diff options
| -rw-r--r-- | .github/workflows/build_aflplusplus_docker.yaml | 5 | ||||
| -rw-r--r-- | Dockerfile | 13 | ||||
| -rw-r--r-- | GNUmakefile | 4 | ||||
| -rw-r--r-- | README.md | 2 | ||||
| -rwxr-xr-x | custom_mutators/gramatron/build_gramatron_mutator.sh | 6 | ||||
| -rwxr-xr-x | custom_mutators/grammar_mutator/build_grammar_mutator.sh | 7 | ||||
| -rw-r--r-- | custom_mutators/libafl_base/.gitignore | 10 | ||||
| -rw-r--r-- | custom_mutators/libafl_base/Cargo.toml | 14 | ||||
| -rw-r--r-- | custom_mutators/libafl_base/Makefile | 9 | ||||
| -rw-r--r-- | custom_mutators/libafl_base/src/lib.rs | 238 | ||||
| -rw-r--r-- | custom_mutators/rust/custom_mutator/src/lib.rs | 48 | ||||
| -rw-r--r-- | docs/Changelog.md | 6 | ||||
| -rw-r--r-- | docs/INSTALL.md | 2 | ||||
| -rw-r--r-- | include/config.h | 2 | ||||
| -rwxr-xr-x | nyx_mode/build_nyx_support.sh | 16 | ||||
| -rwxr-xr-x | qemu_mode/build_qemu_support.sh | 7 | ||||
| -rw-r--r-- | src/afl-fuzz.c | 8 | ||||
| -rwxr-xr-x | test/test-frida-mode.sh | 5 | ||||
| -rwxr-xr-x | unicorn_mode/build_unicorn_support.sh | 7 |
19 files changed, 356 insertions, 53 deletions
diff --git a/.github/workflows/build_aflplusplus_docker.yaml b/.github/workflows/build_aflplusplus_docker.yaml index 8aa5b8f7..fa96da8e 100644 --- a/.github/workflows/build_aflplusplus_docker.yaml +++ b/.github/workflows/build_aflplusplus_docker.yaml @@ -12,6 +12,10 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@master + - name: Set up QEMU + uses: docker/setup-qemu-action@v1 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 - name: Login to Dockerhub uses: docker/login-action@v1 with: @@ -21,5 +25,6 @@ jobs: uses: docker/build-push-action@v2 with: context: . + platforms: linux/amd64,linux/arm64 push: true tags: aflplusplus/aflplusplus:latest diff --git a/Dockerfile b/Dockerfile index a3c70746..53189657 100644 --- a/Dockerfile +++ b/Dockerfile @@ -39,13 +39,20 @@ RUN echo "deb http://ppa.launchpad.net/ubuntu-toolchain-r/test/ubuntu focal main RUN apt-get update && apt-get full-upgrade -y && \ apt-get -y install --no-install-suggests --no-install-recommends \ - gcc-10 g++-10 gcc-10-plugin-dev gcc-10-multilib gcc-multilib gdb lcov \ + gcc-10 g++-10 gcc-10-plugin-dev gdb lcov \ clang-12 clang-tools-12 libc++1-12 libc++-12-dev \ libc++abi1-12 libc++abi-12-dev libclang1-12 libclang-12-dev \ libclang-common-12-dev libclang-cpp12 libclang-cpp12-dev liblld-12 \ liblld-12-dev liblldb-12 liblldb-12-dev libllvm12 libomp-12-dev \ - libomp5-12 lld-12 lldb-12 llvm-12 llvm-12-dev llvm-12-runtime llvm-12-tools \ - && rm -rf /var/lib/apt/lists/* + libomp5-12 lld-12 lldb-12 llvm-12 llvm-12-dev llvm-12-runtime llvm-12-tools + +# arm64 doesn't have gcc-multilib, and it's only used for -m32 support on x86 +ARG TARGETPLATFORM +RUN [ "$TARGETPLATFORM" = "linux/amd64" ] && \ + apt-get -y install --no-install-suggests --no-install-recommends \ + gcc-10-multilib gcc-multilib || true + +RUN rm -rf /var/lib/apt/lists/* RUN update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-10 0 RUN update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-10 0 diff --git a/GNUmakefile b/GNUmakefile index 68ca17d0..1c5d992e 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -142,7 +142,7 @@ else endif override CFLAGS += -g -Wno-pointer-sign -Wno-variadic-macros -Wall -Wextra -Wpointer-arith \ - -I include/ -DAFL_PATH=\"$(HELPER_PATH)\" \ + -fPIC -I include/ -DAFL_PATH=\"$(HELPER_PATH)\" \ -DBIN_PATH=\"$(BIN_PATH)\" -DDOC_PATH=\"$(DOC_PATH)\" ifeq "$(SYS)" "FreeBSD" @@ -167,7 +167,7 @@ endif ifeq "$(SYS)" "Haiku" SHMAT_OK=0 - override CFLAGS += -DUSEMMAP=1 -Wno-error=format -fPIC + override CFLAGS += -DUSEMMAP=1 -Wno-error=format override LDFLAGS += -Wno-deprecated-declarations -lgnu -lnetwork SPECIAL_PERFORMANCE += -DUSEMMAP=1 endif diff --git a/README.md b/README.md index 049518f8..af4c6abd 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ Release version: [4.00c](https://github.com/AFLplusplus/AFLplusplus/releases) -GitHub version: 4.00c +GitHub version: 4.01a Repository: [https://github.com/AFLplusplus/AFLplusplus](https://github.com/AFLplusplus/AFLplusplus) diff --git a/custom_mutators/gramatron/build_gramatron_mutator.sh b/custom_mutators/gramatron/build_gramatron_mutator.sh index 677e4548..9952e7f5 100755 --- a/custom_mutators/gramatron/build_gramatron_mutator.sh +++ b/custom_mutators/gramatron/build_gramatron_mutator.sh @@ -115,9 +115,9 @@ if [ $? -eq 0 ]; then git submodule update ./json-c 2>/dev/null # ignore errors else echo "[*] cloning json-c" - test -d json-c || { + test -d json-c/.git || { CNT=1 - while [ '!' -d json-c -a "$CNT" -lt 4 ]; do + while [ '!' -d json-c/.git -a "$CNT" -lt 4 ]; do echo "Trying to clone json-c (attempt $CNT/3)" git clone "$JSONC_REPO" CNT=`expr "$CNT" + 1` @@ -125,7 +125,7 @@ else } fi -test -d json-c || { echo "[-] not checked out, please install git or check your internet connection." ; exit 1 ; } +test -d json-c/.git || { echo "[-] not checked out, please install git or check your internet connection." ; exit 1 ; } echo "[+] Got json-c." test -e json-c/.libs/libjson-c.a || { diff --git a/custom_mutators/grammar_mutator/build_grammar_mutator.sh b/custom_mutators/grammar_mutator/build_grammar_mutator.sh index 452cb0e1..15b8b1db 100755 --- a/custom_mutators/grammar_mutator/build_grammar_mutator.sh +++ b/custom_mutators/grammar_mutator/build_grammar_mutator.sh @@ -109,9 +109,9 @@ if [ $? -eq 0 ]; then git submodule update ./grammar_mutator 2>/dev/null # ignore errors else echo "[*] cloning grammar mutator" - test -d grammar_mutator || { + test -d grammar_mutator/.git || { CNT=1 - while [ '!' -d grammar_mutator -a "$CNT" -lt 4 ]; do + while [ '!' -d grammar_mutator/.git -a "$CNT" -lt 4 ]; do echo "Trying to clone grammar_mutator (attempt $CNT/3)" git clone "$GRAMMAR_REPO" CNT=`expr "$CNT" + 1` @@ -119,11 +119,12 @@ else } fi -test -d grammar_mutator || { echo "[-] not checked out, please install git or check your internet connection." ; exit 1 ; } +test -d grammar_mutator/.git || { echo "[-] not checked out, please install git or check your internet connection." ; exit 1 ; } echo "[+] Got grammar mutator." cd "grammar_mutator" || exit 1 echo "[*] Checking out $GRAMMAR_VERSION" +git pull >/dev/null 2>&1 sh -c 'git stash && git stash drop' 1>/dev/null 2>/dev/null git checkout "$GRAMMAR_VERSION" || exit 1 echo "[*] Downloading antlr..." diff --git a/custom_mutators/libafl_base/.gitignore b/custom_mutators/libafl_base/.gitignore new file mode 100644 index 00000000..088ba6ba --- /dev/null +++ b/custom_mutators/libafl_base/.gitignore @@ -0,0 +1,10 @@ +# Generated by Cargo +# will have compiled files and executables +/target/ + +# Remove Cargo.lock from gitignore if creating an executable, leave it for libraries +# More information here https://doc.rust-lang.org/cargo/guide/cargo-toml-vs-cargo-lock.html +Cargo.lock + +# These are backup files generated by rustfmt +**/*.rs.bk diff --git a/custom_mutators/libafl_base/Cargo.toml b/custom_mutators/libafl_base/Cargo.toml new file mode 100644 index 00000000..6e40fc39 --- /dev/null +++ b/custom_mutators/libafl_base/Cargo.toml @@ -0,0 +1,14 @@ +[package] +name = "libafl_base" +version = "0.1.0" +edition = "2021" + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html + +[dependencies] +libafl = { git = "https://github.com/AFLplusplus/LibAFL.git", rev = "62614ce1016c86e3f00f35b56399292ceabd486b" } +custom_mutator = { path = "../rust/custom_mutator", features = ["afl_internals"] } +serde = { version = "1.0", default-features = false, features = ["alloc"] } # serialization lib + +[lib] +crate-type = ["cdylib"] diff --git a/custom_mutators/libafl_base/Makefile b/custom_mutators/libafl_base/Makefile new file mode 100644 index 00000000..a1fd6b6c --- /dev/null +++ b/custom_mutators/libafl_base/Makefile @@ -0,0 +1,9 @@ +all: target/release/liblibafl_base.so + cp target/release/liblibafl_base.so libafl_base.so + +target/release/liblibafl_base.so: src/lib.rs + cargo build --release + +clean: + cargo clean + rm -f libafl_base.so diff --git a/custom_mutators/libafl_base/src/lib.rs b/custom_mutators/libafl_base/src/lib.rs new file mode 100644 index 00000000..6f2db8ca --- /dev/null +++ b/custom_mutators/libafl_base/src/lib.rs @@ -0,0 +1,238 @@ +#![cfg(unix)] +#![allow(unused_variables)] + +use serde::{Deserialize, Deserializer, Serialize, Serializer}; +use std::{ + cell::{RefCell, UnsafeCell}, + collections::HashMap, + ffi::CStr, +}; + +use custom_mutator::{afl_state, export_mutator, CustomMutator}; + +use libafl::{ + bolts::{rands::StdRand, serdeany::SerdeAnyMap, tuples::Merge}, + corpus::{Corpus, Testcase}, + inputs::{BytesInput, HasBytesVec}, + mutators::{ + scheduled::{havoc_mutations, tokens_mutations, StdScheduledMutator, Tokens}, + Mutator, + }, + state::{HasCorpus, HasMaxSize, HasMetadata, HasRand, State}, + Error, +}; + +const MAX_FILE: usize = 1 * 1024 * 1024; + +static mut AFL: Option<&'static afl_state> = None; +static mut CURRENT_ENTRY: Option<usize> = None; + +fn afl() -> &'static afl_state { + unsafe { AFL.unwrap() } +} + +#[derive(Default, Debug)] +pub struct AFLCorpus { + entries: UnsafeCell<HashMap<usize, RefCell<Testcase<BytesInput>>>>, +} + +impl Clone for AFLCorpus { + fn clone(&self) -> Self { + unsafe { + Self { + entries: UnsafeCell::new(self.entries.get().as_ref().unwrap().clone()), + } + } + } +} + +impl Serialize for AFLCorpus { + fn serialize<S>(&self, _serializer: S) -> Result<S::Ok, S::Error> + where + S: Serializer, + { + unimplemented!(); + } +} + +impl<'de> Deserialize<'de> for AFLCorpus { + fn deserialize<D>(_deserializer: D) -> Result<Self, D::Error> + where + D: Deserializer<'de>, + { + unimplemented!(); + } +} + +impl Corpus<BytesInput> for AFLCorpus { + #[inline] + fn count(&self) -> usize { + afl().queued_items as usize + } + + #[inline] + fn add(&mut self, testcase: Testcase<BytesInput>) -> Result<usize, Error> { + unimplemented!(); + } + + #[inline] + fn replace(&mut self, idx: usize, testcase: Testcase<BytesInput>) -> Result<(), Error> { + unimplemented!