diff options
| -rw-r--r-- | docs/ChangeLog | 1 | ||||
| -rw-r--r-- | include/afl-fuzz.h | 1 | ||||
| -rw-r--r-- | src/afl-analyze.c | 2 | ||||
| -rw-r--r-- | src/afl-as.c | 5 | ||||
| -rw-r--r-- | src/afl-common.c | 5 | ||||
| -rw-r--r-- | src/afl-forkserver.c | 4 | ||||
| -rw-r--r-- | src/afl-fuzz-globals.c | 1 | ||||
| -rw-r--r-- | src/afl-fuzz.c | 3 | ||||
| -rw-r--r-- | src/afl-showmap.c | 12 | ||||
| -rw-r--r-- | src/afl-tmin.c | 2 | ||||
| -rw-r--r-- | test-instr.c | 1 |
11 files changed, 29 insertions, 8 deletions
diff --git a/docs/ChangeLog b/docs/ChangeLog index cad99c9f..3fd29e29 100644 --- a/docs/ChangeLog +++ b/docs/ChangeLog @@ -17,6 +17,7 @@ sending a mail to <afl-users+subscribe@googlegroups.com>. Version ++2.59d (develop): -------------------------- + - fixed a critical bug in afl-tmin that was introduced during ++2.53d - added ./experimental/argv_fuzzing ld_preload library by Kjell Braden - added preeny's desock_dup ld_preload library as ./experimental/socket_fuzzing for network fuzzing diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index 39398c18..52352675 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -271,6 +271,7 @@ extern u64 mem_limit; /* Memory cap for child (MB) */ extern u8 cal_cycles, /* Calibration cycles defaults */ cal_cycles_long, /* Calibration cycles defaults */ no_unlink, /* do not unlink cur_input */ + use_stdin, /* use stdin for sending data */ debug, /* Debug mode */ custom_only, /* Custom mutator only mode */ python_only; /* Python-only mode */ diff --git a/src/afl-analyze.c b/src/afl-analyze.c index f71893d8..850ab99b 100644 --- a/src/afl-analyze.c +++ b/src/afl-analyze.c @@ -75,7 +75,7 @@ static u64 mem_limit = MEM_LIMIT; /* Memory limit (MB) */ static s32 dev_null_fd = -1; /* FD to /dev/null */ -static u8 edges_only, /* Ignore hit counts? */ +u8 edges_only, /* Ignore hit counts? */ use_hex_offsets, /* Show hex offsets? */ use_stdin = 1; /* Use stdin for program input? */ diff --git a/src/afl-as.c b/src/afl-as.c index 8f24c16f..58ca18b7 100644 --- a/src/afl-as.c +++ b/src/afl-as.c @@ -208,8 +208,9 @@ static void edit_params(int argc, char** argv) { NSS. */ if (strncmp(input_file, tmp_dir, strlen(tmp_dir)) && - strncmp(input_file, "/var/tmp/", 9) && strncmp(input_file, "/tmp/", 5) - && getenv("AFL_AS_FORCE_INSTRUMENT") == NULL) + strncmp(input_file, "/var/tmp/", 9) && + strncmp(input_file, "/tmp/", 5) && + getenv("AFL_AS_FORCE_INSTRUMENT") == NULL) pass_thru = 1; else if (getenv("AFL_AS_FORCE_INSTRUMENT")) unsetenv("AFL_AS_FORCE_INSTRUMENT"); diff --git a/src/afl-common.c b/src/afl-common.c index ec010c2d..99d8d403 100644 --- a/src/afl-common.c +++ b/src/afl-common.c @@ -35,7 +35,8 @@ #include <unistd.h> #endif -u8* target_path; /* Path to target binary */ +u8* target_path; /* Path to target binary */ +extern u8 use_stdin; void detect_file_args(char** argv, u8* prog_in) { @@ -78,6 +79,8 @@ void detect_file_args(char** argv, u8* prog_in) { else aa_subst = alloc_printf("%s/%s", cwd, prog_in); + use_stdin = 0; + /* Construct a replacement argv value. */ *aa_loc = 0; diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index 5e20e50b..6c5daa08 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -43,6 +43,8 @@ /* a program that includes afl-forkserver needs to define these */ extern u8 