From 4561a9590fc9a8c9ef3676b119f04c2e6d0794c0 Mon Sep 17 00:00:00 2001 From: Edznux Date: Thu, 17 Sep 2020 01:29:09 +0200 Subject: WIP. basic state working: submitting statsd metrics (path, crashes, hangs) --- src/afl-fuzz-statsd.c | 87 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 87 insertions(+) create mode 100644 src/afl-fuzz-statsd.c (limited to 'src/afl-fuzz-statsd.c') diff --git a/src/afl-fuzz-statsd.c b/src/afl-fuzz-statsd.c new file mode 100644 index 00000000..aa12ca9a --- /dev/null +++ b/src/afl-fuzz-statsd.c @@ -0,0 +1,87 @@ +#include +#include +#include +#include +#include +#include +#include +#include +#include "afl-fuzz.h" + + +int sock = 0; +struct sockaddr_in server; +int error = 0; + +int statsd_init(char *host, int port){ + if((sock = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) == -1){ + perror("socket"); + exit(1); + } + + memset(&server, 0, sizeof(server)); + server.sin_family = AF_INET; + server.sin_port = htons(port); + + struct addrinfo *result; + struct addrinfo hints; + + memset(&hints, 0, sizeof(struct addrinfo)); + hints.ai_family = AF_INET; + hints.ai_socktype = SOCK_DGRAM; + + if ( (error = getaddrinfo(host, NULL, &hints, &result)) ) { + perror("getaddrinfo"); + exit(1); + } + + memcpy(&(server.sin_addr), &((struct sockaddr_in*)result->ai_addr)->sin_addr, sizeof(struct in_addr)); + freeaddrinfo(result); + + return 0; +} + +int send_statsd_metric(afl_state_t *afl){ + u64 cur_ms = get_cur_time(); + if (cur_ms - afl->stats_last_plot_ms < 1000) { + return 0; + } + + error = statsd_init("127.0.0.1", 12345); + if (error){ + perror("Failed to init statsd client. Aborting"); + return -1; + } + + if(!sock){ + perror("sock"); + return -1; + } + char buff[512]; + statsd_format_metric(afl, buff, 512); + + if (sendto(sock, buff, strlen(buff), 0, (struct sockaddr *) &server, sizeof(server)) == -1) { + perror("sendto"); + return -1; + } + close(sock); + sock=0; + + return 0; +} + + +void statsd_format_metric(afl_state_t *afl, char *buff, int bufflen){ + char *format = "fuzzing.afl.cycle_done:%llu|c\n" + "fuzzing.afl.total_path:%lu|c\n" + "fuzzing.afl.unique_crashes:%llu|c\n" + "fuzzing.afl.total_crashes:%llu|c\n" + "fuzzing.afl.unique_hangs:%llu|c\n"; + snprintf(buff, bufflen, format, + afl->queue_cycle, + afl->queued_paths, + afl->unique_crashes, + afl->total_crashes, + afl->unique_hangs + ); +} \ No newline at end of file -- cgit 1.4.1 From a55e0d11891f0cc19a4ec6cc67c4e5e0d1c7f465 Mon Sep 17 00:00:00 2001 From: Edznux Date: Fri, 25 Sep 2020 23:28:15 +0200 Subject: WIP envs --- include/afl-fuzz.h | 2 +- include/envs.h | 2 ++ src/afl-fuzz-statsd.c | 70 ++++++++++++++++++++++++++++++++++++++++----------- 3 files changed, 58 insertions(+), 16 deletions(-) (limited to 'src/afl-fuzz-statsd.c') diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index 5fff7feb..65327d93 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -958,7 +958,7 @@ void show_init_stats(afl_state_t *); int statsd_init(char *host, int port); int send_statsd_metric(afl_state_t *afl); -void