From 401811a97d39362cd52f38c0fd935b1ef6c043e7 Mon Sep 17 00:00:00 2001 From: David CARLIER Date: Fri, 23 Dec 2022 12:06:40 +0000 Subject: afl-untracer freebsd 13.1 and above update. with the new kern.elf*.allow_wx setting, we try to make sure we still can make the maps w/x, fixing few build warnings while at it. --- utils/afl_untracer/afl-untracer.c | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/utils/afl_untracer/afl-untracer.c b/utils/afl_untracer/afl-untracer.c index ed7047a4..6bee067c 100644 --- a/utils/afl_untracer/afl-untracer.c +++ b/utils/afl_untracer/afl-untracer.c @@ -156,7 +156,7 @@ void read_library_information(void) { *e = 0; if (n[strlen(n) - 1] == '\n') n[strlen(n) - 1] = 0; - liblist[liblist_cnt].name = strdup(n); + liblist[liblist_cnt].name = (u8 *)strdup((char *)n); liblist[liblist_cnt].addr_start = strtoull(b, NULL, 16); liblist[liblist_cnt].addr_end = strtoull(m, NULL, 16); if (debug) @@ -210,16 +210,16 @@ void read_library_information(void) { !(region->kve_protection & KVME_PROT_EXEC)) { liblist[liblist_cnt].name = - region->kve_path[0] != '\0' ? strdup(region->kve_path) : 0; + region->kve_path[0] != '\0' ? (u8 *)strdup(region->kve_path) : 0; liblist[liblist_cnt].addr_start = region->kve_start; liblist[liblist_cnt].addr_end = region->kve_end; if (debug) { - fprintf(stderr, "%s:%x (%lx-%lx)\n", liblist[liblist_cnt].name, - liblist[liblist_cnt].addr_end - liblist[liblist_cnt].addr_start, - liblist[liblist_cnt].addr_start, - liblist[liblist_cnt].addr_end - 1); + fprintf(stderr, "%s:%lx (%lx-%lx)\n", liblist[liblist_cnt].name, + (unsigned long)(liblist[liblist_cnt].addr_end - liblist[liblist_cnt].addr_start), + (unsigned long)liblist[liblist_cnt].addr_start, + (unsigned long)(liblist[liblist_cnt].addr_end - 1)); } @@ -488,6 +488,12 @@ void setup_trap_instrumentation(void) { uint32_t bitmap_index = 0; #endif +#if defined(__FreeBSD__) && __FreeBSD_version >= 1301000 + // We try to allow W/X pages despite kern.elf32/64.allow_wx system settings + int allow_wx = PROC_WX_MAPPINGS_PERMIT; + (void)procctl(P_PID, 0, PROC_WXMAP_CTL, &allow_wx); +#endif + while ((nread = getline(&line, &len, patches)) != -1) { char *end = line + len; @@ -699,7 +705,7 @@ int main(int argc, char *argv[]) { if (argc > 1) { use_stdin = 0; - inputfile = argv[1]; + inputfile = (u8 *)argv[1]; } @@ -732,7 +738,7 @@ int main(int argc, char *argv[]) { if (pid) { u32 status; - if (waitpid(pid, &status, 0) < 0) exit(1); + if (waitpid(pid, (int *)&status, 0) < 0) exit(1); /* report the test case is done and wait for the next */ __afl_end_testcase(status); -- cgit 1.4.1 From 342081d5ee367f473df3fc34c55edb5df7e42d0f Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 23 Dec 2022 16:32:53 +0100 Subject: make CI green --- GNUmakefile | 6 ++++-- docs/Changelog.md | 4 ++++ 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/GNUmakefile b/GNUmakefile index 6b55635f..43f96ffe 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -628,9 +628,9 @@ distrib: all -$(MAKE) -j$(nproc) -f GNUmakefile.llvm ifneq "$(SYS)" "Darwin" -$(MAKE) -f GNUmakefile.gcc_plugin -endif -$(MAKE) -C utils/libdislocator -$(MAKE) -C utils/libtokencap +endif -$(MAKE) -C utils/afl_network_proxy -$(MAKE) -C utils/socket_fuzzing -$(MAKE) -C utils/argv_fuzzing @@ -659,8 +659,10 @@ endif .PHONY: binary-only binary-only: test_shm test_python ready $(PROGS) +ifneq "$(SYS)" "Darwin" -$(MAKE) -C utils/libdislocator -$(MAKE) -C utils/libtokencap +#endif -$(MAKE) -C utils/afl_network_proxy -$(MAKE) -C utils/socket_fuzzing -$(MAKE) -C utils/argv_fuzzing @@ -717,9 +719,9 @@ source-only: all -$(MAKE) -j$(nproc) -f GNUmakefile.llvm ifneq "$(SYS)" "Darwin" -$(MAKE) -f GNUmakefile.gcc_plugin -endif -$(MAKE) -C utils/libdislocator -$(MAKE) -C utils/libtokencap +endif # -$(MAKE) -C utils/plot_ui ifeq "$(SYS)" "Linux" ifndef NO_NYX diff --git a/docs/Changelog.md b/docs/Changelog.md index 4df47645..6bfb314d 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -4,6 +4,10 @@ release of the tool. See README.md for the general instruction manual. ### Version ++4.05a (dev) + - MacOS: libdislocator, libtokencap etc. do not work with modern + MacOS anymore, but could be patched to work, see this issue if you + want to make the effort and send a PR: + https://github.com/AFLplusplus/AFLplusplus/issues/1594 - afl-fuzz: - added afl_custom_fuzz_send custom mutator feature. Now your can send fuzz data to the target as you need, e.g. via IPC. -- cgit 1.4.1 From 6fe38b2138ed993f3af28fc5ab92fda8f7542ef7 Mon Sep 17 00:00:00 2001 From: Maciej Domanski Date: Tue, 27 Dec 2022 15:39:47 +0100 Subject: argv fuzz persistent --- utils/argv_fuzzing/argv-fuzz-inl.h | 43 ++++++++++++++++++++++++++ utils/argv_fuzzing/argv_fuzz_demo.c | 16 ++++++++++ utils/argv_fuzzing/argv_fuzz_persistent_demo.c | 28 +++++++++++++++++ 3 files changed, 87 insertions(+) create mode 100644 utils/argv_fuzzing/argv_fuzz_demo.c create mode 100644 utils/argv_fuzzing/argv_fuzz_persistent_demo.c diff --git a/utils/argv_fuzzing/argv-fuzz-inl.h b/utils/argv_fuzzing/argv-fuzz-inl.h index ec22c53b..d3440799 100644 --- a/utils/argv_fuzzing/argv-fuzz-inl.h +++ b/utils/argv_fuzzing/argv-fuzz-inl.h @@ -29,6 +29,10 @@ If you would like to always preserve argv[0], use this instead: AFL_INIT_SET0("prog_name"); + To enable persistent fuzzing, use the AFL_INIT_ARGV_PERSISTENT macro with + buf as argument, or use AFL_INIT_SET0_PERSISTENT("prog_name", buf) + to preserver argv[0]. buf should be defined as: + unsigned char *buf = __AFL_FUZZ_TESTCASE_BUF; */ #ifndef _HAVE_ARGV_FUZZ_INL @@ -53,6 +57,20 @@ \ } while (0) +#define AFL_INIT_ARGV_PERSISTENT(persistent_buff) \ + do { \ + argv = afl_init_argv_persistent(&argc, persistent_buff); \ + } while (0) + +#define AFL_INIT_SET0_PERSISTENT(_p, persistent_buff) \ + do { \ + \ + argv = afl_init_argv_persistent(&argc, persistent_buff); \ + argv[0] = (_p); \ + if (!argc) argc = 1; \ + \ + } while (0) + #define MAX_CMDLINE_LEN 100000 #define MAX_CMDLINE_PAR 50000 @@ -87,6 +105,31 @@ static char **afl_init_argv(int *argc) { } +static char **afl_init_argv_persistent(int *argc, unsigned char *persistent_buff) { + + static char *ret[MAX_CMDLINE_PAR]; + + unsigned char *ptr = persistent_buff; + int rc = 0; + + while (*ptr && rc < MAX_CMDLINE_PAR) { + + ret[rc] = (char *)ptr; + if (ret[rc][0] == 0x02 && !ret[rc][1]) ret[rc]++; + rc++; + + while (*ptr) + ptr++; + ptr++; + + } + + *argc = rc; + + return ret; + +} + #undef MAX_CMDLINE_LEN #undef MAX_CMDLINE_PAR diff --git a/utils/argv_fuzzing/argv_fuzz_demo.c b/utils/argv_fuzzing/argv_fuzz_demo.c new file mode 100644 index 00000000..f4375316 --- /dev/null +++ b/utils/argv_fuzzing/argv_fuzz_demo.c @@ -0,0 +1,16 @@ +#include +#include +#include "argv-fuzz-inl.h" + +int main(int argc, char **argv) { +AFL_INIT_ARGV(); + if (argc > 1 && strcmp(argv[1], "XYZ") == 0) { + if (strcmp(argv[2], "TEST2") == 0) { + abort(); + } + } else { + printf("Bad number of arguments!\n"); + } + + return 0; +} \ No newline at end of file diff --git a/utils/argv_fuzzing/argv_fuzz_persistent_demo.c b/utils/argv_fuzzing/argv_fuzz_persistent_demo.c new file mode 100644 index 00000000..5ecda22b --- /dev/null +++ b/utils/argv_fuzzing/argv_fuzz_persistent_demo.c @@ -0,0 +1,28 @@ +#include +#include +#include "argv-fuzz-inl.h" + +__AFL_FUZZ_INIT(); + +int main(int argc, char **argv) { +#ifdef __AFL_HAVE_MANUAL_CONTROL + __AFL_INIT(); +#endif + unsigned char *buf = __AFL_FUZZ_TESTCASE_BUF; + + while (__AFL_LOOP(100000)) { + int len = __AFL_FUZZ_TESTCASE_LEN; + + if (len < 8) continue; + + AFL_INIT_ARGV_P(buf); + + if (argc > 1 && strcmp(argv[1], "XYZ") == 0) { + if (strcmp(argv[2], "TEST2") == 0) { abort(); } + } else { + printf("Bad number of arguments!\n"); + } + } + + return 0; +} \ No newline at end of file -- cgit 1.4.1 From a0eee2bd92cb819758e54bbac9b8d8ec7daa0764 Mon Sep 17 00:00:00 2001 From: Maciej Domanski Date: Tue, 27 Dec 2022 15:44:49 +0100 Subject: makefile update --- utils/argv_fuzzing/Makefile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/utils/argv_fuzzing/Makefile b/utils/argv_fuzzing/Makefile index 183f6bf8..dfdd0f8e 100644 --- a/utils/argv_fuzzing/Makefile +++ b/utils/argv_fuzzing/Makefile @@ -56,3 +56,7 @@ install: argvfuzz32.so argvfuzz64.so clean: rm -f argvfuzz32.so argvfuzz64.so + +demo: + ../../afl-clang-fast -o argv_fuzz_demo argv_fuzz.c + ../../afl-clang-fast -o argv_fuzz_persistent_demo argv_fuzz_persistent_demo.c \ No newline at end of file -- cgit 1.4.1 From 0062a14aa32ffbf38c10a15b3cae97a63a6b3272 Mon Sep 17 00:00:00 2001 From: Maciej Domanski Date: Tue, 27 Dec 2022 15:48:06 +0100 Subject: makefile update --- utils/argv_fuzzing/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils/argv_fuzzing/Makefile b/utils/argv_fuzzing/Makefile index dfdd0f8e..bf4ae81d 100644 --- a/utils/argv_fuzzing/Makefile +++ b/utils/argv_fuzzing/Makefile @@ -58,5 +58,5 @@ clean: rm -f argvfuzz32.so argvfuzz64.so demo: - ../../afl-clang-fast -o argv_fuzz_demo argv_fuzz.c + ../../afl-clang-fast -o argv_fuzz_demo argv_fuzz_demo.c ../../afl-clang-fast -o argv_fuzz_persistent_demo argv_fuzz_persistent_demo.c \ No newline at end of file -- cgit 1.4.1 From 67ae1d583902a7e0a8a39c2b17321ffde045cd6d Mon Sep 17 00:00:00 2001 From: Maciej Domanski Date: Tue, 27 Dec 2022 15:49:22 +0100 Subject: makefile update --- utils/argv_fuzzing/argv_fuzz_persistent_demo.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils/argv_fuzzing/argv_fuzz_persistent_demo.c b/utils/argv_fuzzing/argv_fuzz_persistent_demo.c index 5ecda22b..1e96ade1 100644 --- a/utils/argv_fuzzing/argv_fuzz_persistent_demo.c +++ b/utils/argv_fuzzing/argv_fuzz_persistent_demo.c @@ -15,7 +15,7 @@ int main(int argc, char **argv) { if (len < 8) continue; - AFL_INIT_ARGV_P(buf); + AFL_INIT_ARGV_PERSISTENT(buf); if (argc > 1 && strcmp(argv[1], "XYZ") == 0) { if (strcmp(argv[2], "TEST2") == 0) { abort(); } -- cgit 1.4.1 From 6e5c08b653d7d55c5d544601d9fb19fcc16edfd6 Mon Sep 17 00:00:00 2001 From: Maciej Domanski Date: Tue, 27 Dec 2022 15:50:53 +0100 Subject: makefile update --- utils/argv_fuzzing/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils/argv_fuzzing/Makefile b/utils/argv_fuzzing/Makefile index bf4ae81d..140a53de 100644 --- a/utils/argv_fuzzing/Makefile +++ b/utils/argv_fuzzing/Makefile @@ -55,7 +55,7 @@ install: argvfuzz32.so argvfuzz64.so if [ -f argvfuzz64.so ]; then set -e; install -m 755 argvfuzz64.so $(DESTDIR)$(HELPER_PATH)/; fi clean: - rm -f argvfuzz32.so argvfuzz64.so + rm -f argvfuzz32.so argvfuzz64.so argv_fuzz_demo argv_fuzz_persistent_demo demo: ../../afl-clang-fast -o argv_fuzz_demo argv_fuzz_demo.c -- cgit 1.4.1 From 3a134edd889ed1bf4f8d11e8e37ebba31460fb3e Mon Sep 17 00:00:00 2001 From: Maciej Domanski Date: Tue, 27 Dec 2022 15:51:50 +0100 Subject: makefile update --- utils/argv_fuzzing/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils/argv_fuzzing/Makefile b/utils/argv_fuzzing/Makefile index 140a53de..3ebde54b 100644 --- a/utils/argv_fuzzing/Makefile +++ b/utils/argv_fuzzing/Makefile @@ -41,7 +41,7 @@ __M32FLAG=$(_M32FLAG:00=-mbe32) ___M32FLAG=$(__M32FLAG:$(CC_IS_GCC)$(CC_IS_ARMCOMPILER)=-m32) M32FLAG=$(___M32FLAG) -all: argvfuzz32.so argvfuzz64.so +all: argvfuzz32.so argvfuzz64.so demo argvfuzz32.so: argvfuzz.c -@$(CC) $(M32FLAG) $(CFLAGS) $^ $(LDFLAGS) -o $@ 2>/dev/null || echo "argvfuzz32 build failure (that's fine)" -- cgit 1.4.1 From 3d031f93a6366ee157cfd9a27fbb6d485d328d8e Mon Sep 17 00:00:00 2001 From: Maciej Domanski Date: Tue, 27 Dec 2022 16:15:52 +0100 Subject: update --- utils/argv_fuzzing/argv_fuzz_demo.c | 9 ++++++++- utils/argv_fuzzing/argv_fuzz_persistent_demo.c | 23 ++++++++++++++++++++++- 2 files changed, 30 insertions(+), 2 deletions(-) diff --git a/utils/argv_fuzzing/argv_fuzz_demo.c b/utils/argv_fuzzing/argv_fuzz_demo.c index f4375316..5fe4d704 100644 --- a/utils/argv_fuzzing/argv_fuzz_demo.c +++ b/utils/argv_fuzzing/argv_fuzz_demo.c @@ -3,7 +3,14 @@ #include "argv-fuzz-inl.h" int main(int argc, char **argv) { -AFL_INIT_ARGV(); + // Initialize the argv array for use with the AFL (American Fuzzy Lop) tool + AFL_INIT_ARGV(); + + /* Check the number of command line arguments and + compare the values of the first two arguments to specific strings. + If the number of arguments is not correct or the values do not match, + an error message is printed. If the values do match, the program + calls the abort() function. */ if (argc > 1 && strcmp(argv[1], "XYZ") == 0) { if (strcmp(argv[2], "TEST2") == 0) { abort(); diff --git a/utils/argv_fuzzing/argv_fuzz_persistent_demo.c b/utils/argv_fuzzing/argv_fuzz_persistent_demo.c index 1e96ade1..a96cf1fe 100644 --- a/utils/argv_fuzzing/argv_fuzz_persistent_demo.c +++ b/utils/argv_fuzzing/argv_fuzz_persistent_demo.c @@ -1,28 +1,49 @@ +/* +This file contains a simple fuzzer for testing command line argument parsing +using persistent mode. +*/ + #include #include #include "argv-fuzz-inl.h" __AFL_FUZZ_INIT(); +/* The main function is an entry point for a program. + The argc parameter is an integer that indicates the number of arguments + passed to the program. The argv parameter is an array of character pointers, + with each element pointing to a null-terminated string that represents + one of the arguments. + */ int main(int argc, char **argv) { #ifdef __AFL_HAVE_MANUAL_CONTROL __AFL_INIT(); #endif unsigned char *buf = __AFL_FUZZ_TESTCASE_BUF; + /* __AFL_LOOP() limits the maximum number of iterations before exiting + the loop and allowing the program to terminate. It protects against + accidental memory leaks and similar issues. */ while (__AFL_LOOP(100000)) { int len = __AFL_FUZZ_TESTCASE_LEN; + // Check that the length of the test case is at least 8 bytes if (len < 8) continue; + // Initialize the command line arguments using the testcase buffer AFL_INIT_ARGV_PERSISTENT(buf); + /* Check if the first argument is "XYZ" and the second argument is "TEST2" + If so, call the "abort" function to terminate the program. + Otherwise, print an error message. */ if (argc > 1 && strcmp(argv[1], "XYZ") == 0) { if (strcmp(argv[2], "TEST2") == 0) { abort(); } } else { printf("Bad number of arguments!