diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/afl-fuzz-globals.c | 1 | ||||
| -rw-r--r-- | src/afl-fuzz-one.c | 7 | ||||
| -rw-r--r-- | src/afl-fuzz.c | 71 | ||||
| -rw-r--r-- | src/third_party/libradamsa/Makefile | 7 |
4 files changed, 75 insertions, 11 deletions
diff --git a/src/afl-fuzz-globals.c b/src/afl-fuzz-globals.c index 236c4dd3..da134807 100644 --- a/src/afl-fuzz-globals.c +++ b/src/afl-fuzz-globals.c @@ -96,6 +96,7 @@ u8 schedule = EXPLORE; /* Power schedule (default: EXPLORE)*/ u8 havoc_max_mult = HAVOC_MAX_MULT; u8 use_radamsa; +size_t (*radamsa_mutate_ptr)(u8*, size_t, u8*, size_t, u32); u8 skip_deterministic, /* Skip deterministic stages? */ force_deterministic, /* Force deterministic stages? */ diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index d10c1922..c02dbeb7 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -24,9 +24,6 @@ */ #include "afl-fuzz.h" -#include "radamsa.h" - -#define RADAMSA_CHANCE 24 /* MOpt */ @@ -2285,7 +2282,7 @@ retry_splicing: radamsa_stage: - if (!use_radamsa) + if (!use_radamsa || !radamsa_mutate_ptr) goto abandon_entry; stage_name = "radamsa"; @@ -2305,7 +2302,7 @@ radamsa_stage: u8 *tmp_buf; for (stage_cur = 0; stage_cur < stage_max; ++stage_cur) { - u32 new_len = radamsa_mutate(save_buf, len, new_buf, max_len, get_rand_seed()); + u32 new_len = radamsa_mutate_ptr(save_buf, len, new_buf, max_len, get_rand_seed()); if (new_len) { diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 14462fb7..a9a576fe 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -24,7 +24,58 @@ */ #include "afl-fuzz.h" -#include "radamsa.h" + +static u8* get_libradamsa_path(u8* own_loc) { + + u8 *tmp, *cp, *rsl, *own_copy; + + tmp = getenv("AFL_PATH"); + + if (tmp) { + + cp = alloc_printf("%s/libradamsa.so", tmp); + + if (access(cp, X_OK)) FATAL("Unable to find '%s'", cp); + + return cp; + + } + + own_copy = ck_strdup(own_loc); + rsl = strrchr(own_copy, '/'); + + if (rsl) { + + *rsl = 0; + + cp = alloc_printf("%s/libradamsa.so", own_copy); + ck_free(own_copy); + + if (!access(cp, X_OK)) + return cp; + + } else + + ck_free(own_copy); + + if (!access(BIN_PATH "/libradamsa.so", X_OK)) { + + return ck_strdup(BIN_PATH "/libradamsa.so"); + + } + + SAYF("\n" cLRD "[-] " cRST + "Oops, unable to find the 'libradamsa.so' binary. The binary must be " + "built\n" + " separately using 'make radamsa'." + "If you\n" + " already have the binary installed, you may need to specify " + "AFL_PATH in the\n" + " environment.\n"); + + FATAL("Failed to locate 'libradamsa.so'."); + +} /* Display usage hints. */ @@ -545,9 +596,21 @@ int main(int argc, char** argv) { if (use_radamsa) { OKF("Using Radamsa add-on"); - /* randamsa_init installs some signal hadlers, call it firstly so that - AFL++ can then replace those signal handlers */ - radamsa_init(); + + u8* libradamsa_path = get_libradamsa_path(argv[0]); + void* handle = dlopen(libradamsa_path, RTLD_NOW); + ck_free(libradamsa_path); + + if (!handle) FATAL("Failed to dlopen() libradamsa"); + + void (*radamsa_init_ptr)(void) = dlsym(handle, "radamsa_init"); + radamsa_mutate_ptr = dlsym(handle, "radamsa_mutate"); + + if (!radamsa_init_ptr || !radamsa_mutate_ptr) FATAL("Failed to dlsym() libradamsa"); + + /* randamsa_init installs some signal hadlers, call it before setup_signal_handlers + so that AFL++ can then replace those signal handlers */ + radamsa_init_ptr(); } diff --git a/src/third_party/libradamsa/Makefile b/src/third_party/libradamsa/Makefile index 9b89817b..d366a3b0 100644 --- a/src/third_party/libradamsa/Makefile +++ b/src/third_party/libradamsa/Makefile @@ -1,6 +1,9 @@ CUR_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) -all: libradamsa.a +all: libradamsa.so + +libradamsa.so: libradamsa.a + $(CC) -shared libradamsa.a -o libradamsa.so libradamsa.a: libradamsa.c radamsa.h @echo " ***************************************************************" @@ -14,4 +17,4 @@ test: libradamsa.a libradamsa-test.c rm /tmp/libradamsa-*.fuzz clean: - rm -f libradamsa.a libradamsa-test + rm -f libradamsa.a libradamsa.so libradamsa-test |