(); + } + + #[inline] + fn remove(&mut self, idx: usize) -> Result<Option<Testcase<BytesInput>>, Error> { + unimplemented!(); + } + + #[inline] + fn get(&self, idx: usize) -> Result<&RefCell<Testcase<BytesInput>>, Error> { + unsafe { + let entries = self.entries.get().as_mut().unwrap(); + entries.entry(idx).or_insert_with(|| { + let queue_buf = std::slice::from_raw_parts_mut(afl().queue_buf, self.count()); + let entry = queue_buf[idx].as_mut().unwrap(); + let fname = CStr::from_ptr((entry.fname as *mut i8).as_ref().unwrap()) + .to_str() + .unwrap() + .to_owned(); + let mut testcase = Testcase::with_filename(BytesInput::new(vec![]), fname); + *testcase.input_mut() = None; + RefCell::new(testcase) + }); + Ok(&self.entries.get().as_ref().unwrap()[&idx]) + } + } + + #[inline] + fn current(&self) -> &Option<usize> { + unsafe { + CURRENT_ENTRY = Some(afl().current_entry as usize); + &CURRENT_ENTRY + } + } + + #[inline] + fn current_mut(&mut self) -> &mut Option<usize> { + unimplemented!(); + } +} + +#[derive(Serialize, Deserialize, Clone, Debug)] +pub struct AFLState { + rand: StdRand, + corpus: AFLCorpus, + metadata: SerdeAnyMap, + max_size: usize, +} + +impl AFLState { + pub fn new(seed: u32) -> Self { + Self { + rand: StdRand::with_seed(seed as u64), + corpus: AFLCorpus::default(), + metadata: SerdeAnyMap::new(), + max_size: MAX_FILE, + } + } +} + +impl State for AFLState {} + +impl HasRand for AFLState { + type Rand = StdRand; + + #[inline] + fn rand(&self) -> &Self::Rand { + &self.rand + } + + #[inline] + fn rand_mut(&mut self) -> &mut Self::Rand { + &mut self.rand + } +} + +impl HasCorpus<BytesInput> for AFLState { + type Corpus = AFLCorpus; + + #[inline] + fn corpus(&self) -> &Self::Corpus { + &self.corpus + } + + #[inline] + fn corpus_mut(&mut self) -> &mut Self::Corpus { + &mut self.corpus + } +} + +impl HasMetadata for AFLState { + #[inline] + fn metadata(&self) -> &SerdeAnyMap { + &self.metadata + } + + #[inline] + fn metadata_mut(&mut self) -> &mut SerdeAnyMap { + &mut self.metadata + } +} + +impl HasMaxSize for AFLState { + fn max_size(&self) -> usize { + self.max_size + } + + fn set_max_size(&mut self, max_size: usize) { + self.max_size = max_size; + } +} + +struct LibAFLBaseCustomMutator { + state: AFLState, + input: BytesInput, +} + +impl CustomMutator for LibAFLBaseCustomMutator { + type Error = libafl::Error; + + fn init(afl: &'static afl_state, seed: u32) -> Result<Self, Self::Error> { + unsafe { + AFL = Some(afl); + let mut state = AFLState::new(seed); + let extras = std::slice::from_raw_parts(afl.extras, afl.extras_cnt as usize); + let mut tokens = vec![]; + for extra in extras { + let data = std::slice::from_raw_parts(extra.data, extra.len as usize); + tokens.push(data.to_vec()); + } + if !tokens.is_empty() { + state.add_metadata(Tokens::new(tokens)); + } + Ok(Self { + state, + input: BytesInput::new(vec![]), + }) + } + } + + fn fuzz<'b, 's: 'b>( + &'s mut self, + buffer: &'b mut [u8], + add_buff: Option<&[u8]>, + max_size: usize, + ) -> Result<Option<&'b [u8]>, Self::Error> { + self.state.set_max_size(max_size); + + // TODO avoid copy + self.input.bytes_mut().clear(); + self.input.bytes_mut().extend_from_slice(buffer); + + let mut mutator = StdScheduledMutator::new(havoc_mutations().merge(tokens_mutations())); + mutator.mutate(&mut self.state, &mut self.input, 0)?; + Ok(Some(self.input.bytes())) + } +} + +export_mutator!