\n"); } } - + /* Exiting the loop allows the program to terminate normally. AFL will restart + the process with a clean slate for allocated memory, file descriptors, etc. + */ return 0; } \ No newline at end of file -- cgit 1.4.1 From b189640a927e9ed17347b26f6579b0e41dcdda38 Mon Sep 17 00:00:00 2001 From: Maciej Domanski Date: Tue, 27 Dec 2022 16:54:36 +0100 Subject: cleanup --- .custom-format.py | 15 +++++++------ utils/argv_fuzzing/README.md | 4 ++-- utils/argv_fuzzing/argv-fuzz-inl.h | 31 ++++++++++++++------------ utils/argv_fuzzing/argv_fuzz_demo.c | 13 +++++++---- utils/argv_fuzzing/argv_fuzz_persistent_demo.c | 11 ++++++++- 5 files changed, 46 insertions(+), 28 deletions(-) diff --git a/.custom-format.py b/.custom-format.py index 428d7b0d..00f6280f 100755 --- a/.custom-format.py +++ b/.custom-format.py @@ -26,15 +26,16 @@ import shutil with open(".clang-format") as f: fmt = f.read() -CURRENT_LLVM = os.getenv('LLVM_VERSION', 14) -CLANG_FORMAT_BIN = os.getenv("CLANG_FORMAT_BIN", "") +#CURRENT_LLVM = os.getenv('LLVM_VERSION', 14) +#CLANG_FORMAT_BIN = os.getenv("CLANG_FORMAT_BIN", "") -if shutil.which(CLANG_FORMAT_BIN) is None: - CLANG_FORMAT_BIN = f"clang-format-{CURRENT_LLVM}" +#if shutil.which(CLANG_FORMAT_BIN) is None: +# CLANG_FORMAT_BIN = f"clang-format-{CURRENT_LLVM}" -if shutil.which(CLANG_FORMAT_BIN) is None: - print(f"[!] clang-format-{CURRENT_LLVM} is needed. Aborted.") - exit(1) +#if shutil.which(CLANG_FORMAT_BIN) is None: +# print(f"[!] clang-format-{CURRENT_LLVM} is needed. Aborted.") +# exit(1) +CLANG_FORMAT_BIN = "clang-format" COLUMN_LIMIT = 80 for line in fmt.split("\n"): diff --git a/utils/argv_fuzzing/README.md b/utils/argv_fuzzing/README.md index e9224995..bcf388c7 100644 --- a/utils/argv_fuzzing/README.md +++ b/utils/argv_fuzzing/README.md @@ -1,4 +1,4 @@ -# argvfuzz +#argvfuzz AFL++ supports fuzzing file inputs or stdin. When source is available, `argv-fuzz-inl.h` can be used to change `main()` to build argv from stdin. @@ -13,4 +13,4 @@ A few conditions need to be fulfilled for this mechanism to work correctly: 2. If the target binary does not use the default libc's `_start` implementation (crt1.o), the hook may not run. 3. The hook will replace argv with pointers to `.data` of `argvfuzz.so`. If the - target binary expects argv to be living on the stack, things may go wrong. \ No newline at end of file + target binary expects argv to be living on the stack, things may go wrong. diff --git a/utils/argv_fuzzing/argv-fuzz-inl.h b/utils/argv_fuzzing/argv-fuzz-inl.h index d3440799..bb8f2813 100644 --- a/utils/argv_fuzzing/argv-fuzz-inl.h +++ b/utils/argv_fuzzing/argv-fuzz-inl.h @@ -57,18 +57,20 @@ \ } while (0) -#define AFL_INIT_ARGV_PERSISTENT(persistent_buff) \ - do { \ - argv = afl_init_argv_persistent(&argc, persistent_buff); \ - } while (0) - -#define AFL_INIT_SET0_PERSISTENT(_p, persistent_buff) \ - do { \ - \ - argv = afl_init_argv_persistent(&argc, persistent_buff); \ - argv[0] = (_p); \ - if (!argc) argc = 1; \ - \ +#define AFL_INIT_ARGV_PERSISTENT(persistent_buff) \ + do { \ + \ + argv = afl_init_argv_persistent(&argc, persistent_buff); \ + \ + } while (0) + +#define AFL_INIT_SET0_PERSISTENT(_p, persistent_buff) \ + do { \ + \ + argv = afl_init_argv_persistent(&argc, persistent_buff); \ + argv[0] = (_p); \ + if (!argc) argc = 1; \ + \ } while (0) #define MAX_CMDLINE_LEN 100000 @@ -105,12 +107,13 @@ static char **afl_init_argv(int *argc) { } -static char **afl_init_argv_persistent(int *argc, unsigned char *persistent_buff) { +static char **afl_init_argv_persistent(int *argc, + unsigned char *persistent_buff) { static char *ret[MAX_CMDLINE_PAR]; unsigned char *ptr = persistent_buff; - int rc = 0; + int rc = 0; while (*ptr && rc < MAX_CMDLINE_PAR) { diff --git a/utils/argv_fuzzing/argv_fuzz_demo.c b/utils/argv_fuzzing/argv_fuzz_demo.c index 5fe4d704..6ab1e2e5 100644 --- a/utils/argv_fuzzing/argv_fuzz_demo.c +++ b/utils/argv_fuzzing/argv_fuzz_demo.c @@ -3,6 +3,7 @@ #include "argv-fuzz-inl.h" int main(int argc, char **argv) { + // Initialize the argv array for use with the AFL (American Fuzzy Lop) tool AFL_INIT_ARGV(); @@ -12,12 +13,16 @@ int main(int argc, char **argv) { an error message is printed. If the values do match, the program calls the abort() function. */ if (argc > 1 && strcmp(argv[1], "XYZ") == 0) { - if (strcmp(argv[2], "TEST2") == 0) { - abort(); - } + + if (strcmp(argv[2], "TEST2") == 0) { abort(); } + } else { + printf("Bad number of arguments!\n"); + } return 0; -} \ No newline at end of file + +} + diff --git a/utils/argv_fuzzing/argv_fuzz_persistent_demo.c b/utils/argv_fuzzing/argv_fuzz_persistent_demo.c index a96cf1fe..08a62c62 100644 --- a/utils/argv_fuzzing/argv_fuzz_persistent_demo.c +++ b/utils/argv_fuzzing/argv_fuzz_persistent_demo.c @@ -16,6 +16,7 @@ __AFL_FUZZ_INIT(); one of the arguments. */ int main(int argc, char **argv) { + #ifdef __AFL_HAVE_MANUAL_CONTROL __AFL_INIT(); #endif @@ -25,6 +26,7 @@ int main(int argc, char **argv) { the loop and allowing the program to terminate. It protects against accidental memory leaks and similar issues. */ while (__AFL_LOOP(100000)) { + int len = __AFL_FUZZ_TESTCASE_LEN; // Check that the length of the test case is at least 8 bytes @@ -37,13 +39,20 @@ int main(int argc, char **argv) { If so, call the "abort" function to terminate the program. Otherwise, print an error message. */ if (argc > 1 && strcmp(argv[1], "XYZ") == 0) { + if (strcmp(argv[2], "TEST2") == 0) { abort(); } + } else { + printf("Bad number of arguments!\n"); + } + } + /* Exiting the loop allows the program to terminate normally. AFL will restart the process with a clean slate for allocated memory, file descriptors, etc. */ return 0; -} \ No newline at end of file + +} -- cgit 1.4.1 From 3188cac1d074352e9110d83c7ad5c3d5684d90f8 Mon Sep 17 00:00:00 2001 From: Maciej Domanski Date: Tue, 27 Dec 2022 16:57:30 +0100 Subject: cleanup --- utils/argv_fuzzing/README.md | 2 +- utils/argv_fuzzing/argv-fuzz-inl.h | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/utils/argv_fuzzing/README.md b/utils/argv_fuzzing/README.md index bcf388c7..ca90f26c 100644 --- a/utils/argv_fuzzing/README.md +++ b/utils/argv_fuzzing/README.md @@ -1,4 +1,4 @@ -#argvfuzz +# argvfuzz feature AFL++ supports fuzzing file inputs or stdin. When source is available, `argv-fuzz-inl.h` can be used to change `main()` to build argv from stdin. diff --git a/utils/argv_fuzzing/argv-fuzz-inl.h b/utils/argv_fuzzing/argv-fuzz-inl.h index bb8f2813..abe86d3c 100644 --- a/utils/argv_fuzzing/argv-fuzz-inl.h +++ b/utils/argv_fuzzing/argv-fuzz-inl.h @@ -29,10 +29,10 @@ If you would like to always preserve argv[0], use this instead: AFL_INIT_SET0("prog_name"); - To enable persistent fuzzing, use the AFL_INIT_ARGV_PERSISTENT macro with - buf as argument, or use AFL_INIT_SET0_PERSISTENT("prog_name", buf) - to preserver argv[0]. buf should be defined as: - unsigned char *buf = __AFL_FUZZ_TESTCASE_BUF; + To enable persistent fuzzing, use the AFL_INIT_ARGV_PERSISTENT macro with + buf as argument, or use AFL_INIT_SET0_PERSISTENT("prog_name", buf) + to preserver argv[0]. buf should be defined as: + unsigned char *buf = __AFL_FUZZ_TESTCASE_BUF; */ #ifndef _HAVE_ARGV_FUZZ_INL -- cgit 1.4.1 From 51e0707d4d5b65cf4245b7350986c66bf639f3cd Mon Sep 17 00:00:00 2001 From: Maciej Domanski Date: Wed, 28 Dec 2022 09:27:22 +0100 Subject: readme update --- utils/argv_fuzzing/README.md | 30 ++++++++++++++++++++++++++---- 1 file changed, 26 insertions(+), 4 deletions(-) diff --git a/utils/argv_fuzzing/README.md b/utils/argv_fuzzing/README.md index ca90f26c..e22fbe4e 100644 --- a/utils/argv_fuzzing/README.md +++ b/utils/argv_fuzzing/README.md @@ -1,15 +1,37 @@ -# argvfuzz feature +# argv_fuzzing feature +AFL++ supports fuzzing file inputs or stdin. The argv_fuzzing feature allows for fuzzing of arguments passed to a program from the command line interface, rather than from standard input. -AFL++ supports fuzzing file inputs or stdin. When source is available, -`argv-fuzz-inl.h` can be used to change `main()` to build argv from stdin. +## With source code +When source is available, a macro from the `argv-fuzz-inl.h` header file can be used to change the program's behavior to build argv from STDIN. +### Without persistent mode +Conditions needed to use the argv_fuzzing feature: +1. Include `argv-fuzz-inl.h` header file (`#include "argv-fuzz-inl.h"`) +2. Identify your main function that parses arguments (for example, `int main(int argc, char **argv)`) +3. Use the one of the following macros (near the beginning of the main function) to initialize argv with the fuzzer's input: + - `AFL_INIT_ARGV();` or + - `AFL_INIT_SET0("prog_name");` to preserve `argv[0]` (the name of the program being executed) + +see: [argv_fuzz_demo.c](argv_fuzz_demo.c) + +### With persistent mode +Conditions needed to use the argv_fuzzing feature with persistent mode: +1. Ensure your target can handle persistent mode fuzzing +2. Follow instructions in the [llvm_mode persistent mode](https://github.com/AFLplusplus/AFLplusplus/blob/stable/instrumentation/README.persistent_mode.md) +3. Use the one of the following macro near the beginning of the main function and after the buffer initialization (`unsigned char *buf = __AFL_FUZZ_TESTCASE_BUF`): + - `AFL_INIT_ARGV_PERSISTENT(buf)`, if you want to + - `AFL_INIT_SET0_PERSISTENT("name_of_binary", buf)` + +see: [argv_fuzz_persistent_demo.c](argv_fuzz_persistent_demo.c) + +## Binary only `argvfuzz` tries to provide the same functionality for binaries. When loaded using `LD_PRELOAD`, it will hook the call to `__libc_start_main` and replace argv using the same logic of `argv-fuzz-inl.h`. A few conditions need to be fulfilled for this mechanism to work correctly: -1. As it relies on hooking the loader, it cannot work on static binaries. +1. As it relies on hooking the loader, it cannot work on static binaries 2. If the target binary does not use the default libc's `_start` implementation (crt1.o), the hook may not run. 3. The hook will replace argv with pointers to `.data` of `argvfuzz.so`. If the -- cgit 1.4.1 From f28f6adbce0b803b80938518ca9c559e428ef9cf Mon Sep 17 00:00:00 2001 From: Maciej Domanski Date: Wed, 28 Dec 2022 09:41:22 +0100 Subject: update --- utils/argv_fuzzing/Makefile | 8 +++++--- utils/argv_fuzzing/README.md | 15 +++++++++------ 2 files changed, 14 insertions(+), 9 deletions(-) diff --git a/utils/argv_fuzzing/Makefile b/utils/argv_fuzzing/Makefile index 3ebde54b..fca46b09 100644 --- a/utils/argv_fuzzing/Makefile +++ b/utils/argv_fuzzing/Makefile @@ -11,7 +11,7 @@ # http://www.apache.org/licenses/LICENSE-2.0 # -.PHONY: all install clean +.PHONY: all install clean demo PREFIX ?= /usr/local BIN_PATH = $(PREFIX)/bin @@ -58,5 +58,7 @@ clean: rm -f argvfuzz32.so argvfuzz64.so argv_fuzz_demo argv_fuzz_persistent_demo demo: - ../../afl-clang-fast -o argv_fuzz_demo argv_fuzz_demo.c - ../../afl-clang-fast -o argv_fuzz_persistent_demo argv_fuzz_persistent_demo.c \ No newline at end of file + CC = afl-clang-fast + CFLAGS = -fsanitize=address + -@$(CC) $(CFLAGS) -o argv_fuzz_demo argv_fuzz_demo.c + -@$(CC) $(CFLAGS) -o argv_fuzz_persistent_demo argv_fuzz_persistent_demo.c \ No newline at end of file diff --git a/utils/argv_fuzzing/README.md b/utils/argv_fuzzing/README.md index e22fbe4e..d248cf93 100644 --- a/utils/argv_fuzzing/README.md +++ b/utils/argv_fuzzing/README.md @@ -1,14 +1,16 @@ # argv_fuzzing feature -AFL++ supports fuzzing file inputs or stdin. The argv_fuzzing feature allows for fuzzing of arguments passed to a program from the command line interface, rather than from standard input. +AFL++ supports fuzzing file inputs or stdin. The argv_fuzzing feature allows for the fuzzing of arguments +passed to a program from the command line interface rather than from standard input. ## With source code -When source is available, a macro from the `argv-fuzz-inl.h` header file can be used to change the program's behavior to build argv from STDIN. +When the source code is available, a specific macro from the `argv-fuzz-inl.h` header file can be used to change +the program's behavior to build argv from STDIN. ### Without persistent mode Conditions needed to use the argv_fuzzing feature: 1. Include `argv-fuzz-inl.h` header file (`#include "argv-fuzz-inl.h"`) 2. Identify your main function that parses arguments (for example, `int main(int argc, char **argv)`) -3. Use the one of the following macros (near the beginning of the main function) to initialize argv with the fuzzer's input: +3. Use one of the following macros (near the beginning of the main function) to initialize argv with the fuzzer's input: - `AFL_INIT_ARGV();` or - `AFL_INIT_SET0("prog_name");` to preserve `argv[0]` (the name of the program being executed) @@ -18,7 +20,8 @@ see: [argv_fuzz_demo.c](argv_fuzz_demo.c) Conditions needed to use the argv_fuzzing feature with persistent mode: 1. Ensure your target can handle persistent mode fuzzing 2. Follow instructions in the [llvm_mode persistent mode](https://github.com/AFLplusplus/AFLplusplus/blob/stable/instrumentation/README.persistent_mode.md) -3. Use the one of the following macro near the beginning of the main function and after the buffer initialization (`unsigned char *buf = __AFL_FUZZ_TESTCASE_BUF`): +3. Use one of the following macros near the beginning of the main function and after +the buffer initialization (`unsigned char *buf = __AFL_FUZZ_TESTCASE_BUF`): - `AFL_INIT_ARGV_PERSISTENT(buf)`, if you want to - `AFL_INIT_SET0_PERSISTENT("name_of_binary", buf)` @@ -34,5 +37,5 @@ A few conditions need to be fulfilled for this mechanism to work correctly: 1. As it relies on hooking the loader, it cannot work on static binaries 2. If the target binary does not use the default libc's `_start` implementation (crt1.o), the hook may not run. -3. The hook will replace argv with pointers to `.data` of `argvfuzz.so`. If the - target binary expects argv to be living on the stack, things may go wrong. +3. The hook will replace argv with pointers to `.data` of `argvfuzz.so`. +Things may go wrong if the target binary expects argv to live on the stack. -- cgit 1.4.1 From c0c985a2781f84313db80eea3662ec88fb264292 Mon Sep 17 00:00:00 2001 From: Maciej Domanski Date: Wed, 28 Dec 2022 09:48:10 +0100 Subject: minor changes --- utils/argv_fuzzing/argv-fuzz-inl.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/utils/argv_fuzzing/argv-fuzz-inl.h b/utils/argv_fuzzing/argv-fuzz-inl.h index abe86d3c..cb0af2bc 100644 --- a/utils/argv_fuzzing/argv-fuzz-inl.h +++ b/utils/argv_fuzzing/argv-fuzz-inl.h @@ -31,7 +31,8 @@ To enable persistent fuzzing, use the AFL_INIT_ARGV_PERSISTENT macro with buf as argument, or use AFL_INIT_SET0_PERSISTENT("prog_name", buf) - to preserver argv[0]. buf should be defined as: + to preserver argv[0]. buf is a pointer to a buffer containing + the input data for the current test case being processed defined as: unsigned char *buf = __AFL_FUZZ_TESTCASE_BUF; */ -- cgit 1.4.1 From 86ec1b9d71d1d2679f85676c65947324779016b3 Mon Sep 17 00:00:00 2001 From: Maciej Domanski Date: Wed, 28 Dec 2022 09:55:14 +0100 Subject: makefile update --- utils/argv_fuzzing/Makefile | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/utils/argv_fuzzing/Makefile b/utils/argv_fuzzing/Makefile index fca46b09..ba811de6 100644 --- a/utils/argv_fuzzing/Makefile +++ b/utils/argv_fuzzing/Makefile @@ -11,7 +11,7 @@ # http://www.apache.org/licenses/LICENSE-2.0 # -.PHONY: all install clean demo +.PHONY: all install clean argv_fuzz_persistent_demo argv_fuzz_demo PREFIX ?