diff options
| author | Nils Bars <nils.bars@rub.de> | 2022-10-21 12:13:43 +0200 |
|---|---|---|
| committer | Nils Bars <nils.bars@rub.de> | 2022-10-21 12:47:00 +0200 |
| commit | 7512316b46a25180729ff8c568a6061a0ab19fea (patch) | |
| tree | 81db6020d1d6e1c8d8f050fe647a25c79f1dd37d /src | |
| parent | f84ea696606b3dd6ae40006e5efb9f178651e916 (diff) | |
| download | afl++-7512316b46a25180729ff8c568a6061a0ab19fea.tar.gz | |
Add AFL_FORK_SERVER_KILL_SIGNAL environment variable.
The AFL_FORK_SERVER_KILL_SIGNAL variable allows to configure the signal
used to kill the fork server on termination.
Diffstat (limited to 'src')
| -rw-r--r-- | src/afl-analyze.c | 5 | ||||
| -rw-r--r-- | src/afl-common.c | 33 | ||||
| -rw-r--r-- | src/afl-forkserver.c | 4 | ||||
| -rw-r--r-- | src/afl-fuzz-state.c | 10 | ||||
| -rw-r--r-- | src/afl-fuzz.c | 4 | ||||
| -rw-r--r-- | src/afl-showmap.c | 6 | ||||
| -rw-r--r-- | src/afl-tmin.c | 7 |
7 files changed, 36 insertions, 33 deletions
diff --git a/src/afl-analyze.c b/src/afl-analyze.c index f21acd7f..cbcd2ede 100644 --- a/src/afl-analyze.c +++ b/src/afl-analyze.c @@ -1116,7 +1116,10 @@ int main(int argc, char **argv_orig, char **envp) { } fsrv.child_kill_signal = - parse_afl_kill_signal_env(getenv("AFL_KILL_SIGNAL"), SIGKILL); + parse_afl_kill_signal(getenv("AFL_KILL_SIGNAL"), SIGKILL); + fsrv.fsrv_kill_signal = + parse_afl_kill_signal(getenv("AFL_FORK_SERVER_KILL_SIGNAL"), SIGTERM); + read_initial_file(); (void)check_binary_signatures(fsrv.target_path); diff --git a/src/afl-common.c b/src/afl-common.c index f3e78ac5..75b463ed 100644 --- a/src/afl-common.c +++ b/src/afl-common.c @@ -456,38 +456,24 @@ u8 *find_afl_binary(u8 *own_loc, u8 *fname) { } -/* Parses the kill signal environment variable, FATALs on error. - If the env is not set, sets the env to default_signal for the signal handlers - and returns the default_signal. */ -int parse_afl_kill_signal_env(u8 *afl_kill_signal_env, int default_signal) { - if (afl_kill_signal_env && afl_kill_signal_env[0]) { +int parse_afl_kill_signal(u8 *numeric_signal_as_str, int default_signal) { + + if (numeric_signal_as_str && numeric_signal_as_str[0]) { char *endptr; u8 signal_code; - signal_code = (u8)strtoul(afl_kill_signal_env, &endptr, 10); + signal_code = (u8)strtoul(numeric_signal_as_str, &endptr, 10); /* Did we manage to parse the full string? */ - if (*endptr != '\0' || endptr == (char *)afl_kill_signal_env) { - - FATAL("Invalid AFL_KILL_SIGNAL: %s (expected unsigned int)", - afl_kill_signal_env); - + if (*endptr != '\0' || endptr == (char *)numeric_signal_as_str) { + FATAL("Invalid signal name: %s", numeric_signal_as_str); + } else { + return signal_code; } - return signal_code; - - } else { - - char *sigstr = alloc_printf("%d", default_signal); - if (!sigstr) { FATAL("Failed to alloc mem for signal buf"); } - - /* Set the env for signal handler */ - setenv("AFL_KILL_SIGNAL", sigstr, 1); - free(sigstr); - return default_signal; - } + return default_signal; } static inline unsigned int helper_min3(unsigned int a, unsigned int b, @@ -1253,4 +1239,3 @@ s32 create_file(u8 *fn) { return fd; } - diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index 71da7fde..72db3c2e 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -1245,8 +1245,8 @@ void afl_fsrv_kill(afl_forkserver_t *fsrv) { if (fsrv->child_pid > 0) { kill(fsrv->child_pid, fsrv->child_kill_signal); } if (fsrv->fsrv_pid > 0) { - kill(fsrv->fsrv_pid, SIGTERM); - if (waitpid(fsrv->fsrv_pid, NULL, 0) <= 0) { WARNF("error waitpid\n"); } + kill(fsrv->fsrv_pid, fsrv->fsrv_kill_signal); + waitpid(fsrv->fsrv_pid, NULL, 0); } diff --git a/src/afl-fuzz-state.c b/src/afl-fuzz-state.c index 8bbef87c..ae6cb6c7 100644 --- a/src/afl-fuzz-state.c +++ b/src/afl-fuzz-state.c @@ -485,10 +485,15 @@ void read_afl_environment(afl_state_t *afl, char **envp) { #endif } else if (!strncmp(env, "AFL_KILL_SIGNAL", + afl_environment_variable_len)) { + + afl->afl_env.afl_child_kill_signal = + (u8 *)get_afl_env(afl_environment_variables[i]); + } else if (!strncmp(env, "AFL_FORK_SERVER_KILL_SIGNAL", afl_environment_variable_len)) { - afl->afl_env.afl_kill_signal = + afl->afl_env.afl_fsrv_kill_signal = (u8 *)get_afl_env(afl_environment_variables[i]); } else if (!strncmp(env, "AFL_TARGET_ENV", @@ -657,8 +662,7 @@ void afl_states_stop(void) { /* NOTE: We need to make sure that the parent (the forkserver) reap the child (see below). */ if (el->fsrv.child_pid > 0) kill(el->fsrv.child_pid, el->fsrv.child_kill_signal); if (el->fsrv.fsrv_pid > 0) { - /* This must be SIGTERM, to allow the forkserver to reap the child before exiting. */ - kill(el->fsrv.fsrv_pid, SIGTERM); + kill(el->fsrv.fsrv_pid, el->fsrv.fsrv_kill_signal); /* Make sure the forkserver does not end up as zombie. */ waitpid(el->fsrv.fsrv_pid, NULL, 0); } diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index c9eeeca1..573a6b42 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -1359,7 +1359,9 @@ int main(int argc, char **argv_orig, char **envp) { #endif afl->fsrv.child_kill_signal = - parse_afl_kill_signal_env(afl->afl_env.afl_kill_signal, SIGKILL); + parse_afl_kill_signal(afl->afl_env.afl_child_kill_signal, SIGKILL); + afl->fsrv.fsrv_kill_signal = + parse_afl_kill_signal(afl->afl_env.afl_fsrv_kill_signal, SIGTERM); setup_signal_handlers(); check_asan_opts(afl); diff --git a/src/afl-showmap.c b/src/afl-showmap.c index 730a4ff1..80a9e766 100644 --- a/src/afl-showmap.c +++ b/src/afl-showmap.c @@ -866,6 +866,8 @@ static void usage(u8 *argv0) { "startup (in milliseconds)\n" "AFL_KILL_SIGNAL: Signal ID delivered to child processes on timeout, " "etc. (default: SIGKILL)\n" + "AFL_FORK_SERVER_KILL_SIGNAL: Signal delivered to fork server processes on termination" + " (default: SIGTERM)\n" "AFL_MAP_SIZE: the shared memory size for that target. must be >= the " "size the target was compiled for\n" "AFL_PRELOAD: LD_PRELOAD / DYLD_INSERT_LIBRARIES settings for target\n" @@ -1259,7 +1261,9 @@ int main(int argc, char **argv_orig, char **envp) { be_quiet = save_be_quiet; fsrv->child_kill_signal = - parse_afl_kill_signal_env(getenv("AFL_KILL_SIGNAL"), SIGKILL); + parse_afl_kill_signal(getenv("AFL_KILL_SIGNAL"), SIGKILL); + fsrv->fsrv_kill_signal = + parse_afl_kill_signal(getenv("AFL_FORK_SERVER_KILL_SIGNAL"), SIGTERM); if (new_map_size) { diff --git a/src/afl-tmin.c b/src/afl-tmin.c index e2145c32..d4660eb1 100644 --- a/src/afl-tmin.c +++ b/src/afl-tmin.c @@ -881,6 +881,8 @@ static void usage(u8 *argv0) { "AFL_CRASH_EXITCODE: optional child exit code to be interpreted as crash\n" "AFL_FORKSRV_INIT_TMOUT: time spent waiting for forkserver during startup (in milliseconds)\n" "AFL_KILL_SIGNAL: Signal ID delivered to child processes on timeout, etc. (default: SIGKILL)\n" + "AFL_FORK_SERVER_KILL_SIGNAL: Signal delivered to fork server processes on termination\n" + " (default: SIGTERM)\n" "AFL_MAP_SIZE: the shared memory size for that target. must be >= the size\n" " the target was compiled for\n" "AFL_PRELOAD: LD_PRELOAD / DYLD_INSERT_LIBRARIES settings for target\n" @@ -1196,7 +1198,10 @@ int main(int argc, char **argv_orig, char **envp) { } fsrv->child_kill_signal = - parse_afl_kill_signal_env(getenv("AFL_KILL_SIGNAL"), SIGKILL); + parse_afl_kill_signal(getenv("AFL_KILL_SIGNAL"), SIGKILL); + fsrv->fsrv_kill_signal = + parse_afl_kill_signal(getenv("AFL_FORK_SERVER_KILL_SIGNAL"), SIGTERM); + if (getenv("AFL_CRASH_EXITCODE")) { |