(LibAFLBaseCustomMutator); diff --git a/custom_mutators/rust/custom_mutator/src/lib.rs b/custom_mutators/rust/custom_mutator/src/lib.rs index 013d3769..f872241e 100644 --- a/custom_mutators/rust/custom_mutator/src/lib.rs +++ b/custom_mutators/rust/custom_mutator/src/lib.rs @@ -358,6 +358,36 @@ pub mod wrappers { } } +/// An exported macro to defined afl_custom_init meant for insternal usage +#[cfg(feature = "afl_internals")] +#[macro_export] +macro_rules! _define_afl_custom_init { + ($mutator_type:ty) => { + #[no_mangle] + pub extern "C" fn afl_custom_init( + afl: ::std::option::Option<&'static $crate::afl_state>, + seed: ::std::os::raw::c_uint, + ) -> *const ::std::os::raw::c_void { + $crate::wrappers::afl_custom_init_::<$mutator_type>(afl, seed as u32) + } + }; +} + +/// An exported macro to defined afl_custom_init meant for insternal usage +#[cfg(not(feature = "afl_internals"))] +#[macro_export] +macro_rules! _define_afl_custom_init { + ($mutator_type:ty) => { + #[no_mangle] + pub extern "C" fn afl_custom_init( + _afl: *const ::std::os::raw::c_void, + seed: ::std::os::raw::c_uint, + ) -> *const ::std::os::raw::c_void { + $crate::wrappers::afl_custom_init_::<$mutator_type>(seed as u32) + } + }; +} + /// exports the given Mutator as a custom mutator as the C interface that AFL++ expects. /// It is not possible to call this macro multiple times, because it would define the custom mutator symbols multiple times. /// # Example @@ -381,23 +411,7 @@ pub mod wrappers { #[macro_export] macro_rules! export_mutator { ($mutator_type:ty) => { - #[cfg(feature = "afl_internals")] - #[no_mangle] - pub extern "C" fn afl_custom_init( - afl: ::std::option::Option<&'static $crate::afl_state>, - seed: ::std::os::raw::c_uint, - ) -> *const ::std::os::raw::c_void { - $crate::wrappers::afl_custom_init_::<$mutator_type>(afl, seed as u32) - } - - #[cfg(not(feature = "afl_internals"))] - #[no_mangle] - pub extern "C" fn afl_custom_init( - _afl: *const ::std::os::raw::c_void, - seed: ::std::os::raw::c_uint, - ) -> *const ::std::os::raw::c_void { - $crate::wrappers::afl_custom_init_::<$mutator_type>(seed as u32) - } + $crate::_define_afl_custom_init!($mutator_type); #[no_mangle] pub unsafe extern "C" fn afl_custom_fuzz_count( diff --git a/docs/Changelog.md b/docs/Changelog.md index 7f539556..a420dcc2 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -8,6 +8,12 @@ Want to stay in the loop on major new features? Join our mailing list by sending a mail to <afl-users+subscribe@googlegroups.com>. +### Version ++4.01a (dev) + - fix */build_...sh scripts to work outside of git + - new custom_mutator: libafl with token fuzzing :) + (still needs README) + + ### Version ++4.00c (release) - complete documentation restructuring, made possible by Google Season of Docs :) thank you Jana! diff --git a/docs/INSTALL.md b/docs/INSTALL.md index 2847ca2a..e2bc8420 100644 --- a/docs/INSTALL.md +++ b/docs/INSTALL.md @@ -19,7 +19,7 @@ is to build and install everything: ```shell sudo apt-get update -sudo apt-get install -y build-essential python3-dev automake git flex bison libglib2.0-dev libpixman-1-dev python3-setuptools +sudo apt-get install -y build-essential python3-dev automake cmake git flex bison libglib2.0-dev libpixman-1-dev python3-setuptools # try to install llvm 11 and install the distro default if that fails sudo apt-get install -y lld-11 llvm-11 llvm-11-dev clang-11 || sudo apt-get install -y lld llvm llvm-dev clang sudo apt-get install -y gcc-$(gcc --version|head -n1|sed 's/.