diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/afl-analyze.c | 12 | ||||
| -rw-r--r-- | src/afl-cc.c | 24 | ||||
| -rw-r--r-- | src/afl-common.c | 55 | ||||
| -rw-r--r-- | src/afl-forkserver.c | 18 | ||||
| -rw-r--r-- | src/afl-fuzz-state.c | 23 | ||||
| -rw-r--r-- | src/afl-fuzz-stats.c | 12 | ||||
| -rw-r--r-- | src/afl-fuzz.c | 28 | ||||
| -rw-r--r-- | src/afl-showmap.c | 44 | ||||
| -rw-r--r-- | src/afl-tmin.c | 14 |
9 files changed, 168 insertions, 62 deletions
diff --git a/src/afl-analyze.c b/src/afl-analyze.c index a21f014f..a9b5b326 100644 --- a/src/afl-analyze.c +++ b/src/afl-analyze.c @@ -114,7 +114,7 @@ static void kill_child() { if (fsrv.child_pid > 0) { - kill(fsrv.child_pid, fsrv.kill_signal); + kill(fsrv.child_pid, fsrv.child_kill_signal); fsrv.child_pid = -1; } @@ -862,11 +862,15 @@ static void usage(u8 *argv0) { "MSAN_OPTIONS: custom settings for MSAN\n" " (must contain exitcode="STRINGIFY(MSAN_ERROR)" and symbolize=0)\n" "AFL_ANALYZE_HEX: print file offsets in hexadecimal instead of decimal\n" + "AFL_KILL_SIGNAL: Signal ID delivered to child processes on timeout, etc.\n" + " (default: SIGKILL)\n" + "AFL_FORK_SERVER_KILL_SIGNAL: Kill signal for the fork server on termination\n" + " (default: SIGTERM). If unset and AFL_KILL_SIGNAL is\n" + " set, that value will be used.\n" "AFL_MAP_SIZE: the shared memory size for that target. must be >= the size\n" " the target was compiled for\n" "AFL_PRELOAD: LD_PRELOAD / DYLD_INSERT_LIBRARIES settings for target\n" "AFL_SKIP_BIN_CHECK: skip checking the location of and the target\n" - , argv0, EXEC_TIMEOUT, MEM_LIMIT, doc_path); exit(1); @@ -1115,8 +1119,8 @@ int main(int argc, char **argv_orig, char **envp) { } - fsrv.kill_signal = - parse_afl_kill_signal_env(getenv("AFL_KILL_SIGNAL"), SIGKILL); + configure_afl_kill_signals( + &fsrv, NULL, NULL, (fsrv.qemu_mode || unicorn_mode) ? SIGKILL : SIGTERM); read_initial_file(); (void)check_binary_signatures(fsrv.target_path); diff --git a/src/afl-cc.c b/src/afl-cc.c index 15284a65..1c3b5405 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -514,7 +514,9 @@ static void edit_params(u32 argc, char **argv, char **envp) { if (lto_mode && have_instr_env) { #if LLVM_MAJOR >= 11 /* use new pass manager */ + #if LLVM_MAJOR < 16 cc_params[cc_par_cnt++] = "-fexperimental-new-pass-manager"; + #endif cc_params[cc_par_cnt++] = alloc_printf( "-fpass-plugin=%s/afl-llvm-lto-instrumentlist.so", obj_path); #else @@ -530,7 +532,9 @@ static void edit_params(u32 argc, char **argv, char **envp) { if (getenv("AFL_LLVM_DICT2FILE")) { #if LLVM_MAJOR >= 11 /* use new pass manager */ + #if LLVM_MAJOR < 16 cc_params[cc_par_cnt++] = "-fexperimental-new-pass-manager"; + #endif cc_params[cc_par_cnt++] = alloc_printf("-fpass-plugin=%s/afl-llvm-dict2file.so", obj_path); #else @@ -547,7 +551,9 @@ static void edit_params(u32 argc, char **argv, char **envp) { if (getenv("LAF_SPLIT_SWITCHES") || getenv("AFL_LLVM_LAF_SPLIT_SWITCHES")) { #if