diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/afl-common.c | 2 | ||||
| -rw-r--r-- | src/afl-forkserver.c | 18 | ||||
| -rw-r--r-- | src/afl-fuzz-init.c | 53 | ||||
| -rw-r--r-- | src/afl-fuzz-state.c | 6 | ||||
| -rw-r--r-- | src/afl-fuzz.c | 3 |
5 files changed, 17 insertions, 65 deletions
diff --git a/src/afl-common.c b/src/afl-common.c index 74fd6b27..808c9812 100644 --- a/src/afl-common.c +++ b/src/afl-common.c @@ -76,7 +76,7 @@ char *afl_environment_variables[] = { "AFL_NO_X86", // not really an env but we dont want to warn on it "AFL_MAP_SIZE", "AFL_MAPSIZE", "AFL_PATH", "AFL_PERFORMANCE_FILE", //"AFL_PERSISTENT", // not implemented anymore, so warn additionally - "AFL_POST_LIBRARY", "AFL_PRELOAD", "AFL_PYTHON_MODULE", "AFL_QEMU_COMPCOV", + "AFL_PRELOAD", "AFL_PYTHON_MODULE", "AFL_QEMU_COMPCOV", "AFL_QEMU_COMPCOV_DEBUG", "AFL_QEMU_DEBUG_MAPS", "AFL_QEMU_DISABLE_CACHE", "AFL_QEMU_PERSISTENT_ADDR", "AFL_QEMU_PERSISTENT_CNT", "AFL_QEMU_PERSISTENT_GPR", "AFL_QEMU_PERSISTENT_HOOK", diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index c1623f22..1c0ba349 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -676,12 +676,12 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, } else if (!fsrv->mem_limit) { SAYF("\n" cLRD "[-] " cRST - "Hmm, looks like the target binary terminated " - "before we could complete a\n" - " handshake with the injected code. Perhaps there is a horrible " - "bug in the\n" - " fuzzer. Poke <afl-users@googlegroups.com> for troubleshooting " - "tips.\n"); + "Hmm, looks like the target binary terminated before we could" + "complete a handshake with the injected code.\n" + "If the target was compiled with afl-clang-lto then recompiling with" + "AFL_LLVM_MAP_DYNAMIC might solve your problem.\n" + "Otherwise there is a horrible bug in the fuzzer.\n" + "Poke <afl-users@googlegroups.com> for troubleshooting tips.\n"); } else { @@ -708,6 +708,12 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, " estimate the required amount of virtual memory for the " "binary.\n\n" + " - the target was compiled with afl-clang-lto and a constructor " + "was\n" + " instrumented, recompiling with AFL_LLVM_MAP_DYNAMIC might solve " + "your\n" + " problem\n\n" + " - Less likely, there is a horrible bug in the fuzzer. If other " "options\n" " fail, poke <afl-users@googlegroups.com> for troubleshooting " diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index 9b7ead29..0a7941f2 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -280,59 +280,6 @@ cpuset_destroy(c); #endif /* HAVE_AFFINITY */ -/* Load postprocessor, if available. */ - -void setup_post(afl_state_t *afl) { - - void *dh; - u8 * fn = afl->afl_env.afl_post_library; - u8 tbuf[6]; - u32 tlen = 6; - strncpy(tbuf, "hello", tlen); - - if (!fn) { return; } - - ACTF("Loading postprocessor from '%s'...", fn); - - dh = dlopen(fn, RTLD_NOW); - if (!dh) { FATAL("%s", dlerror()); } - - struct custom_mutator *mutator; - mutator = ck_alloc(sizeof(struct custom_mutator)); - memset(mutator, 0, sizeof(struct custom_mutator)); - - mutator->afl_custom_post_process = dlsym(dh, "afl_postprocess"); - if (!mutator->afl_custom_post_process) { - - FATAL("Symbol 'afl_postprocess' not found."); - - } - - mutator->afl_custom_init = dlsym(dh, "afl_postprocess_init"); - if (!mutator->afl_custom_init) { - - FATAL("Symbol 'afl_postprocess_init' not found."); - - } - - mutator->afl_custom_deinit = dlsym(dh, "afl_postprocess_deinit"); - if (!mutator->afl_custom_post_process) { - - FATAL("Symbol 'afl_postprocess_deinit' not found."); - - } - - /* Do a quick test. It's better to segfault now than later =) */ - - mutator->data = mutator->afl_custom_init(afl, rand_below(afl, 0xFFFFFFFF)); - if (!mutator->data) { FATAL("Could not initialize post handler."); } - - afl->post_library_mutator = mutator; - - OKF("Postprocessor installed successfully."); - -} - /* Shuffle an array of pointers. Might be slightly biased. */ static void shuffle_ptrs(afl_state_t *afl, void **ptrs, u32 cnt) { diff --git a/src/afl-fuzz-state.c b/src/afl-fuzz-state.c index 316f9bd9..99863103 100644 --- a/src/afl-fuzz-state.c +++ b/src/afl-fuzz-state.c @@ -313,8 +313,10 @@ void read_afl_environment(afl_state_t *afl, char **envp) { afl_environment_variable_len)) { - afl->afl_env.afl_post_library = - (u8 *)get_afl_env(afl_environment_variables[i]); + FATAL( + "AFL_POST_LIBRARY is deprecated, use " + "AFL_CUSTOM_MUTATOR_LIBRARY instead, see " + "docs/custom_mutators.md"); } else if (!strncmp(env, "AFL_CUSTOM_MUTATOR_LIBRARY", diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 979ebfa3..8625c37c 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -187,7 +187,6 @@ static void usage(afl_state_t *afl, u8 *argv0, int more_help) { "AFL_NO_SNAPSHOT: do not use the snapshot feature (if the snapshot lkm is loaded)\n" "AFL_NO_UI: switch status screen off\n" "AFL_PATH: path to AFL support binaries\n" - "AFL_POST_LIBRARY: postprocess generated test cases before use as target input\n" "AFL_PYTHON_MODULE: mutate and trim inputs with the specified Python module\n" "AFL_QUIET: suppress forkserver status messages\n" "AFL_PRELOAD: LD_PRELOAD / DYLD_INSERT_LIBRARIES settings for target\n" @@ -1060,8 +1059,6 @@ int main(int argc, char **argv_orig, char **envp) { afl->fsrv.trace_bits = afl_shm_init(&afl->shm, afl->fsrv.map_size, afl->dumb_mode); - setup_post(afl); - if (!afl->in_bitmap) { memset(afl->virgin_bits, 255, afl->fsrv.map_size); } memset(afl->virgin_tmout, 255, afl->fsrv.map_size); memset(afl->virgin_crash, 255, afl->fsrv.map_size); |