= /usr/local BIN_PATH = $(PREFIX)/bin @@ -41,7 +41,7 @@ __M32FLAG=$(_M32FLAG:00=-mbe32) ___M32FLAG=$(__M32FLAG:$(CC_IS_GCC)$(CC_IS_ARMCOMPILER)=-m32) M32FLAG=$(___M32FLAG) -all: argvfuzz32.so argvfuzz64.so demo +all: argvfuzz32.so argvfuzz64.so argv_fuzz_persistent_demo argv_fuzz_demo argvfuzz32.so: argvfuzz.c -@$(CC) $(M32FLAG) $(CFLAGS) $^ $(LDFLAGS) -o $@ 2>/dev/null || echo "argvfuzz32 build failure (that's fine)" @@ -57,8 +57,8 @@ install: argvfuzz32.so argvfuzz64.so clean: rm -f argvfuzz32.so argvfuzz64.so argv_fuzz_demo argv_fuzz_persistent_demo -demo: - CC = afl-clang-fast - CFLAGS = -fsanitize=address - -@$(CC) $(CFLAGS) -o argv_fuzz_demo argv_fuzz_demo.c - -@$(CC) $(CFLAGS) -o argv_fuzz_persistent_demo argv_fuzz_persistent_demo.c \ No newline at end of file +argv_fuzz_persistent_demo: argv_fuzz_persistent_demo.c + $(CC) $(CFLAGS) -o $@ $^ + +argv_fuzz_demo: argv_fuzz_demo.c + $(CC) $(CFLAGS) -o $@ $^ \ No newline at end of file -- cgit 1.4.1 From 4ff37da70923196f6986d64eafdda82590b92207 Mon Sep 17 00:00:00 2001 From: Maciej Domanski Date: Wed, 28 Dec 2022 10:34:56 +0100 Subject: makefile update --- utils/argv_fuzzing/Makefile | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/utils/argv_fuzzing/Makefile b/utils/argv_fuzzing/Makefile index ba811de6..b6630175 100644 --- a/utils/argv_fuzzing/Makefile +++ b/utils/argv_fuzzing/Makefile @@ -13,11 +13,20 @@ .PHONY: all install clean argv_fuzz_persistent_demo argv_fuzz_demo +CC ?= afl-clang-fast +CFLAGS ?= -fsanitize=address + +argv_fuzz_persistent_demo: argv_fuzz_persistent_demo.c + $(CC) $(CFLAGS) -o $@ $^ + +argv_fuzz_demo: argv_fuzz_demo.c + $(CC) $(CFLAGS) -o $@ $^ + PREFIX ?= /usr/local BIN_PATH = $(PREFIX)/bin HELPER_PATH = $(PREFIX)/lib/afl -CFLAGS = -fPIC -Wall -Wextra +CFLAGS += -fPIC -Wall -Wextra LDFLAGS = -shared UNAME_SAYS_LINUX=$(shell uname | grep -E '^Linux|^GNU' >/dev/null; echo $$?) @@ -57,8 +66,3 @@ install: argvfuzz32.so argvfuzz64.so clean: rm -f argvfuzz32.so argvfuzz64.so argv_fuzz_demo argv_fuzz_persistent_demo -argv_fuzz_persistent_demo: argv_fuzz_persistent_demo.c - $(CC) $(CFLAGS) -o $@ $^ - -argv_fuzz_demo: argv_fuzz_demo.c - $(CC) $(CFLAGS) -o $@ $^ \ No newline at end of file -- cgit 1.4.1 From 107ebb7d49aefe87bd9b610b5b6a82c85d740ab7 Mon Sep 17 00:00:00 2001 From: Maciej Domanski Date: Wed, 28 Dec 2022 10:40:17 +0100 Subject: makefile update --- utils/argv_fuzzing/Makefile | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/utils/argv_fuzzing/Makefile b/utils/argv_fuzzing/Makefile index b6630175..ef719e9a 100644 --- a/utils/argv_fuzzing/Makefile +++ b/utils/argv_fuzzing/Makefile @@ -22,6 +22,8 @@ argv_fuzz_persistent_demo: argv_fuzz_persistent_demo.c argv_fuzz_demo: argv_fuzz_demo.c $(CC) $(CFLAGS) -o $@ $^ +demo: argv_fuzz_persistent_demo argv_fuzz_demo + PREFIX ?= /usr/local BIN_PATH = $(PREFIX)/bin HELPER_PATH = $(PREFIX)/lib/afl @@ -50,7 +52,7 @@ __M32FLAG=$(_M32FLAG:00=-mbe32) ___M32FLAG=$(__M32FLAG:$(CC_IS_GCC)$(CC_IS_ARMCOMPILER)=-m32) M32FLAG=$(___M32FLAG) -all: argvfuzz32.so argvfuzz64.so argv_fuzz_persistent_demo argv_fuzz_demo +all: argvfuzz32.so argvfuzz64.so demo argvfuzz32.so: argvfuzz.c -@$(CC) $(M32FLAG) $(CFLAGS) $^ $(LDFLAGS) -o $@ 2>/dev/null || echo "argvfuzz32 build failure (that's fine)" -- cgit 1.4.1 From c090abb00d93e60a0643f6fb9c42816bc75846e3 Mon Sep 17 00:00:00 2001 From: Maciej Domanski Date: Wed, 28 Dec 2022 10:44:02 +0100 Subject: makefile update --- utils/argv_fuzzing/Makefile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/utils/argv_fuzzing/Makefile b/utils/argv_fuzzing/Makefile index ef719e9a..2b30b18c 100644 --- a/utils/argv_fuzzing/Makefile +++ b/utils/argv_fuzzing/Makefile @@ -13,14 +13,14 @@ .PHONY: all install clean argv_fuzz_persistent_demo argv_fuzz_demo -CC ?= afl-clang-fast -CFLAGS ?= -fsanitize=address +#CC ?= afl-clang-fast +#CFLAGS ?= -fsanitize=address argv_fuzz_persistent_demo: argv_fuzz_persistent_demo.c - $(CC) $(CFLAGS) -o $@ $^ + CC=afl-clang-fast CFLAGS=-fsanitize=address $(CC) $(CFLAGS) -o $@ $^ argv_fuzz_demo: argv_fuzz_demo.c - $(CC) $(CFLAGS) -o $@ $^ + CC=afl-clang-fast CFLAGS=-fsanitize=address $(CC) $(CFLAGS) -o $@ $^ demo: argv_fuzz_persistent_demo argv_fuzz_demo -- cgit 1.4.1 From 0710e4f17ca9224beaf3424c2cc6f07083ab7c1e Mon Sep 17 00:00:00 2001 From: Maciej Domanski Date: Wed, 28 Dec 2022 10:47:08 +0100 Subject: makefile update --- utils/argv_fuzzing/Makefile | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/utils/argv_fuzzing/Makefile b/utils/argv_fuzzing/Makefile index 2b30b18c..dce092d6 100644 --- a/utils/argv_fuzzing/Makefile +++ b/utils/argv_fuzzing/Makefile @@ -11,18 +11,11 @@ # http://www.apache.org/licenses/LICENSE-2.0 # -.PHONY: all install clean argv_fuzz_persistent_demo argv_fuzz_demo +.PHONY: all install clean argv_fuzz_persistent_demo argv_fuzz_demo demo -#CC ?= afl-clang-fast -#CFLAGS ?= -fsanitize=address -argv_fuzz_persistent_demo: argv_fuzz_persistent_demo.c - CC=afl-clang-fast CFLAGS=-fsanitize=address $(CC) $(CFLAGS) -o $@ $^ -argv_fuzz_demo: argv_fuzz_demo.c - CC=afl-clang-fast CFLAGS=-fsanitize=address $(CC) $(CFLAGS) -o $@ $^ -demo: argv_fuzz_persistent_demo argv_fuzz_demo PREFIX ?= /usr/local BIN_PATH = $(PREFIX)/bin @@ -65,6 +58,14 @@ install: argvfuzz32.so argvfuzz64.so if [ -f argvfuzz32.so ]; then set -e; install -m 755 argvfuzz32.so $(DESTDIR)$(HELPER_PATH)/; fi if [ -f argvfuzz64.so ]; then set -e; install -m 755 argvfuzz64.so $(DESTDIR)$(HELPER_PATH)/; fi +argv_fuzz_persistent_demo: argv_fuzz_persistent_demo.c + afl-clang-fast -fsanitize=address -g -o $@ $^ + +argv_fuzz_demo: argv_fuzz_demo.c + afl-clang-fast -fsanitize=address -g -o $@ $^ + +demo: argv_fuzz_persistent_demo argv_fuzz_demo + clean: rm -f argvfuzz32.so argvfuzz64.so argv_fuzz_demo argv_fuzz_persistent_demo -- cgit 1.4.1 From 489f2d4d97c8497d6e259e9e50c27628ad075126 Mon Sep 17 00:00:00 2001 From: Maciej Domanski Date: Wed, 28 Dec 2022 10:49:31 +0100 Subject: makefile update --- utils/argv_fuzzing/Makefile | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/utils/argv_fuzzing/Makefile b/utils/argv_fuzzing/Makefile index dce092d6..1bc6b223 100644 --- a/utils/argv_fuzzing/Makefile +++ b/utils/argv_fuzzing/Makefile @@ -13,10 +13,6 @@ .PHONY: all install clean argv_fuzz_persistent_demo argv_fuzz_demo demo - - - - PREFIX ?= /usr/local BIN_PATH = $(PREFIX)/bin HELPER_PATH = $(PREFIX)/lib/afl @@ -59,10 +55,10 @@ install: argvfuzz32.so argvfuzz64.so if [ -f argvfuzz64.so ]; then set -e; install -m 755 argvfuzz64.so $(DESTDIR)$(HELPER_PATH)/; fi argv_fuzz_persistent_demo: argv_fuzz_persistent_demo.c - afl-clang-fast -fsanitize=address -g -o $@ $^ + CC=afl-clang-fast $(CC) -o $@ $^ argv_fuzz_demo: argv_fuzz_demo.c - afl-clang-fast -fsanitize=address -g -o $@ $^ + CC=afl-clang-fast $(CC) -o $@ $^ demo: argv_fuzz_persistent_demo argv_fuzz_demo -- cgit 1.4.1 From 209527907ff9a843fe9d353ec1a1602f88579982 Mon Sep 17 00:00:00 2001 From: Maciej Domanski Date: Wed, 28 Dec 2022 10:50:05 +0100 Subject: makefile update --- utils/argv_fuzzing/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/utils/argv_fuzzing/Makefile b/utils/argv_fuzzing/Makefile index 1bc6b223..7e706180 100644 --- a/utils/argv_fuzzing/Makefile +++ b/utils/argv_fuzzing/Makefile @@ -55,10 +55,10 @@ install: argvfuzz32.so argvfuzz64.so if [ -f argvfuzz64.so ]; then set -e; install -m 755 argvfuzz64.so $(DESTDIR)$(HELPER_PATH)/; fi argv_fuzz_persistent_demo: argv_fuzz_persistent_demo.c - CC=afl-clang-fast $(CC) -o $@ $^ + afl-clang-fast -fsanitize=address -g -o $@ $^ argv_fuzz_demo: argv_fuzz_demo.c - CC=afl-clang-fast $(CC) -o $@ $^ + afl-clang-fast -fsanitize=address -g -o $@ $^ demo: argv_fuzz_persistent_demo argv_fuzz_demo -- cgit 1.4.1 From 99c67defb4414c1f207123e2930d0500d338c6b8 Mon Sep 17 00:00:00 2001 From: Maciej Domanski Date: Wed, 28 Dec 2022 10:58:44 +0100 Subject: readme cleanup --- utils/argv_fuzzing/README.md | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/utils/argv_fuzzing/README.md b/utils/argv_fuzzing/README.md index d248cf93..14fe5e2d 100644 --- a/utils/argv_fuzzing/README.md +++ b/utils/argv_fuzzing/README.md @@ -1,18 +1,22 @@ # argv_fuzzing feature -AFL++ supports fuzzing file inputs or stdin. The argv_fuzzing feature allows for the fuzzing of arguments -passed to a program from the command line interface rather than from standard input. +AFL++ supports fuzzing file inputs or stdin. The argv_fuzzing feature +allows for the fuzzing of arguments passed to a program from the command line +interface rather than from standard input. ## With source code -When the source code is available, a specific macro from the `argv-fuzz-inl.h` header file can be used to change -the program's behavior to build argv from STDIN. +When the source code is available, a specific macro from the `argv-fuzz-inl.h` +header file can be used to change the program's behavior to build argv from STDIN. ### Without persistent mode Conditions needed to use the argv_fuzzing feature: 1. Include `argv-fuzz-inl.h` header file (`#include "argv-fuzz-inl.h"`) -2. Identify your main function that parses arguments (for example, `int main(int argc, char **argv)`) -3. Use one of the following macros (near the beginning of the main function) to initialize argv with the fuzzer's input: +2. Identify your main function that parses arguments +(for example, `int main(int argc, char **argv)`) +3. Use one of the following macros (near the beginning of the main function) +to initialize argv with the fuzzer's input: - `AFL_INIT_ARGV();` or - - `AFL_INIT_SET0("prog_name");` to preserve `argv[0]` (the name of the program being executed) + - `AFL_INIT_SET0("prog_name");` to preserve `argv[0]` + (the name of the program being executed) see: [argv_fuzz_demo.c](argv_fuzz_demo.c) -- cgit 1.4.1 From 5670c847bd2cc619a9d4a11e9f7ccb1f4004a0b0 Mon Sep 17 00:00:00 2001 From: Maciej Domanski Date: Wed, 28 Dec 2022 11:00:14 +0100 Subject: readme update --- utils/argv_fuzzing/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/utils/argv_fuzzing/README.md b/utils/argv_fuzzing/README.md index 14fe5e2d..a085c098 100644 --- a/utils/argv_fuzzing/README.md +++ b/utils/argv_fuzzing/README.md @@ -1,7 +1,7 @@ # argv_fuzzing feature -AFL++ supports fuzzing file inputs or stdin. The argv_fuzzing feature +AFL++ supports fuzzing file inputs or standard input. The argv_fuzzing feature allows for the fuzzing of arguments passed to a program from the command line -interface rather than from standard input. +interface rather than from STDIN. ## With source code When the source code is available, a specific macro from the `argv-fuzz-inl.h` -- cgit 1.4.1 From fd27b2c9be442c429c215fe57bd5893121795b42 Mon Sep 17 00:00:00 2001 From: Maciej Domanski Date: Wed, 28 Dec 2022 11:04:53 +0100 Subject: makefile cleanup --- utils/argv_fuzzing/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils/argv_fuzzing/Makefile b/utils/argv_fuzzing/Makefile index 7e706180..f016c5a7 100644 --- a/utils/argv_fuzzing/Makefile +++ b/utils/argv_fuzzing/Makefile @@ -17,7 +17,7 @@ PREFIX ?= /usr/local BIN_PATH = $(PREFIX)/bin HELPER_PATH = $(PREFIX)/lib/afl -CFLAGS += -fPIC -Wall -Wextra +CFLAGS = -fPIC -Wall -Wextra LDFLAGS = -shared UNAME_SAYS_LINUX=$(shell uname | grep -E '^Linux|^GNU' >/dev/null; echo $$?) -- cgit 1.4.1 From 1149b131857af5e785a1bf3d72b4d15c5d542e46 Mon Sep 17 00:00:00 2001 From: Maciej Domanski Date: Wed, 28 Dec 2022 11:07:49 +0100 Subject: undo custom-format --- .custom-format.py | 49 ++++++++++++++++++++++++------------------------- 1 file changed, 24 insertions(+), 25 deletions(-) diff --git a/.custom-format.py b/.custom-format.py index 00f6280f..aaa84af6 100755 --- a/.custom-format.py +++ b/.custom-format.py @@ -26,16 +26,15 @@ import shutil with open(".clang-format") as f: fmt = f.read() -#CURRENT_LLVM = os.getenv('LLVM_VERSION', 14) -#CLANG_FORMAT_BIN = os.getenv("CLANG_FORMAT_BIN", "") +CURRENT_LLVM = os.getenv('LLVM_VERSION', 14) +CLANG_FORMAT_BIN = os.getenv("CLANG_FORMAT_BIN", "") -#if shutil.which(CLANG_FORMAT_BIN) is None: -# CLANG_FORMAT_BIN = f"clang-format-{CURRENT_LLVM}" +if shutil.which(CLANG_FORMAT_BIN) is None: + CLANG_FORMAT_BIN = f"clang-format-{CURRENT_LLVM}" -#if shutil.which(CLANG_FORMAT_BIN) is None: -# print(f"[!] clang-format-{CURRENT_LLVM} is needed. Aborted.") -# exit(1) -CLANG_FORMAT_BIN = "clang-format" +if shutil.which(CLANG_FORMAT_BIN) is None: + print(f"[!] clang-format-{CURRENT_LLVM} is needed. Aborted.") + exit(1) COLUMN_LIMIT = 80 for line in fmt.split("\n"): @@ -59,16 +58,16 @@ def custom_format(filename): in_define = True if ( - "/*" in line - and not line.strip().startswith("/*") - and line.endswith("*/") - and len(line) < (COLUMN_LIMIT - 2) + "/*" in line + and not line.strip().startswith("/*") + and line.endswith("*/") + and len(line) < (COLUMN_LIMIT - 2) ): cmt_start = line.rfind("/*") line = ( - line[:cmt_start] - + " " * (COLUMN_LIMIT - 2 - len(line)) - + line[cmt_start:] + line[:cmt_start] + + " " * (COLUMN_LIMIT - 2 - len(line)) + + line[cmt_start:] ) define_padding = 0 @@ -77,21 +76,21 @@ def custom_format(filename): define_padding = max(0, len(last_line[last_line.rfind("\n") + 1 :])) if ( - last_line is not None - and last_line.strip().endswith("{") - and line.strip() != "" + last_line is not None + and last_line.strip().endswith("{") + and line.strip() != "" ): line = (" " * define_padding + "\\" if in_define else "") + "\n" + line elif ( - last_line is not None - and last_line.strip().startswith("}") - and line.strip() != "" + last_line is not None + and last_line.strip().startswith("}") + and line.strip() != "" ): line = (" " * define_padding + "\\" if in_define else "") + "\n" + line elif ( - line.strip().startswith("}") - and last_line is not None - and last_line.strip() != "" + line.strip().startswith("}") + and last_line is not None + and last_line.strip() != "" ): line = (" " * define_padding + "\\" if in_define else "") + "\n" + line @@ -124,4 +123,4 @@ for filename in args: with open(filename, "w") as f: f.write(code) else: - print(code) + print(code) \ No newline at end of file -- cgit 1.4.1 From 8817da8ae4038b0a155fde9e1f3ea8d4f7d8c107 Mon Sep 17 00:00:00 2001 From: Maciej Domanski Date: Wed, 28 Dec 2022 11:10:38 +0100 Subject: Removed a modified file from pr --- .custom-format.py | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/.custom-format.py b/.custom-format.py index aaa84af6..428d7b0d 100755 --- a/.custom-format.py +++ b/.custom-format.py @@ -58,16 +58,16 @@ def custom_format(filename): in_define = True if ( - "/*" in line - and not line.strip().startswith("/*") - and line.endswith("*/") - and len(line) < (COLUMN_LIMIT - 2) + "/*" in line + and not line.strip().startswith("/*") + and line.endswith("*/") + and len(line) < (COLUMN_LIMIT - 2) ): cmt_start = line.rfind("/*") line = ( - line[:cmt_start] - + " " * (COLUMN_LIMIT - 2 - len(line)) - + line[cmt_start:] + line[:cmt_start] + + " " * (COLUMN_LIMIT - 2 - len(line)) + + line[cmt_start:] ) define_padding = 0 @@ -76,21 +76,21 @@ def custom_format(filename): define_padding = max(0, len(last_line[last_line.rfind("\n") + 1 :])) if ( - last_line is not None - and last_line.strip().endswith("{") - and line.strip() != "" + last_line is not None + and last_line.strip().endswith("{") + and line.strip() != "" ): line = (" " * define_padding + "\\" if in_define else "") + "\n" + line elif ( - last_line is not None - and last_line.strip().startswith("}") - and line.strip() != "" + last_line is not None + and last_line.strip().startswith("}") + and line.strip() != "" ): line = (" " * define_padding + "\\" if in_define else "") + "\n" + line elif ( - line.strip().startswith("}") - and last_line is not None - and last_line.strip() != "" + line.strip().startswith("}") + and last_line is not None + and last_line.strip() != "" ): line = (" " * define_padding + "\\" if in_define else "") + "\n" + line @@ -123,4 +123,4 @@ for filename in args: with open(filename, "w") as f: f.write(code) else: - print(code) \ No newline at end of file + print(code) -- cgit 1.4.1 From 1bcc9bfa913b9afe07e7e0eef7d6912c79329112 Mon Sep 17 00:00:00 2001 From: Maciej Domanski Date: Wed, 28 Dec 2022 13:05:44 +0100 Subject: clang-format pip --- .custom-format.py | 81 ++++++++++++++++++++++++++++++++++++++----------------- 1 file changed, 57 insertions(+), 24 deletions(-) diff --git a/.custom-format.py b/.custom-format.py index 428d7b0d..95def5aa 100755 --- a/.custom-format.py +++ b/.custom-format.py @@ -3,7 +3,7 @@ # american fuzzy lop++ - custom code formatter # -------------------------------------------- # -# Written and maintaned by Andrea Fioraldi +# Written and maintained by Andrea Fioraldi # # Copyright 2015, 2016, 2017 Google Inc. All rights reserved. # Copyright 2019-2022 AFLplusplus Project. All rights reserved. @@ -18,24 +18,57 @@ import subprocess import sys import os -import re +# import re # TODO: for future use import shutil +import importlib.metadata + +# string_re = re.compile('(\\"(\\\\.