LLVM_MAJOR >= 11 /* use new pass manager */ + #if LLVM_MAJOR < 16 cc_params[cc_par_cnt++] = "-fexperimental-new-pass-manager"; + #endif cc_params[cc_par_cnt++] = alloc_printf("-fpass-plugin=%s/split-switches-pass.so", obj_path); #else @@ -564,7 +570,9 @@ static void edit_params(u32 argc, char **argv, char **envp) { getenv("AFL_LLVM_LAF_TRANSFORM_COMPARES")) { #if LLVM_MAJOR >= 11 /* use new pass manager */ + #if LLVM_MAJOR < 16 cc_params[cc_par_cnt++] = "-fexperimental-new-pass-manager"; + #endif cc_params[cc_par_cnt++] = alloc_printf("-fpass-plugin=%s/compare-transform-pass.so", obj_path); #else @@ -581,7 +589,9 @@ static void edit_params(u32 argc, char **argv, char **envp) { getenv("AFL_LLVM_LAF_SPLIT_FLOATS")) { #if LLVM_MAJOR >= 11 /* use new pass manager */ + #if LLVM_MAJOR < 16 cc_params[cc_par_cnt++] = "-fexperimental-new-pass-manager"; + #endif cc_params[cc_par_cnt++] = alloc_printf("-fpass-plugin=%s/split-compares-pass.so", obj_path); #else @@ -604,10 +614,14 @@ static void edit_params(u32 argc, char **argv, char **envp) { cc_params[cc_par_cnt++] = "-fno-inline"; #if LLVM_MAJOR >= 11 /* use new pass manager */ + #if LLVM_MAJOR < 16 cc_params[cc_par_cnt++] = "-fexperimental-new-pass-manager"; + #endif cc_params[cc_par_cnt++] = alloc_printf("-fpass-plugin=%s/cmplog-switches-pass.so", obj_path); + #if LLVM_MAJOR < 16 cc_params[cc_par_cnt++] = "-fexperimental-new-pass-manager"; + #endif cc_params[cc_par_cnt++] = alloc_printf("-fpass-plugin=%s/split-switches-pass.so", obj_path); #else @@ -705,7 +719,9 @@ static void edit_params(u32 argc, char **argv, char **envp) { } else { #if LLVM_MAJOR >= 11 /* use new pass manager */ + #if LLVM_MAJOR < 16 cc_params[cc_par_cnt++] = "-fexperimental-new-pass-manager"; + #endif cc_params[cc_par_cnt++] = alloc_printf( "-fpass-plugin=%s/SanitizerCoveragePCGUARD.so", obj_path); #else @@ -743,7 +759,9 @@ static void edit_params(u32 argc, char **argv, char **envp) { } else { #if LLVM_MAJOR >= 11 /* use new pass manager */ + #if LLVM_MAJOR < 16 cc_params[cc_par_cnt++] = "-fexperimental-new-pass-manager"; + #endif cc_params[cc_par_cnt++] = alloc_printf("-fpass-plugin=%s/afl-llvm-pass.so", obj_path); #else @@ -761,10 +779,14 @@ static void edit_params(u32 argc, char **argv, char **envp) { if (cmplog_mode) { #if LLVM_MAJOR >= 11 + #if LLVM_MAJOR < 16 cc_params[cc_par_cnt++] = "-fexperimental-new-pass-manager"; + #endif cc_params[cc_par_cnt++] = alloc_printf( "-fpass-plugin=%s/cmplog-instructions-pass.so", obj_path); + #if LLVM_MAJOR < 16 cc_params[cc_par_cnt++] = "-fexperimental-new-pass-manager"; + #endif cc_params[cc_par_cnt++] = alloc_printf("-fpass-plugin=%s/cmplog-routines-pass.so", obj_path); #else @@ -955,7 +977,7 @@ static void edit_params(u32 argc, char **argv, char **envp) { if (plusplus_mode && strlen(libdir) && strncmp(libdir, "/usr", 4) && strncmp(libdir, "/lib", 4)) { - cc_params[cc_par_cnt++] = "-rpath"; + cc_params[cc_par_cnt++] = "-Wl,-rpath"; cc_params[cc_par_cnt++] = libdir; } else { diff --git a/src/afl-common.c b/src/afl-common.c index f3e78ac5..31005804 100644 --- a/src/afl-common.c +++ b/src/afl-common.c @@ -25,6 +25,7 @@ #include <stdlib.h> #include <stdio.h> +#include "forkserver.h" #ifndef _GNU_SOURCE #define _GNU_SOURCE #endif @@ -47,6 +48,7 @@ #include <sys/types.h> #include <sys/stat.h> #include <fcntl.h> +#include <signal.h> u8 be_quiet = 0; u8 *doc_path = ""; @@ -456,38 +458,57 @@ u8 *find_afl_binary(u8 *own_loc, u8 *fname) { } -/* Parses the kill signal environment variable, FATALs on error. - If the env is not set, sets the env to default_signal for the signal handlers - and returns the default_signal. */ -int parse_afl_kill_signal_env(u8 *afl_kill_signal_env, int default_signal) { +int parse_afl_kill_signal(u8 *numeric_signal_as_str, int default_signal) { - if (afl_kill_signal_env && afl_kill_signal_env[0]) { + if (numeric_signal_as_str && numeric_signal_as_str[0]) { char *endptr; u8 signal_code; - signal_code = (u8)strtoul(afl_kill_signal_env, &endptr, 10); + signal_code = (u8)strtoul(numeric_signal_as_str, &endptr, 10); /* Did we manage to parse the full string? */ - if (*endptr != '\0' || endptr == (char *)afl_kill_signal_env) { + if (*endptr != '\0' || endptr == (char *)numeric_signal_as_str) { - FATAL("Invalid AFL_KILL_SIGNAL: %s (expected unsigned int)", - afl_kill_signal_env); + FATAL("Invalid signal name: %s", numeric_signal_as_str); + + } else { + + return signal_code; } - return signal_code; + } - } else { + return default_signal; - char *sigstr = alloc_printf("%d", default_signal); - if (!sigstr) { FATAL("Failed to alloc mem for signal buf"); } +} - /* Set the env for signal handler */ - setenv("AFL_KILL_SIGNAL", sigstr, 1); - free(sigstr); - return default_signal; +void configure_afl_kill_signals(afl_forkserver_t *fsrv, + char *afl_kill_signal_env, + char *afl_fsrv_kill_signal_env, + int default_server_kill_signal) { + + afl_kill_signal_env = + afl_kill_signal_env ? afl_kill_signal_env : getenv("AFL_KILL_SIGNAL"); + afl_fsrv_kill_signal_env = afl_fsrv_kill_signal_env + ? afl_fsrv_kill_signal_env + : getenv("AFL_FORK_SERVER_KILL_SIGNAL"); + + fsrv->child_kill_signal = parse_afl_kill_signal(afl_kill_signal_env, SIGKILL); + + if (afl_kill_signal_env && !afl_fsrv_kill_signal_env) { + + /* + Set AFL_FORK_SERVER_KILL_SIGNAL to the value of AFL_KILL_SIGNAL for + backwards compatibility. However, if AFL_FORK_SERVER_KILL_SIGNAL is set, is + takes precedence. + */ + afl_fsrv_kill_signal_env = afl_kill_signal_env; } + fsrv->fsrv_kill_signal = parse_afl_kill_signal(afl_fsrv_kill_signal_env, + default_server_kill_signal); + } static inline unsigned int helper_min3(unsigned int a, unsigned int b, diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index 628ff590..a241f2c6 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -100,7 +100,7 @@ void afl_fsrv_init(afl_forkserver_t *fsrv) { fsrv->init_tmout = EXEC_TIMEOUT * FORK_WAIT_MULT; fsrv->mem_limit = MEM_LIMIT; fsrv->out_file = NULL; - fsrv->kill_signal = SIGKILL; + fsrv->child_kill_signal = SIGKILL; /* exec related stuff */ fsrv->child_pid = -1; @@ -134,7 +134,7 @@ void afl_fsrv_init_dup(afl_forkserver_t *fsrv_to, afl_forkserver_t *from) { fsrv_to->no_unlink = from->no_unlink; fsrv_to->uses_crash_exitcode = from->uses_crash_exitcode; fsrv_to->crash_exitcode = from->crash_exitcode; - fsrv_to->kill_signal = from->kill_signal; + fsrv_to->child_kill_signal = from->child_kill_signal; fsrv_to->debug = from->debug; // These are forkserver specific. @@ -793,7 +793,7 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, s32 tmp_pid = fsrv->fsrv_pid; if (tmp_pid > 0) { - kill(tmp_pid, fsrv->kill_signal); + kill(tmp_pid, fsrv->child_kill_signal); fsrv->fsrv_pid = -1; } @@ -804,7 +804,7 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, s32 tmp_pid = fsrv->fsrv_pid; if (tmp_pid > 0) { - kill(tmp_pid, fsrv->kill_signal); + kill(tmp_pid, fsrv->child_kill_signal); fsrv->fsrv_pid = -1; } @@ -1242,11 +1242,11 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, void afl_fsrv_kill(afl_forkserver_t *fsrv) { - if (fsrv->child_pid > 0) { kill(fsrv->child_pid, fsrv->kill_signal); } + if (fsrv->child_pid > 0) { kill(fsrv->child_pid, fsrv->child_kill_signal); } if (fsrv->fsrv_pid > 0) { - kill(fsrv->fsrv_pid, fsrv->kill_signal); - if (waitpid(fsrv->fsrv_pid, NULL, 0) <= 0) { WARNF("error waitpid\n"); } + kill(fsrv->fsrv_pid, fsrv->fsrv_kill_signal); + waitpid(fsrv->fsrv_pid, NULL, 0); } @@ -1545,7 +1545,7 @@ afl_fsrv_run_target(afl_forkserver_t *fsrv, u32 timeout, s32 tmp_pid = fsrv->child_pid; if (tmp_pid > 0) { - kill(tmp_pid, fsrv->kill_signal); + kill(tmp_pid, fsrv->child_kill_signal); fsrv->child_pid = -1; } @@ -1605,7 +1605,7 @@ afl_fsrv_run_target(afl_forkserver_t *fsrv, u32 timeout, /* Did we timeout? */ if (unlikely(fsrv->last_run_timed_out)) { - fsrv->last_kill_signal = fsrv->kill_signal; + fsrv->last_kill_signal = fsrv->child_kill_signal; return FSRV_RUN_TMOUT; } diff --git a/src/afl-fuzz-state.c b/src/afl-fuzz-state.c index 5199f7e6..8bd465f0 100644 --- a/src/afl-fuzz-state.c +++ b/src/afl-fuzz-state.c @@ -23,6 +23,7 @@ */ +#include <signal.h> #include "afl-fuzz.h" #include "envs.h" @@ -487,7 +488,14 @@ void read_afl_environment(afl_state_t *afl, char **envp) { afl_environment_variable_len)) { - afl->afl_env.afl_kill_signal = + afl->afl_env.afl_child_kill_signal = + (u8 *)get_afl_env(afl_environment_variables[i]); + + } else if (!strncmp(env, "AFL_FORK_SERVER_KILL_SIGNAL", + + afl_environment_variable_len)) { + + afl->afl_env.afl_fsrv_kill_signal = (u8 *)get_afl_env(afl_environment_variables[i]); } else if (!strncmp(env, "AFL_TARGET_ENV", @@ -654,8 +662,17 @@ void afl_states_stop(void) { LIST_FOREACH(&afl_states, afl_state_t, { - if (el->fsrv.child_pid > 0) kill(el->fsrv.child_pid, el->fsrv.kill_signal); - if (el->fsrv.fsrv_pid > 0) kill(el->fsrv.fsrv_pid, el->fsrv.kill_signal); + /* NOTE: We need to make