diff options
| author | vanhauser-thc <vh@thc.org> | 2022-02-08 20:15:48 +0100 |
|---|---|---|
| committer | vanhauser-thc <vh@thc.org> | 2022-02-08 20:15:48 +0100 |
| commit | cf853fb2494912a1c4b531ffcf302843266639b7 (patch) | |
| tree | 136fb71b40254cf04f8605ee4bf4638de6974fbe | |
| parent | fa628865c1d3b8d0cc4bc04efc516fc7b48b6a69 (diff) | |
| download | afl++-cf853fb2494912a1c4b531ffcf302843266639b7.tar.gz | |
reintroduce AFL_PERSISTENT and AFL_DEFER_FORKSRV
| -rw-r--r-- | docs/Changelog.md | 3 | ||||
| -rw-r--r-- | docs/env_variables.md | 10 | ||||
| -rw-r--r-- | frida_mode/src/entry.c | 1 | ||||
| -rw-r--r-- | src/afl-common.c | 22 | ||||
| -rw-r--r-- | src/afl-fuzz-init.c | 10 | ||||
| -rw-r--r-- | src/afl-fuzz-state.c | 8 | ||||
| -rw-r--r-- | src/afl-fuzz.c | 24 |
7 files changed, 33 insertions, 45 deletions
diff --git a/docs/Changelog.md b/docs/Changelog.md index bdb2dda3..142b85b3 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -14,6 +14,9 @@ sending a mail to <afl-users+subscribe@googlegroups.com>. - afl-fuzz: - new commandline options -g/G to set min/max length of generated fuzz inputs + - reintroduced AFL_PERSISTENT and AFL_DEFER_FORKSRV to allow + persistent mode and manual forkserver support if these are not + in the target binary (e.g. are in a shared library) - frida_mode: - update to new frida release, handles now c++ throw/catch diff --git a/docs/env_variables.md b/docs/env_variables.md index f7ad4ff9..06c08f31 100644 --- a/docs/env_variables.md +++ b/docs/env_variables.md @@ -532,9 +532,13 @@ checks or alter some of the more exotic semantics of the tool: - Setting `AFL_TRY_AFFINITY` tries to attempt binding to a specific CPU core on Linux systems, but will not terminate if that fails. - - Outdated environment variables that are not supported anymore: - - `AFL_DEFER_FORKSRV` - - `AFL_PERSISTENT` + - The following environment variables are only needed if you implemented + your own forkserver or persistent mode, or if __AFL_LOOP or __AFL_INIT + are in a shared library and not the main binary: + - `AFL_DEFER_FORKSRV` enforces a deferred forkserver even if none was + detected in the target binary + - `AFL_PERSISTENT` enforces persistent mode even if none was detected + in the target binary ## 5) Settings for afl-qemu-trace diff --git a/frida_mode/src/entry.c b/frida_mode/src/entry.c index 5d9bcaaf..05af7ebb 100644 --- a/frida_mode/src/entry.c +++ b/frida_mode/src/entry.c @@ -84,6 +84,7 @@ void entry_start(void) { stalker_trust(); } + if (entry_point == 0) { entry_launch(); } } diff --git a/src/afl-common.c b/src/afl-common.c index e684302a..7c074acc 100644 --- a/src/afl-common.c +++ b/src/afl-common.c @@ -63,8 +63,7 @@ u32 check_binary_signatures(u8 *fn) { if (f_data == MAP_FAILED) { PFATAL("Unable to mmap file '%s'", fn); } close(fd); - if (memmem(f_data, f_len, PERSIST_SIG, strlen(PERSIST_SIG) + 1) || - getenv(PERSIST_ENV_VAR)) { + if (memmem(f_data, f_len, PERSIST_SIG, strlen(PERSIST_SIG) + 1)) { if (!be_quiet) { OKF(cPIN "Persistent mode binary detected."); } setenv(PERSIST_ENV_VAR, "1", 1); @@ -72,11 +71,9 @@ u32 check_binary_signatures(u8 *fn) { } else if (getenv("AFL_PERSISTENT")) { - if (!be_quiet) { - - WARNF("AFL_PERSISTENT is no longer supported and may misbehave!"); - - } + if (!be_quiet) { OKF(cPIN "Persistent mode enforced."); } + setenv(PERSIST_ENV_VAR, "1", 1); + ret = 1; } else if (getenv("AFL_FRIDA_PERSISTENT_ADDR")) { @@ -91,8 +88,7 @@ u32 check_binary_signatures(u8 *fn) { } - if (memmem(f_data, f_len, DEFER_SIG, strlen(DEFER_SIG) + 1) || - getenv(DEFER_ENV_VAR)) { + if (memmem(f_data, f_len, DEFER_SIG, strlen(DEFER_SIG) + 1)) { if (!be_quiet) { OKF(cPIN "Deferred forkserver binary detected."); } setenv(DEFER_ENV_VAR, "1", 1); @@ -100,11 +96,9 @@ u32 check_binary_signatures(u8 *fn) { } else if (getenv("AFL_DEFER_FORKSRV")) { - if (!be_quiet) { - - WARNF("AFL_DEFER_FORKSRV is no longer supported and may misbehave!"); - - } + if (!be_quiet) { OKF(cPIN "Deferred forkserver enforced."); } + setenv(DEFER_ENV_VAR, "1", 1); + ret += 2; } diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index 45f28d4b..05a654c8 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -2822,7 +2822,11 @@ void check_binary(afl_state_t *afl, u8 *fname) { } else if (getenv("AFL_PERSISTENT")) { - WARNF("AFL_PERSISTENT is no longer supported and may misbehave!"); + OKF(cPIN "Persistent mode enforced."); + setenv(PERSIST_ENV_VAR, "1", 1); + afl->persistent_mode = 1; + afl->fsrv.persistent_mode = 1; + afl->shmem_testcase_mode = 1; } else if (getenv("AFL_FRIDA_PERSISTENT_ADDR")) { @@ -2843,7 +2847,9 @@ void check_binary(afl_state_t *afl, u8 *fname) { } else if (getenv("AFL_DEFER_FORKSRV")) { - WARNF("AFL_DEFER_FORKSRV is no longer supported and may misbehave!"); + OKF(cPIN "Deferred forkserver enforced."); + setenv(DEFER_ENV_VAR, "1", 1); + afl->deferred_mode = 1; } diff --git a/src/afl-fuzz-state.c b/src/afl-fuzz-state.c index 115e62de..129e4c8b 100644 --- a/src/afl-fuzz-state.c +++ b/src/afl-fuzz-state.c @@ -486,15 +486,15 @@ void read_afl_environment(afl_state_t *afl, char **envp) { afl_environment_variable_len)) { - afl->min_length = atoi( - (u8 *)get_afl_env(afl_environment_variables[i])); + afl->min_length = + atoi((u8 *)get_afl_env(afl_environment_variables[i])); } else if (!strncmp(env, "AFL_INPUT_LEN_MAX", afl_environment_variable_len)) { - afl->max_length = atoi( - (u8 *)get_afl_env(afl_environment_variables[i])); + afl->max_length = + atoi((u8 *)get_afl_env(afl_environment_variables[i])); } diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 7e3b3c94..c923cc9d 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -294,8 +294,8 @@ static void usage(u8 *argv0, int more_help) { " 'signalfx' and 'influxdb'\n" "AFL_TESTCACHE_SIZE: use a cache for testcases, improves performance (in MB)\n" "AFL_TMPDIR: directory to use for input file generation (ramdisk recommended)\n" - //"AFL_PERSISTENT: not supported anymore -> no effect, just a warning\n" - //"AFL_DEFER_FORKSRV: not supported anymore -> no effect, just a warning\n" + "AFL_PERSISTENT: enforce persistent mode (if __AFL_LOOP is in a shared lib\n" + "AFL_DEFER_FORKSRV: enforced deferred forkserver (__AFL_INIT is in a .so\n" "\n" ); @@ -1920,26 +1920,6 @@ int main(int argc, char **argv_orig, char **envp) { check_binary(afl, argv[optind]); - if (getenv(PERSIST_ENV_VAR) && !afl->persistent_mode) { - - WARNF( - "Persistent mode environment variable detected, forcing persistent " - "mode!"); - afl->persistent_mode = 1; - afl->fsrv.persistent_mode = 1; - afl->shmem_testcase_mode = 1; - - } - - if (getenv(DEFER_ENV_VAR) && !afl->deferred_mode) { - - WARNF( - "Deferred forkserver mode environment variable detected, forcing " - "deferred forkserver!"); - afl->deferred_mode = 1; - - } - #ifdef AFL_PERSISTENT_RECORD if (unlikely(afl->fsrv.persistent_record)) { |