diff options
| -rw-r--r-- | GNUmakefile | 2 | ||||
| -rw-r--r-- | docs/custom_mutators.md | 6 | ||||
| -rw-r--r-- | include/common.h | 3 | ||||
| -rw-r--r-- | include/envs.h | 1 | ||||
| -rw-r--r-- | src/afl-analyze.c | 9 | ||||
| -rw-r--r-- | src/afl-common.c | 7 | ||||
| -rw-r--r-- | src/afl-fuzz.c | 27 | ||||
| -rw-r--r-- | src/afl-showmap.c | 27 | ||||
| -rw-r--r-- | src/afl-tmin.c | 14 | ||||
| -rw-r--r-- | unicorn_mode/UNICORNAFL_VERSION | 2 | ||||
| m--------- | unicorn_mode/unicornafl | 0 | ||||
| -rw-r--r-- | utils/aflpp_driver/aflpp_driver.c | 4 |
12 files changed, 64 insertions, 38 deletions
diff --git a/GNUmakefile b/GNUmakefile index d1f28a76..f5f2dcb2 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -425,7 +425,7 @@ test_python: @echo "[+] $(PYTHON_VERSION) support seems to be working." else test_python: - @echo "[-] You seem to need to install the package python3-dev, python2-dev or python-dev (and perhaps python[23]-apt), but it is optional so we continue" + @echo "[-] You seem to need to install the package python3-dev or python-dev (and perhaps python[3]-apt), but it is optional so we continue" endif .PHONY: ready diff --git a/docs/custom_mutators.md b/docs/custom_mutators.md index 6b72430a..ffd3cce8 100644 --- a/docs/custom_mutators.md +++ b/docs/custom_mutators.md @@ -269,10 +269,10 @@ sudo apt install python-dev ``` Then, AFL++ can be compiled with Python support. The AFL++ Makefile detects -Python 2 and 3 through `python-config` if it is in the PATH and compiles -`afl-fuzz` with the feature if available. +Python3 through `python-config`/`python3-config` if it is in the PATH and +compiles `afl-fuzz` with the feature if available. -Note: for some distributions, you might also need the package `python[23]-apt`. +Note: for some distributions, you might also need the package `python[3]-apt`. In case your setup is different, set the necessary variables like this: `PYTHON_INCLUDE=/path/to/python/include LDFLAGS=-L/path/to/python/lib make`. diff --git a/include/common.h b/include/common.h index f6d1dd1a..9d9a948c 100644 --- a/include/common.h +++ b/include/common.h @@ -79,7 +79,8 @@ int parse_afl_kill_signal(u8 *numeric_signal_as_str, int default_signal); is NULL, the appropiate values are read from the environment. */ void configure_afl_kill_signals(afl_forkserver_t *fsrv, char *afl_kill_signal_env, - char *afl_fsrv_kill_signal_env); + char *afl_fsrv_kill_signal_env, + int default_server_kill_signal); /* Read a bitmap from file fname to memory This is for the -B option again. */ diff --git a/include/envs.h b/include/envs.h index 0731e86e..68d83f8c 100644 --- a/include/envs.h +++ b/include/envs.h @@ -42,6 +42,7 @@ static char *afl_environment_variables[] = { "AFL_DEBUG", "AFL_DEBUG_CHILD", "AFL_DEBUG_GDB", + "AFL_DEBUG_UNICORN", "AFL_DISABLE_TRIM", "AFL_DISABLE_LLVM_INSTRUMENTATION", "AFL_DONT_OPTIMIZE", diff --git a/src/afl-analyze.c b/src/afl-analyze.c index 757c9306..a9b5b326 100644 --- a/src/afl-analyze.c +++ b/src/afl-analyze.c @@ -862,11 +862,15 @@ static void usage(u8 *argv0) { "MSAN_OPTIONS: custom settings for MSAN\n" " (must contain exitcode="STRINGIFY(MSAN_ERROR)" and symbolize=0)\n" "AFL_ANALYZE_HEX: print file offsets in hexadecimal instead of decimal\n" + "AFL_KILL_SIGNAL: Signal ID delivered to child processes on timeout, etc.\n" + " (default: SIGKILL)\n" + "AFL_FORK_SERVER_KILL_SIGNAL: Kill signal for the fork server on termination\n" + " (default: SIGTERM). If unset and AFL_KILL_SIGNAL is\n" + " set, that value will be used.