diff options
| author | Rishi Ranjan <43873720+rish9101@users.noreply.github.com> | 2020-03-15 22:59:23 +0530 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-03-15 18:29:23 +0100 |
| commit | 126d1f1cd14c6bb1fb59159965045f02d98d1b43 (patch) | |
| tree | 64a12fc2222b766087f0edfd63c30acf27c19cf4 /src | |
| parent | 7685893cdbfd621b09b57a11c135347f692333cc (diff) | |
| download | afl++-126d1f1cd14c6bb1fb59159965045f02d98d1b43.tar.gz | |
Move afl-fuzz related env variables into afl_state_t (#252)
* Move afl-fuzz related env variables into afl_state_t
* Move the env variables assignment from fuzz_init and code Format
* Fix typo
* Remove redundant env variables from afl_env struct
* Rename function to read_afl_environment
Diffstat (limited to 'src')
| -rw-r--r-- | src/afl-common.c | 36 | ||||
| -rw-r--r-- | src/afl-fuzz-cmplog.c | 2 | ||||
| -rw-r--r-- | src/afl-fuzz-globals.c | 180 | ||||
| -rw-r--r-- | src/afl-fuzz-init.c | 14 | ||||
| -rw-r--r-- | src/afl-fuzz-stats.c | 6 | ||||
| -rw-r--r-- | src/afl-fuzz.c | 22 |
6 files changed, 238 insertions, 22 deletions
diff --git a/src/afl-common.c b/src/afl-common.c index c0f65ace..1aa15442 100644 --- a/src/afl-common.c +++ b/src/afl-common.c @@ -38,6 +38,42 @@ #include <limits.h> extern u8 be_quiet; +char * afl_environment_variables[] = { + + "AFL_ALIGNED_ALLOC", "AFL_ALLOW_TMP", "AFL_ANALYZE_HEX", "AFL_AS", + "AFL_AUTORESUME", "AFL_AS_FORCE_INSTRUMENT", "AFL_BENCH_JUST_ONE", + "AFL_BENCH_UNTIL_CRASH", "AFL_CAL_FAST", "AFL_CC", "AFL_CMIN_ALLOW_ANY", + "AFL_CMIN_CRASHES_ONLY", "AFL_CODE_END", "AFL_CODE_START", + "AFL_COMPCOV_BINNAME", "AFL_COMPCOV_LEVEL", "AFL_CUSTOM_MUTATOR_LIBRARY", + "AFL_CUSTOM_MUTATOR_ONLY", "AFL_CXX", "AFL_DEBUG", "AFL_DEBUG_CHILD_OUTPUT", + //"AFL_DEFER_FORKSRV", // not implemented anymore, so warn additionally + "AFL_DISABLE_TRIM", "AFL_DONT_OPTIMIZE", "AFL_DUMB_FORKSRV", + "AFL_ENTRYPOINT", "AFL_EXIT_WHEN_DONE", "AFL_FAST_CAL", "AFL_FORCE_UI", + "AFL_GCC_WHITELIST", "AFL_GCJ", "AFL_HANG_TMOUT", "AFL_HARDEN", + "AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES", "AFL_IMPORT_FIRST", + "AFL_INST_LIBS", "AFL_INST_RATIO", "AFL_KEEP_TRACES", "AFL_KEEP_ASSEMBLY", + "AFL_LD_HARD_FAIL", "AFL_LD_LIMIT_MB", "AFL_LD_NO_CALLOC_OVER", + "AFL_LD_PRELOAD", "AFL_LD_VERBOSE", "AFL_LLVM_CMPLOG", "AFL_LLVM_INSTRIM", + "AFL_LLVM_INSTRIM_LOOPHEAD", "AFL_LLVM_INSTRIM_SKIPSINGLEBLOCK", + "AFL_LLVM_LAF_SPLIT_COMPARES", "AFL_LLVM_LAF_SPLIT_COMPARES_BITW", + "AFL_LLVM_LAF_SPLIT_FLOATS", "AFL_LLVM_LAF_SPLIT_SWITCHES", + "AFL_LLVM_LAF_TRANSFORM_COMPARES", "AFL_LLVM_NOT_ZERO", + "AFL_LLVM_WHITELIST", "AFL_NO_AFFINITY", "AFL_LLVM_LTO_STARTID", + "AFL_LLVM_LTO_DONTWRITEID", "AFL_NO_ARITH", "AFL_NO_BUILTIN", + "AFL_NO_CPU_RED", "AFL_NO_FORKSRV", "AFL_NO_UI", + "AFL_NO_X86", // not really an env but we dont want to warn on it + "AFL_PATH", "AFL_PERFORMANCE_FILE", + //"AFL_PERSISTENT", // not implemented anymore, so warn