statsd_format_metric(afl_state_t *afl, char *buff, int bufflen); +int statsd_format_metric(afl_state_t *afl, char *formatted[], size_t *num_of_tags); /* Run */ diff --git a/include/envs.h b/include/envs.h index 2dc1dbbf..6776a7cd 100644 --- a/include/envs.h +++ b/include/envs.h @@ -129,6 +129,8 @@ static char *afl_environment_variables[] = { "AFL_SKIP_BIN_CHECK", "AFL_SKIP_CPUFREQ", "AFL_SKIP_CRASHES", + "AFL_STATSD_HOST", + "AFL_STATSD_PORT", "AFL_TMIN_EXACT", "AFL_TMPDIR", "AFL_TOKEN_FILE", diff --git a/src/afl-fuzz-statsd.c b/src/afl-fuzz-statsd.c index aa12ca9a..d09d1f6e 100644 --- a/src/afl-fuzz-statsd.c +++ b/src/afl-fuzz-statsd.c @@ -9,6 +9,9 @@ #include "afl-fuzz.h" +#define MAX_STATSD_PACKET_SIZE 1024 +#define MAX_TAG_LEN 200 + int sock = 0; struct sockaddr_in server; int error = 0; @@ -46,8 +49,21 @@ int send_statsd_metric(afl_state_t *afl){ if (cur_ms - afl->stats_last_plot_ms < 1000) { return 0; } + + u16 port = 8125; + char* host = "127.0.0.1"; - error = statsd_init("127.0.0.1", 12345); + char* port_env; + char* host_env; + if ((port_env = getenv("AFL_STATSD_PORT")) != NULL) { + port = atoi(port_env); + } + if ((host_env = getenv("AFL_STATSD_HOST")) != NULL) { + // sanitization check ? + host = host_env; + } + + error = statsd_init(host, port); if (error){ perror("Failed to init statsd client. Aborting"); return -1; @@ -57,31 +73,55 @@ int send_statsd_metric(afl_state_t *afl){ perror("sock"); return -1; } - char buff[512]; - statsd_format_metric(afl, buff, 512); - - if (sendto(sock, buff, strlen(buff), 0, (struct sockaddr *) &server, sizeof(server)) == -1) { - perror("sendto"); - return -1; + char *formatted[] = {}; + size_t *num_of_tags = 0; + statsd_format_metric(afl, &formatted, num_of_tags); + for (size_t i = 0; i < &num_of_tags; i++){ + printf("%ld\n", i); + printf("%s\n", formatted[i]); + if (sendto(sock, formatted[i], strlen(formatted[i]), 0, (struct sockaddr *) &server, sizeof(server)) == -1) { + perror("sendto"); + return -1; + } } + close(sock); sock=0; return 0; } +int statsd_format_metric(afl_state_t *afl, char *formatted[], size_t *num_of_tags){ + + char *tags = "key:value"; + + *num_of_tags = 0; // reset + + const char *metrics[] = { + "fuzzing.afl.cycle_done:%llu|g|#%s\n", + "fuzzing.afl.total_path:%lu|g|#%s\n", + "fuzzing.afl.unique_crashes:%llu|g|#%s\n", + "fuzzing.afl.total_crashes:%llu|g|#%s\n", + "fuzzing.afl.unique_hangs:%llu|g|#%s\n" + }; -void statsd_format_metric(afl_state_t *afl, char *buff, int bufflen){ - char *format = "fuzzing.afl.cycle_done:%llu|c\n" - "fuzzing.afl.total_path:%lu|c\n" - "fuzzing.afl.unique_crashes:%llu|c\n" - "fuzzing.afl.total_crashes:%llu|c\n" - "fuzzing.afl.unique_hangs:%llu|c\n"; - snprintf(buff, bufflen, format, + const int metricValues[] = { afl->queue_cycle, afl->queued_paths, afl->unique_crashes, afl->total_crashes, afl->unique_hangs - ); + }; + + *num_of_tags = sizeof(metrics)/sizeof(metrics[0]); + + for (size_t i = 0; i < &num_of_tags; i++){ + char *tmp = malloc(MAX_STATSD_PACKET_SIZE); + if(tmp == NULL){ + return -1; + } + snprintf(tmp, MAX_STATSD_PACKET_SIZE, metrics[i], metricValues[i], tags); + formatted[i] = tmp; + } + return 0; } \ No newline at end of file -- cgit 1.4.1 From 223974336196a8f3617548e8ca88ee084794ed60 Mon Sep 17 00:00:00 2001 From: Edznux Date: Thu, 1 Oct 2020 00:11:01 +0200 Subject: Rewrote format metric to be simpler/more static --- include/afl-fuzz.h | 2 +- src/afl-fuzz-statsd.c | 78 ++++++++++++++++++++++----------------------------- 2 files changed, 35 insertions(+), 45 deletions(-) (limited to 'src/afl-fuzz-statsd.c') diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index 65327d93..61672169 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -958,7 +958,7 @@ void show_init_stats(afl_state_t *); int statsd_init(char *host, int port); int send_statsd_metric(afl_state_t *afl); -int statsd_format_metric(afl_state_t *afl, char *formatted[], size_t *num_of_tags); +int statsd_format_metric(afl_state_t *afl, char *buff, size_t bufflen); /* Run */ diff --git a/src/afl-fuzz-statsd.c b/src/afl-fuzz-statsd.c index d09d1f6e..a53569c3 100644 --- a/src/afl-fuzz-statsd.c +++ b/src/afl-fuzz-statsd.c @@ -9,7 +9,7 @@ #include "afl-fuzz.h" -#define MAX_STATSD_PACKET_SIZE 1024 +#define MAX_STATSD_PACKET_SIZE 1400 #define MAX_TAG_LEN 200 int sock = 0; @@ -56,6 +56,7 @@ int send_statsd_metric(afl_state_t *afl){ char* port_env; char* host_env; if ((port_env = getenv("AFL_STATSD_PORT")) != NULL) { + // sanitization check ? port = atoi(port_env); } if ((host_env = getenv("AFL_STATSD_HOST")) != NULL) { @@ -73,55 +74,44 @@ int send_statsd_metric(afl_state_t *afl){ perror("sock"); return -1; } - char *formatted[] = {}; - size_t *num_of_tags = 0; - statsd_format_metric(afl, &formatted, num_of_tags); - for (size_t i = 0; i < &num_of_tags; i++){ - printf("%ld\n", i); - printf("%s\n", formatted[i]); - if (sendto(sock, formatted[i], strlen(formatted[i]), 0, (struct sockaddr *) &server, sizeof(server)) == -1) { - perror("sendto"); - return -1; - } + + char buff[MAX_STATSD_PACKET_SIZE] = {0}; + + statsd_format_metric(afl, buff, MAX_STATSD_PACKET_SIZE); + if (sendto(sock, buff, MAX_STATSD_PACKET_SIZE, 0, + (struct sockaddr *)&server, sizeof(server)) == -1) { + perror("sendto"); + return -1; } - + close(sock); sock=0; return 0; } -int statsd_format_metric(afl_state_t *afl, char *formatted[], size_t *num_of_tags){ +int statsd_format_metric(afl_state_t *afl, char *buff, size_t bufflen){ + /* + metric format: + :|| + tags format: + #key:value,key:value,key + */ + char tags[MAX_TAG_LEN * 2] = {0}; + snprintf(tags, MAX_TAG_LEN * 2, + "banner:%s,afl_version:%s", + afl->use_banner, + VERSION); + // Sends multiple metrics with one UDP Packet. + // bufflen will limit to the max safe size. + snprintf(buff, bufflen, + "fuzzing.afl.cycle_done:%llu|g|#%s\n" + "fuzzing.afl.total_path:%u|g|#%s\n" + "fuzzing.afl.unique_crashes:%llu|g|#%s\n" + "fuzzing.afl.total_crashes:%llu|g|#%s\n" + "fuzzing.afl.unique_hangs:%llu|g|#%s\n", + afl->queue_cycle, tags, afl->queued_paths, tags, afl->unique_crashes, + tags, afl->total_crashes, tags, afl->unique_hangs, tags); - char *tags = "key:value"; - - *num_of_tags = 0; // reset - - const char *metrics[] = { - "fuzzing.afl.cycle_done:%llu|g|#%s\n", - "fuzzing.afl.total_path:%lu|g|#%s\n", - "fuzzing.afl.unique_crashes:%llu|g|#%s\n", - "fuzzing.afl.total_crashes:%llu|g|#%s\n", - "fuzzing.afl.unique_hangs:%llu|g|#%s\n" - }; - - const int metricValues[] = { - afl->queue_cycle, - afl->queued_paths, - afl->unique_crashes, - afl->total_crashes, - afl->unique_hangs - }; - - *num_of_tags = sizeof(metrics)/sizeof(metrics[0]); - - for (size_t i = 0; i < &num_of_tags; i++){ - char *tmp = malloc(MAX_STATSD_PACKET_SIZE); - if(tmp == NULL){ - return -1; - } - snprintf(tmp, MAX_STATSD_PACKET_SIZE, metrics[i], metricValues[i], tags); - formatted[i] = tmp; - } - return 0; + return 0; } \ No newline at end of file -- cgit 1.4.1 From ff8c6d24156811333c855755fea8fafc43e133bc Mon Sep 17 00:00:00 2001 From: Edznux Date: Sun, 4 Oct 2020 03:22:28 +0200 Subject: Adds other metrics --- include/afl-fuzz.h | 2 +- src/afl-fuzz-statsd.c | 74 ++++++++++++++++++++++++++++++++++++++------------- 2 files changed, 57 insertions(+), 19 deletions(-) (limited to 'src/afl-fuzz-statsd.c') diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index 61672169..eecfcf75 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -956,7 +956,7 @@ void show_init_stats(afl_state_t *); /* StatsD */ -int statsd_init(char *host, int port); +int statsd_socket_init(char *host, int port); int send_statsd_metric(afl_state_t *afl); int statsd_format_metric(afl_state_t *afl, char *buff, size_t bufflen); diff --git a/src/afl-fuzz-statsd.c b/src/afl-fuzz-statsd.c index a53569c3..d9cd12d2 100644 --- a/src/afl-fuzz-statsd.c +++ b/src/afl-fuzz-statsd.c @@ -9,14 +9,15 @@ #include "afl-fuzz.h" -#define MAX_STATSD_PACKET_SIZE 1400 +#define MAX_STATSD_PACKET_SIZE 4096 #define MAX_TAG_LEN 200 +#define METRIC_PREFIX "fuzzing" int sock = 0; struct sockaddr_in server; int error = 0; -int statsd_init(char *host, int port){ +int statsd_socket_init(char *host, int port){ if((sock = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) == -1){ perror("socket"); exit(1); @@ -45,11 +46,9 @@ int statsd_init(char *host, int port){ } int send_statsd_metric(afl_state_t *afl){ - u64 cur_ms = get_cur_time(); - if (cur_ms - afl->stats_last_plot_ms < 1000) { - return 0; - } - + /* default port and host. + Will be overwritten by AFL_STATSD_PORT and AFL_STATSD_HOST environment variable, if they exists. + */ u16 port = 8125; char* host = "127.0.0.1"; @@ -64,7 +63,7 @@ int send_statsd_metric(afl_state_t *afl){ host = host_env; } - error = statsd_init(host, port); + error = statsd_socket_init(host, port); if (error){ perror("Failed to init statsd client. Aborting"); return -1; @@ -78,7 +77,7 @@ int send_statsd_metric(afl_state_t *afl){ char buff[MAX_STATSD_PACKET_SIZE] = {0}; statsd_format_metric(afl, buff, MAX_STATSD_PACKET_SIZE); - if (sendto(sock, buff, MAX_STATSD_PACKET_SIZE, 0, + if (sendto(sock, buff, strlen(buff), 0, (struct sockaddr *)&server, sizeof(server)) == -1) { perror("sendto"); return -1; @@ -95,23 +94,62 @@ int statsd_format_metric(afl_state_t *afl, char *buff, size_t bufflen){ metric format: :|| tags format: - #key:value,key:value,key + */ + #ifdef USE_STATSD_TAGS + /* #key:value,key:value,key */ char tags[MAX_TAG_LEN * 2] = {0}; snprintf(tags, MAX_TAG_LEN * 2, - "banner:%s,afl_version:%s", + "|#banner:%s,afl_version:%s", afl->use_banner, VERSION); + #else + char *tags = ""; + #endif // Sends multiple metrics with one UDP Packet. // bufflen will limit to the max safe size. snprintf(buff, bufflen, - "fuzzing.afl.cycle_done:%llu|g|#%s\n" - "fuzzing.afl.total_path:%u|g|#%s\n" - "fuzzing.afl.unique_crashes:%llu|g|#%s\n" - "fuzzing.afl.total_crashes:%llu|g|#%s\n" - "fuzzing.afl.unique_hangs:%llu|g|#%s\n", - afl->queue_cycle, tags, afl->queued_paths, tags, afl->unique_crashes, - tags, afl->total_crashes, tags, afl->unique_hangs, tags); + METRIC_PREFIX".cycle_done:%llu|g%s\n" + METRIC_PREFIX".cycles_wo_finds:%llu|g%s\n" + METRIC_PREFIX".execs_done:%llu|g%s\n" + METRIC_PREFIX".execs_per_sec:%0.02f|g%s\n" + METRIC_PREFIX".paths_total:%u|g%s\n" + METRIC_PREFIX".paths_favored:%u|g%s\n" + METRIC_PREFIX".paths_found:%u|g%s\n" + METRIC_PREFIX".paths_imported:%u|g%s\n" + METRIC_PREFIX".max_depth:%u|g%s\n" + METRIC_PREFIX".cur_path:%u|g%s\n" + METRIC_PREFIX".pending_favs:%u|g%s\n" + METRIC_PREFIX".pending_total:%u|g%s\n" + METRIC_PREFIX".variable_paths:%u|g%s\n" + METRIC_PREFIX".unique_crashes:%llu|g%s\n" + METRIC_PREFIX".unique_hangs:%llu|g%s\n" + METRIC_PREFIX".total_crashes:%llu|g%s\n" + METRIC_PREFIX".slowest_exec_ms:%u|g%s\n" + METRIC_PREFIX".edges_found:%u|g%s\n" + METRIC_PREFIX".var_byte_count:%u|g%s\n" + METRIC_PREFIX".havoc_expansion:%u|g%s\n", + afl->queue_cycle ? (afl->queue_cycle - 1) : 0, tags, + afl->cycles_wo_finds, tags, + afl->fsrv.total_execs, tags, + afl->fsrv.total_execs / ((double)(get_cur_time() - afl->start_time) / 1000), tags, + afl->queued_paths, tags, + afl->queued_favored, tags, + afl->queued_discovered, tags, + afl->queued_imported, tags, + afl->max_depth, tags, + afl->current_entry, tags, + afl->pending_favored, tags, + afl->pending_not_fuzzed, tags, + afl->queued_variable, tags, + afl->unique_crashes, tags, + afl->unique_hangs, tags, + afl->total_crashes, tags, + afl->slowest_exec_ms, tags, + count_non_255_bytes(afl, afl->virgin_bits), tags, + afl->var_byte_count, tags, + afl->expand_havoc, tags + ); return 0; } \ No newline at end of file -- cgit 1.4.1 From ca6106a1dc5b39df9f167b3d30ea4472636564c9 Mon Sep 17 00:00:00 2001 From: Edznux Date: Sun, 4 Oct 2020 14:24:25 +0200 Subject: Refactor --- include/afl-fuzz.h | 4 ++- include/config.h | 2 ++ src/afl-fuzz-stats.c | 6 +++-- src/afl-fuzz-statsd.c | 73 ++++++++++++++++++++++++++------------------------- 4 files changed, 46 insertions(+), 39 deletions(-) (limited to 'src/afl-fuzz-statsd.c') diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index eecfcf75..f341e300 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -635,6 +635,8 @@ typedef struct afl_state { u64 plot_prev_qc, plot_prev_uc, plot_prev_uh, plot_prev_ed; u64 