\n" "AFL_MAP_SIZE: the shared memory size for that target. must be >= the size\n" " the target was compiled for\n" "AFL_PRELOAD: LD_PRELOAD / DYLD_INSERT_LIBRARIES settings for target\n" "AFL_SKIP_BIN_CHECK: skip checking the location of and the target\n" - , argv0, EXEC_TIMEOUT, MEM_LIMIT, doc_path); exit(1); @@ -1115,7 +1119,8 @@ int main(int argc, char **argv_orig, char **envp) { } - configure_afl_kill_signals(&fsrv, NULL, NULL); + configure_afl_kill_signals( + &fsrv, NULL, NULL, (fsrv.qemu_mode || unicorn_mode) ? SIGKILL : SIGTERM); read_initial_file(); (void)check_binary_signatures(fsrv.target_path); diff --git a/src/afl-common.c b/src/afl-common.c index 6f5e4a38..31005804 100644 --- a/src/afl-common.c +++ b/src/afl-common.c @@ -484,7 +484,8 @@ int parse_afl_kill_signal(u8 *numeric_signal_as_str, int default_signal) { void configure_afl_kill_signals(afl_forkserver_t *fsrv, char *afl_kill_signal_env, - char *afl_fsrv_kill_signal_env) { + char *afl_fsrv_kill_signal_env, + int default_server_kill_signal) { afl_kill_signal_env = afl_kill_signal_env ? afl_kill_signal_env : getenv("AFL_KILL_SIGNAL"); @@ -505,8 +506,8 @@ void configure_afl_kill_signals(afl_forkserver_t *fsrv, } - fsrv->fsrv_kill_signal = - parse_afl_kill_signal(afl_fsrv_kill_signal_env, SIGTERM); + fsrv->fsrv_kill_signal = parse_afl_kill_signal(afl_fsrv_kill_signal_env, + default_server_kill_signal); } diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 6ff4d266..acb0b2ec 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -249,22 +249,24 @@ static void usage(u8 *argv0, int more_help) { "AFL_DISABLE_TRIM: disable the trimming of test cases\n" "AFL_DUMB_FORKSRV: use fork server without feedback from target\n" "AFL_EXIT_WHEN_DONE: exit when all inputs are run and no new finds are found\n" - "AFL_EXIT_ON_TIME: exit when no new coverage finds are made within the specified time period\n" - "AFL_EXPAND_HAVOC_NOW: immediately enable expand havoc mode (default: after 60 minutes and a cycle without finds)\n" + "AFL_EXIT_ON_TIME: exit when no new coverage is found within the specified time\n" + "AFL_EXPAND_HAVOC_NOW: immediately enable expand havoc mode (default: after 60\n" + " minutes and a cycle without finds)\n" "AFL_FAST_CAL: limit the calibration stage to three cycles for speedup\n" "AFL_FORCE_UI: force showing the status screen (for virtual consoles)\n" - "AFL_FORKSRV_INIT_TMOUT: time spent waiting for forkserver during startup (in milliseconds)\n" + "AFL_FORKSRV_INIT_TMOUT: time spent waiting for forkserver during startup (in ms)\n" "AFL_HANG_TMOUT: override timeout value (in milliseconds)\n" "AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES: don't warn about core dump handlers\n" "AFL_IGNORE_UNKNOWN_ENVS: don't warn on unknown env vars\n" - "AFL_IGNORE_PROBLEMS: do not abort fuzzing if an incorrect setup is detected during a run\n" + "AFL_IGNORE_PROBLEMS: do not abort fuzzing if an incorrect setup is detected\n" "AFL_IMPORT_FIRST: sync and import test cases from other fuzzer instances first\n" "AFL_INPUT_LEN_MIN/AFL_INPUT_LEN_MAX: like -g/-G set min/max fuzz length produced\n" "AFL_PIZZA_MODE: 1 - enforce pizza mode, 0 - disable for April 1st\n" - "AFL_KILL_SIGNAL: Signal ID delivered to child processes on timeout, etc. (default: SIGKILL)\n" - "AFL_FORK_SERVER_KILL_SIGNAL: Signal delivered to fork server processes on termination\n" - " (default: SIGTERM). If this is not set and AFL_KILL_SIGNAL is set,\n" - " this will be set to the same value.\n" + "AFL_KILL_SIGNAL: Signal ID delivered to child processes on timeout, etc.\n" + " (default: SIGKILL)\n" + "AFL_FORK_SERVER_KILL_SIGNAL: Kill signal for the fork server on termination\n" + " (default: SIGTERM). If unset and AFL_KILL_SIGNAL is\n" + " set, that value will be used.\n" "AFL_MAP_SIZE: the shared memory size for that target. must be >= the size\n" " the target was compiled for\n" "AFL_MAX_DET_EXTRAS: if more entries are in the dictionary list than this value\n" @@ -1363,7 +1365,14 @@ int main(int argc, char **argv_orig, char **envp) { #endif configure_afl_kill_signals(&afl->fsrv, afl->afl_env.afl_child_kill_signal, - afl->afl_env.afl_fsrv_kill_signal); + afl->afl_env.afl_fsrv_kill_signal, + (afl->fsrv.qemu_mode || afl->unicorn_mode + #ifdef __linux__ + || afl->fsrv.nyx_mode + #endif + ) + ? SIGKILL + : SIGTERM); setup_signal_handlers(); check_asan_opts(afl); diff --git a/src/afl-showmap.c b/src/afl-showmap.c index b5357da4..0de798fe 100644 --- a/src/afl-showmap.c +++ b/src/afl-showmap.c @@ -863,19 +863,20 @@ static void usage(u8 *argv0) { "AFL_DEBUG: enable extra developer output\n" "AFL_FORKSRV_INIT_TMOUT: time spent waiting for forkserver during " "startup (in milliseconds)\n" - "AFL_KILL_SIGNAL: Signal ID delivered to child processes on timeout,\n" - " etc. (default: SIGKILL)\n" - "AFL_FORK_SERVER_KILL_SIGNAL: Signal delivered to fork server processes " - "on termination\n" - " (default: SIGTERM). If this is not set and " - "AFL_KILL_SIGNAL is set,\n" - " this will be set to the same value as " - "AFL_KILL_SIGNAL.