additionally + "AFL_POST_LIBRARY", "AFL_PRELOAD", "AFL_PYTHON_MODULE", "AFL_QEMU_COMPCOV", + "AFL_QEMU_COMPCOV_DEBUG", "AFL_QEMU_DEBUG_MAPS", "AFL_QEMU_DISABLE_CACHE", + "AFL_QEMU_PERSISTENT_ADDR", "AFL_QEMU_PERSISTENT_CNT", + "AFL_QEMU_PERSISTENT_GPR", "AFL_QEMU_PERSISTENT_HOOK", + "AFL_QEMU_PERSISTENT_RET", "AFL_QEMU_PERSISTENT_RETADDR_OFFSET", + "AFL_QUIET", "AFL_RANDOM_ALLOC_CANARY", "AFL_REAL_PATH", + "AFL_SHUFFLE_QUEUE", "AFL_SKIP_BIN_CHECK", "AFL_SKIP_CPUFREQ", + "AFL_SKIP_CRASHES", "AFL_TMIN_EXACT", "AFL_TMPDIR", "AFL_TOKEN_FILE", + "AFL_TRACE_PC", "AFL_USE_ASAN", "AFL_USE_MSAN", "AFL_USE_TRACE_PC", + "AFL_USE_UBSAN", "AFL_WINE_PATH", NULL}; void detect_file_args(char **argv, u8 *prog_in, u8 *use_stdin) { diff --git a/src/afl-fuzz-cmplog.c b/src/afl-fuzz-cmplog.c index aa217a93..1600af53 100644 --- a/src/afl-fuzz-cmplog.c +++ b/src/afl-fuzz-cmplog.c @@ -89,7 +89,7 @@ void init_cmplog_forkserver(afl_state_t *afl) { setsid(); - if (!get_afl_env("AFL_DEBUG_CHILD_OUTPUT")) { + if (!(afl->afl_env.afl_debug_child_output)) { dup2(afl->fsrv.dev_null_fd, 1); dup2(afl->fsrv.dev_null_fd, 2); diff --git a/src/afl-fuzz-globals.c b/src/afl-fuzz-globals.c index c77474fc..b45943ce 100644 --- a/src/afl-fuzz-globals.c +++ b/src/afl-fuzz-globals.c @@ -24,6 +24,7 @@ */ #include "afl-fuzz.h" +#include "envs.h" s8 interesting_8[] = {INTERESTING_8}; s16 interesting_16[] = {INTERESTING_8, INTERESTING_16}; @@ -119,6 +120,185 @@ void afl_state_init(afl_state_t *afl) { } +/*This sets up the environment variables for afl-fuzz into the afl_state + * struct*/ + +void read_afl_environment(afl_state_t *afl, char **envp) { + + int index = 0, found = 0; + char *env; + while ((env = envp[index++]) != NULL) { + + if (strncmp(env, "ALF_", 4) == 0) { + + WARNF("Potentially mistyped AFL environment variable: %s", env); + found++; + + } else if (strncmp(env, "AFL_", 4) == 0) { + + int i = 0, match = 0; + while (match == 0 && afl_environment_variables[i] != NULL) { + + if (strncmp(env, afl_environment_variables[i], + strlen(afl_environment_variables[i])) == 0 && + env[strlen(afl_environment_variables[i])] == '=') { + + match = 1; + if (strncmp(env, "AFL_SKIP_CPUFREQ", + strlen(afl_environment_variables[i]) == 0)) { + + afl->afl_env.afl_skip_cpufreq = (u8)get_afl_env(env); + + } else if (!strncmp(env, "AFL_EXIT_WHEN_DONE", + + strlen(afl_environment_variables[i]))) { + + afl->afl_env.afl_exit_when_done = (u8)get_afl_env(env); + + } else if (!strncmp(env, "AFL_NO_AFFINITY", + + strlen(afl_environment_variables[i]))) { + + afl->afl_env.afl_no_affinity = (u8)get_afl_env(env); + + } else if (!strncmp(env, "AFL_SKIP_CRASHES", + + strlen(afl_environment_variables[i]))) { + + afl->afl_env.afl_skip_crashes = (u8)get_afl_env(env); + + } else if (!strncmp(env, "AFL_HANG_TMOUT", + + strlen(afl_environment_variables[i]))) { + + afl->afl_env.afl_hang_tmout = (u8)get_afl_env(env); + + } else if (!strncmp(env, "AFL_SKIP_BIN_CHECK", + + strlen(afl_environment_variables[i]))) { + + afl->afl_env.afl_skip_bin_check = (u8)get_afl_env(env); + + } else if (!strncmp(env, "AFL_DUMB_FORKSRV", + + strlen(afl_environment_variables[i]))) { + + afl->afl_env.afl_dumb_forksrv = (u8)get_afl_env(env); + + } else if (!strncmp(env, "AFL_IMPORT_FIRST", + + strlen(afl_environment_variables[i]))) { + + afl->afl_env.afl_import_first = (u8)get_afl_env(env); + + } else if (!strncmp(env, "AFL_CUSTOM_MUTATOR_ONLY", + + strlen(afl_environment_variables[i]))) { + + afl->afl_env.afl_custom_mutator_only = (u8)get_afl_env(env); + + } else if (!strncmp(env, "AFL_NO_UI", + + strlen(afl_environment_variables[i]))) { + + afl->afl_env.afl_no_ui = (u8)get_afl_env(env); + + } else if (!strncmp(env, "AFL_FORCE_UI", + + strlen(afl_environment_variables[i]))) { + + afl->afl_env.afl_force_ui = (u8)get_afl_env(env); + + } else if (!strncmp(env, "AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES", + + strlen(afl_environment_variables[i]))) { + + afl->afl_env.afl_i_dont_care_about_missing_crashes = + (u8)get_afl_env(env); + + } else if (!strncmp(env, "AFL_BENCH_JUST_ONE", + + strlen(afl_environment_variables[i]))) { + + afl->afl_env.afl_bench_just_one = (u8)get_afl_env(env); + + } else if (!strncmp(env, "AFL_BENCH_UNTIL_CRASH", + + strlen(afl_environment_variables[i]))) { + + afl->afl_env.afl_bench_until_crash = (u8)get_afl_env(env); + + } else if (!strncmp(env, "AFL_DEBUG_CHILD_OUTPUT", + + strlen(afl_environment_variables[i]))) { + + afl->afl_env.afl_debug_child_output = (u8)get_afl_env(env); + + } else if (!strncmp(env, "AFL_AUTORESUME", + + strlen(afl_environment_variables[i]))) { + + afl->afl_env.afl_autoresume = (u8)get_afl_env(env); + + } else if (!strncmp(env, "AFL_TMPDIR", + + strlen(afl_environment_variables[i]))) { + + afl->afl_env.afl_tmpdir = (u8 *)get_afl_env(env); + + } else if (!strncmp(env, "AFL_POST_LIBRARY", + + strlen(afl_environment_variables[i]))) { + + afl->afl_env.afl_post_library = (u8 *)get_afl_env(env); + + } else if (!strncmp(env, "AFL_CUSTOM_MUTATOR_LIBRARY", + + strlen(afl_environment_variables[i]))) { + + afl->afl_env.afl_custom_mutator_library = (u8 *)get_afl_env(env); + + } else if (!strncmp(env, "AFL_PYTHON_MODULE", + + strlen(afl_environment_variables[i]))) { + + afl->afl_env.afl_python_module = (u8 *)get_afl_env(env); + + } else if (!strncmp(env, "AFL_PATH", + + strlen(afl_environment_variables[i]))) { + + afl->afl_env.afl_path = (u8 *)get_afl_env(env); + + } else if (!strncmp(env, "AFL_PRELOAD", + + strlen(afl_environment_variables[i]))) { + + afl->afl_env.afl_preload = (u8 *)get_afl_env(env); + + } + + } else + + i++; + + } + + if (match == 0) { + + WARNF("Mistyped AFL environment variable: %s", env); + found++; + + } + + } + + } + + if (found) sleep(2); + +} + /* Removes this afl_state instance and frees it. */ void afl_state_deinit(afl_state_t *afl) { diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index