diff options
| author | van Hauser <vh@thc.org> | 2019-12-03 01:40:41 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-12-03 01:40:41 +0100 |
| commit | 4231c498392484fd2187b9ed1dedb1ba7bc0958b (patch) | |
| tree | 366586c4ceef17998670a8c2d978869bdac64d56 /qemu_mode | |
| parent | b0d590fef4acb4b002429e4aec195e5740122494 (diff) | |
| parent | ef2dc98773c55eb09e4c1a588fb74df58570f868 (diff) | |
| download | afl++-4231c498392484fd2187b9ed1dedb1ba7bc0958b.tar.gz | |
Merge branch 'master' into llvm_mode_build_fix
Diffstat (limited to 'qemu_mode')
| -rw-r--r-- | qemu_mode/libcompcov/libcompcov.so.c | 143 | ||||
| -rw-r--r-- | qemu_mode/patches/afl-qemu-cpu-inl.h | 6 | ||||
| -rw-r--r-- | qemu_mode/patches/afl-qemu-floats.h | 40 |
3 files changed, 169 insertions, 20 deletions
diff --git a/qemu_mode/libcompcov/libcompcov.so.c b/qemu_mode/libcompcov/libcompcov.so.c index df9dd350..dee8cfda 100644 --- a/qemu_mode/libcompcov/libcompcov.so.c +++ b/qemu_mode/libcompcov/libcompcov.so.c @@ -19,13 +19,16 @@ */ +#ifndef _GNU_SOURCE #define _GNU_SOURCE +#endif #include <dlfcn.h> #include <stdio.h> #include <string.h> #include <ctype.h> #include <sys/types.h> #include <sys/shm.h> +#include <stdbool.h> #include "types.h" #include "config.h" @@ -335,6 +338,146 @@ int memcmp(const void* mem1, const void* mem2, size_t len) { } +// TODO bcmp + +/* Common libraries wrappers (from honggfuzz) */ + +/* + * Apache's httpd wrappers + */ +int ap_cstr_casecmp(const char* s1, const char* s2) { + + return strcasecmp(s1, s2); + +} + +int ap_cstr_casecmpn(const char* s1, const char* s2, size_t n) { + + return strncasecmp(s1, s2, n); + +} + +int apr_cstr_casecmp(const char* s1, const char* s2) { + + return strcasecmp(s1, s2); + +} + +int apr_cstr_casecmpn(const char* s1, const char* s2, size_t n) { + + return strncasecmp(s1, s2, n); + +} + +/* + * *SSL wrappers + */ +int CRYPTO_memcmp(const void* m1, const void* m2, size_t len) { + + return memcmp(m1, m2, len); + +} + +int OPENSSL_memcmp(const void* m1, const void* m2, size_t len) { + + return memcmp(m1, m2, len); + +} + +int OPENSSL_strcasecmp(const char* s1, const char* s2) { + + return strcasecmp(s1, s2); + +} + +int OPENSSL_strncasecmp(const char* s1, const char* s2, size_t len) { + + return strncasecmp(s1, s2, len); + +} + +int32_t memcmpct(const void* s1, const void* s2, size_t len) { + + return memcmp(s1, s2, len); + +} + +/* + * libXML wrappers + */ +int xmlStrncmp(const char* s1, const char* s2, int len) { + + if (len <= 0) { return 0; } + if (s1 == s2) { return 0; } + if (s1 == NULL) { return -1; } + if (s2 == NULL) { return 1; } + return strncmp(s1, s2, (size_t)len); + +} + +int xmlStrcmp(const char* s1, const char* s2) { + + if (s1 == s2) { return 0; } + if (s1 == NULL) { return -1; } + if (s2 == NULL) { return 1; } + return strcmp(s1, s2); + +} + +int xmlStrEqual(const char* s1, const char* s2) { + + if (s1 == s2) { return 1; } + if (s1 == NULL) { return 0; } + if (s2 == NULL) { return 0; } + if (strcmp(s1, s2) == 0) { return 1; } + return 0; + +} + +int xmlStrcasecmp(const char* s1, const char* s2) { + + if (s1 == s2) { return 0; } + if (s1 == NULL) { return -1; } + if (s2 == NULL) { return 1; } + return strcasecmp(s1, s2); + +} + +int xmlStrncasecmp(const char* s1, const char* s2, int len) { + + if (len <= 0) { return 0; } + if (s1 == s2) { return 0; } + if (s1 == NULL) { return -1; } + if (s2 == NULL) { return 1; } + return strncasecmp(s1, s2, (size_t)len); + +} + +const char* xmlStrcasestr(const