stats_last_stats_ms, stats_last_plot_ms, stats_last_ms, stats_last_execs; + // StatsD + u64 statsd_last_send_ms; double stats_avg_exec; u8 *clean_trace; @@ -957,7 +959,7 @@ void show_init_stats(afl_state_t *); /* StatsD */ int statsd_socket_init(char *host, int port); -int send_statsd_metric(afl_state_t *afl); +int statsd_send_metric(afl_state_t *afl); int statsd_format_metric(afl_state_t *afl, char *buff, size_t bufflen); /* Run */ diff --git a/include/config.h b/include/config.h index c55dda2b..8cdf0633 100644 --- a/include/config.h +++ b/include/config.h @@ -47,6 +47,8 @@ Server config can be adjusted with AFL_STATSD_HOST and AFL_STATSD_PORT env var. #define USE_STATSD #define STATSD_UPDATE_SEC 1 +#define STATSD_DEFAULT_PORT 8125 +#define STATSD_DEFAULT_HOST "127.0.0.1" /* If you want to have the original afl internal memory corruption checks. Disabled by default for speed. it is better to use "make ASAN_BUILD=1". */ diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index bbbe6ba6..ffef7647 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -423,8 +423,10 @@ void show_stats(afl_state_t *afl) { } #ifdef USE_STATSD - if (cur_ms - afl->stats_last_stats_ms > STATSD_UPDATE_SEC * 1000) { - if(send_statsd_metric(afl)){ + if (cur_ms - afl->statsd_last_send_ms > STATSD_UPDATE_SEC * 1000) { + /* reset counter, even if send failed. */ + afl->statsd_last_send_ms = cur_ms; + if(statsd_send_metric(afl)){ WARNF("coundln't send statsd metric."); } } diff --git a/src/afl-fuzz-statsd.c b/src/afl-fuzz-statsd.c index d9cd12d2..5bd1b537 100644 --- a/src/afl-fuzz-statsd.c +++ b/src/afl-fuzz-statsd.c @@ -13,11 +13,12 @@ #define MAX_TAG_LEN 200 #define METRIC_PREFIX "fuzzing" -int sock = 0; struct sockaddr_in server; int error = 0; +int statds_sock = 0; int statsd_socket_init(char *host, int port){ + int sock; if((sock = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) == -1){ perror("socket"); exit(1); @@ -42,72 +43,72 @@ int statsd_socket_init(char *host, int port){ memcpy(&(server.sin_addr), &((struct sockaddr_in*)result->ai_addr)->sin_addr, sizeof(struct in_addr)); freeaddrinfo(result); - return 0; + return sock; } -int send_statsd_metric(afl_state_t *afl){ - /* default port and host. +int statsd_send_metric(afl_state_t *afl){ + + char buff[MAX_STATSD_PACKET_SIZE] = {0}; + /* Default port and host. Will be overwritten by AFL_STATSD_PORT and AFL_STATSD_HOST environment variable, if they exists. - */ - u16 port = 8125; - char* host = "127.0.0.1"; + */ + u16 port = STATSD_DEFAULT_PORT; + char* host = STATSD_DEFAULT_HOST; char* port_env; char* host_env; if ((port_env = getenv("AFL_STATSD_PORT")) != NULL) { - // sanitization check ? port = atoi(port_env); } if ((host_env = getenv("AFL_STATSD_HOST")) != NULL) { - // sanitization check ? host = host_env; } - - error = statsd_socket_init(host, port); - if (error){ - perror("Failed to init statsd client. Aborting"); - return -1; - } - - if(!sock){ - perror("sock"); - return -1; - } - char buff[MAX_STATSD_PACKET_SIZE] = {0}; + /* statds_sock is a global