diff options
| author | Maik Betka <9078425+voidptr127@users.noreply.github.com> | 2023-04-21 16:47:19 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-04-21 16:47:19 +0200 |
| commit | de717cd2255f05361b6a7b8eaeec40b15cb878af (patch) | |
| tree | 64bcf9c170649d9c487e3ff41be6244e5907ae7e /utils/argv_fuzzing/argv-fuzz-inl.h | |
| parent | 9ab902402cd33156257fc0355c0105e7e03f5ba3 (diff) | |
| parent | 779a72ef8c2457430b824f7830eba731745fb6ee (diff) | |
| download | afl++-de717cd2255f05361b6a7b8eaeec40b15cb878af.tar.gz | |
Merge pull request #1 from voidptr127/atnwalk
fixed AFL_POST_PROCESS_KEEP_ORIGINAL for version 4.07a
Diffstat (limited to 'utils/argv_fuzzing/argv-fuzz-inl.h')
| -rw-r--r-- | utils/argv_fuzzing/argv-fuzz-inl.h | 53 |
1 files changed, 52 insertions, 1 deletions
diff --git a/utils/argv_fuzzing/argv-fuzz-inl.h b/utils/argv_fuzzing/argv-fuzz-inl.h index c15c0271..cb0af2bc 100644 --- a/utils/argv_fuzzing/argv-fuzz-inl.h +++ b/utils/argv_fuzzing/argv-fuzz-inl.h @@ -29,11 +29,17 @@ If you would like to always preserve argv[0], use this instead: AFL_INIT_SET0("prog_name"); + To enable persistent fuzzing, use the AFL_INIT_ARGV_PERSISTENT macro with + buf as argument, or use AFL_INIT_SET0_PERSISTENT("prog_name", buf) + to preserver argv[0]. buf is a pointer to a buffer containing + the input data for the current test case being processed defined as: + unsigned char *buf = __AFL_FUZZ_TESTCASE_BUF; */ #ifndef _HAVE_ARGV_FUZZ_INL #define _HAVE_ARGV_FUZZ_INL +#include <stdlib.h> #include <unistd.h> #define AFL_INIT_ARGV() \ @@ -52,6 +58,22 @@ \ } while (0) +#define AFL_INIT_ARGV_PERSISTENT(persistent_buff) \ + do { \ + \ + argv = afl_init_argv_persistent(&argc, persistent_buff); \ + \ + } while (0) + +#define AFL_INIT_SET0_PERSISTENT(_p, persistent_buff) \ + do { \ + \ + argv = afl_init_argv_persistent(&argc, persistent_buff); \ + argv[0] = (_p); \ + if (!argc) argc = 1; \ + \ + } while (0) + #define MAX_CMDLINE_LEN 100000 #define MAX_CMDLINE_PAR 50000 @@ -63,7 +85,10 @@ static char **afl_init_argv(int *argc) { char *ptr = in_buf; int rc = 0; - if (read(0, in_buf, MAX_CMDLINE_LEN - 2) < 0) {} + ssize_t num = read(0, in_buf, MAX_CMDLINE_LEN - 2); + if (num < 1) { _exit(1); } + in_buf[num] = '\0'; + in_buf[num + 1] = '\0'; while (*ptr && rc < MAX_CMDLINE_PAR) { @@ -83,6 +108,32 @@ static char **afl_init_argv(int *argc) { } +static char **afl_init_argv_persistent(int *argc, + unsigned char *persistent_buff) { + + static char *ret[MAX_CMDLINE_PAR]; + + unsigned char *ptr = persistent_buff; + int rc = 0; + + while (*ptr && rc < MAX_CMDLINE_PAR) { + + ret[rc] = (char *)ptr; + if (ret[rc][0] == 0x02 && !ret[rc][1]) ret[rc]++; + rc++; + + while (*ptr) + ptr++; + ptr++; + + } + + *argc = rc; + + return ret; + +} + #undef MAX_CMDLINE_LEN #undef MAX_CMDLINE_PAR |