuzz.8 +afl-gcc.8 +afl-gotcpu.8 +afl-plot.8 +afl-showmap.8 +afl-system-config.8 +afl-tmin.8 +afl-whatsup.8 +qemu_mode/libcompcov/compcovtest as qemu_mode/qemu-* unicorn_mode/unicorn diff --git a/Makefile b/Makefile index 42c6d737..a978fb65 100644 --- a/Makefile +++ b/Makefile @@ -250,7 +250,7 @@ binary-only: all cd unicorn_mode && sh ./build_unicorn_support.sh source-only: all - $(MAKE) -C llvm_mode + -$(MAKE) -C llvm_mode $(MAKE) -C libdislocator $(MAKE) -C libtokencap diff --git a/afl-system-config b/afl-system-config index 6a495f0a..5e3103b6 100755 --- a/afl-system-config +++ b/afl-system-config @@ -48,5 +48,13 @@ if [ "$PLATFORM" = "OpenBSD" ] ; then echo echo 'System security features cannot be disabled on OpenBSD.' fi +if [ "$PLATFORM" = "Darwin" ] ; then + if [ $(launchctl list 2>/dev/null | grep -q '\.ReportCrash$') ] ; then +echo We unload the default crash reporter here +SL=/System/Library; PL=com.apple.ReportCrash +launchctl unload -w ${SL}/LaunchAgents/${PL}.plist +sudo launchctl unload -w ${SL}/LaunchDaemons/${PL}.Root.plist + fi +fi echo echo Also use AFL_TMPDIR to use a tmpfs for the input file diff --git a/llvm_mode/Makefile b/llvm_mode/Makefile index a6adc807..7f2cc870 100644 --- a/llvm_mode/Makefile +++ b/llvm_mode/Makefile @@ -46,7 +46,7 @@ endif # this is not visible yet: ifeq "$(LLVM_MAJOR)" "9" - $(info llvm_mode deteted llvm 9, enabling neverZero implementation) + $(info llvm_mode detected llvm 9, enabling neverZero implementation) endif CFLAGS ?= -O3 -funroll-loops diff --git a/test/test.sh b/test/test.sh index 00509c8e..1e094f3c 100755 --- a/test/test.sh +++ b/test/test.sh @@ -39,6 +39,13 @@ unset AFL_LLVM_LAF_SPLIT_SWITCHES unset AFL_LLVM_LAF_TRANSFORM_COMPARES unset AFL_LLVM_LAF_SPLIT_COMPARES +# on MacOS X we prefer afl-clang over afl-gcc, because +# afl-gcc does not work there +test `uname -s` = 'Darwin' && { +AFL_GCC=afl-clang +} || { +AFL_GCC=afl-gcc +} GREY="\\033[1;90m" BLUE="\\033[1;94m" GREEN="\\033[0;32m" @@ -50,38 +57,47 @@ MEM_LIMIT=150 $ECHO "${RESET}${GREY}[*] starting afl++ test framework ..." -$ECHO "$BLUE[*] Testing: afl-gcc, afl-showmap and afl-fuzz" -test -e ../afl-gcc -a -e ../afl-showmap -a -e ../afl-fuzz && { - ../afl-gcc -o test-instr.plain ../test-instr.c > /dev/null 2>&1 - AFL_HARDEN=1 ../afl-gcc -o test-instr.harden ../test-instr.c > /dev/null 2>&1 +$ECHO "$BLUE[*] Testing: ${AFL_GCC}, afl-showmap and afl-fuzz" +test -e ../${AFL_GCC} -a -e ../afl-showmap -a -e ../afl-fuzz && { + ../${AFL_GCC} -o test-instr.plain ../test-instr.c > /dev/null 2>&1 + AFL_HARDEN=1 ../${AFL_GCC} -o test-instr.harden ../test-instr.c > /dev/null 2>&1 test -e test-instr.plain && { - $ECHO "$GREEN[+] afl-gcc compilation succeeded" + $ECHO "$GREEN[+] ${AFL_GCC} compilation succeeded" echo 0 | ../afl-showmap -m ${MEM_LIMIT} -o test-instr.plain.0 -r -- ./test-instr.plain > /dev/null 2>&1 ../afl-showmap -m ${MEM_LIMIT} -o test-instr.plain.1 -r -- ./test-instr.plain < /dev/null > /dev/null 2>&1 test -e test-instr.plain.0 -a -e test-instr.plain.1 && { diff -q test-instr.plain.0 test-instr.plain.1 > /dev/null 2>&1 && { - $ECHO "$RED[!] afl-gcc instrumentation should be