sure that the parent (the forkserver) reap the + * child (see below). */ + if (el->fsrv.child_pid > 0) + kill(el->fsrv.child_pid, el->fsrv.child_kill_signal); + if (el->fsrv.fsrv_pid > 0) { + + kill(el->fsrv.fsrv_pid, el->fsrv.fsrv_kill_signal); + /* Make sure the forkserver does not end up as zombie. */ + waitpid(el->fsrv.fsrv_pid, NULL, 0); + + } }); diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index 713f3a3c..61956dc3 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -1410,9 +1410,15 @@ void show_stats_pizza(afl_state_t *afl) { /* AFL_EXIT_ON_TIME. */ - if (unlikely(afl->last_find_time && !afl->non_instrumented_mode && - afl->afl_env.afl_exit_on_time && - (cur_ms - afl->last_find_time) > afl->exit_on_time)) { + /* If no coverage was found yet, check whether run time is greater than + * exit_on_time. */ + + if (unlikely( + !afl->non_instrumented_mode && afl->afl_env.afl_exit_on_time && + ((afl->last_find_time && + (cur_ms - afl->last_find_time) > afl->exit_on_time) || + (!afl->last_find_time && (afl->prev_run_time + cur_ms - + afl->start_time) > afl->exit_on_time)))) { afl->stop_soon = 2; diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 84ae54ff..acb0b2ec 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -25,6 +25,7 @@ #include "afl-fuzz.h" #include "cmplog.h" +#include "common.h" #include <limits.h> #include <stdlib.h> #ifndef USEMMAP @@ -248,19 +249,24 @@ static void usage(u8 *argv0, int more_help) { "AFL_DISABLE_TRIM: disable the trimming of test cases\n" "AFL_DUMB_FORKSRV: use fork server without feedback from target\n" "AFL_EXIT_WHEN_DONE: exit when all inputs are run and no new finds are found\n" - "AFL_EXIT_ON_TIME: exit when no new coverage finds are made within the specified time period\n" - "AFL_EXPAND_HAVOC_NOW: immediately enable expand havoc mode (default: after 60 minutes and a cycle without finds)\n" + "AFL_EXIT_ON_TIME: exit when no new coverage is found within the specified time\n" + "AFL_EXPAND_HAVOC_NOW: immediately enable expand havoc mode (default: after 60\n" + " minutes and a cycle without finds)\n" "AFL_FAST_CAL: limit the calibration stage to three cycles for speedup\n" "AFL_FORCE_UI: force showing the status screen (for virtual consoles)\n" - "AFL_FORKSRV_INIT_TMOUT: time spent waiting for forkserver during startup (in milliseconds)\n" + "AFL_FORKSRV_INIT_TMOUT: time spent waiting for forkserver during startup (in ms)\n" "AFL_HANG_TMOUT: override timeout value (in milliseconds)\n" "AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES: don't warn about core dump handlers\n" "AFL_IGNORE_UNKNOWN_ENVS: don't warn on unknown env vars\n" - "AFL_IGNORE_PROBLEMS: do not abort fuzzing if an incorrect setup is detected during a run\n" + "AFL_IGNORE_PROBLEMS: do not abort fuzzing if an incorrect setup is detected\n" "AFL_IMPORT_FIRST: sync and import test cases from other fuzzer instances first\n" "AFL_INPUT_LEN_MIN/AFL_INPUT_LEN_MAX: like -g/-G set min/max fuzz length produced\n" "AFL_PIZZA_MODE: 1 - enforce pizza mode, 0 - disable for April 1st\n" - "AFL_KILL_SIGNAL: Signal ID delivered to child processes on timeout, etc. (default: SIGKILL)\n" + "AFL_KILL_SIGNAL: Signal ID delivered to child processes on timeout, etc.