From c96238d85f4a784402db6cbf16630b977617eb1a Mon Sep 17 00:00:00 2001 From: Daniil Kuts <13482580+apach301@users.noreply.github.com> Date: Fri, 27 May 2022 13:52:31 +0300 Subject: Add AFL_SYNC_TIME variable for synchronization time tuning (#1425) * Add AFL_SYNC_TIME variable for synchronization time tuning * Documentation for AFL_SYNC_TIME variable --- docs/env_variables.md | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'docs/env_variables.md') diff --git a/docs/env_variables.md b/docs/env_variables.md index fe9c6e07..3c69c0b6 100644 --- a/docs/env_variables.md +++ b/docs/env_variables.md @@ -517,6 +517,10 @@ checks or alter some of the more exotic semantics of the tool: (empty/non present) will add no tags to the metrics. For more information, see [rpc_statsd.md](rpc_statsd.md). + - `AFL_SYNC_TIME` allows you to specify a different minimal time (in minutes) + between fuzzing instances synchronization. Default sync time is 30 minutes, + note that time is halfed for -M main nodes. + - Setting `AFL_TARGET_ENV` causes AFL++ to set extra environment variables for the target binary. Example: `AFL_TARGET_ENV="VAR1=1 VAR2='a b c'" afl-fuzz ... `. This exists mostly for things like `LD_LIBRARY_PATH` but it would -- cgit 1.4.1 From ba21e20695313d538535788cdc55f4b26304e56a Mon Sep 17 00:00:00 2001 From: hexcoder Date: Tue, 14 Jun 2022 14:56:10 +0200 Subject: typo --- docs/env_variables.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'docs/env_variables.md') diff --git a/docs/env_variables.md b/docs/env_variables.md index 3c69c0b6..a63aad10 100644 --- a/docs/env_variables.md +++ b/docs/env_variables.md @@ -519,7 +519,7 @@ checks or alter some of the more exotic semantics of the tool: - `AFL_SYNC_TIME` allows you to specify a different minimal time (in minutes) between fuzzing instances synchronization. Default sync time is 30 minutes, - note that time is halfed for -M main nodes. + note that time is halved for -M main nodes. - Setting `AFL_TARGET_ENV` causes AFL++ to set extra environment variables for the target binary. Example: `AFL_TARGET_ENV="VAR1=1 VAR2='a b c'" afl-fuzz -- cgit 1.4.1 From 3d1a57deed63bdff6c817e1b1a8098df94ea5eac Mon Sep 17 00:00:00 2001 From: Ruben ten Hove Date: Fri, 17 Jun 2022 21:03:46 +0200 Subject: feat: allow to skip readme creation on crash --- docs/env_variables.md | 4 ++++ include/afl-fuzz.h | 3 +-- include/envs.h | 2 +- src/afl-fuzz-bitmap.c | 3 +-- src/afl-fuzz-state.c | 9 ++++++++- 5 files changed, 15 insertions(+), 6 deletions(-) (limited to 'docs/env_variables.md') diff --git a/docs/env_variables.md b/docs/env_variables.md index a63aad10..0598a809 100644 --- a/docs/env_variables.md +++ b/docs/env_variables.md @@ -619,6 +619,10 @@ The QEMU wrapper used to instrument binary-only code supports several settings: emulation" variables (e.g., `QEMU_STACK_SIZE`), but there should be no reason to touch them. + - Normally a `README.txt` is written to the `crashes/` directory when a first + crash is found. Setting `AFL_NO_CRASH_README` will prevent this. Useful when + counting crashes based on a file count in that directory. + ## 7) Settings for afl-frida-trace The FRIDA wrapper used to instrument binary-only code supports many of the same diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index 24af426f..b78d0b98 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -386,7 +386,7 @@ typedef struct afl_env_vars { afl_bench_until_crash, afl_debug_child, afl_autoresume, afl_cal_fast, afl_cycle_schedules, afl_expand_havoc, afl_statsd, afl_cmplog_only_new, afl_exit_on_seed_issues, afl_try_affinity, afl_ignore_problems, - afl_keep_timeouts, afl_pizza_mode; + afl_keep_timeouts, afl_pizza_mode, afl_no_crash_readme; u8 *afl_tmpdir, *afl_custom_mutator_library, *afl_python_module, *afl_path, *afl_hang_tmout, *afl_forksrv_init_tmout, *afl_preload, @@ -1267,4 +1267,3 @@ void queue_testcase_store_mem(afl_state_t *afl, struct queue_entry *q, u8 *mem); #endif #endif - diff --git a/include/envs.h b/include/envs.h index f4cccc96..4105ac6d 100644 --- a/include/envs.h +++ b/include/envs.h @@ -159,6 +159,7 @@ static char *afl_environment_variables[] = { "AFL_NO_COLOUR", #endif "AFL_NO_CPU_RED", + "AFL_NO_CRASH_README", "AFL_NO_FORKSRV", "AFL_NO_UI", "AFL_NO_PYTHON", @@ -234,4 +235,3 @@ static char *afl_environment_variables[] = { extern char *afl_environment_variables[]; #endif - diff --git a/src/afl-fuzz-bitmap.c b/src/afl-fuzz-bitmap.c index 26e70d81..fffcef89 100644 --- a/src/afl-fuzz-bitmap.c +++ b/src/afl-fuzz-bitmap.c @@ -720,7 +720,7 @@ save_if_interesting(afl_state_t *afl, void *mem, u32 len, u8 fault) { } - if (unlikely(!afl->saved_crashes)) { write_crash_readme(afl); } + if (unlikely(!afl->saved_crashes) && (afl->afl_env.afl_no_crash_readme != 1)) { write_crash_readme(afl); } #ifndef SIMPLE_FILES @@ -821,4 +821,3 @@ save_if_interesting(afl_state_t *afl, void *mem, u32 len, u8 fault) { return keeping; } - diff --git a/src/afl-fuzz-state.c b/src/afl-fuzz-state.c index 8334af75..4d16811f 100644 --- a/src/afl-fuzz-state.c +++ b/src/afl-fuzz-state.c @@ -510,6 +510,14 @@ void read_afl_environment(afl_state_t *afl, char **envp) { afl->afl_env.afl_pizza_mode = atoi((u8 *)get_afl_env(afl_environment_variables[i])); + + } else if (!strncmp(env, "AFL_NO_CRASH_README", + + afl_environment_variable_len)) { + + afl->afl_env.afl_no_crash_readme = + atoi((u8 *)get_afl_env(afl_environment_variables[i])); + if (afl->afl_env.afl_pizza_mode == 0) { afl->afl_env.afl_pizza_mode = 1; @@ -665,4 +673,3 @@ void afl_states_request_skip(void) { LIST_FOREACH(&afl_states, afl_state_t, { el->skip_requested = 1; }); } - -- cgit 1.4.1