about summary refs log tree commit diff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/afl-analyze.c5
-rw-r--r--src/afl-common.c33
-rw-r--r--src/afl-forkserver.c4
-rw-r--r--src/afl-fuzz-state.c10
-rw-r--r--src/afl-fuzz.c4
-rw-r--r--src/afl-showmap.c6
-rw-r--r--src/afl-tmin.c7
7 files changed, 36 insertions, 33 deletions
diff --git a/src/afl-analyze.c b/src/afl-analyze.c
index f21acd7f..cbcd2ede 100644
--- a/src/afl-analyze.c
+++ b/src/afl-analyze.c
@@ -1116,7 +1116,10 @@ int main(int argc, char **argv_orig, char **envp) {
   }
 
   fsrv.child_kill_signal =
-      parse_afl_kill_signal_env(getenv("AFL_KILL_SIGNAL"), SIGKILL);
+      parse_afl_kill_signal(getenv("AFL_KILL_SIGNAL"), SIGKILL);
+  fsrv.fsrv_kill_signal =
+      parse_afl_kill_signal(getenv("AFL_FORK_SERVER_KILL_SIGNAL"), SIGTERM);
+
 
   read_initial_file();
   (void)check_binary_signatures(fsrv.target_path);
diff --git a/src/afl-common.c b/src/afl-common.c
index f3e78ac5..75b463ed 100644
--- a/src/afl-common.c
+++ b/src/afl-common.c
@@ -456,38 +456,24 @@ u8 *find_afl_binary(u8 *own_loc, u8 *fname) {
 
 }
 
-/* Parses the kill signal environment variable, FATALs on error.
-  If the env is not set, sets the env to default_signal for the signal handlers
-  and returns the default_signal. */
-int parse_afl_kill_signal_env(u8 *afl_kill_signal_env, int default_signal) {
 
-  if (afl_kill_signal_env && afl_kill_signal_env[0]) {
+int parse_afl_kill_signal(u8 *numeric_signal_as_str, int default_signal) {
+
+  if (numeric_signal_as_str && numeric_signal_as_str[0]) {
 
     char *endptr;
     u8    signal_code;
-    signal_code = (u8)strtoul(afl_kill_signal_env, &endptr, 10);
+    signal_code = (u8)strtoul(numeric_signal_as_str, &endptr, 10);
     /* Did we manage to parse the full string? */
-    if (*endptr != '\0' || endptr == (char *)afl_kill_signal_env) {
-
-      FATAL("Invalid AFL_KILL_SIGNAL: %s (expected unsigned int)",
-            afl_kill_signal_env);
-
+    if (*endptr != '\0' || endptr == (char *)numeric_signal_as_str) {
+      FATAL("Invalid signal name: %s", numeric_signal_as_str);
+    } else {
+      return signal_code;
     }
 
-    return signal_code;
-
-  } else {
-
-    char *sigstr = alloc_printf("%d", default_signal);
-    if (!sigstr) { FATAL("Failed to alloc mem for signal buf"); }
-
-    /* Set the env for signal handler */
-    setenv("AFL_KILL_SIGNAL", sigstr, 1);
-    free(sigstr);
-    return default_signal;
-
   }
 
+  return default_signal;
 }
 
 static inline unsigned int helper_min3(unsigned int a, unsigned int b,
@@ -1253,4 +1239,3 @@ s32 create_file(u8 *fn) {
   return fd;
 
 }
-
diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c
index 71da7fde..72db3c2e 100644
--- a/src/afl-forkserver.c
+++ b/src/afl-forkserver.c
@@ -1245,8 +1245,8 @@ void afl_fsrv_kill(afl_forkserver_t *fsrv) {
   if (fsrv->child_pid > 0) { kill(fsrv->child_pid, fsrv->child_kill_signal); }
   if (fsrv->fsrv_pid > 0) {
 
-    kill(fsrv->fsrv_pid, SIGTERM);
-    if (waitpid(fsrv->fsrv_pid, NULL, 0) <= 0) { WARNF("error waitpid\n"); }
+    kill(fsrv->fsrv_pid, fsrv->fsrv_kill_signal);
+    waitpid(fsrv->fsrv_pid, NULL, 0);
 
   }
 
diff --git a/src/afl-fuzz-state.c b/src/afl-fuzz-state.c
index 8bbef87c..ae6cb6c7 100644
--- a/src/afl-fuzz-state.c
+++ b/src/afl-fuzz-state.c
@@ -485,10 +485,15 @@ void read_afl_environment(afl_state_t *afl, char **envp) {
 #endif
 
           } else if (!strncmp(env, "AFL_KILL_SIGNAL",
+                              afl_environment_variable_len)) {
+
+            afl->afl_env.afl_child_kill_signal =
+                (u8 *)get_afl_env(afl_environment_variables[i]);
 
+          } else if (!strncmp(env, "AFL_FORK_SERVER_KILL_SIGNAL",
                               afl_environment_variable_len)) {
 