variable. We set it once in the beginning and reuse the socket. + If the sendto later fail, we reset it to 0 to be able to recreate it. + */ + if(!statds_sock){ + statds_sock = statsd_socket_init(host, port); + if(!statds_sock){ + perror("Cannot create socket"); + return -1; + } + } statsd_format_metric(afl, buff, MAX_STATSD_PACKET_SIZE); - if (sendto(sock, buff, strlen(buff), 0, - (struct sockaddr *)&server, sizeof(server)) == -1) { - perror("sendto"); - return -1; + if (sendto(statds_sock, buff, strlen(buff), 0, (struct sockaddr *)&server, sizeof(server)) == -1) { + if(!close(statds_sock)){ + perror("Cannot close socket"); + } + statds_sock = 0; + perror("Cannot sendto"); + return -1; } - close(sock); - sock=0; - return 0; } int statsd_format_metric(afl_state_t *afl, char *buff, size_t bufflen){ - /* - metric format: - :|| - tags format: + /* Metric format: + :| */ #ifdef USE_STATSD_TAGS - /* #key:value,key:value,key + /* Tags format: DogStatsD + :||#key:value,key:value,key */ char tags[MAX_TAG_LEN * 2] = {0}; snprintf(tags, MAX_TAG_LEN * 2, "|#banner:%s,afl_version:%s", afl->use_banner, VERSION); - #else + #else + /* No tags. + */ char *tags = ""; #endif - // Sends multiple metrics with one UDP Packet. - // bufflen will limit to the max safe size. + /* Sends multiple metrics with one UDP Packet. + bufflen will limit to the max safe size. + */ snprintf(buff, bufflen, METRIC_PREFIX".cycle_done:%llu|g%s\n" METRIC_PREFIX".cycles_wo_finds:%llu|g%s\n" -- cgit 1.4.1 From b0de6fed11d4a8de8f016f1d8db0cb19a6b96eb2 Mon Sep 17 00:00:00 2001 From: Edznux Date: Sun, 4 Oct 2020 14:29:50 +0200 Subject: Mention tags format in macro's name --- include/config.h | 3 +++ src/afl-fuzz-statsd.c | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) (limited to 'src/afl-fuzz-statsd.c') diff --git a/include/config.h b/include/config.h index 8cdf0633..33113318 100644 --- a/include/config.h +++ b/include/config.h @@ -50,6 +50,9 @@ Server config can be adjusted with AFL_STATSD_HOST and AFL_STATSD_PORT env var. #define STATSD_DEFAULT_PORT 8125 #define STATSD_DEFAULT_HOST "127.0.0.1" +/* comment out to disable tags. */ +#define USE_DOGSTATSD_TAGS + /* If you want to have the original afl internal memory corruption checks. Disabled by default for speed. it is better to use "make ASAN_BUILD=1". */ diff --git a/src/afl-fuzz-statsd.c b/src/afl-fuzz-statsd.c index 5bd1b537..298138be 100644 --- a/src/afl-fuzz-statsd.c +++ b/src/afl-fuzz-statsd.c @@ -92,7 +92,7 @@ int statsd_format_metric(afl_state_t *afl, char *buff, size_t bufflen){ /* Metric format: :| */ - #ifdef USE_STATSD_TAGS + #ifdef USE_DOGSTATSD_TAGS /* Tags format: DogStatsD :||#key:value,key:value,key */ -- cgit 1.4.1 From 1a12db1b59e792c7a46e606fba60bdf855d00c29 Mon Sep 17 00:00:00 2001 From: Edznux Date: Sun, 4 Oct 2020 16:11:05 +0200 Subject: Code format --- include/afl-fuzz.h | 1 + src/afl-fuzz-run.c | 1 + src/afl-fuzz-stats.c | 11 ++- src/afl-fuzz-statsd.c | 256 +++++++++++++++++++++++++------------------------- 4 files changed, 136 insertions(+), 133 