|[^"\\\\])*\\")') # TODO: for future use + +CURRENT_LLVM = os.getenv('LLVM_VERSION', 14) +CLANG_FORMAT_BIN = os.getenv("CLANG_FORMAT_BIN", "") + + +def check_clang_format_pip_version(): + """ + Check if the correct version of clang-format is installed via pip. + + Returns: + bool: True if the correct version of clang-format is installed, + False otherwise. + """ + # Check if clang-format is installed + if importlib.util.find_spec('clang_format'): + # Check if the installed version is the expected LLVM version + if importlib.metadata.version('clang-format')\ + .startswith(CURRENT_LLVM+'.'): + return True + else: + # Return False, because the clang-format version does not match + return False + else: + # If the 'clang_format' package isn't installed, return False + return False -# string_re = re.compile('(\\"(\\\\.|[^"\\\\])*\\")') # future use with open(".clang-format") as f: fmt = f.read() -CURRENT_LLVM = os.getenv('LLVM_VERSION', 14) -CLANG_FORMAT_BIN = os.getenv("CLANG_FORMAT_BIN", "") + +CLANG_FORMAT_PIP = check_clang_format_pip_version() if shutil.which(CLANG_FORMAT_BIN) is None: CLANG_FORMAT_BIN = f"clang-format-{CURRENT_LLVM}" -if shutil.which(CLANG_FORMAT_BIN) is None: +if shutil.which(CLANG_FORMAT_BIN) is None \ + and CLANG_FORMAT_PIP is False: print(f"[!] clang-format-{CURRENT_LLVM} is needed. Aborted.") + print(f"Run `pip3 install \"clang-format=={CURRENT_LLVM}.*\"` \ +to install via pip.") exit(1) +if CLANG_FORMAT_PIP: + CLANG_FORMAT_BIN = shutil.which("clang-format") + COLUMN_LIMIT = 80 for line in fmt.split("\n"): line = line.split(":") @@ -54,43 +87,43 @@ def custom_format(filename): for line in src.split("\n"): if line.lstrip().startswith("#"): - if line[line.find("#") + 1 :].lstrip().startswith("define"): + if line[line.find("#") + 1:].lstrip().startswith("define"): in_define = True if ( - "/*" in line - and not line.strip().startswith("/*") - and line.endswith("*/") - and len(line) < (COLUMN_LIMIT - 2) + "/*" in line + and not line.strip().startswith("/*") + and line.endswith("*/") + and len(line) < (COLUMN_LIMIT - 2) ): cmt_start = line.rfind("/*") line = ( - line[:cmt_start] - + " " * (COLUMN_LIMIT - 2 - len(line)) - + line[cmt_start:] + line[:cmt_start] + + " " * (COLUMN_LIMIT - 2 - len(line)) + + line[cmt_start:] ) define_padding = 0 if last_line is not None and in_define and last_line.endswith("\\"): last_line = last_line[:-1] - define_padding = max(0, len(last_line[last_line.rfind("\n") + 1 :])) + define_padding = max(0, len(last_line[last_line.rfind("\n") + 1:])) if ( - last_line is not None - and last_line.strip().endswith("{") - and line.strip() != "" + last_line is not None + and last_line.strip().endswith("{") + and line.strip() != "" ): line = (" " * define_padding + "\\" if in_define else "") + "\n" + line elif ( - last_line is not None - and last_line.strip().startswith("}") - and line.strip() != "" + last_line is not None + and last_line.strip().startswith("}") + and line.strip() != "" ): line = (" " * define_padding + "\\" if in_define else "") + "\n" + line elif ( - line.strip().startswith("}") - and last_line is not None - and last_line.strip() != "" + line.strip().startswith("}") + and last_line is not None + and last_line.strip() != "" ): line = (" " * define_padding + "\\" if in_define else "") + "\n" + line -- cgit 1.4.1 From e847b9948daba83257a665d936d83cfd9004e2ae Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 28 Dec 2022 17:40:56 +0100 Subject: prevent weighting < 1 --- src/afl-fuzz-queue.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/afl-fuzz-queue.c b/src/afl-fuzz-queue.c index d8dbdfbe..5017c37c 100644 --- a/src/afl-fuzz-queue.c +++ b/src/afl-fuzz-queue.c @@ -51,13 +51,14 @@ double compute_weight(afl_state_t *afl, struct queue_entry *q, if (likely(afl->schedule >= FAST && afl->schedule <= RARE)) { u32 hits = afl->n_fuzz[q->n_fuzz_entry]; - if (likely(hits)) { weight *= log10(hits) + 1; } + if (likely(hits)) { weight *= (log10(hits) + 1); } } if (likely(afl->schedule < RARE)) { weight *= (avg_exec_us / q->exec_us); } weight *= (log(q->bitmap_size) / avg_bitmap_size); weight *= (1 + (q->tc_ref / avg_top_size)); + if (unlikely(weight < 1.0)) { weight = 1.0; } if (unlikely(q->favored)) { weight *= 5; } if (unlikely(!q->was_fuzzed)) { weight *= 2; } -- cgit 1.4.1 From ffe89e8f2d142919f90de2994d23d0249b5d12ca Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 29 Dec 2022 10:25:12 +0100 Subject: fix makefile typo --- GNUmakefile | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/GNUmakefile b/GNUmakefile index 43f96ffe..6921cc85 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -637,16 +637,16 @@ endif # -$(MAKE) -C utils/plot_ui -$(MAKE) -C frida_mode ifneq "$(SYS)" "Darwin" -ifeq "$(ARCH)" "aarch64" - ifndef NO_CORESIGHT + ifeq "$(ARCH)" "aarch64" + ifndef NO_CORESIGHT -$(MAKE) -C coresight_mode + endif endif -endif -ifeq "$(SYS)" "Linux" - ifndef NO_NYX + ifeq "$(SYS)" "Linux" + ifndef NO_NYX -cd nyx_mode && ./build_nyx_support.sh + endif endif -endif -cd qemu_mode && sh ./build_qemu_support.sh ifeq "$(ARCH)" "aarch64" ifndef NO_UNICORN_ARM64 @@ -662,7 +662,7 @@ binary-only: test_shm test_python ready $(PROGS) ifneq "$(SYS)" "Darwin" -$(MAKE) -C utils/libdislocator -$(MAKE) -C utils/libtokencap -#endif +endif -$(MAKE) -C utils/afl_network_proxy -$(MAKE) -C utils/socket_fuzzing -$(MAKE) -C utils/argv_fuzzing -- cgit 1.4.1 From 35f09e11a4373b0fb42c690d23127c144f72f73c Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 3 Jan 2023 09:38:00 +0100 Subject: welcome 2023 --- .custom-format.py | 2 +- GNUmakefile.gcc_plugin | 2 +- afl-whatsup | 2 +- custom_mutators/gramatron/build_gramatron_mutator.sh | 2 +- custom_mutators/grammar_mutator/build_grammar_mutator.sh | 2 +- frida_mode/Scripting.md | 2 +- frida_mode/test/cmplog/cmplog.c | 2 +- frida_mode/test/deferred/testinstr.c | 2 +- frida_mode/test/dynamic/testinstr.c | 2 +- frida_mode/test/entry_point/testinstr.c | 2 +- frida_mode/test/exe/testinstr.c | 2 +- frida_mode/test/js/test.c | 2 +- frida_mode/test/js/test2.c | 2 +- frida_mode/test/output/testinstr.c | 2 +- frida_mode/test/perf/perf.c | 2 +- frida_mode/test/persistent_ret/testinstr.c | 2 +- frida_mode/test/testinstr/testinstr.c | 2 +- frida_mode/test/unstable/unstable.c | 2 +- include/afl-as.h | 2 +- include/afl-fuzz.h | 2 +- include/afl-prealloc.h | 2 +- include/alloc-inl.h | 2 +- include/cmplog.h | 2 +- include/common.h | 2 +- include/config.h | 2 +- include/debug.h | 2 +- include/forkserver.h | 2 +- include/hash.h | 2 +- include/list.h | 2 +- include/sharedmem.h | 2 +- include/snapshot-inl.h | 2 +- include/types.h | 2 +- include/xxhash.h | 2 +- instrumentation/afl-compiler-rt.o.c | 2 +- instrumentation/afl-gcc-cmplog-pass.so.cc | 2 +- instrumentation/afl-gcc-cmptrs-pass.so.cc | 2 +- instrumentation/afl-gcc-common.h | 2 +- instrumentation/afl-gcc-pass.so.cc | 2 +- instrumentation/afl-llvm-dict2file.so.cc | 2 +- instrumentation/afl-llvm-lto-instrumentlist.so.cc | 2 +- instrumentation/afl-llvm-pass.so.cc | 2 +- instrumentation/cmplog-instructions-pass.cc | 2 +- instrumentation/cmplog-routines-pass.cc | 2 +- instrumentation/cmplog-switches-pass.cc | 2 +- qemu_mode/build_qemu_support.sh | 2 +- qemu_mode/fastexit/Makefile | 2 +- qemu_mode/libcompcov/Makefile | 2 +- qemu_mode/libcompcov/compcovtest.cc | 2 +- qemu_mode/libcompcov/libcompcov.so.c | 2 +- qemu_mode/libqasan/Makefile | 2 +- qemu_mode/libqasan/hooks.c | 2 +- qemu_mode/libqasan/libqasan.c | 2 +- qemu_mode/libqasan/libqasan.h | 2 +- qemu_mode/libqasan/malloc.c | 2 +- qemu_mode/libqasan/patch.c | 2 +- qemu_mode/libqasan/string.c | 2 +- qemu_mode/libqasan/uninstrument.c | 2 +- qemu_mode/unsigaction/Makefile | 2 +- src/afl-analyze.c | 2 +- src/afl-as.c | 2 +- src/afl-cc.c | 2 +- src/afl-common.c | 2 +- src/afl-forkserver.c | 2 +- src/afl-fuzz-bitmap.c | 2 +- src/afl-fuzz-cmplog.c | 2 +- src/afl-fuzz-extras.c | 2 +- src/afl-fuzz-init.c | 2 +- src/afl-fuzz-mutators.c | 2 +- src/afl-fuzz-one.c | 2 +- src/afl-fuzz-python.c | 2 +- src/afl-fuzz-queue.c | 2 +- src/afl-fuzz-redqueen.c | 2 +- src/afl-fuzz-run.c | 2 +- src/afl-fuzz-state.c | 2 +- src/afl-fuzz-stats.c | 2 +- src/afl-fuzz.c | 2 +- src/afl-gotcpu.c | 2 +- src/afl-ld-lto.c | 2 +- src/afl-sharedmem.c | 2 +- src/afl-showmap.c | 2 +- src/afl-tmin.c | 2 +- test-instr.c | 2 +- unicorn_mode/build_unicorn_support.sh | 2 +- utils/afl_network_proxy/afl-network-client.c | 2 +- utils/afl_network_proxy/afl-network-server.c | 2 +- utils/afl_proxy/afl-proxy.c | 2 +- utils/afl_untracer/afl-untracer.c | 2 +- utils/afl_untracer/libtestinstr.c | 2 +- utils/argv_fuzzing/Makefile | 2 +- utils/argv_fuzzing/argvfuzz.c | 2 +- utils/distributed_fuzzing/sync_script.sh | 2 +- utils/libdislocator/libdislocator.so.c | 2 +- utils/libtokencap/libtokencap.so.c | 2 +- utils/persistent_mode/test-instr.c | 2 +- 94 files changed, 94 insertions(+), 94 deletions(-) diff --git a/.custom-format.py b/.custom-format.py index 95def5aa..d07c26df 100755 --- a/.custom-format.py +++ b/.custom-format.py @@ -6,7 +6,7 @@ # Written and maintained by Andrea Fioraldi # # Copyright 2015, 2016, 2017 Google Inc. All rights reserved. -# Copyright 2019-2022 AFLplusplus Project. All rights reserved. +# Copyright 2019-2023 AFLplusplus Project. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/GNUmakefile.gcc_plugin b/GNUmakefile.gcc_plugin index 28a1a828..4c4e10c4 100644 --- a/GNUmakefile.gcc_plugin +++ b/GNUmakefile.gcc_plugin @@ -11,7 +11,7 @@ # from Laszlo Szekeres. # # Copyright 2015 Google Inc. All rights reserved. -# Copyright 2019-2022 AFLplusplus Project. All rights reserved. +# Copyright 2019-2023 AFLplusplus Project. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/afl-whatsup b/afl-whatsup index 160a8c74..5546523a 100755 --- a/afl-whatsup +++ b/afl-whatsup @@ -6,7 +6,7 @@ # Originally written by Michal Zalewski # # Copyright 2015 Google Inc. All rights reserved. -# Copyright 2019-2022 AFLplusplus Project. All rights reserved. +# Copyright 2019-2023 AFLplusplus Project. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/custom_mutators/gramatron/build_gramatron_mutator.sh b/custom_mutators/gramatron/build_gramatron_mutator.sh index ff88ff26..c830329e 100755 --- a/custom_mutators/gramatron/build_gramatron_mutator.sh +++ b/custom_mutators/gramatron/build_gramatron_mutator.sh @@ -11,7 +11,7 @@ # Adapted for AFLplusplus by Dominik Maier # # Copyright 2017 Battelle Memorial Institute. All rights reserved. -# Copyright 2019-2022 AFLplusplus Project. All rights reserved. +# Copyright 2019-2023 AFLplusplus Project. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/custom_mutators/grammar_mutator/build_grammar_mutator.sh b/custom_mutators/grammar_mutator/build_grammar_mutator.sh index 74cae8aa..593cd2dc 100755 --- a/custom_mutators/grammar_mutator/build_grammar_mutator.sh +++ b/custom_mutators/grammar_mutator/build_grammar_mutator.sh @@ -14,7 +14,7 @@ # # # Copyright 2017 Battelle Memorial Institute. All rights reserved. -# Copyright 2019-2022 AFLplusplus Project. All rights reserved. +# Copyright 2019-2023 AFLplusplus Project. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/frida_mode/Scripting.md b/frida_mode/Scripting.md index 06d4212c..023e4a19 100644 --- a/frida_mode/Scripting.md +++ b/frida_mode/Scripting.md @@ -390,7 +390,7 @@ Consider the [following](test/js/test2.c) test code... -------------------------------------------------------- Originally written by Michal Zalewski Copyright 2014 Google Inc. All rights reserved. - Copyright 2019-2022 AFLplusplus Project. All rights reserved. + Copyright 2019-2023 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at: diff --git a/frida_mode/test/cmplog/cmplog.c b/frida_mode/test/cmplog/cmplog.c index 7c047ed6..2565b35c 100644 --- a/frida_mode/test/cmplog/cmplog.c +++ b/frida_mode/test/cmplog/cmplog.c @@ -2,7 +2,7 @@ // // Author: Mateusz Jurczyk (mjurczyk@google.com) // -// Copyright 2019-2022 Google LLC +// Copyright 2019-2023 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. diff --git a/frida_mode/test/deferred/testinstr.c b/frida_mode/test/deferred/testinstr.c index 7e564a61..0ab44582 100644 --- a/frida_mode/test/deferred/testinstr.c +++ b/frida_mode/test/deferred/testinstr.c @@ -3,7 +3,7 @@ -------------------------------------------------------- Originally written by Michal Zalewski Copyright 2014 Google Inc. All rights reserved. - Copyright 2019-2022 AFLplusplus Project. All rights reserved. + Copyright 2019-2023 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at: diff --git a/frida_mode/test/dynamic/testinstr.c b/frida_mode/test/dynamic/testinstr.c index ad26d060..8b285f6d 100644 --- a/frida_mode/test/dynamic/testinstr.c +++ b/frida_mode/test/dynamic/testinstr.c @@ -3,7 +3,7 @@ -------------------------------------------------------- Originally written by Michal Zalewski Copyright 2014 Google Inc. All rights reserved. - Copyright 2019-2022 AFLplusplus Project. All rights reserved. + Copyright 2019-2023 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at: diff --git a/frida_mode/test/entry_point/testinstr.c b/frida_mode/test/entry_point/testinstr.c index 196b1d84..24d9a615 100644 --- a/frida_mode/test/entry_point/testinstr.c +++ b/frida_mode/test/entry_point/testinstr.c @@ -3,7 +3,7 @@ -------------------------------------------------------- Originally written by Michal Zalewski Copyright 2014 Google Inc. All rights reserved. - Copyright 2019-2022 AFLplusplus Project. All rights reserved. + Copyright 2019-2023 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at: diff --git a/frida_mode/test/exe/testinstr.c b/frida_mode/test/exe/testinstr.c index 334f6518..d965502e 100644 --- a/frida_mode/test/exe/testinstr.c +++ b/frida_mode/test/exe/testinstr.c @@ -3,7 +3,7 @@ -------------------------------------------------------- Originally written by Michal Zalewski Copyright 2014 Google Inc. All