-            afl->afl_env.afl_kill_signal =
+            afl->afl_env.afl_fsrv_kill_signal =
                 (u8 *)get_afl_env(afl_environment_variables[i]);
 
           } else if (!strncmp(env, "AFL_TARGET_ENV",
@@ -657,8 +662,7 @@ void afl_states_stop(void) {
     /* NOTE: We need to make sure that the parent (the forkserver) reap the child (see below). */
     if (el->fsrv.child_pid > 0) kill(el->fsrv.child_pid, el->fsrv.child_kill_signal);
     if (el->fsrv.fsrv_pid > 0) {
-      /* This must be SIGTERM, to allow the forkserver to reap the child before exiting. */
-      kill(el->fsrv.fsrv_pid, SIGTERM);
+      kill(el->fsrv.fsrv_pid, el->fsrv.fsrv_kill_signal);
       /* Make sure the forkserver does not end up as zombie. */
       waitpid(el->fsrv.fsrv_pid, NULL, 0);
     }
diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c
index c9eeeca1..573a6b42 100644
--- a/src/afl-fuzz.c
+++ b/src/afl-fuzz.c
@@ -1359,7 +1359,9 @@ int main(int argc, char **argv_orig, char **envp) {
   #endif
 
   afl->fsrv.child_kill_signal =
-      parse_afl_kill_signal_env(afl->afl_env.afl_kill_signal, SIGKILL);
+      parse_afl_kill_signal(afl->afl_env.afl_child_kill_signal, SIGKILL);
+  afl->fsrv.fsrv_kill_signal =
+      parse_afl_kill_signal(afl->afl_env.afl_fsrv_kill_signal, SIGTERM);
 
   setup_signal_handlers();
   check_asan_opts(afl);
diff --git a/src/afl-showmap.c b/src/afl-showmap.c
index 730a4ff1..80a9e766 100644
--- a/src/afl-showmap.c
+++ b/src/afl-showmap.c
@@ -866,6 +866,8 @@ static void usage(u8 *argv0) {
       "startup (in milliseconds)\n"
       "AFL_KILL_SIGNAL: Signal ID delivered to child processes on timeout, "
       "etc. (default: SIGKILL)\n"
+      "AFL_FORK_SERVER_KILL_SIGNAL: Signal delivered to fork server processes on termination"
+      "                             (default: SIGTERM)\n"
       "AFL_MAP_SIZE: the shared memory size for that target. must be >= the "
       "size the target was compiled for\n"
       "AFL_PRELOAD: LD_PRELOAD / DYLD_INSERT_LIBRARIES settings for target\n"
@@ -1259,7 +1261,9 @@ int main(int argc, char **argv_orig, char **envp) {
     be_quiet = save_be_quiet;
 
     fsrv->child_kill_signal =
-        parse_afl_kill_signal_env(getenv("AFL_KILL_SIGNAL"), SIGKILL);
+        parse_afl_kill_signal(getenv("AFL_KILL_SIGNAL"), SIGKILL);
+    fsrv->fsrv_kill_signal =
+        parse_afl_kill_signal(getenv("AFL_FORK_SERVER_KILL_SIGNAL"), SIGTERM);
 
     if (new_map_size) {
 
diff --git a/src/afl-tmin.c b/src/afl-tmin.c
index e2145c32..d4660eb1 100644
--- a/src/afl-tmin.c
+++ b/src/afl-tmin.c
@@ -881,6 +881,8 @@ static void usage(u8 *argv0) {
       "AFL_CRASH_EXITCODE: optional child exit code to be interpreted as crash\n"
       "AFL_FORKSRV_INIT_TMOUT: time spent waiting for forkserver during startup (in milliseconds)\n"
       "AFL_KILL_SIGNAL: Signal ID delivered to child processes on timeout, etc. (default: SIGKILL)\n"
+      "AFL_FORK_SERVER_KILL_SIGNAL: Signal delivered to fork server processes on termination\n"
+      "                             (default: SIGTERM)\n"
       "AFL_MAP_SIZE: the shared memory size for that target. must be >= the size\n"
       "              the target was compiled for\n"
       "AFL_PRELOAD:  LD_PRELOAD / DYLD_INSERT_LIBRARIES settings for target\n"
@@ -1196,7 +1198,10 @@ int main(int argc, char **argv_orig, char **envp) {
   }
 
   fsrv->child_kill_signal =
-      parse_afl_kill_signal_env(getenv("AFL_KILL_SIGNAL"), SIGKILL);
+      parse_afl_kill_signal(getenv("AFL_KILL_SIGNAL"), SIGKILL);
+  fsrv->fsrv_kill_signal =
+      parse_afl_kill_signal(getenv("AFL_FORK_SERVER_KILL_SIGNAL"), SIGTERM);
+
 
   if (getenv("AFL_CRASH_EXITCODE")) {
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-05-14 21:50:51 +0000