\n" + "AFL_KILL_SIGNAL: Signal ID delivered to child processes on timeout, " + "etc.\n" + " (default: SIGKILL)\n" + "AFL_FORK_SERVER_KILL_SIGNAL: Kill signal for the fork server on " + "termination\n" + " (default: SIGTERM). If unset and " + "AFL_KILL_SIGNAL is\n" + " set, that value will be used.\n" "AFL_MAP_SIZE: the shared memory size for that target. must be >= the " - "size the target was compiled for\n" + "size the\n" + " target was compiled for\n" "AFL_PRELOAD: LD_PRELOAD / DYLD_INSERT_LIBRARIES settings for target\n" - "AFL_PRINT_FILENAMES: If set, the filename currently processed will be " - "printed to stdout\n" + "AFL_PRINT_FILENAMES: Print the queue entry currently processed will to " + "stdout\n" "AFL_QUIET: do not print extra informational output\n" "AFL_NO_FORKSRV: run target via execve instead of using the forkserver\n", argv0, doc_path); @@ -1268,7 +1269,9 @@ int main(int argc, char **argv_orig, char **envp) { : 0); be_quiet = save_be_quiet; - configure_afl_kill_signals(fsrv, NULL, NULL); + configure_afl_kill_signals( + fsrv, NULL, NULL, + (fsrv->qemu_mode || unicorn_mode) ? SIGKILL : SIGTERM); if (new_map_size) { diff --git a/src/afl-tmin.c b/src/afl-tmin.c index 3a27b879..d93b9a41 100644 --- a/src/afl-tmin.c +++ b/src/afl-tmin.c @@ -879,11 +879,12 @@ static void usage(u8 *argv0) { "Environment variables used:\n" "AFL_CRASH_EXITCODE: optional child exit code to be interpreted as crash\n" - "AFL_FORKSRV_INIT_TMOUT: time spent waiting for forkserver during startup (in milliseconds)\n" - "AFL_KILL_SIGNAL: Signal ID delivered to child processes on timeout, etc. (default: SIGKILL)\n" - "AFL_FORK_SERVER_KILL_SIGNAL: Signal delivered to fork server processes on termination\n" - " (default: SIGTERM). If this is not set and AFL_KILL_SIGNAL is set,\n" - " this will be set to the same value as AFL_KILL_SIGNAL.\n" + "AFL_FORKSRV_INIT_TMOUT: time spent waiting for forkserver during startup (in ms)\n" + "AFL_KILL_SIGNAL: Signal ID delivered to child processes on timeout, etc.\n" + " (default: SIGKILL)\n" + "AFL_FORK_SERVER_KILL_SIGNAL: Kill signal for the fork server on termination\n" + " (default: SIGTERM). If unset and AFL_KILL_SIGNAL is\n" + " set, that value will be used.\n" "AFL_MAP_SIZE: the shared memory size for that target. must be >= the size\n" " the target was compiled for\n" "AFL_PRELOAD: LD_PRELOAD / DYLD_INSERT_LIBRARIES settings for target\n" @@ -1198,7 +1199,8 @@ int main(int argc, char **argv_orig, char **envp) { } - configure_afl_kill_signals(fsrv, NULL, NULL); + configure_afl_kill_signals( + fsrv, NULL, NULL, (fsrv->qemu_mode || unicorn_mode) ? SIGKILL : SIGTERM); if (getenv("AFL_CRASH_EXITCODE")) { diff --git a/unicorn_mode/UNICORNAFL_VERSION b/unicorn_mode/UNICORNAFL_VERSION index 09bc04ad..bba4215c 100644 --- a/unicorn_mode/UNICORNAFL_VERSION +++ b/unicorn_mode/UNICORNAFL_VERSION @@ -1 +1 @@ -0a31c2b28bf7037fe8b0ff376521fdbdf28a9efe +6e00ceac diff --git a/unicorn_mode/unicornafl b/unicorn_mode/unicornafl -Subproject 0a31c2b28bf7037fe8b0ff376521fdbdf28a9ef +Subproject 6e00ceac6fd5627e42e1858c543c84f2fbdaedd diff --git a/utils/aflpp_driver/aflpp_driver.c b/utils/aflpp_driver/aflpp_driver.c index a76ba6c2..03376b6a 100644 --- a/utils/aflpp_driver/aflpp_driver.c +++ b/utils/aflpp_driver/aflpp_driver.c @@ -336,6 +336,10 @@ int LLVMFuzzerRunDriver(int *argcp, char ***argvp, return ExecuteFilesOnyByOne(argc, argv, callback); + } else { + + N = INT_MAX; + } assert(N > 0); |