From fc7c95e9f4d26ea3ab13543d166ed0dc4d0b81a3 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 12 Sep 2024 10:24:05 +0200 Subject: nits --- src/afl-fuzz-init.c | 29 ++++++++++++++--------------- 1 file changed, 14 insertions(+), 15 deletions(-) (limited to 'src/afl-fuzz-init.c') diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index d3085d42..72a765ff 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -2443,21 +2443,20 @@ void check_crash_handling(void) { if (read(fd, &fchar, 1) == 1 && fchar == '|') { - SAYF( - "\n" cLRD "[-] " cRST - "Your system is configured to send core dump notifications to an\n" - " external utility. This will cause issues: there will be an " - "extended delay\n" - " between stumbling upon a crash and having this information " - "relayed to the\n" - " fuzzer via the standard waitpid() API.\n" - " If you're just experimenting, set " - "'AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1'.\n\n" - - " To avoid having crashes misinterpreted as timeouts, please \n" - " temporarily modify /proc/sys/kernel/core_pattern, like so:\n\n" - - " echo core | sudo tee /proc/sys/kernel/core_pattern\n"); + SAYF("\n" cLRD "[-] " cRST + "Your system is configured to send core dump notifications to an\n" + " external utility. This will cause issues: there will be an " + "extended delay\n" + " between stumbling upon a crash and having this information " + "relayed to the\n" + " fuzzer via the standard waitpid() API.\n" + " If you're just experimenting, set " + "'AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1'.\n\n" + + " To avoid having crashes misinterpreted as timeouts, please \n" + " temporarily modify /proc/sys/kernel/core_pattern, like so:\n\n" + + " echo core | sudo tee /proc/sys/kernel/core_pattern\n"); if (!getenv("AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES")) { -- cgit 1.4.1 From db172473b55584c901c615413a5f1204eb603782 Mon Sep 17 00:00:00 2001 From: nj00001 <42004790+nj00001@users.noreply.github.com> Date: Mon, 23 Sep 2024 15:50:20 +0800 Subject: Save crash log returned by nyx when AFL_CRASHING_SEEDS_AS_NEW_CRASH environment variable is enabled nyx also returns a crash log when reporting a crash, both files are saved in the afl++ fuzzing run, whereas with the AFL_CRASHING_SEEDS_AS_NEW_CRASH setting, only the crash file is saved in the dry run phase if crashes are included in the supplied seeds. This commit adds crash log saving to keep the behavior consistent --- src/afl-fuzz-init.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) (limited to 'src/afl-fuzz-init.c') diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index 72a765ff..e9036985 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -1231,6 +1231,23 @@ void perform_dry_run(afl_state_t *afl) { ck_write(fd, use_mem, read_len, crash_fn); close(fd); + if (afl->fsrv.nyx_mode) { + + u8 crash_log_fn[PATH_MAX]; + + snprintf(crash_log_fn, PATH_MAX, "%s.log", crash_fn); + fd = open(crash_log_fn, O_WRONLY | O_CREAT | O_EXCL, DEFAULT_PERMISSION); + if (unlikely(fd < 0)) { PFATAL("Unable to create '%s'", crash_log_fn); } + + u32 nyx_aux_string_len = afl->fsrv.nyx_handlers->nyx_get_aux_string( + afl->fsrv.nyx_runner, afl->fsrv.nyx_aux_string, + afl->fsrv.nyx_aux_string_len); + + ck_write(fd, afl->fsrv.nyx_aux_string, nyx_aux_string_len, crash_log_fn); + close(fd); + + } + afl->last_crash_time = get_cur_time(); afl->last_crash_execs = afl->fsrv.total_execs; -- cgit 1.4.1 From 8b35dd49be5f846e945f6d6a9414623d195a99cb Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Mon, 23 Sep 2024 21:22:17 +0200 Subject: Fix macOS build --- src/afl-fuzz-init.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'src/afl-fuzz-init.c') diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index e9036985..9eaa661d 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -1231,6 +1231,7 @@ void perform_dry_run(afl_state_t *afl) { ck_write(fd, use_mem, read_len, crash_fn); close(fd); +#ifdef __linux__ if (afl->fsrv.nyx_mode) { u8 crash_log_fn[PATH_MAX]; @@ -1247,6 +1248,7 @@ void perform_dry_run(afl_state_t *afl) { close(fd); } +#endif afl->last_crash_time = get_cur_time(); afl->last_crash_execs = afl->fsrv.total_execs; @@ -2882,6 +2884,7 @@ void check_binary(afl_state_t *afl, u8 *fname) { if (strchr(fname, '/') || !(env_path = getenv("PATH"))) { afl->fsrv.target_path = ck_strdup(fname); + #ifdef __linux__ if (afl->fsrv.nyx_mode) { @@ -2902,8 +2905,8 @@ void check_binary(afl_state_t *afl, u8 *fname) { afl->fsrv.target_path); } - #endif + if (stat(afl->fsrv.target_path, &st) || !S_ISREG(st.st_mode) || !(st.st_mode & 0111) || (f_len = st.st_size) < 4) { -- cgit 1.4.1