different on different input but is not" - } || $ECHO "$GREEN[+] afl-gcc instrumentation present and working correctly" - } || $ECHO "$RED[!] afl-gcc instrumentation failed" + $ECHO "$RED[!] ${AFL_GCC} instrumentation should be different on different input but is not" + } || $ECHO "$GREEN[+] ${AFL_GCC} instrumentation present and working correctly" + } || $ECHO "$RED[!] ${AFL_GCC} instrumentation failed" rm -f test-instr.plain.0 test-instr.plain.1 - } || $ECHO "$RED[!] afl-gcc failed" + } || $ECHO "$RED[!] ${AFL_GCC} failed" test -e test-instr.harden && { grep -qa fstack-protector-all test-instr.harden > /dev/null 2>&1 && { - $ECHO "$GREEN[+] afl-gcc hardened mode succeeded and is working" - } || $ECHO "$RED[!] afl-gcc hardened mode is not hardened" + $ECHO "$GREEN[+] ${AFL_GCC} hardened mode succeeded and is working" + } || $ECHO "$RED[!] ${AFL_GCC} hardened mode is not hardened" rm -f test-instr.harden - } || $ECHO "$RED[!] afl-gcc hardened mode compilation failed" + } || $ECHO "$RED[!] ${AFL_GCC} hardened mode compilation failed" # now we want to be sure that afl-fuzz is working - { + # make sure core_pattern is set to core on linux + (test "$(uname -s)" = "Linux" && test "$(sysctl kernel.core_pattern)" != "kernel.core_pattern = core" && { + $ECHO "$RED[!] we cannot run afl-fuzz with enabled core dumps. Run 'sudo sh afl-system-config'.$RESET" + true + }) || + # make sure crash reporter is disabled on Mac OS X + (test "$(uname -s)" = "Darwin" && test $(launchctl list 2>/dev/null | grep -q '\.ReportCrash$') && { + $ECHO "$RED[!] we cannot run afl-fuzz with enabled crash reporter. Run 'sudo sh afl-system-config'.$RESET" + true + }) || { mkdir -p in echo 0 > in/in - $ECHO "$GREY[*] running afl-fuzz for afl-gcc, this will take approx 10 seconds" + $ECHO "$GREY[*] running afl-fuzz for ${AFL_GCC}, this will take approx 10 seconds" { ../afl-fuzz -V10 -m ${MEM_LIMIT} -i in -o out -- ./test-instr.plain > /dev/null 2>&1 } > /dev/null 2>&1 test -n "$( ls out/queue/id:000002* 2> /dev/null )" && { - $ECHO "$GREEN[+] afl-fuzz is working correctly with afl-gcc" - } || $ECHO "$RED[!] afl-fuzz is not working correctly with afl-gcc" + $ECHO "$GREEN[+] afl-fuzz is working correctly with ${AFL_GCC}" + } || $ECHO "$RED[!] afl-fuzz is not working correctly with ${AFL_GCC}" rm -rf in out } rm -f test-instr.plain @@ -109,7 +125,15 @@ test -e ../afl-clang-fast && { rm -f test-compcov.harden } || $ECHO "$RED[!] llvm_mode hardened mode compilation failed" # now we want to be sure that afl-fuzz is working - { + (test "$(uname -s)" = "Linux" && test "$(sysctl kernel.core_pattern)" != "kernel.core_pattern = core" && { + $ECHO "$RED[!] we cannot run afl-fuzz with enabled core dumps. Run 'sudo sh afl-system-config'.$RESET" + true + }) || + # make sure crash reporter is disabled on Mac OS X + (test "$(uname -s)" = "Darwin" && test $(launchctl list 2>/dev/null | grep -q '\.ReportCrash$') && { + $ECHO "$RED[!] we cannot run afl-fuzz with enabled crash reporter. Run 'sudo sh afl-system-config'.$RESET" + true + }) || { mkdir -p in echo 0 > in/in $ECHO "$GREY[*] running afl-fuzz for llvm_mode, this will take approx 10 seconds" |