rights reserved. - Copyright 2019-2022 AFLplusplus Project. All rights reserved. + Copyright 2019-2023 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at: diff --git a/frida_mode/test/js/test.c b/frida_mode/test/js/test.c index f6778b6f..87c9cdf6 100644 --- a/frida_mode/test/js/test.c +++ b/frida_mode/test/js/test.c @@ -3,7 +3,7 @@ -------------------------------------------------------- Originally written by Michal Zalewski Copyright 2014 Google Inc. All rights reserved. - Copyright 2019-2022 AFLplusplus Project. All rights reserved. + Copyright 2019-2023 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at: diff --git a/frida_mode/test/js/test2.c b/frida_mode/test/js/test2.c index 9e9cdbb4..6b680a24 100644 --- a/frida_mode/test/js/test2.c +++ b/frida_mode/test/js/test2.c @@ -3,7 +3,7 @@ -------------------------------------------------------- Originally written by Michal Zalewski Copyright 2014 Google Inc. All rights reserved. - Copyright 2019-2022 AFLplusplus Project. All rights reserved. + Copyright 2019-2023 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at: diff --git a/frida_mode/test/output/testinstr.c b/frida_mode/test/output/testinstr.c index 334f6518..d965502e 100644 --- a/frida_mode/test/output/testinstr.c +++ b/frida_mode/test/output/testinstr.c @@ -3,7 +3,7 @@ -------------------------------------------------------- Originally written by Michal Zalewski Copyright 2014 Google Inc. All rights reserved. - Copyright 2019-2022 AFLplusplus Project. All rights reserved. + Copyright 2019-2023 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at: diff --git a/frida_mode/test/perf/perf.c b/frida_mode/test/perf/perf.c index f6659b55..d9626974 100644 --- a/frida_mode/test/perf/perf.c +++ b/frida_mode/test/perf/perf.c @@ -3,7 +3,7 @@ -------------------------------------------------------- Originally written by Michal Zalewski Copyright 2014 Google Inc. All rights reserved. - Copyright 2019-2022 AFLplusplus Project. All rights reserved. + Copyright 2019-2023 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at: diff --git a/frida_mode/test/persistent_ret/testinstr.c b/frida_mode/test/persistent_ret/testinstr.c index b2bc19ef..12365ceb 100644 --- a/frida_mode/test/persistent_ret/testinstr.c +++ b/frida_mode/test/persistent_ret/testinstr.c @@ -3,7 +3,7 @@ -------------------------------------------------------- Originally written by Michal Zalewski Copyright 2014 Google Inc. All rights reserved. - Copyright 2019-2022 AFLplusplus Project. All rights reserved. + Copyright 2019-2023 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at: diff --git a/frida_mode/test/testinstr/testinstr.c b/frida_mode/test/testinstr/testinstr.c index 334f6518..d965502e 100644 --- a/frida_mode/test/testinstr/testinstr.c +++ b/frida_mode/test/testinstr/testinstr.c @@ -3,7 +3,7 @@ -------------------------------------------------------- Originally written by Michal Zalewski Copyright 2014 Google Inc. All rights reserved. - Copyright 2019-2022 AFLplusplus Project. All rights reserved. + Copyright 2019-2023 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at: diff --git a/frida_mode/test/unstable/unstable.c b/frida_mode/test/unstable/unstable.c index 7d16c26c..a87b6c74 100644 --- a/frida_mode/test/unstable/unstable.c +++ b/frida_mode/test/unstable/unstable.c @@ -3,7 +3,7 @@ -------------------------------------------------------- Originally written by Michal Zalewski Copyright 2014 Google Inc. All rights reserved. - Copyright 2019-2022 AFLplusplus Project. All rights reserved. + Copyright 2019-2023 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at: diff --git a/include/afl-as.h b/include/afl-as.h index bbbd5582..486314e2 100644 --- a/include/afl-as.h +++ b/include/afl-as.h @@ -10,7 +10,7 @@ Dominik Maier Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2022 AFLplusplus Project. All rights reserved. + Copyright 2019-2023 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index ea83aaca..edef9207 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -10,7 +10,7 @@ Dominik Maier Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2022 AFLplusplus Project. All rights reserved. + Copyright 2019-2023 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/include/afl-prealloc.h b/include/afl-prealloc.h index bdf0d87f..d19a7b52 100644 --- a/include/afl-prealloc.h +++ b/include/afl-prealloc.h @@ -10,7 +10,7 @@ Dominik Maier Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2022 AFLplusplus Project. All rights reserved. + Copyright 2019-2023 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/include/alloc-inl.h b/include/alloc-inl.h index 6c2bafff..ae37028e 100644 --- a/include/alloc-inl.h +++ b/include/alloc-inl.h @@ -10,7 +10,7 @@ Dominik Maier Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2022 AFLplusplus Project. All rights reserved. + Copyright 2019-2023 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/include/cmplog.h b/include/cmplog.h index c6d2957e..6e16e6b0 100644 --- a/include/cmplog.h +++ b/include/cmplog.h @@ -12,7 +12,7 @@ Dominik Maier Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2022 AFLplusplus Project. All rights reserved. + Copyright 2019-2023 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/include/common.h b/include/common.h index 9d9a948c..b5dbc6de 100644 --- a/include/common.h +++ b/include/common.h @@ -10,7 +10,7 @@ Dominik Maier Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2022 AFLplusplus Project. All rights reserved. + Copyright 2019-2023 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/include/config.h b/include/config.h index b82ead47..b3310270 100644 --- a/include/config.h +++ b/include/config.h @@ -10,7 +10,7 @@ Dominik Maier Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2022 AFLplusplus Project. All rights reserved. + Copyright 2019-2023 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/include/debug.h b/include/debug.h index 566b1d00..cd621a72 100644 --- a/include/debug.h +++ b/include/debug.h @@ -10,7 +10,7 @@ Dominik Maier Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2022 AFLplusplus Project. All rights reserved. + Copyright 2019-2023 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/include/forkserver.h b/include/forkserver.h index a8a7e777..35bc1771 100644 --- a/include/forkserver.h +++ b/include/forkserver.h @@ -12,7 +12,7 @@ Dominik Maier > Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2022 AFLplusplus Project. All rights reserved. + Copyright 2019-2023 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/include/hash.h b/include/hash.h index d8fef70c..0243c5b7 100644 --- a/include/hash.h +++ b/include/hash.h @@ -15,7 +15,7 @@ Other code written by Michal Zalewski Copyright 2016 Google Inc. All rights reserved. - Copyright 2019-2022 AFLplusplus Project. All rights reserved. + Copyright 2019-2023 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/include/list.h b/include/list.h index 72bef749..283bf035 100644 --- a/include/list.h +++ b/include/list.h @@ -10,7 +10,7 @@ Dominik Maier Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2022 AFLplusplus Project. All rights reserved. + Copyright 2019-2023 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/include/sharedmem.h b/include/sharedmem.h index fbe68abe..d32bd845 100644 --- a/include/sharedmem.h +++ b/include/sharedmem.h @@ -12,7 +12,7 @@ Dominik Maier Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2022 AFLplusplus Project. All rights reserved. + Copyright 2019-2023 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/include/snapshot-inl.h b/include/snapshot-inl.h index 8d2f41ff..3864e473 100644 --- a/include/snapshot-inl.h +++ b/include/snapshot-inl.h @@ -12,7 +12,7 @@ Dominik Maier Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2022 AFLplusplus Project. All rights reserved. + Copyright 2019-2023 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/include/types.h b/include/types.h index 96ce78f8..d6476d82 100644 --- a/include/types.h +++ b/include/types.h @@ -10,7 +10,7 @@ Dominik Maier Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2022 AFLplusplus Project. All rights reserved. + Copyright 2019-2023 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/include/xxhash.h b/include/xxhash.h index 4cabc884..7bc0a14e 100644 --- a/include/xxhash.h +++ b/include/xxhash.h @@ -1,7 +1,7 @@ /* * xxHash - Extremely Fast Hash algorithm * Header File - * Copyright (C) 2012-2022 Yann Collet + * Copyright (C) 2012-2023 Yann Collet * * BSD 2-Clause License (https://www.opensource.org/licenses/bsd-license.php) * diff --git a/instrumentation/afl-compiler-rt.o.c b/instrumentation/afl-compiler-rt.o.c index fd5f2d4c..9c6345b6 100644 --- a/instrumentation/afl-compiler-rt.o.c +++ b/instrumentation/afl-compiler-rt.o.c @@ -3,7 +3,7 @@ ------------------------------------------------ Copyright 2015, 2016 Google Inc. All rights reserved. - Copyright 2019-2022 AFLplusplus Project. All rights reserved. + Copyright 2019-2023 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/instrumentation/afl-gcc-cmplog-pass.so.cc b/instrumentation/afl-gcc-cmplog-pass.so.cc index 3c781fd7..b4e6fda9 100644 --- a/instrumentation/afl-gcc-cmplog-pass.so.cc +++ b/instrumentation/afl-gcc-cmplog-pass.so.cc @@ -3,7 +3,7 @@ Copyright 2014-2019 Free Software Foundation, Inc Copyright 2015, 2016 Google Inc. All rights reserved. Copyright 2019-2020 AFLplusplus Project. All rights reserved. - Copyright 2019-2022 AdaCore + Copyright 2019-2023 AdaCore Written by Alexandre Oliva , based on the AFL++ LLVM CmpLog pass by Andrea Fioraldi , and diff --git a/instrumentation/afl-gcc-cmptrs-pass.so.cc b/instrumentation/afl-gcc-cmptrs-pass.so.cc index 0ddbac15..dbb408b0 100644 --- a/instrumentation/afl-gcc-cmptrs-pass.so.cc +++ b/instrumentation/afl-gcc-cmptrs-pass.so.cc @@ -3,7 +3,7 @@ Copyright 2014-2019 Free Software Foundation, Inc Copyright 2015, 2016 Google Inc. All rights reserved. Copyright 2019-2020 AFLplusplus Project. All rights reserved. - Copyright 2019-2022 AdaCore + Copyright 2019-2023 AdaCore Written by Alexandre Oliva , based on the AFL++ LLVM CmpLog Routines pass by Andrea Fioraldi diff --git a/instrumentation/afl-gcc-common.h b/instrumentation/afl-gcc-common.h index cda3f9d8..1d5eb466 100644 --- a/instrumentation/afl-gcc-common.h +++ b/instrumentation/afl-gcc-common.h @@ -2,7 +2,7 @@ Copyright 2014-2019 Free Software Foundation, Inc Copyright 2015, 2016 Google Inc. All rights reserved. - Copyright 2019-2022 AdaCore + Copyright 2019-2023 AdaCore Written by Alexandre Oliva , based on the AFL++ GCC plugin. diff --git a/instrumentation/afl-gcc-pass.so.cc b/instrumentation/afl-gcc-pass.so.cc index ea938a7f..4d7fd0ef 100644 --- a/instrumentation/afl-gcc-pass.so.cc +++ b/instrumentation/afl-gcc-pass.so.cc @@ -2,7 +2,7 @@ Copyright 2014-2019 Free Software Foundation, Inc Copyright 2015, 2016 Google Inc. All rights reserved. - Copyright 2019-2022 AdaCore + Copyright 2019-2023 AdaCore Written by Alexandre Oliva , based on the AFL LLVM pass by Laszlo Szekeres and Michal diff --git a/instrumentation/afl-llvm-dict2file.so.cc b/instrumentation/afl-llvm-dict2file.so.cc index fd8baea2..bbbbe32c 100644 --- a/instrumentation/afl-llvm-dict2file.so.cc +++ b/instrumentation/afl-llvm-dict2file.so.cc @@ -4,7 +4,7 @@ Written by Marc Heuse - Copyright 2019-2022 AFLplusplus Project. All rights reserved. + Copyright 2019-2023 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/instrumentation/afl-llvm-lto-instrumentlist.so.cc b/instrumentation/afl-llvm-lto-instrumentlist.so.cc index 32b1798a..db5bd55e 100644 --- a/instrumentation/afl-llvm-lto-instrumentlist.so.cc +++ b/instrumentation/afl-llvm-lto-instrumentlist.so.cc @@ -9,7 +9,7 @@ from afl-as.c are Michal's fault. Copyright 2015, 2016 Google Inc. All rights reserved. - Copyright 2019-2022 AFLplusplus Project. All rights reserved. + Copyright 2019-2023 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/instrumentation/afl-llvm-pass.so.cc b/instrumentation/afl-llvm-pass.so.cc index df1ccc4f..e8d0b1e5 100644 --- a/instrumentation/afl-llvm-pass.so.cc +++ b/instrumentation/afl-llvm-pass.so.cc @@ -12,7 +12,7 @@ NGRAM previous location coverage comes from Adrian Herrera. Copyright 2015, 2016 Google Inc. All rights reserved. - Copyright 2019-2022 AFLplusplus Project. All rights reserved. + Copyright 2019-2023 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/instrumentation/cmplog-instructions-pass.cc b/instrumentation/cmplog-instructions-pass.cc index 084ad8c9..bca1f927 100644 --- a/instrumentation/cmplog-instructions-pass.cc +++ b/instrumentation/cmplog-instructions-pass.cc @@ -5,7 +5,7 @@ Written by Andrea Fioraldi Copyright 2015, 2016 Google Inc. All rights reserved. - Copyright 2019-2022 AFLplusplus Project. All rights reserved. + Copyright 2019-2023 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/instrumentation/cmplog-routines-pass.cc b/instrumentation/cmplog-routines-pass.cc index 9733f86e..0498156d 100644 --- a/instrumentation/cmplog-routines-pass.cc +++ b/instrumentation/cmplog-routines-pass.cc @@ -5,7 +5,7 @@ Written by Andrea Fioraldi Copyright 2015, 2016 Google Inc. All rights reserved. - Copyright 2019-2022 AFLplusplus Project. All rights reserved. + Copyright 2019-2023 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/instrumentation/cmplog-switches-pass.cc b/instrumentation/cmplog-switches-pass.cc index 563a4481..cd0ae76d 100644 --- a/instrumentation/cmplog-switches-pass.cc +++ b/instrumentation/cmplog-switches-pass.cc @@ -5,7 +5,7 @@ Written by Andrea Fioraldi Copyright 2015, 2016 Google Inc. All rights reserved. - Copyright 2019-2022 AFLplusplus Project. All rights reserved. + Copyright 2019-2023 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/qemu_mode/build_qemu_support.sh b/qemu_mode/build_qemu_support.sh index f31f3cef..a064fe58 100755 --- a/qemu_mode/build_qemu_support.sh +++ b/qemu_mode/build_qemu_support.sh @@ -13,7 +13,7 @@ # counters by Andrea Fioraldi # # Copyright 2015, 2016, 2017 Google Inc. All rights reserved. -# Copyright 2019-2022 AFLplusplus Project. All rights reserved. +# Copyright 2019-2023 AFLplusplus Project. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/qemu_mode/fastexit/Makefile b/qemu_mode/fastexit/Makefile index 80a5ec48..c7b79277 100644 --- a/qemu_mode/fastexit/Makefile +++ b/qemu_mode/fastexit/Makefile @@ -4,7 +4,7 @@ # # Written by Andrea Fioraldi # -# Copyright 2019-2022 Andrea Fioraldi. All rights reserved. +# Copyright 2019-2023 Andrea Fioraldi. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/qemu_mode/libcompcov/Makefile b/qemu_mode/libcompcov/Makefile index cc591393..7260df87 100644 --- a/qemu_mode/libcompcov/Makefile +++ b/qemu_mode/libcompcov/Makefile @@ -4,7 +4,7 @@ # # Written by Andrea Fioraldi # -# Copyright 2019-2022 Andrea Fioraldi. All rights reserved. +# Copyright 2019-2023 Andrea Fioraldi. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/qemu_mode/libcompcov/compcovtest.cc b/qemu_mode/libcompcov/compcovtest.cc index b2d64f8d..23215013 100644 --- a/qemu_mode/libcompcov/compcovtest.cc +++ b/qemu_mode/libcompcov/compcovtest.cc @@ -2,7 +2,7 @@ // // Author: Mateusz Jurczyk (mjurczyk@google.com) // -// Copyright 2019-2022 Google LLC +// Copyright 2019-2023 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. diff --git a/qemu_mode/libcompcov/libcompcov.so.c b/qemu_mode/libcompcov/libcompcov.so.c index c4107b8c..b6ee0019 100644 --- a/qemu_mode/libcompcov/libcompcov.so.c +++ b/qemu_mode/libcompcov/libcompcov.so.c @@ -5,7 +5,7 @@ Written and maintained by Andrea Fioraldi - Copyright 2019-2022 AFLplusplus Project. All rights reserved. + Copyright 2019-2023 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/qemu_mode/libqasan/Makefile b/qemu_mode/libqasan/Makefile index 79c3ab70..61782894 100644 --- a/qemu_mode/libqasan/Makefile +++ b/qemu_mode/libqasan/Makefile @@ -4,7 +4,7 @@ # # Written by Andrea Fioraldi # -# Copyright 2019-2022 Andrea Fioraldi. All rights reserved. +# Copyright 2019-2023 Andrea Fioraldi. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/qemu_mode/libqasan/hooks.c b/qemu_mode/libqasan/hooks.c index 7f20e848..a9fd0ce9 100644 --- a/qemu_mode/libqasan/hooks.c +++ b/qemu_mode/libqasan/hooks.c @@ -1,5 +1,5 @@ /******************************************************************************* -Copyright (c) 2019-2022, Andrea Fioraldi +Copyright (c) 2019-2023, Andrea Fioraldi Redistribution and use in source and binary forms, with or without diff --git a/qemu_mode/libqasan/libqasan.c b/qemu_mode/libqasan/libqasan.c index f4d590bd..12be7778 100644 --- a/qemu_mode/libqasan/libqasan.c +++ b/qemu_mode/libqasan/libqasan.c @@ -1,5 +1,5 @@ /******************************************************************************* -Copyright (c) 2019-2022, Andrea Fioraldi +Copyright (c) 2019-2023, Andrea Fioraldi Redistribution and use in source and binary forms, with or without diff --git a/qemu_mode/libqasan/libqasan.h b/qemu_mode/libqasan/libqasan.h index 676f34b0..a430c868 100644 --- a/qemu_mode/libqasan/libqasan.h +++ b/qemu_mode/libqasan/libqasan.h @@ -1,5 +1,5 @@ /******************************************************************************* -Copyright (c) 2019-2022, Andrea Fioraldi +Copyright (c) 2019-2023, Andrea Fioraldi Redistribution and use in source and binary forms, with or without diff --git a/qemu_mode/libqasan/malloc.c b/qemu_mode/libqasan/malloc.c index d81b15e9..d2db3856 100644 --- a/qemu_mode/libqasan/malloc.c +++ b/qemu_mode/libqasan/malloc.c @@ -1,5 +1,5 @@ /******************************************************************************* -Copyright (c) 2019-2022, Andrea Fioraldi +Copyright (c) 2019-2023, Andrea Fioraldi Redistribution and use in source and binary forms, with or without diff --git a/qemu_mode/libqasan/patch.c b/qemu_mode/libqasan/patch.c index 15c4df15..38e0903b 100644 --- a/qemu_mode/libqasan/patch.c +++ b/qemu_mode/libqasan/patch.c @@ -1,5 +1,5 @@ /******************************************************************************* -Copyright (c) 2019-2022, Andrea Fioraldi +Copyright (c) 2019-2023, Andrea Fioraldi Redistribution and use in source and binary forms, with or without diff --git a/qemu_mode/libqasan/string.c b/qemu_mode/libqasan/string.c index fc2de1f2..e17cff4b 100644 --- a/qemu_mode/libqasan/string.c +++ b/qemu_mode/libqasan/string.c @@ -1,5 +1,5 @@ /******************************************************************************* -Copyright (c) 2019-2022, Andrea Fioraldi +Copyright (c) 2019-2023, Andrea Fioraldi Redistribution and use in source and binary forms, with or without diff --git a/qemu_mode/libqasan/uninstrument.c b/qemu_mode/libqasan/uninstrument.c index 1686a015..e37a9b46 100644 --- a/qemu_mode/libqasan/uninstrument.c +++ b/qemu_mode/libqasan/uninstrument.c @@ -7,7 +7,7 @@ for some strange reason. */ /******************************************************************************* -Copyright (c) 2019-2022, Andrea Fioraldi +Copyright (c) 2019-2023, Andrea Fioraldi Redistribution and use in source and binary forms, with or without diff --git a/qemu_mode/unsigaction/Makefile b/qemu_mode/unsigaction/Makefile index f026a2b7..c1a7397f 100644 --- a/qemu_mode/unsigaction/Makefile +++ b/qemu_mode/unsigaction/Makefile @@ -4,7 +4,7 @@ # # Written by Andrea Fioraldi # -# Copyright 2019-2022 Andrea Fioraldi. All rights reserved. +# Copyright 2019-2023 Andrea Fioraldi. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/src/afl-analyze.c b/src/afl-analyze.c index a9b5b326..da1def3b 100644 --- a/src/afl-analyze.c +++ b/src/afl-analyze.c @@ -9,7 +9,7 @@ Andrea Fioraldi Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2022 AFLplusplus Project. All rights reserved. + Copyright 2019-2023 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/afl-as.c b/src/afl-as.c index 1edc8cca..a0eb612f 100644 --- a/src/afl-as.c +++ b/src/afl-as.c @@ -9,7 +9,7 @@ Andrea Fioraldi Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2022 AFLplusplus Project. All rights reserved. + Copyright 2019-2023 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/afl-cc.c b/src/afl-cc.c index 1c3b5405..803e784e 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -5,7 +5,7 @@ Written by Michal Zalewski, Laszlo Szekeres and Marc Heuse Copyright 2015, 2016 Google Inc. All rights reserved. - Copyright 2019-2022 AFLplusplus Project. All rights reserved. + Copyright 2019-2023 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/afl-common.c b/src/afl-common.c index 31005804..211d5bf2 100644 --- a/src/afl-common.c +++ b/src/afl-common.c @@ -9,7 +9,7 @@ Andrea Fioraldi Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2022 AFLplusplus Project. All rights reserved. + Copyright 2019-2023 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index a241f2c6..9b8660ce 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -13,7 +13,7 @@ Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2022 AFLplusplus Project. All rights reserved. + Copyright 2019-2023 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/afl-fuzz-bitmap.c b/src/afl-fuzz-bitmap.c index b3a10bb7..485b82db 100644 --- a/src/afl-fuzz-bitmap.c +++ b/src/afl-fuzz-bitmap.c @@ -9,7 +9,7 @@ Andrea Fioraldi Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2022 AFLplusplus Project. All rights reserved. + Copyright 2019-2023 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/afl-fuzz-cmplog.c b/src/afl-fuzz-cmplog.c index d0c829e2..8967d4bc 100644 --- a/src/afl-fuzz-cmplog.c +++ b/src/afl-fuzz-cmplog.c @@ -11,7 +11,7 @@ Andrea Fioraldi Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2022 AFLplusplus Project. All rights reserved. + Copyright 2019-2023 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/afl-fuzz-extras.c b/src/afl-fuzz-extras.c index 884bb569..f6de11ae 100644 --- a/src/afl-fuzz-extras.c +++ b/src/afl-fuzz-extras.c @@ -9,7 +9,7 @@ Andrea Fioraldi Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2022 AFLplusplus Project. All rights reserved. + Copyright 2019-2023 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index ed52ca00..adfc55ad 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -9,7 +9,7 @@ Andrea Fioraldi Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2022 AFLplusplus Project. All rights reserved. + Copyright 2019-2023 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/afl-fuzz-mutators.c b/src/afl-fuzz-mutators.c index ef30b993..22e5262e 100644 --- a/src/afl-fuzz-mutators.c +++ b/src/afl-fuzz-mutators.c @@ -10,7 +10,7 @@ Dominik Maier Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2022 AFLplusplus Project. All rights reserved. + Copyright 2019-2023 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index 9931820a..97855607 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -9,7 +9,7 @@ Andrea Fioraldi Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2022 AFLplusplus Project. All rights reserved. + Copyright 2019-2023 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/afl-fuzz-python.c b/src/afl-fuzz-python.c index d8aed8c6..b509b936 100644 --- a/src/afl-fuzz-python.c +++ b/src/afl-fuzz-python.c @@ -9,7 +9,7 @@ Andrea Fioraldi Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2022 AFLplusplus Project. All rights reserved. + Copyright 2019-2023 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/afl-fuzz-queue.c b/src/afl-fuzz-queue.c index 5017c37c..e3faa392 100644 --- a/src/afl-fuzz-queue.c +++ b/src/afl-fuzz-queue.c @@ -9,7 +9,7 @@ Andrea Fioraldi Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2022 AFLplusplus Project. All rights reserved. + Copyright 2019-2023 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at: diff --git a/src/afl-fuzz-redqueen.c b/src/afl-fuzz-redqueen.c index 0dae26a3..8da1df13 100644 --- a/src/afl-fuzz-redqueen.c +++ b/src/afl-fuzz-redqueen.c @@ -11,7 +11,7 @@ Andrea Fioraldi Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2022 AFLplusplus Project. All rights reserved. + Copyright 2019-2023 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index 7f9c3bf3..7dd83150 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -10,7 +10,7 @@ Dominik Maier Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2022 AFLplusplus Project. All rights reserved. + Copyright 2019-2023 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/afl-fuzz-state.c b/src/afl-fuzz-state.c index 8bd465f0..896b5f71 100644 --- a/src/afl-fuzz-state.c +++ b/src/afl-fuzz-state.c @@ -9,7 +9,7 @@ Andrea Fioraldi Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2022 AFLplusplus Project. All rights reserved. + Copyright 2019-2023 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index 87e149de..bfd30845 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -9,7 +9,7 @@ Andrea Fioraldi Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2022 AFLplusplus Project. All rights reserved. + Copyright 2019-2023 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index efef5523..138df26c 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -9,7 +9,7 @@ Andrea Fioraldi Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2022 AFLplusplus Project. All rights reserved. + Copyright 2019-2023 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/afl-gotcpu.c b/src/afl-gotcpu.c index eee642fb..144ec9c9 100644 --- a/src/afl-gotcpu.c +++ b/src/afl-gotcpu.c @@ -9,7 +9,7 @@ Andrea Fioraldi Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2022 AFLplusplus Project. All rights reserved. + Copyright 2019-2023 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/afl-ld-lto.c b/src/afl-ld-lto.c index 5797def8..5438bd9f 100644 --- a/src/afl-ld-lto.c +++ b/src/afl-ld-lto.c @@ -9,7 +9,7 @@ Andrea Fioraldi Dominik Maier - Copyright 2019-2022 AFLplusplus Project. All rights reserved. + Copyright 2019-2023 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/afl-sharedmem.c b/src/afl-sharedmem.c index b48c6fb3..a2c81586 100644 --- a/src/afl-sharedmem.c +++ b/src/afl-sharedmem.c @@ -11,7 +11,7 @@ Andrea Fioraldi Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2022 AFLplusplus Project. All rights reserved. + Copyright 2019-2023 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/afl-showmap.c b/src/afl-showmap.c index d85c28d9..da6880cc 100644 --- a/src/afl-showmap.c +++ b/src/afl-showmap.c @@ -12,7 +12,7 @@ Dominik Maier Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2022 AFLplusplus Project. All rights reserved. + Copyright 2019-2023 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/afl-tmin.c b/src/afl-tmin.c index d93b9a41..687bb0e7 100644 --- a/src/afl-tmin.c +++ b/src/afl-tmin.c @@ -12,7 +12,7 @@ Dominik Maier Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2022 AFLplusplus Project. All rights reserved. + Copyright 2019-2023 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/test-instr.c b/test-instr.c index f304e208..1d9f2e6e 100644 --- a/test-instr.c +++ b/test-instr.c @@ -3,7 +3,7 @@ -------------------------------------------------------- Originally written by Michal Zalewski Copyright 2014 Google Inc. All rights reserved. - Copyright 2019-2022 AFLplusplus Project. All rights reserved. + Copyright 2019-2023 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at: diff --git a/unicorn_mode/build_unicorn_support.sh b/unicorn_mode/build_unicorn_support.sh index a3978d9d..222974cf 100755 --- a/unicorn_mode/build_unicorn_support.sh +++ b/unicorn_mode/build_unicorn_support.sh @@ -14,7 +14,7 @@ # # # Copyright 2017 Battelle Memorial Institute. All rights reserved. -# Copyright 2019-2022 AFLplusplus Project. All rights reserved. +# Copyright 2019-2023 AFLplusplus Project. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/utils/afl_network_proxy/afl-network-client.c b/utils/afl_network_proxy/afl-network-client.c index 89ca6c4e..0416f0f9 100644 --- a/utils/afl_network_proxy/afl-network-client.c +++ b/utils/afl_network_proxy/afl-network-client.c @@ -4,7 +4,7 @@ Written by Marc Heuse - Copyright 2019-2022 AFLplusplus Project. All rights reserved. + Copyright 2019-2023 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/utils/afl_network_proxy/afl-network-server.c b/utils/afl_network_proxy/afl-network-server.c index 8f0e9df9..2ae4c165 100644 --- a/utils/afl_network_proxy/afl-network-server.c +++ b/utils/afl_network_proxy/afl-network-server.c @@ -12,7 +12,7 @@ Dominik Maier Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2022 AFLplusplus Project. All rights reserved. + Copyright 2019-2023 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/utils/afl_proxy/afl-proxy.c b/utils/afl_proxy/afl-proxy.c index afd0e5d2..531a97a2 100644 --- a/utils/afl_proxy/afl-proxy.c +++ b/utils/afl_proxy/afl-proxy.c @@ -4,7 +4,7 @@ Written by Marc Heuse - Copyright 2019-2022 AFLplusplus Project. All rights reserved. + Copyright 2019-2023 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/utils/afl_untracer/afl-untracer.c b/utils/afl_untracer/afl-untracer.c index 6bee067c..ee40d252 100644 --- a/utils/afl_untracer/afl-untracer.c +++ b/utils/afl_untracer/afl-untracer.c @@ -4,7 +4,7 @@ Written by Marc Heuse - Copyright 2019-2022 AFLplusplus Project. All rights reserved. + Copyright 2019-2023 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/utils/afl_untracer/libtestinstr.c b/utils/afl_untracer/libtestinstr.c index a3f5acc8..b7afc325 100644 --- a/utils/afl_untracer/libtestinstr.c +++ b/utils/afl_untracer/libtestinstr.c @@ -3,7 +3,7 @@ -------------------------------------------------------- Originally written by Michal Zalewski Copyright 2014 Google Inc. All rights reserved. - Copyright 2019-2022 AFLplusplus Project. All rights reserved. + Copyright 2019-2023 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at: diff --git a/utils/argv_fuzzing/Makefile b/utils/argv_fuzzing/Makefile index f016c5a7..3a4ce084 100644 --- a/utils/argv_fuzzing/Makefile +++ b/utils/argv_fuzzing/Makefile @@ -2,7 +2,7 @@ # american fuzzy lop++ - argvfuzz # -------------------------------- # -# Copyright 2019-2022 Kjell Braden +# Copyright 2019-2023 Kjell Braden # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/utils/argv_fuzzing/argvfuzz.c b/utils/argv_fuzzing/argvfuzz.c index e7cc6b72..41eead0c 100644 --- a/utils/argv_fuzzing/argvfuzz.c +++ b/utils/argv_fuzzing/argvfuzz.c @@ -2,7 +2,7 @@ american fuzzy lop++ - LD_PRELOAD for fuzzing argv in binaries ------------------------------------------------------------ - Copyright 2019-2022 Kjell Braden + Copyright 2019-2023 Kjell Braden Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/utils/distributed_fuzzing/sync_script.sh b/utils/distributed_fuzzing/sync_script.sh index 251ae4e6..b22816f1 100755 --- a/utils/distributed_fuzzing/sync_script.sh +++ b/utils/distributed_fuzzing/sync_script.sh @@ -6,7 +6,7 @@ # Originally written by Michal Zalewski # # Copyright 2014 Google Inc. All rights reserved. -# Copyright 2019-2022 AFLplusplus Project. All rights reserved. +# Copyright 2019-2023 AFLplusplus Project. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/utils/libdislocator/libdislocator.so.c b/utils/libdislocator/libdislocator.so.c index c390d004..1cd7abc6 100644 --- a/utils/libdislocator/libdislocator.so.c +++ b/utils/libdislocator/libdislocator.so.c @@ -6,7 +6,7 @@ Originally written by Michal Zalewski Copyright 2016 Google Inc. All rights reserved. - Copyright 2019-2022 AFLplusplus Project. All rights reserved. + Copyright 2019-2023 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/utils/libtokencap/libtokencap.so.c b/utils/libtokencap/libtokencap.so.c index 07d81d59..299056ab 100644 --- a/utils/libtokencap/libtokencap.so.c +++ b/utils/libtokencap/libtokencap.so.c @@ -6,7 +6,7 @@ Originally written by Michal Zalewski Copyright 2016 Google Inc. All rights reserved. - Copyright 2019-2022 AFLplusplus Project. All rights reserved. + Copyright 2019-2023 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/utils/persistent_mode/test-instr.c b/utils/persistent_mode/test-instr.c index 168aa429..4ead6577 100644 --- a/utils/persistent_mode/test-instr.c +++ b/utils/persistent_mode/test-instr.c @@ -3,7 +3,7 @@ -------------------------------------------------------- Originally written by Michal Zalewski Copyright 2014 Google Inc. All rights reserved. - Copyright 2019-2022 AFLplusplus Project. All rights reserved. + Copyright 2019-2023 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at: -- cgit 1.4.1 From 8d9620eca29ec1dd6e191cf942341b53e6141db5 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 4 Jan 2023 10:21:35 +0100 Subject: try afl-showmap fix for qemu --- src/afl-showmap.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/afl-showmap.c b/src/afl-showmap.c index da6880cc..776f77db 100644 --- a/src/afl-showmap.c +++ b/src/afl-showmap.c @@ -1283,6 +1283,10 @@ int main(int argc, char **argv_orig, char **envp) { fsrv->shmem_fuzz_len = (u32 *)map; fsrv->shmem_fuzz = map + sizeof(u32); + configure_afl_kill_signals( + fsrv, NULL, NULL, + (fsrv->qemu_mode || unicorn_mode) ? SIGKILL : SIGTERM); + if (!fsrv->cs_mode && !fsrv->qemu_mode && !unicorn_mode) { u32 save_be_quiet = be_quiet; @@ -1305,10 +1309,6 @@ int main(int argc, char **argv_orig, char **envp) { : 0); be_quiet = save_be_quiet; - configure_afl_kill_signals( - fsrv, NULL, NULL, - (fsrv->qemu_mode || unicorn_mode) ? SIGKILL : SIGTERM); - if (new_map_size) { // only reinitialize when it makes sense -- cgit 1.4.1 From 081c480e36fa6af63f8211e70fa109b56fa5131d Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 4 Jan 2023 15:18:14 +0100 Subject: fix --- utils/argv_fuzzing/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/utils/argv_fuzzing/Makefile b/utils/argv_fuzzing/Makefile index 3a4ce084..9d1fc969 100644 --- a/utils/argv_fuzzing/Makefile +++ b/utils/argv_fuzzing/Makefile @@ -55,10 +55,10 @@ install: argvfuzz32.so argvfuzz64.so if [ -f argvfuzz64.so ]; then set -e; install -m 755 argvfuzz64.so $(DESTDIR)$(HELPER_PATH)/; fi argv_fuzz_persistent_demo: argv_fuzz_persistent_demo.c - afl-clang-fast -fsanitize=address -g -o $@ $^ + ../../afl-cc -fsanitize=address -g -o $@ $^ argv_fuzz_demo: argv_fuzz_demo.c - afl-clang-fast -fsanitize=address -g -o $@ $^ + ../../afl-cc -fsanitize=address -g -o $@ $^ demo: argv_fuzz_persistent_demo argv_fuzz_demo -- cgit 1.4.1 From 1c91d8ca79e8177b0a0d08527a29a28a2fc86522 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 4 Jan 2023 17:08:29 +0100 Subject: code format --- src/afl-showmap.c | 3 +-- utils/afl_untracer/afl-untracer.c | 3 ++- utils/argv_fuzzing/argv_fuzz_persistent_demo.c | 1 + 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/src/afl-showmap.c b/src/afl-showmap.c index 776f77db..4e019794 100644 --- a/src/afl-showmap.c +++ b/src/afl-showmap.c @@ -1284,8 +1284,7 @@ int main(int argc, char **argv_orig, char **envp) { fsrv->shmem_fuzz = map + sizeof(u32); configure_afl_kill_signals( - fsrv, NULL, NULL, - (fsrv->qemu_mode || unicorn_mode) ? SIGKILL : SIGTERM); + fsrv, NULL, NULL, (fsrv->qemu_mode || unicorn_mode) ? SIGKILL : SIGTERM); if (!fsrv->cs_mode && !fsrv->qemu_mode && !unicorn_mode) { diff --git a/utils/afl_untracer/afl-untracer.c b/utils/afl_untracer/afl-untracer.c index ee40d252..a18e314e 100644 --- a/utils/afl_untracer/afl-untracer.c +++ b/utils/afl_untracer/afl-untracer.c @@ -217,7 +217,8 @@ void read_library_information(void) { if (debug) { fprintf(stderr, "%s:%lx (%lx-%lx)\n", liblist[liblist_cnt].name, - (unsigned long)(liblist[liblist_cnt].addr_end - liblist[liblist_cnt].addr_start), + (unsigned long)(liblist[liblist_cnt].addr_end - + liblist[liblist_cnt].addr_start), (unsigned long)liblist[liblist_cnt].addr_start, (unsigned long)(liblist[liblist_cnt].addr_end - 1)); diff --git a/utils/argv_fuzzing/argv_fuzz_persistent_demo.c b/utils/argv_fuzzing/argv_fuzz_persistent_demo.c index 08a62c62..016c3d35 100644 --- a/utils/argv_fuzzing/argv_fuzz_persistent_demo.c +++ b/utils/argv_fuzzing/argv_fuzz_persistent_demo.c @@ -56,3 +56,4 @@ int main(int argc, char **argv) { return 0; } + -- cgit 1.4.1 From 94d1740390acee396f4615a4a2a518f10f6bc02d Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Thu, 5 Jan 2023 06:48:07 +0000 Subject: Fix automatic unicornafl bindings install for python --- unicorn_mode/UNICORNAFL_VERSION | 2 +- unicorn_mode/build_unicorn_support.sh | 20 ++++++++++---------- unicorn_mode/unicornafl | 2 +- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/unicorn_mode/UNICORNAFL_VERSION b/unicorn_mode/UNICORNAFL_VERSION index bba4215c..06cac44c 100644 --- a/unicorn_mode/UNICORNAFL_VERSION +++ b/unicorn_mode/UNICORNAFL_VERSION @@ -1 +1 @@ -6e00ceac +2df75f3e diff --git a/unicorn_mode/build_unicorn_support.sh b/unicorn_mode/build_unicorn_support.sh index 222974cf..f20f52ef 100755 --- a/unicorn_mode/build_unicorn_support.sh +++ b/unicorn_mode/build_unicorn_support.sh @@ -117,21 +117,21 @@ done # some python version should be available now PYTHONS="`command -v python3` `command -v python` `command -v python2`" -SETUPTOOLS_FOUND=0 +PIP_FOUND=0 for PYTHON in $PYTHONS ; do - if $PYTHON -c "import setuptools" ; then + if $PYTHON -c "import pip" ; then - SETUPTOOLS_FOUND=1 + PIP_FOUND=1 PYTHONBIN=$PYTHON break fi done -if [ "0" = $SETUPTOOLS_FOUND ]; then +if [ "0" = $PIP_FOUND ]; then - echo "[-] Error: Python setup-tools not found. Run 'sudo apt-get install python-setuptools', or install python3-setuptools, or run '$PYTHONBIN -m ensurepip', or create a virtualenv, or ..." + echo "[-] Error: Python pip not found. Run 'sudo apt-get install python-pip', or install python3-pip, or run '$PYTHONBIN -m ensurepip', or create a virtualenv, or ..." PREREQ_NOTFOUND=1 fi @@ -199,22 +199,22 @@ echo "[*] Installing Unicorn python bindings..." cd unicorn/bindings/python || exit 1 if [ -z "$VIRTUAL_ENV" ]; then echo "[*] Info: Installing python unicornafl using --user" - THREADS=$CORES $PYTHONBIN setup.py install --user --force --prefix=|| exit 1 + THREADS=$CORES $PYTHONBIN -m pip install --user --force .|| exit 1 else echo "[*] Info: Installing python unicornafl to virtualenv: $VIRTUAL_ENV" - THREADS=$CORES $PYTHONBIN setup.py install --force || exit 1 + THREADS=$CORES $PYTHONBIN -m pip install --force .|| exit 1 fi cd ../../../ echo "[*] Installing Unicornafl python bindings..." cd bindings/python || exit 1 if [ -z "$VIRTUAL_ENV" ]; then echo "[*] Info: Installing python unicornafl using --user" - THREADS=$CORES $PYTHONBIN setup.py install --user --force --prefix=|| exit 1 + THREADS=$CORES $PYTHONBIN -m pip install --user --force .|| exit 1 else echo "[*] Info: Installing python unicornafl to virtualenv: $VIRTUAL_ENV" - THREADS=$CORES $PYTHONBIN setup.py install --force || exit 1 + THREADS=$CORES $PYTHONBIN -m pip install --force .|| exit 1 fi -echo '[*] If needed, you can (re)install the bindings from `./unicornafl/bindings/python` using `python setup.py install`' +echo '[*] If needed, you can (re)install the bindings in `./unicornafl/bindings/python` using `pip install --force .`' cd ../../ || exit 1 diff --git a/unicorn_mode/unicornafl b/unicorn_mode/unicornafl index 6e00ceac..2df75f3e 160000 --- a/unicorn_mode/unicornafl +++ b/unicorn_mode/unicornafl @@ -1 +1 @@ -Subproject commit 6e00ceac6fd5627e42e1858c543c84f2fbdaedda +Subproject commit 2df75f3e1045367cab95fe3471191b38c1a9f79e -- cgit 1.4.1 From db9fc49ef84c6d60b40b5aa0d2d6a205cf883133 Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Thu, 5 Jan 2023 07:03:45 +0000 Subject: Add pip to docker --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 8a825b36..fd47a59f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -39,7 +39,7 @@ RUN apt-get update && \ apt-get -y install --no-install-recommends \ make cmake automake meson ninja-build bison flex \ git xz-utils bzip2 wget jupp nano bash-completion less vim joe ssh psmisc \ - python3 python3-dev python3-setuptools python-is-python3 \ + python3 python3-dev python3-pip python-is-python3 \ libtool libtool-bin libglib2.0-dev \ apt-transport-https gnupg dialog \ gnuplot-nox libpixman-1-dev \ -- cgit 1.4.1 From 885a6fc106757b3968b86f9a4314f662bb04de43 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 5 Jan 2023 12:43:53 +0100 Subject: 4.05c release --- README.md | 4 ++-- docs/Changelog.md | 11 ++++++----- include/config.h | 2 +- 3 files changed, 9 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 4ff8c514..eeab7aa1 100644 --- a/README.md +++ b/README.md @@ -2,9 +2,9 @@ AFL++ logo -Release version: [4.04c](https://github.com/AFLplusplus/AFLplusplus/releases) +Release version: [4.05c](https://github.com/AFLplusplus/AFLplusplus/releases) -GitHub version: 4.05a +GitHub version: 4.06a Repository: [https://github.com/AFLplusplus/AFLplusplus](https://github.com/AFLplusplus/AFLplusplus) diff --git a/docs/Changelog.md b/docs/Changelog.md index 6bfb314d..b9376711 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -3,7 +3,7 @@ This is the list of all noteworthy changes made in every public release of the tool. See README.md for the general instruction manual. -### Version ++4.05a (dev) +### Version ++4.05c (release) - MacOS: libdislocator, libtokencap etc. do not work with modern MacOS anymore, but could be patched to work, see this issue if you want to make the effort and send a PR: @@ -11,14 +11,15 @@ - afl-fuzz: - added afl_custom_fuzz_send custom mutator feature. Now your can send fuzz data to the target as you need, e.g. via IPC. - - cmplog mode now has -l R option for random colorization, thanks + - cmplog mode now has a -l R option for random colorization, thanks to guyf2010 for the PR! - queue statistics are written every 30 minutes to - out/NAME/queue_data - likely this will be moved to a debug flag - in the future. + out/NAME/queue_data if compiled with INTROSPECTION + - new env: AFL_FORK_SERVER_KILL_SIGNAL - afl-showmap/afl-cmin - - -t none now translates to -t 120000 (120 seconds) + - `-t none` now translates to `-t 120000` (120 seconds) - unicorn_mode updated + - several minor bugfixes ### Version ++4.04c (release) - fix gramatron and grammar_mutator build scripts diff --git a/include/config.h b/include/config.h index b3310270..67b9f932 100644 --- a/include/config.h +++ b/include/config.h @@ -26,7 +26,7 @@ /* Version string: */ // c = release, a = volatile github dev, e = experimental branch -#define VERSION "++4.05a" +#define VERSION "++4.05c" /****************************************************** * * -- cgit 1.4.1 From aa39921e49f9bd20a4cade0ba76688fc31f35b12 Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Thu, 5 Jan 2023 11:47:25 +0000 Subject: Update LibAFL custom mutator to latest --- custom_mutators/libafl_base/Cargo.toml | 2 +- custom_mutators/libafl_base/src/lib.rs | 29 ++++++++++++++++++++++------- 2 files changed, 23 insertions(+), 8 deletions(-) diff --git a/custom_mutators/libafl_base/Cargo.toml b/custom_mutators/libafl_base/Cargo.toml index 6e40fc39..ac6b0c8f 100644 --- a/custom_mutators/libafl_base/Cargo.toml +++ b/custom_mutators/libafl_base/Cargo.toml @@ -6,7 +6,7 @@ edition = "2021" # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html [dependencies] -libafl = { git = "https://github.com/AFLplusplus/LibAFL.git", rev = "62614ce1016c86e3f00f35b56399292ceabd486b" } +libafl = { git = "https://github.com/AFLplusplus/LibAFL.git", rev = "266677bb88abe75165430f34e7de897c35560504" } custom_mutator = { path = "../rust/custom_mutator", features = ["afl_internals"] } serde = { version = "1.0", default-features = false, features = ["alloc"] } # serialization lib diff --git a/custom_mutators/libafl_base/src/lib.rs b/custom_mutators/libafl_base/src/lib.rs index 6f2db8ca..dc1c5e0c 100644 --- a/custom_mutators/libafl_base/src/lib.rs +++ b/custom_mutators/libafl_base/src/lib.rs @@ -18,10 +18,12 @@ use libafl::{ scheduled::{havoc_mutations, tokens_mutations, StdScheduledMutator, Tokens}, Mutator, }, - state::{HasCorpus, HasMaxSize, HasMetadata, HasRand, State}, + prelude::UsesInput, + state::{HasCorpus, HasMaxSize, HasMetadata, HasRand, State, UsesState}, Error, }; +#[allow(clippy::identity_op)] const MAX_FILE: usize = 1 * 1024 * 1024; static mut AFL: Option<&'static afl_state> = None; @@ -64,7 +66,11 @@ impl<'de> Deserialize<'de> for AFLCorpus { } } -impl Corpus for AFLCorpus { +impl UsesState for AFLCorpus { + type State = AFLState; +} + +impl Corpus for AFLCorpus { #[inline] fn count(&self) -> usize { afl().queued_items as usize @@ -76,7 +82,11 @@ impl Corpus for AFLCorpus { } #[inline] - fn replace(&mut self, idx: usize, testcase: Testcase) -> Result<(), Error> { + fn replace( + &mut self, + idx: usize, + testcase: Testcase, + ) -> Result, Error> { unimplemented!(); } @@ -92,7 +102,7 @@ impl Corpus for AFLCorpus { entries.entry(idx).or_insert_with(|| { let queue_buf = std::slice::from_raw_parts_mut(afl().queue_buf, self.count()); let entry = queue_buf[idx].as_mut().unwrap(); - let fname = CStr::from_ptr((entry.fname as *mut i8).as_ref().unwrap()) + let fname = CStr::from_ptr((entry.fname.cast::()).as_ref().unwrap()) .to_str() .unwrap() .to_owned(); @@ -127,9 +137,10 @@ pub struct AFLState { } impl AFLState { + #[must_use] pub fn new(seed: u32) -> Self { Self { - rand: StdRand::with_seed(seed as u64), + rand: StdRand::with_seed(u64::from(seed)), corpus: AFLCorpus::default(), metadata: SerdeAnyMap::new(), max_size: MAX_FILE, @@ -153,7 +164,11 @@ impl HasRand for AFLState { } } -impl HasCorpus for AFLState { +impl UsesInput for AFLState { + type Input = BytesInput; +} + +impl HasCorpus for AFLState { type Corpus = AFLCorpus; #[inline] @@ -208,7 +223,7 @@ impl CustomMutator for LibAFLBaseCustomMutator { tokens.push(data.to_vec()); } if !tokens.is_empty() { - state.add_metadata(Tokens::new(tokens)); + state.add_metadata(Tokens::from(tokens)); } Ok(Self { state, -- cgit 1.4.1 From a8b6365a90e09a635907f0c257667e505255910a Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Thu, 5 Jan 2023 11:49:58 +0000 Subject: LibAFL custom mutator: unused variables with underscores --- custom_mutators/libafl_base/src/lib.rs | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/custom_mutators/libafl_base/src/lib.rs b/custom_mutators/libafl_base/src/lib.rs index dc1c5e0c..bae11e1f 100644 --- a/custom_mutators/libafl_base/src/lib.rs +++ b/custom_mutators/libafl_base/src/lib.rs @@ -1,5 +1,4 @@ #![cfg(unix)] -#![allow(unused_variables)] use serde::{Deserialize, Deserializer, Serialize, Serializer}; use std::{ @@ -77,21 +76,21 @@ impl Corpus for AFLCorpus { } #[inline] - fn add(&mut self, testcase: Testcase) -> Result { + fn add(&mut self, _testcase: Testcase) -> Result { unimplemented!