uses_asan; extern u8 *trace_bits; +extern u8 use_stdin; + extern s32 forksrv_pid, child_pid, fsrv_ctl_fd, fsrv_st_fd; extern s32 out_fd, out_dir_fd, dev_null_fd; /* initialize these with -1 */ #ifndef HAVE_ARC4RANDOM @@ -211,7 +213,7 @@ void init_forkserver(char **argv) { } - if (out_file) { + if (!use_stdin) { dup2(dev_null_fd, 0); diff --git a/src/afl-fuzz-globals.c b/src/afl-fuzz-globals.c index de716098..c731ea96 100644 --- a/src/afl-fuzz-globals.c +++ b/src/afl-fuzz-globals.c @@ -86,6 +86,7 @@ u8 cal_cycles = CAL_CYCLES, /* Calibration cycles defaults */ cal_cycles_long = CAL_CYCLES_LONG, /* Calibration cycles defaults */ debug, /* Debug mode */ no_unlink, /* do not unlink cur_input */ + use_stdin = 1, /* use stdin for sending data */ custom_only, /* Custom mutator only mode */ python_only; /* Python-only mode */ diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index ebc11f01..5effe0f7 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -304,6 +304,7 @@ int main(int argc, char** argv) { if (out_file) FATAL("Multiple -f options not supported"); out_file = optarg; + use_stdin = 0; break; case 'x': /* dictionary */ @@ -836,6 +837,8 @@ int main(int argc, char** argv) { if (aa_loc && !out_file) { + use_stdin = 0; + if (file_extension) { out_file = alloc_printf("%s/.cur_input.%s", out_dir, file_extension); diff --git a/src/afl-showmap.c b/src/afl-showmap.c index 94bbd421..393b3772 100644 --- a/src/afl-showmap.c +++ b/src/afl-showmap.c @@ -72,11 +72,12 @@ static u32 total, highest; /* tuple content information */ static u64 mem_limit = MEM_LIMIT; /* Memory limit (MB) */ -static u8 quiet_mode, /* Hide non-essential messages? */ +u8 quiet_mode, /* Hide non-essential messages? */ edges_only, /* Ignore hit counts? */ raw_instr_output, /* Do not apply AFL filters */ cmin_mode, /* Generate output in afl-cmin mode? */ binary_mode, /* Write output as a binary map */ + use_stdin = 1, /* use stdin - unused here */ keep_cores; /* Allow coredumps? */ static volatile u8 stop_soon, /* Ctrl-C pressed? */ @@ -535,7 +536,7 @@ int main(int argc, char** argv) { doc_path = access(DOC_PATH, F_OK) ? "docs" : DOC_PATH; - while ((opt = getopt(argc, argv, "+o:m:t:A:eqZQUWbcrh")) > 0) + while ((opt = getopt(argc, argv, "+o:f:m:t:A:eqZQUWbcrh")) > 0) switch (opt) { @@ -583,6 +584,13 @@ int main(int argc, char** argv) { break; + case 'f': // only in here to avoid a compiler warning for use_stdin + + use_stdin = 0; + FATAL("Option -f is not supported in afl-showmap"); + + break; + case 't': if (timeout_given) FATAL("Multiple -t options not supported"); diff --git a/src/afl-tmin.c b/src/afl-tmin.c index b98208f9..798b0527 100644 --- a/src/afl-tmin.c +++ b/src/afl-tmin.c @@ -88,7 +88,7 @@ u64 mem_limit = MEM_LIMIT; /* Memory limit (MB) */ s32 dev_null_fd = -1; /* FD to /dev/null */ -static u8 crash_mode, /* Crash-centric mode? */ +u8 crash_mode, /* Crash-centric mode? */ exit_crash, /* Treat non-zero exit as crash? */ edges_only, /* Ignore hit counts? */ exact_mode, /* Require path match for crashes? */ diff --git a/test-instr.c b/test-instr.c index 161bdb8e..0b58eec0 100644 --- a/test-instr.c +++ b/test-instr.c @@ -27,6 +27,7 @@ int main(int argc, char** argv) { if (argc > 1) { buf = argv[1]; + printf("Input %s - ", buf); } else if (read(0, buf, sizeof(buf)) < 1) { |