\n" + " (default: SIGKILL)\n" + "AFL_FORK_SERVER_KILL_SIGNAL: Kill signal for the fork server on termination\n" + " (default: SIGTERM). If unset and AFL_KILL_SIGNAL is\n" + " set, that value will be used.\n" "AFL_MAP_SIZE: the shared memory size for that target. must be >= the size\n" " the target was compiled for\n" "AFL_MAX_DET_EXTRAS: if more entries are in the dictionary list than this value\n" @@ -1358,8 +1364,15 @@ int main(int argc, char **argv_orig, char **envp) { #endif - afl->fsrv.kill_signal = - parse_afl_kill_signal_env(afl->afl_env.afl_kill_signal, SIGKILL); + configure_afl_kill_signals(&afl->fsrv, afl->afl_env.afl_child_kill_signal, + afl->afl_env.afl_fsrv_kill_signal, + (afl->fsrv.qemu_mode || afl->unicorn_mode + #ifdef __linux__ + || afl->fsrv.nyx_mode + #endif + ) + ? SIGKILL + : SIGTERM); setup_signal_handlers(); check_asan_opts(afl); @@ -2570,6 +2583,7 @@ int main(int argc, char **argv_orig, char **envp) { stop_fuzzing: afl->force_ui_update = 1; // ensure the screen is reprinted + afl->stop_soon = 1; // ensure everything is written show_stats(afl); // print the screen one last time write_bitmap(afl); save_auto(afl); diff --git a/src/afl-showmap.c b/src/afl-showmap.c index 0b724758..93339a8f 100644 --- a/src/afl-showmap.c +++ b/src/afl-showmap.c @@ -129,7 +129,7 @@ static void kill_child() { timed_out = 1; if (fsrv->child_pid > 0) { - kill(fsrv->child_pid, fsrv->kill_signal); + kill(fsrv->child_pid, fsrv->child_kill_signal); fsrv->child_pid = -1; } @@ -515,11 +515,11 @@ static void showmap_run_target(afl_forkserver_t *fsrv, char **argv) { it.it_value.tv_sec = (fsrv->exec_tmout / 1000); it.it_value.tv_usec = (fsrv->exec_tmout % 1000) * 1000; - } + signal(SIGALRM, kill_child); - signal(SIGALRM, kill_child); + setitimer(ITIMER_REAL, &it, NULL); - setitimer(ITIMER_REAL, &it, NULL); + } if (waitpid(fsrv->child_pid, &status, 0) <= 0) { FATAL("waitpid() failed"); } @@ -822,8 +822,8 @@ static void usage(u8 *argv0) { " -o file - file to write the trace data to\n\n" "Execution control settings:\n" - " -t msec - timeout for each run (none)\n" - " -m megs - memory limit for child process (%u MB)\n" + " -t msec - timeout for each run (default: 1000ms)\n" + " -m megs - memory limit for child process (default: none)\n" #if defined(__linux__) && defined(__aarch64__) " -A - use binary-only instrumentation (ARM CoreSight mode)\n" #endif @@ -865,15 +865,22 @@ static void usage(u8 *argv0) { "AFL_FORKSRV_INIT_TMOUT: time spent waiting for forkserver during " "startup (in milliseconds)\n" "AFL_KILL_SIGNAL: Signal ID delivered to child processes on timeout, " - "etc. (default: SIGKILL)\n" + "etc.