diff options
| author | Rishi Ranjan <43873720+rish9101@users.noreply.github.com> | 2020-05-08 23:38:27 +0530 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-05-08 20:08:27 +0200 |
| commit | 190f3024dad3713a1b2d3a42b5b99c662dd2cf58 (patch) | |
| tree | 4c7bb683bbc62e81c52f68d656f583a94cdd014e /test | |
| parent | 768053b6f25d5abd1b25f104e0233421bd1f73f9 (diff) | |
| download | afl++-190f3024dad3713a1b2d3a42b5b99c662dd2cf58.tar.gz | |
Support multiple custom mutators (#282)
* Make a list of custom mutators using env variable
* Set up multiple custom mutators
* Add destroy custom mutator and changes to load_custom_mutator
* Use array instead of list, make changes to afl-fuzz-one for multiple mutators
* Make change to fuzz-one custom_queue_get to support multiple mutators
* Modify custom python mutator support
* Fix bug
* Fix missing afl->mutator->data
* Revert to list with max count
* Change custom_pre_save hook and code format
* Free custom_mutator struct in the list
* Add testcase for multiple custom mutators
* Resolve merge conflict
Diffstat (limited to 'test')
| -rw-r--r-- | test/test-multiple-mutators.c | 24 | ||||
| -rwxr-xr-x | test/test.sh | 32 |
2 files changed, 55 insertions, 1 deletions
diff --git a/test/test-multiple-mutators.c b/test/test-multiple-mutators.c new file mode 100644 index 00000000..35e0407b --- /dev/null +++ b/test/test-multiple-mutators.c @@ -0,0 +1,24 @@ +/** + * Test-Case for multiple custom mutators in C + * Reference: + * https://github.com/bruce30262/libprotobuf-mutator_fuzzing_learning/blob/master/4_libprotobuf_aflpp_custom_mutator/vuln.c + */ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> + +int main(int argc, char ** argv) +{ + int a=0; + char s[16]; + memset(s, 0, 16); + read(0, s, 0xa0); + + if ( s[17] != '\x00') { + abort(); + } + + return 0; +} diff --git a/test/test.sh b/test/test.sh index 90633a9f..1caa9985 100755 --- a/test/test.sh +++ b/test/test.sh @@ -949,7 +949,7 @@ test "1" = "`../afl-fuzz | grep -i 'without python' >/dev/null; echo $?`" && { } test -e test-custom-mutator.c -a -e ${CUSTOM_MUTATOR_PATH}/example.c -a -e ${CUSTOM_MUTATOR_PATH}/example.py && { unset AFL_CC - # Compile the vulnerable program + # Compile the vulnerable program for single mutator test -e ../afl-clang-fast && { ../afl-clang-fast -o test-custom-mutator test-custom-mutator.c > /dev/null 2>&1 } || { @@ -959,6 +959,16 @@ test "1" = "`../afl-fuzz | grep -i 'without python' >/dev/null; echo $?`" && { ../afl-gcc -o test-custom-mutator test-custom-mutator.c > /dev/null 2>&1 } } + # Compile the vulnerable program for multiple mutators + test -e ../afl-clang-fast && { + ../afl-clang-fast -o test-multiple-mutators test-multiple-mutators.c > /dev/null 2>&1 + } || { + test -e ../afl-gcc-fast && { + ../afl-gcc-fast -o test-multiple-mutators test-multiple-mutators.c > /dev/null 2>&1 + } || { + ../afl-gcc -o test-multiple-mutators test-multiple-mutators.c > /dev/null 2>&1 + } + } # Compile the custom mutator make -C ../examples/custom_mutators libexamplemutator.so > /dev/null 2>&1 test -e test-custom-mutator -a -e ${CUSTOM_MUTATOR_PATH}/libexamplemutator.so && { @@ -986,6 +996,25 @@ test "1" = "`../afl-fuzz | grep -i 'without python' >/dev/null; echo $?`" && { # Clean rm -rf out errors + #Run afl-fuzz w/ multiple C mutators + $ECHO "$GREY[*] running afl-fuzz with multiple custom C mutators, this will take approx 20 seconds" + { + AFL_CUSTOM_MUTATOR_LIBRARY="${CUSTOM_MUTATOR_PATH}/libexamplemutator.so;${CUSTOM_MUTATOR_PATH}/libexamplemutator.so" ../afl-fuzz -V20 -m ${MEM_LIMIT} -i in -o out -- ./test-multiple-mutators >>errors 2>&1 + } >>errors 2>&1 + + test -n "$( ls out/crashes/id:000000* 2>/dev/null )" && { # TODO: update here + $ECHO "$GREEN[+] afl-fuzz is working correctly with multiple C mutators" + } || { + echo CUT------------------------------------------------------------------CUT + cat errors + echo CUT------------------------------------------------------------------CUT + $ECHO "$RED[!] afl-fuzz is not working correctly with multiple C mutators" + CODE=1 + } + + # Clean + rm -rf out errors + # Run afl-fuzz w/ the Python mutator $ECHO "$GREY[*] running afl-fuzz for the Python mutator, this will take approx 10 seconds" { @@ -1021,6 +1050,7 @@ test "1" = "`../afl-fuzz | grep -i 'without python' >/dev/null; echo $?`" && { make -C ../examples/custom_mutators clean > /dev/null 2>&1 rm -f test-custom-mutator + rm -f test-custom-mutators } || { $ECHO "$YELLOW[-] no custom mutators in $CUSTOM_MUTATOR_PATH, cannot test" INCOMPLETE=1 |