c5ee2f80..88ff5217 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -43,7 +43,7 @@ void bind_to_free_cpu(afl_state_t *afl) { if (afl->cpu_core_count < 2) return; - if (getenv("AFL_NO_AFFINITY")) { + if (afl->afl_env.afl_no_affinity) { WARNF("Not binding to a CPU core (AFL_NO_AFFINITY set)."); return; @@ -275,7 +275,7 @@ cpuset_destroy(c); void setup_post(afl_state_t *afl) { void *dh; - u8 * fn = get_afl_env("AFL_POST_LIBRARY"); + u8 * fn = afl->afl_env.afl_post_library; u32 tlen = 6; if (!fn) return; @@ -448,7 +448,7 @@ void perform_dry_run(afl_state_t *afl) { struct queue_entry *q = afl->queue; u32 cal_failures = 0; - u8 * skip_crashes = get_afl_env("AFL_SKIP_CRASHES"); + u8 * skip_crashes = afl->afl_env.afl_skip_crashes; while (q) { @@ -1538,7 +1538,7 @@ void check_cpu_governor(afl_state_t *afl) { u8 tmp[128]; u64 min = 0, max = 0; - if (get_afl_env("AFL_SKIP_CPUFREQ")) return; + if (afl->afl_env.afl_skip_cpufreq) return; if (afl->cpu_aff > 0) snprintf(tmp, sizeof(tmp), "%s%d%s", "/sys/devices/system/cpu/cpu", @@ -1619,7 +1619,7 @@ void check_cpu_governor(afl_state_t *afl) { #elif defined __APPLE__ u64 min = 0, max = 0; size_t mlen = sizeof(min); - if (get_afl_env("AFL_SKIP_CPUFREQ")) return; + if (afl->afl_env.afl_skip_cpufreq) return; ACTF("Checking CPU scaling governor..."); @@ -1906,7 +1906,7 @@ void check_binary(afl_state_t *afl, u8 *fname) { } - if (get_afl_env("AFL_SKIP_BIN_CHECK") || afl->use_wine) return; + if (afl->afl_env.afl_skip_bin_check || afl->use_wine) return; /* Check for blatant user errors. */ @@ -2078,7 +2078,7 @@ void check_if_tty(afl_state_t *afl) { struct winsize ws; - if (get_afl_env("AFL_NO_UI")) { + if (afl->afl_env.afl_no_ui) { OKF("Disabling the UI because AFL_NO_UI is set."); afl->not_on_tty = 1; diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index e03018a1..0885c906 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -274,10 +274,10 @@ void show_stats(afl_state_t *afl) { /* Honor AFL_EXIT_WHEN_DONE and AFL_BENCH_UNTIL_CRASH. */ if (!afl->dumb_mode && afl->cycles_wo_finds > 100 && - !afl->pending_not_fuzzed && get_afl_env("AFL_EXIT_WHEN_DONE")) + !afl->pending_not_fuzzed && afl->afl_env.afl_exit_when_done) afl->stop_soon = 2; - if (afl->total_crashes && get_afl_env("AFL_BENCH_UNTIL_CRASH")) + if (afl->total_crashes && afl->afl_env.afl_bench_until_crash) afl->stop_soon = 2; /* If we're not on TTY, bail out. */ @@ -860,7 +860,7 @@ void show_init_stats(afl_state_t *afl) { /* In dumb mode, re-running every timing out test case with a generous time limit is very expensive, so let's select a more conservative default. */ - if (afl->dumb_mode && !get_afl_env("AFL_HANG_TMOUT")) + if (afl->dumb_mode && !