diff options
Diffstat (limited to 'src/afl-forkserver.c')
| -rw-r--r-- | src/afl-forkserver.c | 27 |
1 files changed, 16 insertions, 11 deletions
diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index a0e08589..0b53d7c0 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -167,7 +167,7 @@ static u32 read_s32_timed(s32 fd, s32 *buf, u32 timeout_ms, } -/* Internal forkserver for dumb_mode=1 and non-forkserver mode runs. +/* Internal forkserver for non_instrumented_mode=1 and non-forkserver mode runs. It execvs for each fork, forwarding exit codes and child pids to afl. */ static void afl_fauxsrv_execv(afl_forkserver_t *fsrv, char **argv) { @@ -286,7 +286,7 @@ static void report_error_and_exit(int error) { } -/* Spins up fork server (instrumented mode only). The idea is explained here: +/* Spins up fork server. The idea is explained here: http://lcamtuf.blogspot.com/2014/10/fuzzing-binaries-without-execve.html @@ -305,7 +305,7 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, if (fsrv->use_fauxsrv) { - /* TODO: Come up with sone nice way to initalize this all */ + /* TODO: Come up with sone nice way to initialize this all */ if (fsrv->init_child_func != fsrv_exec_child) { @@ -454,8 +454,9 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, rlen = 0; if (fsrv->exec_tmout) { - u32 time_ms = read_s32_timed(fsrv->fsrv_st_fd, &status, - fsrv->exec_tmout * FORK_WAIT_MULT, stop_soon_p); + u32 time_ms = + read_s32_timed(fsrv->fsrv_st_fd, &status, + fsrv->exec_tmout * FORK_WAIT_MULT, stop_soon_p); if (!time_ms) { @@ -505,7 +506,7 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, if ((status & FS_OPT_SHDMEM_FUZZ) == FS_OPT_SHDMEM_FUZZ) { - if (fsrv->support_shdmen_fuzz) { + if (fsrv->support_shmem_fuzz) { fsrv->use_shdmen_fuzz = 1; if (!be_quiet) { ACTF("Using SHARED MEMORY FUZZING feature."); } @@ -521,6 +522,12 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, } + } else { + + FATAL( + "Target requested sharedmem fuzzing, but we failed to enable " + "it."); + } } @@ -822,10 +829,10 @@ static void afl_fsrv_kill(afl_forkserver_t *fsrv) { void afl_fsrv_write_to_testcase(afl_forkserver_t *fsrv, u8 *buf, size_t len) { - if (fsrv->shdmem_fuzz) { + if (fsrv->shmem_fuzz) { - memcpy(fsrv->shdmem_fuzz, buf, len); - fsrv->shdmem_fuzz_len = len; + memcpy(fsrv->shmem_fuzz, buf, len); + *fsrv->shmem_fuzz_len = len; } else { @@ -887,8 +894,6 @@ fsrv_run_result_t afl_fsrv_run_target(afl_forkserver_t *fsrv, u32 timeout, MEM_BARRIER(); - if (fsrv->shdmem_fuzz_len) write_value += (fsrv->shdmem_fuzz_len << 8); - /* we have the fork server (or faux server) up and running First, tell it if the previous run timed out. */ |