* //'|sed 's/\..*//')-plugin-dev libstdc++-$(gcc --version|head -n1|sed 's/.* //'|sed 's/\..*//')-dev diff --git a/include/config.h b/include/config.h index 66a646b1..9fc92b06 100644 --- a/include/config.h +++ b/include/config.h @@ -26,7 +26,7 @@ /* Version string: */ // c = release, a = volatile github dev, e = experimental branch -#define VERSION "++4.00c" +#define VERSION "++4.01a" /****************************************************** * * diff --git a/nyx_mode/build_nyx_support.sh b/nyx_mode/build_nyx_support.sh index b6c1d54e..3cb13cf1 100755 --- a/nyx_mode/build_nyx_support.sh +++ b/nyx_mode/build_nyx_support.sh @@ -1,6 +1,4 @@ #!/bin/bash -set -e - echo "=================================================" echo " Nyx build script" echo "=================================================" @@ -19,6 +17,7 @@ echo "[*] Making sure all Nyx is checked out" git status 1>/dev/null 2>/dev/null if [ $? -eq 0 ]; then + git submodule init || exit 1 echo "[*] initializing QEMU-Nyx submodule" git submodule update ./QEMU-Nyx 2>/dev/null # ignore errors @@ -28,13 +27,16 @@ if [ $? -eq 0 ]; then git submodule update ./libnyx 2>/dev/null # ignore errors else - echo "[ ] not a git repo..." - exit 1 + + test -d QEMU-Nyx/.git || git clone https://github.com/nyx-fuzz/qemu-nyx QEMU-Nyx + test -d packer/.git || git clone https://github.com/nyx-fuzz/packer + test -d libnyx/.git || git clone https://github.com/nyx-fuzz/libnyx + fi -test -d QEMU-Nyx || { echo "[-] Not checked out, please install git or check your internet connection." ; exit 1 ; } -test -d packer || { echo "[-] Not checked out, please install git or check your internet connection." ; exit 1 ; } -test -d libnyx || { echo "[-] Not checked out, please install git or check your internet connection." ; exit 1 ; } +test -d QEMU-Nyx/.git || { echo "[-] Not checked out, please install git or check your internet connection." ; exit 1 ; } +test -d packer/.git || { echo "[-] Not checked out, please install git or check your internet connection." ; exit 1 ; } +test -d libnyx/.git || { echo "[-] Not checked out, please install git or check your internet connection." ; exit 1 ; } echo "[*] checking packer init.cpio.gz ..." if [ ! -f "packer/linux_initramfs/init.cpio.gz" ]; then diff --git a/qemu_mode/build_qemu_support.sh b/qemu_mode/build_qemu_support.sh index 86ebb4d4..8822770c 100755 --- a/qemu_mode/build_qemu_support.sh +++ b/qemu_mode/build_qemu_support.sh @@ -77,9 +77,9 @@ if [ $? -eq 0 ]; then git submodule update ./qemuafl 2>/dev/null # ignore errors else echo "[*] cloning qemuafl" - test -d qemuafl || { + test -d qemuafl/.git || { CNT=1 - while [ '!' -d qemuafl -a "$CNT" -lt 4 ]; do + while [ '!' -d qemuafl/.git -a "$CNT" -lt 4 ]; do echo "Trying to clone qemuafl (attempt $CNT/3)" git clone --depth 1 https://github.com/AFLplusplus/qemuafl CNT=`expr "$CNT" + 1` @@ -87,7 +87,7 @@ else } fi -test -d qemuafl || { echo "[-] Not checked out, please install git or check your internet connection." ; exit 1 ; } +test -d qemuafl/.git || { echo "[-] Not checked out, please