(afl->afl_env.afl_hang_tmout)) afl->hang_tmout = MIN(EXEC_TIMEOUT, afl->fsrv.exec_tmout * 2 + 100); OKF("All set and ready to roll!"); diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 63a0af0f..ad619b1e 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -245,6 +245,8 @@ int main(int argc, char **argv_orig, char **envp) { afl_state_init(afl); afl_fsrv_init(&afl->fsrv); + read_afl_environment(afl, envp); + SAYF(cCYA "afl-fuzz" VERSION cRST " based on afl by Michal Zalewski and a big online community\n"); @@ -472,7 +474,7 @@ int main(int argc, char **argv_orig, char **envp) { case 'n': /* dumb mode */ if (afl->dumb_mode) FATAL("Multiple -n options not supported"); - if (get_afl_env("AFL_DUMB_FORKSRV")) + if (afl->afl_env.afl_dumb_forksrv) afl->dumb_mode = 2; else afl->dumb_mode = 1; @@ -681,8 +683,6 @@ int main(int argc, char **argv_orig, char **envp) { "Using -M master with the AFL_CUSTOM_MUTATOR_ONLY mutator options will " "result in no deterministic mutations being done!"); - check_environment_vars(envp); - if (afl->fixed_seed) OKF("Running with fixed seed: %u", (u32)afl->init_seed); srandom((u32)afl->init_seed); @@ -768,16 +768,16 @@ int main(int argc, char **argv_orig, char **envp) { if (get_afl_env("AFL_SHUFFLE_QUEUE")) afl->shuffle_queue = 1; if (get_afl_env("AFL_FAST_CAL")) afl->fast_cal = 1; - if (get_afl_env("AFL_AUTORESUME")) { + if (afl->afl_env.afl_autoresume) { afl->autoresume = 1; if (afl->in_place_resume) SAYF("AFL_AUTORESUME has no effect for '-i -'"); } - if (get_afl_env("AFL_HANG_TMOUT")) { + if (afl->afl_env.afl_hang_tmout) { - afl->hang_tmout = atoi(getenv("AFL_HANG_TMOUT")); + afl->hang_tmout = atoi(afl->afl_env.afl_hang_tmout); if (!afl->hang_tmout) FATAL("Invalid value of AFL_HANG_TMOUT"); } @@ -792,7 +792,7 @@ int main(int argc, char **argv_orig, char **envp) { "LD_PRELOAD is set, are you sure that is what to you want to do " "instead of using AFL_PRELOAD?"); - if (get_afl_env("AFL_PRELOAD")) { + if (afl->afl_env.afl_preload) { if (afl->qemu_mode) { @@ -838,7 +838,7 @@ int main(int argc, char **argv_orig, char **envp) { fix_up_banner(afl, argv[optind]); check_if_tty(afl); - if (get_afl_env("AFL_FORCE_UI")) afl->not_on_tty = 0; + if (afl->afl_env.afl_force_ui) afl->not_on_tty = 0; if (get_afl_env("AFL_CAL_FAST")) { @@ -850,7 +850,7 @@ int main(int argc, char **argv_orig, char **envp) { if (get_afl_env("AFL_DEBUG")) afl->debug = 1; - if (get_afl_env("AFL_CUSTOM_MUTATOR_ONLY")) { + if (afl->afl_env.afl_custom_mutator_only) { /* This ensures we don't proceed to havoc/splice */ afl->custom_only = 1; @@ -894,7 +894,7 @@ int main(int argc, char **argv_orig, char **envp) { if (!afl->timeout_given) find_timeout(afl); - if ((afl->tmp_dir = get_afl_env("AFL_TMPDIR")) != NULL && + if ((afl->tmp_dir = afl->afl_env.afl_tmpdir) != NULL && !afl->in_place_resume) { char tmpfile[afl->file_extension ? strlen(afl->tmp_dir) + 1 + 10 + 1 + @@ -1067,7 +1067,7 @@ int main(int argc, char **argv_orig, char **envp) { prev_queued = afl->queued_paths; if (afl->sync_id && afl->queue_cycle == 1 && - get_afl_env("AFL_IMPORT_FIRST")) + afl->afl_env.afl_import_first) sync_fuzzers(afl); } |