(); } #[inline] fn replace( &mut self, - idx: usize, - testcase: Testcase, + _idx: usize, + _testcase: Testcase, ) -> Result, Error> { unimplemented!(); } #[inline] - fn remove(&mut self, idx: usize) -> Result>, Error> { + fn remove(&mut self, _idx: usize) -> Result>, Error> { unimplemented!(); } @@ -235,7 +234,7 @@ impl CustomMutator for LibAFLBaseCustomMutator { fn fuzz<'b, 's: 'b>( &'s mut self, buffer: &'b mut [u8], - add_buff: Option<&[u8]>, + _add_buff: Option<&[u8]>, max_size: usize, ) -> Result, Self::Error> { self.state.set_max_size(max_size); -- cgit 1.4.1 From 462e55da0cf2eb572b93f65d1190fdaac874e25c Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Thu, 5 Jan 2023 12:12:01 +0000 Subject: Updated rust custom mutator bindgen, fixed clippy lints --- custom_mutators/rust/custom_mutator-sys/Cargo.toml | 6 +- custom_mutators/rust/custom_mutator-sys/build.rs | 4 +- custom_mutators/rust/custom_mutator-sys/src/lib.rs | 2 + custom_mutators/rust/custom_mutator/Cargo.toml | 2 +- custom_mutators/rust/custom_mutator/src/lib.rs | 98 +++++++++++----------- custom_mutators/rust/example/Cargo.toml | 2 +- 6 files changed, 57 insertions(+), 57 deletions(-) diff --git a/custom_mutators/rust/custom_mutator-sys/Cargo.toml b/custom_mutators/rust/custom_mutator-sys/Cargo.toml index 104f7df0..e38c972e 100644 --- a/custom_mutators/rust/custom_mutator-sys/Cargo.toml +++ b/custom_mutators/rust/custom_mutator-sys/Cargo.toml @@ -1,12 +1,12 @@ [package] name = "custom_mutator-sys" -version = "0.1.0" +version = "0.1.1" authors = ["Julius Hohnerlein "] -edition = "2018" +edition = "2021" # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html [dependencies] [build-dependencies] -bindgen = "0.56" +bindgen = "0.63" diff --git a/custom_mutators/rust/custom_mutator-sys/build.rs b/custom_mutators/rust/custom_mutator-sys/build.rs index 3c88a90d..ba4390ff 100644 --- a/custom_mutators/rust/custom_mutator-sys/build.rs +++ b/custom_mutators/rust/custom_mutator-sys/build.rs @@ -15,8 +15,8 @@ fn main() { // The input header we would like to generate // bindings for. .header("wrapper.h") - .whitelist_type("afl_state_t") - .blacklist_type(r"u\d+") + .allowlist_type("afl_state_t") + .blocklist_type(r"u\d+") .opaque_type(r"_.*") .opaque_type("FILE") .opaque_type("in_addr(_t)?") diff --git a/custom_mutators/rust/custom_mutator-sys/src/lib.rs b/custom_mutators/rust/custom_mutator-sys/src/lib.rs index a38a13a8..719ac994 100644 --- a/custom_mutators/rust/custom_mutator-sys/src/lib.rs +++ b/custom_mutators/rust/custom_mutator-sys/src/lib.rs @@ -1,5 +1,7 @@ #![allow(non_upper_case_globals)] #![allow(non_camel_case_types)] #![allow(non_snake_case)] +#![allow(clippy::too_many_lines)] +#![allow(clippy::used_underscore_binding)] include!(concat!(env!("OUT_DIR"), "/bindings.rs")); diff --git a/custom_mutators/rust/custom_mutator/Cargo.toml b/custom_mutators/rust/custom_mutator/Cargo.toml index 2d3cdbfa..30f764dc 100644 --- a/custom_mutators/rust/custom_mutator/Cargo.toml +++ b/custom_mutators/rust/custom_mutator/Cargo.toml @@ -2,7 +2,7 @@ name = "custom_mutator" version = "0.1.0" authors = ["Julius Hohnerlein "] -edition = "2018" +edition = "2021" # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html diff --git a/custom_mutators/rust/custom_mutator/src/lib.rs b/custom_mutators/rust/custom_mutator/src/lib.rs index f872241e..09ac11f3 100644 --- a/custom_mutators/rust/custom_mutator/src/lib.rs +++ b/custom_mutators/rust/custom_mutator/src/lib.rs @@ -20,7 +20,7 @@ //! This binding is panic-safe in that it will prevent panics from unwinding into AFL++. Any panic will `abort` at the boundary between the custom mutator and AFL++. //! //! # Access to AFL++ internals -//! This crate has an optional feature "afl_internals", which gives access to AFL++'s internal state. +//! This crate has an optional feature "`afl_internals`", which gives access to AFL++'s internal state. //! The state is passed to [`CustomMutator::init`], when the feature is activated. //! //! _This is completely unsafe and uses automatically generated types extracted from the AFL++ source._ @@ -115,7 +115,7 @@ pub mod wrappers { impl FFIContext { fn from(ptr: *mut c_void) -> ManuallyDrop> { assert!(!ptr.is_null()); - ManuallyDrop::new(unsafe { Box::from_raw(ptr as *mut Self) }) + ManuallyDrop::new(unsafe { Box::from_raw(ptr.cast::()) }) } fn into_ptr(self: Box) -> *const c_void { @@ -141,27 +141,28 @@ pub mod wrappers { } /// panic handler called for every panic - fn panic_handler(method: &str, panic_info: Box) -> ! { + fn panic_handler(method: &str, panic_info: &Box) -> ! { use std::ops::Deref; - let cause = panic_info - .downcast_ref::() - .map(String::deref) - .unwrap_or_else(|| { + let cause = panic_info.downcast_ref::().map_or_else( + || { panic_info .downcast_ref::<&str>() .copied() .unwrap_or("") - }); - eprintln!("A panic occurred at {}: {}", method, cause); + }, + String::deref, + ); + eprintln!("A panic occurred at {method}: {cause}"); abort() } /// Internal function used in the macro #[cfg(not(feature = "afl_internals"))] + #[must_use] pub fn afl_custom_init_(seed: u32) -> *const c_void { match catch_unwind(|| FFIContext::::new(seed).into_ptr()) { Ok(ret) => ret, - Err(err) => panic_handler("afl_custom_init", err), + Err(err) => panic_handler("afl_custom_init", &err), } } @@ -176,7 +177,7 @@ pub mod wrappers { FFIContext::::new(afl, seed).into_ptr() }) { Ok(ret) => ret, - Err(err) => panic_handler("afl_custom_init", err), + Err(err) => panic_handler("afl_custom_init", &err), } } @@ -196,32 +197,27 @@ pub mod wrappers { ) -> usize { match catch_unwind(|| { let mut context = FFIContext::::from(data); - if buf.is_null() { - panic!("null buf passed to afl_custom_fuzz") - } - if out_buf.is_null() { - panic!("null out_buf passed to afl_custom_fuzz") - } + + assert!(!buf.is_null(), "null buf passed to afl_custom_fuzz"); + assert!(!out_buf.is_null(), "null out_buf passed to afl_custom_fuzz"); + let buff_slice = slice::from_raw_parts_mut(buf, buf_size); let add_buff_slice = if add_buf.is_null() { None } else { Some(slice::from_raw_parts(add_buf, add_buf_size)) }; - match context.mutator.fuzz(buff_slice, add_buff_slice, max_size) { - Some(buffer) => { - *out_buf = buffer.as_ptr(); - buffer.len() - } - None => { - // return the input buffer with 0-length to let AFL skip this mutation attempt - *out_buf = buf; - 0 - } + if let Some(buffer) = context.mutator.fuzz(buff_slice, add_buff_slice, max_size) { + *out_buf = buffer.as_ptr(); + buffer.len() + } else { + // return the input buffer with 0-length to let AFL skip this mutation attempt + *out_buf = buf; + 0 } }) { Ok(ret) => ret, - Err(err) => panic_handler("afl_custom_fuzz", err), + Err(err) => panic_handler("afl_custom_fuzz", &err), } } @@ -237,9 +233,8 @@ pub mod wrappers { ) -> u32 { match catch_unwind(|| { let mut context = FFIContext::::from(data); - if buf.is_null() { - panic!("null buf passed to afl_custom_fuzz") - } + assert!(!buf.is_null(), "null buf passed to afl_custom_fuzz"); + let buf_slice = slice::from_raw_parts(buf, buf_size); // see https://doc.rust-lang.org/nomicon/borrow-splitting.html let ctx = &mut **context; @@ -247,7 +242,7 @@ pub mod wrappers { mutator.fuzz_count(buf_slice) }) { Ok(ret) => ret, - Err(err) => panic_handler("afl_custom_fuzz_count", err), + Err(err) => panic_handler("afl_custom_fuzz_count", &err), } } @@ -259,25 +254,27 @@ pub mod wrappers { ) -> bool { match catch_unwind(|| { let mut context = FFIContext::::from(data); - if filename_new_queue.is_null() { - panic!("received null filename_new_queue in afl_custom_queue_new_entry"); - } + assert!( + !filename_new_queue.is_null(), + "received null filename_new_queue in afl_custom_queue_new_entry" + ); + let filename_new_queue = Path::new(OsStr::from_bytes( unsafe { CStr::from_ptr(filename_new_queue) }.to_bytes(), )); - let filename_orig_queue = if !filename_orig_queue.is_null() { + let filename_orig_queue = if filename_orig_queue.is_null() { + None + } else { Some(Path::new(OsStr::from_bytes( unsafe { CStr::from_ptr(filename_orig_queue) }.to_bytes(), ))) - } else { - None }; context .mutator .queue_new_entry(filename_new_queue, filename_orig_queue) }) { Ok(ret) => ret, - Err(err) => panic_handler("afl_custom_queue_new_entry", err), + Err(err) => panic_handler("afl_custom_queue_new_entry", &err), } } @@ -292,7 +289,7 @@ pub mod wrappers { ManuallyDrop::into_inner(FFIContext::::from(data)); }) { Ok(ret) => ret, - Err(err) => panic_handler("afl_custom_deinit", err), + Err(err) => panic_handler("afl_custom_deinit", &err), } } @@ -306,13 +303,13 @@ pub mod wrappers { buf.extend_from_slice(res.as_bytes()); buf.push(0); // unwrapping here, as the error case should be extremely rare - CStr::from_bytes_with_nul(&buf).unwrap().as_ptr() + CStr::from_bytes_with_nul(buf).unwrap().as_ptr() } else { null() } }) { Ok(ret) => ret, - Err(err) => panic_handler("afl_custom_introspection", err), + Err(err) => panic_handler("afl_custom_introspection", &err), } } @@ -329,13 +326,13 @@ pub mod wrappers { buf.extend_from_slice(res.as_bytes()); buf.push(0); // unwrapping here, as the error case should be extremely rare - CStr::from_bytes_with_nul(&buf).unwrap().as_ptr() + CStr::from_bytes_with_nul(buf).unwrap().as_ptr() } else { null() } }) { Ok(ret) => ret, - Err(err) => panic_handler("afl_custom_describe", err), + Err(err) => panic_handler("afl_custom_describe", &err), } } @@ -348,12 +345,12 @@ pub mod wrappers { let mut context = FFIContext::::from(data); assert!(!filename.is_null()); - context.mutator.queue_get(Path::new(OsStr::from_bytes( + u8::from(context.mutator.queue_get(Path::new(OsStr::from_bytes( unsafe { CStr::from_ptr(filename) }.to_bytes(), - ))) as u8 + )))) }) { Ok(ret) => ret, - Err(err) => panic_handler("afl_custom_queue_get", err), + Err(err) => panic_handler("afl_custom_queue_get", &err), } } } @@ -373,7 +370,7 @@ macro_rules! _define_afl_custom_init { }; } -/// An exported macro to defined afl_custom_init meant for insternal usage +/// An exported macro to defined `afl_custom_init` meant for internal usage #[cfg(not(feature = "afl_internals"))] #[macro_export] macro_rules! _define_afl_custom_init { @@ -520,9 +517,10 @@ mod sanity_test { export_mutator!(ExampleMutator); } -#[allow(unused_variables)] /// A custom mutator. /// [`CustomMutator::handle_error`] will be called in case any method returns an [`Result::Err`]. +#[allow(unused_variables)] +#[allow(clippy::missing_errors_doc)] pub trait CustomMutator { /// The error type. All methods must return the same error type. type Error: Debug; @@ -537,7 +535,7 @@ pub trait CustomMutator { .map(|v| !v.is_empty()) .unwrap_or(false) { - eprintln!("Error in custom mutator: {:?}", err) + eprintln!("Error in custom mutator: {err:?}"); } } diff --git a/custom_mutators/rust/example/Cargo.toml b/custom_mutators/rust/example/Cargo.toml index 070d23b1..9d53ebe5 100644 --- a/custom_mutators/rust/example/Cargo.toml +++ b/custom_mutators/rust/example/Cargo.toml @@ -2,7 +2,7 @@ name = "example_mutator" version = "0.1.0" authors = ["Julius Hohnerlein "] -edition = "2018" +edition = "2021" # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html -- cgit 1.4.1 From 57e7408774a5276baaecd9dd5a6c73f1cbbf866b Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Thu, 5 Jan 2023 12:15:54 +0000 Subject: add update info to changelog --- docs/Changelog.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/Changelog.md b/docs/Changelog.md index b9376711..7a9b74c5 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -19,6 +19,7 @@ - afl-showmap/afl-cmin - `-t none` now translates to `-t 120000` (120 seconds) - unicorn_mode updated + - updated rust custom mutator dependencies and LibAFL custom mutator - several minor bugfixes ### Version ++4.04c (release) -- cgit 1.4.1 From a3b56e7280cb5b5cea21c66c40d4390db6f13b8f Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Thu, 5 Jan 2023 12:25:02 +0000 Subject: rust custom mutator: mark external fns unsafe --- custom_mutators/rust/custom_mutator/src/lib.rs | 11 +++++------ custom_mutators/rust/example_lain/Cargo.toml | 2 +- 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/custom_mutators/rust/custom_mutator/src/lib.rs b/custom_mutators/rust/custom_mutator/src/lib.rs index 09ac11f3..3b635eb5 100644 --- a/custom_mutators/rust/custom_mutator/src/lib.rs +++ b/custom_mutators/rust/custom_mutator/src/lib.rs @@ -247,7 +247,7 @@ pub mod wrappers { } /// Internal function used in the macro - pub fn afl_custom_queue_new_entry_( + pub unsafe fn afl_custom_queue_new_entry_( data: *mut c_void, filename_new_queue: *const c_char, filename_orig_queue: *const c_char, @@ -337,7 +337,7 @@ pub mod wrappers { } /// Internal function used in the macro - pub fn afl_custom_queue_get_( + pub unsafe fn afl_custom_queue_get_( data: *mut c_void, filename: *const c_char, ) -> u8 { @@ -441,7 +441,7 @@ macro_rules! export_mutator { } #[no_mangle] - pub extern "C" fn afl_custom_queue_new_entry( + pub unsafe extern "C" fn afl_custom_queue_new_entry( data: *mut ::std::os::raw::c_void, filename_new_queue: *const ::std::os::raw::c_char, filename_orig_queue: *const ::std::os::raw::c_char, @@ -454,7 +454,7 @@ macro_rules! export_mutator { } #[no_mangle] - pub extern "C" fn afl_custom_queue_get( + pub unsafe extern "C" fn afl_custom_queue_get( data: *mut ::std::os::raw::c_void, filename: *const ::std::os::raw::c_char, ) -> u8 { @@ -757,8 +757,7 @@ mod truncate_test { let actual_output = truncate_str_unicode_safe(input, *max_len); assert_eq!( &actual_output, expected_output, - "{:#?} truncated to {} bytes should be {:#?}, but is {:#?}", - input, max_len, expected_output, actual_output + "{input:#?} truncated to {max_len} bytes should be {expected_output:#?}, but is {actual_output:#?}" ); } } diff --git a/custom_mutators/rust/example_lain/Cargo.toml b/custom_mutators/rust/example_lain/Cargo.toml index 29d606a4..c52bf86f 100644 --- a/custom_mutators/rust/example_lain/Cargo.toml +++ b/custom_mutators/rust/example_lain/Cargo.toml @@ -2,7 +2,7 @@ name = "example_lain" version = "0.1.0" authors = ["Julius Hohnerlein "] -edition = "2018" +edition = "2021" # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html -- cgit 1.4.1