char* haystack, const char* needle) { + + if (haystack == NULL) { return NULL; } + if (needle == NULL) { return NULL; } + return strcasestr(haystack, needle); + +} + +/* + * Samba wrappers + */ +int memcmp_const_time(const void* s1, const void* s2, size_t n) { + + return memcmp(s1, s2, n); + +} + +bool strcsequal(const void* s1, const void* s2) { + + if (s1 == s2) { return true; } + if (!s1 || !s2) { return false; } + return (strcmp(s1, s2) == 0); + +} + /* Init code to open init the library. */ __attribute__((constructor)) void __compcov_init(void) { diff --git a/qemu_mode/patches/afl-qemu-cpu-inl.h b/qemu_mode/patches/afl-qemu-cpu-inl.h index 7c6d3341..70f5ef9d 100644 --- a/qemu_mode/patches/afl-qemu-cpu-inl.h +++ b/qemu_mode/patches/afl-qemu-cpu-inl.h @@ -83,8 +83,8 @@ __thread abi_ulong afl_prev_loc; /* Set in the child process in forkserver mode: */ -static int forkserver_installed = 0; -static int disable_caching = 0; +static int forkserver_installed = 0; +static int disable_caching = 0; unsigned char afl_fork_child; unsigned int afl_forksrv_pid; @@ -207,7 +207,7 @@ static void afl_setup(void) { behaviour, and seems to work alright? */ rcu_disable_atfork(); - + disable_caching = getenv("AFL_QEMU_DISABLE_CACHE") != NULL; is_persistent = getenv("AFL_QEMU_PERSISTENT_ADDR") != NULL; diff --git a/qemu_mode/patches/afl-qemu-floats.h b/qemu_mode/patches/afl-qemu-floats.h index 0b2ac2ae..7fea04e7 100644 --- a/qemu_mode/patches/afl-qemu-floats.h +++ b/qemu_mode/patches/afl-qemu-floats.h @@ -35,24 +35,30 @@ #include "afl-qemu-common.h" union afl_float32 { + float32 f; struct { - u64 sign : 1; - u64 exp : 7; + + u64 sign : 1; + u64 exp : 7; u64 frac : 24; + }; -}; +}; union afl_float64 { + float64 f; struct { - u64 sign : 1; - u64 exp : 11; + + u64 sign : 1; + u64 exp : 11; u64 frac : 52; + }; -}; +}; // TODO 16 and 128 bits floats // TODO figure out why float*_unpack_canonical does not work @@ -65,11 +71,11 @@ void afl_float_compcov_log_32(target_ulong cur_loc, float32 arg1, float32 arg2, if (cur_loc >= afl_inst_rms) return; - //float_status* s = (float_status*)status; - //FloatParts a = float32_unpack_canonical(arg1, s); - //FloatParts b = float32_unpack_canonical(arg2, s); - union afl_float32 a = { .f = arg1 }; - union afl_float32 b = { .f = arg2 }; + // float_status* s = (float_status*)status; + // FloatParts a = float32_unpack_canonical(arg1, s); + // FloatParts b = float32_unpack_canonical(arg2, s); + union afl_float32 a = {.f = arg1}; + union afl_float32 b = {.f = arg2}; // if (is_nan(a.cls) || is_nan(b.cls)) return; @@ -97,11 +103,11 @@ void afl_float_compcov_log_64(target_ulong cur_loc, float64 arg1, float64 arg2, if (cur_loc >= afl_inst_rms) return; - //float_status* s = (float_status*)status; - //FloatParts a = float64_unpack_canonical(arg1, s); - //FloatParts b = float64_unpack_canonical(arg2, s); - union afl_float64 a = { .f = arg1 }; - union afl_float64 b = { .f = arg2 }; + // float_status* s = (float_status*)status; + // FloatParts a = float64_unpack_canonical(arg1, s); + // FloatParts b = float64_unpack_canonical(arg2, s); + union afl_float64 a = {.f = arg1}; + union afl_float64 b = {.f = arg2}; // if (is_nan(a.cls) || is_nan(b.cls)) return; @@ -196,7 +202,7 @@ void afl_float_compcov_log_80(target_ulong cur_loc, floatx80 arg1, if ((arg1.low & 0xff00) == (arg2.low & 0xff00)) { INC_AFL_AREA(idx + 9); - //if ((arg1.low & 0xff) == (arg2.low & 0xff)) + // if ((arg1.low & 0xff) == (arg2.low & 0xff)) // INC_AFL_AREA(idx + 10); } |