\n" + " (default: SIGKILL)\n" + "AFL_FORK_SERVER_KILL_SIGNAL: Kill signal for the fork server on " + "termination\n" + " (default: SIGTERM). If unset and " + "AFL_KILL_SIGNAL is\n" + " set, that value will be used.\n" "AFL_MAP_SIZE: the shared memory size for that target. must be >= the " - "size the target was compiled for\n" + "size the\n" + " target was compiled for\n" "AFL_PRELOAD: LD_PRELOAD / DYLD_INSERT_LIBRARIES settings for target\n" - "AFL_PRINT_FILENAMES: If set, the filename currently processed will be " - "printed to stdout\n" + "AFL_PRINT_FILENAMES: Print the queue entry currently processed will to " + "stdout\n" "AFL_QUIET: do not print extra informational output\n" "AFL_NO_FORKSRV: run target via execve instead of using the forkserver\n", - argv0, MEM_LIMIT, doc_path); + argv0, doc_path); exit(1); @@ -1009,6 +1016,16 @@ int main(int argc, char **argv_orig, char **envp) { } + } else { + + // The forkserver code does not have a way to completely + // disable the timeout, so we'll use a very, very long + // timeout instead. + WARNF( + "Setting an execution timeout of 120 seconds ('none' is not " + "allowed)."); + fsrv->exec_tmout = 120 * 1000; + } break; @@ -1258,8 +1275,9 @@ int main(int argc, char **argv_orig, char **envp) { : 0); be_quiet = save_be_quiet; - fsrv->kill_signal = - parse_afl_kill_signal_env(getenv("AFL_KILL_SIGNAL"), SIGKILL); + configure_afl_kill_signals( + fsrv, NULL, NULL, + (fsrv->qemu_mode || unicorn_mode) ? SIGKILL : SIGTERM); if (new_map_size) { diff --git a/src/afl-tmin.c b/src/afl-tmin.c index 694c9c21..d93b9a41 100644 --- a/src/afl-tmin.c +++ b/src/afl-tmin.c @@ -113,7 +113,7 @@ static void kill_child() { if (fsrv->child_pid > 0) { - kill(fsrv->child_pid, fsrv->kill_signal); + kill(fsrv->child_pid, fsrv->child_kill_signal); fsrv->child_pid = -1; } @@ -879,8 +879,12 @@ static void usage(u8 *argv0) { "Environment variables used:\n" "AFL_CRASH_EXITCODE: optional child exit code to be interpreted as crash\n" - "AFL_FORKSRV_INIT_TMOUT: time spent waiting for forkserver during startup (in milliseconds)\n" - "AFL_KILL_SIGNAL: Signal ID delivered to child processes on timeout, etc. (default: SIGKILL)\n" + "AFL_FORKSRV_INIT_TMOUT: time spent waiting for forkserver during startup (in ms)\n" + "AFL_KILL_SIGNAL: Signal ID delivered to child processes on timeout, etc.\n" + " (default: SIGKILL)\n" + "AFL_FORK_SERVER_KILL_SIGNAL: Kill signal for the fork server on termination\n" + " (default: SIGTERM). If unset and AFL_KILL_SIGNAL is\n" + " set, that value will be used.\n" "AFL_MAP_SIZE: the shared memory size for that target. must be >= the size\n" " the target was compiled for\n" "AFL_PRELOAD: LD_PRELOAD / DYLD_INSERT_LIBRARIES settings for target\n" @@ -1195,8 +1199,8 @@ int main(int argc, char **argv_orig, char **envp) { } - fsrv->kill_signal = - parse_afl_kill_signal_env(getenv("AFL_KILL_SIGNAL"), SIGKILL); + configure_afl_kill_signals( + fsrv, NULL, NULL, (fsrv->qemu_mode || unicorn_mode) ? SIGKILL : SIGTERM); if (getenv("AFL_CRASH_EXITCODE")) { |