diff options
| -rw-r--r-- | docs/Changelog.md | 2 | ||||
| -rw-r--r-- | include/afl-fuzz.h | 1 | ||||
| -rw-r--r-- | include/common.h | 5 | ||||
| -rw-r--r-- | include/envs.h | 1 | ||||
| -rw-r--r-- | include/forkserver.h | 1 | ||||
| -rw-r--r-- | instrumentation/afl-compiler-rt.o.c | 1 | ||||
| -rw-r--r-- | src/afl-analyze.c | 2 | ||||
| -rw-r--r-- | src/afl-common.c | 32 | ||||
| -rw-r--r-- | src/afl-forkserver.c | 1 | ||||
| -rw-r--r-- | src/afl-fuzz-init.c | 1 | ||||
| -rw-r--r-- | src/afl-fuzz-state.c | 12 | ||||
| -rw-r--r-- | src/afl-fuzz.c | 6 | ||||
| -rw-r--r-- | src/afl-showmap.c | 10 | ||||
| -rw-r--r-- | src/afl-tmin.c | 2 |
14 files changed, 56 insertions, 21 deletions
diff --git a/docs/Changelog.md b/docs/Changelog.md index 80916858..38e2e6bc 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -13,6 +13,8 @@ scripts - afl-fuzz: - force writing all stats on exit + - ensure targets are killed on exit + - `AFL_FORK_SERVER_KILL_SIGNAL` added - afl-cc: - make gcc_mode (afl-gcc-fast) work with gcc down to version 3.6 - qemu_mode: diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index 73c3b09f..c8ca8e9b 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -1268,3 +1268,4 @@ void queue_testcase_store_mem(afl_state_t *afl, struct queue_entry *q, u8 *mem); #endif #endif + diff --git a/include/common.h b/include/common.h index c1ba0f20..f6d1dd1a 100644 --- a/include/common.h +++ b/include/common.h @@ -77,7 +77,9 @@ int parse_afl_kill_signal(u8 *numeric_signal_as_str, int default_signal); /* Configure the signals that are used to kill the forkserver and the forked childs. If `afl_kill_signal_env` or `afl_fsrv_kill_signal_env` is NULL, the appropiate values are read from the environment. */ -void configure_afl_kill_signals(afl_forkserver_t *fsrv, char* afl_kill_signal_env, char* afl_fsrv_kill_signal_env); +void configure_afl_kill_signals(afl_forkserver_t *fsrv, + char *afl_kill_signal_env, + char *afl_fsrv_kill_signal_env); /* Read a bitmap from file fname to memory This is for the -B option again. */ @@ -140,3 +142,4 @@ FILE *create_ffile(u8 *fn); s32 create_file(u8 *fn); #endif + diff --git a/include/envs.h b/include/envs.h index 33c09780..0731e86e 100644 --- a/include/envs.h +++ b/include/envs.h @@ -240,3 +240,4 @@ static char *afl_environment_variables[] = { extern char *afl_environment_variables[]; #endif + diff --git a/include/forkserver.h b/include/forkserver.h index bfd441d4..a8a7e777 100644 --- a/include/forkserver.h +++ b/include/forkserver.h @@ -224,3 +224,4 @@ void afl_fsrv_kill(afl_forkserver_t *fsrv); #endif /* ^RLIMIT_AS */ #endif + diff --git a/instrumentation/afl-compiler-rt.o.c b/instrumentation/afl-compiler-rt.o.c index 8c09d9d8..b46759d0 100644 --- a/instrumentation/afl-compiler-rt.o.c +++ b/instrumentation/afl-compiler-rt.o.c @@ -2408,3 +2408,4 @@ void __afl_set_persistent_mode(u8 mode) { } #undef write_error + diff --git a/src/afl-analyze.c b/src/afl-analyze.c index d356874d..757c9306 100644 --- a/src/afl-analyze.c +++ b/src/afl-analyze.c @@ -1117,7 +1117,6 @@ int main(int argc, char **argv_orig, char **envp) { configure_afl_kill_signals(&fsrv, NULL, NULL); - read_initial_file(); (void)check_binary_signatures(fsrv.target_path); @@ -1151,3 +1150,4 @@ int main(int argc, char **argv_orig, char **envp) { exit(0); } + diff --git a/src/afl-common.c b/src/afl-common.c index f2934817..6f5e4a38 100644 --- a/src/afl-common.c +++ b/src/afl-common.c @@ -458,7 +458,6 @@ u8 *find_afl_binary(u8 *own_loc, u8 *fname) { } - int parse_afl_kill_signal(u8 *numeric_signal_as_str, int default_signal) { if (numeric_signal_as_str && numeric_signal_as_str[0]) { @@ -468,32 +467,44 @@ int parse_afl_kill_signal(u8 *numeric_signal_as_str, int default_signal) { signal_code = (u8)strtoul(numeric_signal_as_str, &endptr, 10); /* Did we manage to parse the full string? */ if (*endptr != '\0' || endptr == (char *)numeric_signal_as_str) { + FATAL("Invalid signal name: %s", numeric_signal_as_str); + } else { + return signal_code; + } } return default_signal; + } -void configure_afl_kill_signals(afl_forkserver_t *fsrv, char* afl_kill_signal_env, char* afl_fsrv_kill_signal_env) { - afl_kill_signal_env = afl_kill_signal_env ? - afl_kill_signal_env : getenv("AFL_KILL_SIGNAL"); - afl_fsrv_kill_signal_env = afl_fsrv_kill_signal_env ? - afl_fsrv_kill_signal_env : getenv("AFL_FORK_SERVER_KILL_SIGNAL"); +void configure_afl_kill_signals(afl_forkserver_t *fsrv, + char *afl_kill_signal_env, + char *afl_fsrv_kill_signal_env) { - fsrv->child_kill_signal = - parse_afl_kill_signal(afl_kill_signal_env, SIGKILL); + afl_kill_signal_env = + afl_kill_signal_env ? afl_kill_signal_env : getenv("AFL_KILL_SIGNAL"); + afl_fsrv_kill_signal_env = afl_fsrv_kill_signal_env + ? afl_fsrv_kill_signal_env + : getenv("AFL_FORK_SERVER_KILL_SIGNAL"); + + fsrv->child_kill_signal = parse_afl_kill_signal(afl_kill_signal_env, SIGKILL); if (afl_kill_signal_env && !afl_fsrv_kill_signal_env) { + /* - Set AFL_FORK_SERVER_KILL_SIGNAL to the value of AFL_KILL_SIGNAL for backwards - compatibility. However, if AFL_FORK_SERVER_KILL_SIGNAL is set, is takes precedence. + Set AFL_FORK_SERVER_KILL_SIGNAL to the value of AFL_KILL_SIGNAL for + backwards compatibility. However, if AFL_FORK_SERVER_KILL_SIGNAL is set, is + takes precedence. */ afl_fsrv_kill_signal_env = afl_kill_signal_env; + } + fsrv->fsrv_kill_signal = parse_afl_kill_signal(afl_fsrv_kill_signal_env, SIGTERM); @@ -1262,3 +1273,4 @@ s32 create_file(u8 *fn) { return fd; } + diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index 72db3c2e..a241f2c6 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -1688,3 +1688,4 @@ void afl_fsrv_deinit(afl_forkserver_t *fsrv) { list_remove(&fsrv_list, fsrv); } + diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index fded44ac..e41d29fd 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -2963,3 +2963,4 @@ void save_cmdline(afl_state_t *afl, u32 argc, char **argv) { *buf = 0; } + diff --git a/src/afl-fuzz-state.c b/src/afl-fuzz-state.c index ae6cb6c7..8bd465f0 100644 --- a/src/afl-fuzz-state.c +++ b/src/afl-fuzz-state.c @@ -485,12 +485,14 @@ void read_afl_environment(afl_state_t *afl, char **envp) { #endif } else if (!strncmp(env, "AFL_KILL_SIGNAL", + afl_environment_variable_len)) { afl->afl_env.afl_child_kill_signal = (u8 *)get_afl_env(afl_environment_variables[i]); } else if (!strncmp(env, "AFL_FORK_SERVER_KILL_SIGNAL", + afl_environment_variable_len)) { afl->afl_env.afl_fsrv_kill_signal = @@ -659,12 +661,17 @@ void afl_states_stop(void) { }); LIST_FOREACH(&afl_states, afl_state_t, { - /* NOTE: We need to make sure that the parent (the forkserver) reap the child (see below). */ - if (el->fsrv.child_pid > 0) kill(el->fsrv.child_pid, el->fsrv.child_kill_signal); + + /* NOTE: We need to make sure that the parent (the forkserver) reap the + * child (see below). */ + if (el->fsrv.child_pid > 0) + kill(el->fsrv.child_pid, el->fsrv.child_kill_signal); if (el->fsrv.fsrv_pid > 0) { + kill(el->fsrv.fsrv_pid, el->fsrv.fsrv_kill_signal); /* Make sure the forkserver does not end up as zombie. */ waitpid(el->fsrv.fsrv_pid, NULL, 0); + } }); @@ -682,3 +689,4 @@ void afl_states_request_skip(void) { LIST_FOREACH(&afl_states, afl_state_t, { el->skip_requested = 1; }); } + diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index d8d804ae..6ff4d266 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -1362,9 +1362,8 @@ int main(int argc, char **argv_orig, char **envp) { #endif - configure_afl_kill_signals(&afl->fsrv, - afl->afl_env.afl_child_kill_signal, - afl->afl_env.afl_fsrv_kill_signal); + configure_afl_kill_signals(&afl->fsrv, afl->afl_env.afl_child_kill_signal, + afl->afl_env.afl_fsrv_kill_signal); setup_signal_handlers(); check_asan_opts(afl); @@ -2688,3 +2687,4 @@ stop_fuzzing: } #endif /* !AFL_LIB */ + diff --git a/src/afl-showmap.c b/src/afl-showmap.c index 31091e8e..ce1f8004 100644 --- a/src/afl-showmap.c +++ b/src/afl-showmap.c @@ -866,9 +866,12 @@ static void usage(u8 *argv0) { "startup (in milliseconds)\n" "AFL_KILL_SIGNAL: Signal ID delivered to child processes on timeout,\n" " etc. (default: SIGKILL)\n" - "AFL_FORK_SERVER_KILL_SIGNAL: Signal delivered to fork server processes on termination\n" - " (default: SIGTERM). If this is not set and AFL_KILL_SIGNAL is set,\n" - " this will be set to the same value as AFL_KILL_SIGNAL.\n" + "AFL_FORK_SERVER_KILL_SIGNAL: Signal delivered to fork server processes " + "on termination\n" + " (default: SIGTERM). If this is not set and " + "AFL_KILL_SIGNAL is set,\n" + " this will be set to the same value as " + "AFL_KILL_SIGNAL.\n" "AFL_MAP_SIZE: the shared memory size for that target. must be >= the " "size the target was compiled for\n" "AFL_PRELOAD: LD_PRELOAD / DYLD_INSERT_LIBRARIES settings for target\n" @@ -1474,3 +1477,4 @@ int main(int argc, char **argv_orig, char **envp) { exit(ret); } + diff --git a/src/afl-tmin.c b/src/afl-tmin.c index b346f65c..3a27b879 100644 --- a/src/afl-tmin.c +++ b/src/afl-tmin.c @@ -1200,7 +1200,6 @@ int main(int argc, char **argv_orig, char **envp) { configure_afl_kill_signals(fsrv, NULL, NULL); - if (getenv("AFL_CRASH_EXITCODE")) { long exitcode = strtol(getenv("AFL_CRASH_EXITCODE"), NULL, 10); @@ -1354,3 +1353,4 @@ int main(int argc, char **argv_orig, char **envp) { exit(0); } + |