about summary refs log tree commit diff
path: root/src/afl-fuzz-init.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/afl-fuzz-init.c')
-rw-r--r--src/afl-fuzz-init.c79
1 files changed, 46 insertions, 33 deletions
diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c
index 9349fefe..96d4fc46 100644
--- a/src/afl-fuzz-init.c
+++ b/src/afl-fuzz-init.c
@@ -1315,10 +1315,10 @@ dir_cleanup_failed:
 
 }
 
-/* If this is a -S slave, ensure a -M master is running, if a master is
-   running when another master is started then warn */
+/* If this is a -S secondary node, ensure a -M main node is running,
+  if a main node is running when another main is started, then warn */
 
-int check_master_exists(afl_state_t *afl) {
+int check_main_node_exists(afl_state_t *afl) {
 
   DIR *          sd;
   struct dirent *sd_ent;
@@ -1337,7 +1337,7 @@ int check_master_exists(afl_state_t *afl) {
 
     }
 
-    fn = alloc_printf("%s/%s/is_master", afl->sync_dir, sd_ent->d_name);
+    fn = alloc_printf("%s/%s/is_main_node", afl->sync_dir, sd_ent->d_name);
     int res = access(fn, F_OK);
     free(fn);
     if (res == 0) return 1;
@@ -1392,9 +1392,9 @@ void setup_dirs_fds(afl_state_t *afl) {
 
   }
 
-  if (afl->is_master) {
+  if (afl->is_main_node) {
 
-    u8 *x = alloc_printf("%s/is_master", afl->out_dir);
+    u8 *x = alloc_printf("%s/is_main_node", afl->out_dir);
     int fd = open(x, O_CREAT | O_RDWR, 0644);
     if (fd < 0) FATAL("cannot create %s", x);
     free(x);
@@ -1859,7 +1859,11 @@ void fix_up_sync(afl_state_t *afl) {
 
   u8 *x = afl->sync_id;
 
-  if (afl->dumb_mode) { FATAL("-S / -M and -n are mutually exclusive"); }
+  if (afl->non_instrumented_mode) {
+
+    FATAL("-S / -M and -n are mutually exclusive");
+
+  }
 
   while (*x) {
 
@@ -1949,6 +1953,36 @@ static void handle_skipreq(int sig) {
 
 }
 
+/* Setup shared map for fuzzing with input via sharedmem */
+
+void setup_testcase_shmem(afl_state_t *afl) {
+
+  afl->shm_fuzz = ck_alloc(sizeof(sharedmem_t));
+
+  // we need to set the non-instrumented mode to not overwrite the SHM_ENV_VAR
+  if ((afl->fsrv.shmem_fuzz_len =
+           (u32 *)afl_shm_init(afl->shm_fuzz, MAX_FILE + sizeof(int), 1))) {
+
+#ifdef USEMMAP
+    setenv(SHM_FUZZ_ENV_VAR, afl->shm_fuzz->g_shm_file_path, 1);
+#else
+    u8 *shm_str;
+    shm_str = alloc_printf("%d", afl->shm_fuzz->shm_id);
+    setenv(SHM_FUZZ_ENV_VAR, shm_str, 1);
+    ck_free(shm_str);
+#endif
+    afl->fsrv.support_shmem_fuzz = 1;
+    afl->fsrv.shmem_fuzz = (u8 *)(afl->fsrv.shmem_fuzz_len + sizeof(int));
+
+  } else {
+
+    ck_free(afl->shm_fuzz);
+    afl->shm_fuzz = NULL;
+
+  }
+
+}
+
 /* Do a PATH search and find target binary to see that it exists and
    isn't a shell script - a common and painful mistake. We also check for
    a valid ELF header and for evidence of AFL instrumentation. */
@@ -2098,7 +2132,8 @@ void check_binary(afl_state_t *afl, u8 *fname) {
 
 #endif                                                       /* ^!__APPLE__ */
 
-  if (!afl->fsrv.qemu_mode && !afl->unicorn_mode && !afl->dumb_mode &&
+  if (!afl->fsrv.qemu_mode && !afl->unicorn_mode &&
+      !afl->non_instrumented_mode &&
       !memmem(f_data, f_len, SHM_ENV_VAR, strlen(SHM_ENV_VAR) + 1)) {
 
     SAYF("\n" cLRD "[-] " cRST
@@ -2115,8 +2150,8 @@ void check_binary(afl_state_t *afl, u8 *fname) {
          "    mode support. Consult the README.md for tips on how to enable "
          "this.\n"
 
-         "    (It is also possible to use afl-fuzz as a traditional, \"dumb\" "
-         "fuzzer.\n"
+         "    (It is also possible to use afl-fuzz as a traditional, "
+         "non-instrumented fuzzer.\n"
          "    For that, you can use the -n option - but expect much worse "
          "results.)\n",
          doc_path);
@@ -2153,30 +2188,8 @@ void check_binary(afl_state_t *afl, u8 *fname) {
     OKF(cPIN "Persistent mode binary detected.");
     setenv(PERSIST_ENV_VAR, "1", 1);
     afl->persistent_mode = 1;
-    // do not fail if we can not get the fuzzing shared mem
-    if ((afl->shm_fuzz = calloc(1, sizeof(sharedmem_t)))) {
-
-      // we need to set the dumb mode to not overwrite the SHM_ENV_VAR
-      if ((afl->fsrv.shdmem_fuzz = afl_shm_init(afl->shm_fuzz, MAX_FILE, 1))) {
-
-#ifdef USEMMAP
-        setenv(SHM_FUZZ_ENV_VAR, afl->shm_fuzz->g_shm_file_path, 1);
-#else
-        u8 *shm_str;
-        shm_str = alloc_printf("%d", afl->shm_fuzz->shm_id);
-        setenv(SHM_FUZZ_ENV_VAR, shm_str, 1);
-        ck_free(shm_str);
-#endif
-        afl->fsrv.support_shdmen_fuzz = 1;
-
-      } else {
-
-        free(afl->shm_fuzz);
-        afl->shm_fuzz = NULL;
 
-      }
-
-    }
+    afl->shmem_testcase_mode = 1;
 
   } else if (getenv("AFL_PERSISTENT")) {
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-05-17 21:17:56 +0000