install git or check your internet connection." ; exit 1 ; } echo "[+] Got qemuafl." cd "qemuafl" || exit 1 @@ -96,6 +96,7 @@ if [ -n "$NO_CHECKOUT" ]; then else echo "[*] Checking out $QEMUAFL_VERSION" sh -c 'git stash' 1>/dev/null 2>/dev/null + git pull git checkout "$QEMUAFL_VERSION" || echo Warning: could not check out to commit $QEMUAFL_VERSION fi diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index a96dee97..9ef2669a 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -53,9 +53,7 @@ static void at_exit() { ptr = getenv("__AFL_TARGET_PID2"); if (ptr && *ptr && (pid2 = atoi(ptr)) > 0) { -#if defined(__linux__) pgrp = getpgid(pid2); -#endif if (pgrp > 0) { killpg(pgrp, SIGTERM); } kill(pid2, SIGTERM); @@ -64,9 +62,7 @@ static void at_exit() { ptr = getenv("__AFL_TARGET_PID1"); if (ptr && *ptr && (pid1 = atoi(ptr)) > 0) { -#if defined(__linux__) pgrp = getpgid(pid1); -#endif if (pgrp > 0) { killpg(pgrp, SIGTERM); } kill(pid1, SIGTERM); @@ -103,9 +99,7 @@ static void at_exit() { if (pid1 > 0) { -#if defined(__linux__) pgrp = getpgid(pid1); -#endif if (pgrp > 0) { killpg(pgrp, kill_signal); } kill(pid1, kill_signal); @@ -113,9 +107,7 @@ static void at_exit() { if (pid2 > 0) { -#if defined(__linux__) pgrp = getpgid(pid1); -#endif if (pgrp > 0) { killpg(pgrp, kill_signal); } kill(pid2, kill_signal); diff --git a/test/test-frida-mode.sh b/test/test-frida-mode.sh index b47d016a..501ef70a 100755 --- a/test/test-frida-mode.sh +++ b/test/test-frida-mode.sh @@ -61,11 +61,14 @@ test -e ../afl-frida-trace.so && { #if file test-instr | grep -q "32-bit"; then #else #fi - export AFL_FRIDA_PERSISTENT_ADDR=0x`nm test-instr | grep "T main" | awk '{print $1}'` + export AFL_FRIDA_PERSISTENT_ADDR=0x`nm test-instr | grep -Ei "T _main|T main" | awk '{print $1}'` $ECHO "Info: AFL_FRIDA_PERSISTENT_ADDR=$AFL_FRIDA_PERSISTENT_ADDR <= $(nm test-instr | grep "T main" | awk '{print $1}')" env|grep AFL_|sort file test-instr + export AFL_DEBUG_CHILD=1 + export AFL_FRIDA_VERBOSE=1 ../afl-fuzz -m ${MEM_LIMIT} -V10 -O -i in -o out -- ./test-instr + nm test-instr | grep -i "main" unset AFL_FRIDA_PERSISTENT_ADDR } >>errors 2>&1 test -n "$( ls out/default/queue/id:000002* 2>/dev/null )" && { diff --git a/unicorn_mode/build_unicorn_support.sh b/unicorn_mode/build_unicorn_support.sh index 74f9e174..80961599 100755 --- a/unicorn_mode/build_unicorn_support.sh +++ b/unicorn_mode/build_unicorn_support.sh @@ -161,9 +161,9 @@ if [ $? -eq 0 ]; then git submodule sync ./unicornafl 2>/dev/null # ignore errors else echo "[*] cloning unicornafl" - test -d unicornafl || { + test -d unicornafl/.git || { CNT=1 - while [ '!' -d unicornafl -a "$CNT" -lt 4 ]; do + while [ '!' -d unicornafl/.git -a "$CNT" -lt 4 ]; do echo "Trying to clone unicornafl (attempt $CNT/3)" git clone https://github.com/AFLplusplus/unicornafl CNT=`expr "$CNT" + 1` @@ -171,11 +171,12 @@ else } fi -test -d unicornafl || { echo "[-] not checked out, please install git or check your internet connection." ; exit 1 ; } +test -d unicornafl/.git || { echo "[-] not checked out, please install git or check your internet connection." ; exit 1 ; } echo "[+] Got unicornafl." cd "unicornafl" || exit 1 echo "[*] Checking out $UNICORNAFL_VERSION" +git pull sh -c 'git stash && git stash drop' 1>/dev/null 2>/dev/null git checkout "$UNICORNAFL_VERSION" || exit 1 |