diff options
| author | Sergej Schumilo <sergej@schumilo.de> | 2024-09-14 03:51:20 +0200 |
|---|---|---|
| committer | Sergej Schumilo <sergej@schumilo.de> | 2024-09-14 03:51:20 +0200 |
| commit | 1d6cd5dd199e0c745aaca05b465286bf63d5ebc2 (patch) | |
| tree | c49d1b5d225bee73faa7c3d8ebbc97386c4da898 /src | |
| parent | 7e9abf1bba84e74280168a095bd2a6c5405d1a72 (diff) | |
| download | afl++-1d6cd5dd199e0c745aaca05b465286bf63d5ebc2.tar.gz | |
fix AFL_AUTORESUME=1 for Nyx mode
Diffstat (limited to 'src')
| -rw-r--r-- | src/afl-forkserver.c | 16 | ||||
| -rw-r--r-- | src/afl-fuzz-stats.c | 11 | ||||
| -rw-r--r-- | src/afl-fuzz.c | 17 |
3 files changed, 43 insertions, 1 deletions
diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index c7c493cf..ae3c7ccc 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -136,6 +136,12 @@ nyx_plugin_handler_t *afl_load_libnyx_plugin(u8 *libnyx_binary) { dlsym(handle, "nyx_config_set_aux_buffer_size"); if (plugin->nyx_config_set_aux_buffer_size == NULL) { goto fail; } + plugin->nyx_get_target_hash64 = dlsym(handle, "nyx_get_target_hash64"); + if (plugin->nyx_get_target_hash64 == NULL) { goto fail; } + + plugin->nyx_config_free = dlsym(handle, "nyx_config_free"); + if (plugin->nyx_get_target_hash64 == NULL) { goto fail; } + OKF("libnyx plugin is ready!"); return plugin; @@ -224,6 +230,7 @@ void afl_fsrv_init(afl_forkserver_t *fsrv) { fsrv->nyx_use_tmp_workdir = false; fsrv->nyx_tmp_workdir_path = NULL; fsrv->nyx_log_fd = -1; + fsrv->nyx_target_hash64 = 0; #endif // this structure needs default so we initialize it if this was not done @@ -527,6 +534,15 @@ static void report_error_and_exit(int error) { } +#ifdef __linux__ +void nyx_load_target_hash(afl_forkserver_t *fsrv) { + void *nyx_config = fsrv->nyx_handlers->nyx_config_load(fsrv->target_path); + fsrv->nyx_target_hash64 = fsrv->nyx_handlers->nyx_get_target_hash64(nyx_config); + fsrv->nyx_handlers->nyx_config_free(nyx_config); +} +#endif + + /* Spins up fork server. The idea is explained here: https://lcamtuf.blogspot.com/2014/10/fuzzing-binaries-without-execve.html diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index 9f5f59c0..b1a84cb6 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -80,7 +80,18 @@ void write_setup_file(afl_state_t *afl, u32 argc, char **argv) { snprintf(fn2, PATH_MAX, "%s/target_hash", afl->out_dir); FILE *f2 = create_ffile(fn2); + +#ifdef __linux__ + if (afl->fsrv.nyx_mode) { + nyx_load_target_hash(&afl->fsrv); + fprintf(f2, "%llx\n", afl->fsrv.nyx_target_hash64); + } + else { + fprintf(f2, "%p\n", (void *)get_binary_hash(afl->fsrv.target_path)); + } +#else fprintf(f2, "%p\n", (void *)get_binary_hash(afl->fsrv.target_path)); +#endif fclose(f2); snprintf(fn, PATH_MAX, "%s/fuzzer_setup", afl->out_dir); diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 5ab8d7e9..a2fd4b76 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -2225,9 +2225,24 @@ int main(int argc, char **argv_orig, char **envp) { if (afl->in_place_resume && !afl->afl_env.afl_no_fastresume) { +#ifdef __linux__ + u64 target_hash = 0; + if (afl->fsrv.nyx_mode) { + nyx_load_target_hash(&afl->fsrv); + target_hash = afl->fsrv.nyx_target_hash64; + } + else { + target_hash = get_binary_hash(afl->fsrv.target_path); + } +#else u64 target_hash = get_binary_hash(afl->fsrv.target_path); +#endif - if (!target_hash || prev_target_hash != target_hash) { + if ((!target_hash || prev_target_hash != target_hash) +#ifdef __linux__ + || (afl->fsrv.nyx_mode && target_hash == 0) +#endif + ) { ACTF("Target binary is different, cannot perform FAST RESUME!"); |