deletions(-) (limited to 'src/afl-fuzz-statsd.c') diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index 427e1aec..75dfc4e5 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -635,6 +635,7 @@ typedef struct afl_state { u64 stats_last_stats_ms, stats_last_plot_ms, stats_last_ms, stats_last_execs; // StatsD u64 statsd_last_send_ms; + double stats_avg_exec; u8 *clean_trace; diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index 5e74dff3..ee22b0f6 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -903,6 +903,7 @@ common_fuzz_stuff(afl_state_t *afl, u8 *out_buf, u32 len) { afl->stage_cur + 1 == afl->stage_max) { show_stats(afl); + } return 0; diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index 2f1e3367..942670b4 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -423,15 +423,16 @@ void show_stats(afl_state_t *afl) { } - #ifdef USE_STATSD +#ifdef USE_STATSD if (cur_ms - afl->statsd_last_send_ms > STATSD_UPDATE_SEC * 1000) { + /* reset counter, even if send failed. */ afl->statsd_last_send_ms = cur_ms; - if(statsd_send_metric(afl)){ - WARNF("coundln't send statsd metric."); - } + if (statsd_send_metric(afl)) { WARNF("coundln't send statsd metric."); } + } - #endif + +#endif /* Every now and then, write plot data. */ diff --git a/src/afl-fuzz-statsd.c b/src/afl-fuzz-statsd.c index 298138be..e94f090c 100644 --- a/src/afl-fuzz-statsd.c +++ b/src/afl-fuzz-statsd.c @@ -8,149 +8,149 @@ #include #include "afl-fuzz.h" - #define MAX_STATSD_PACKET_SIZE 4096 #define MAX_TAG_LEN 200 #define METRIC_PREFIX "fuzzing" struct sockaddr_in server; -int error = 0; -int statds_sock = 0; - -int statsd_socket_init(char *host, int port){ - int sock; - if((sock = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) == -1){ - perror("socket"); - exit(1); - } +int error = 0; +int statds_sock = 0; - memset(&server, 0, sizeof(server)); - server.sin_family = AF_INET; - server.sin_port = htons(port); - - struct addrinfo *result; - struct addrinfo hints; +int statsd_socket_init(char *host, int port) { - memset(&hints, 0, sizeof(struct addrinfo)); - hints.ai_family = AF_INET; - hints.ai_socktype = SOCK_DGRAM; + int sock; + if ((sock = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) == -1) { - if ( (error = getaddrinfo(host, NULL, &hints, &result)) ) { - perror("getaddrinfo"); - exit(1); - } + FATAL("Failed to create socket"); + + } + + memset(&server, 0, sizeof(server)); + server.sin_family = AF_INET; + server.sin_port = htons(port); + + struct addrinfo *result; + struct addrinfo hints; + + memset(&hints, 0, sizeof(struct addrinfo)); + hints.ai_family = AF_INET; + hints.ai_socktype = SOCK_DGRAM; - memcpy(&(server.sin_addr), &((struct sockaddr_in*)result->ai_addr)->sin_addr, sizeof(struct in_addr)); - freeaddrinfo(result); + if ((error = getaddrinfo(host, NULL, &hints, &result))) { + + FATAL("Fail to getaddrinfo"); + + } + + memcpy(&(server.sin_addr), &((struct sockaddr_in *)result->ai_addr)->sin_addr, + sizeof(struct in_addr)); + freeaddrinfo(result); + + return sock; - return sock; } -int statsd_send_metric(afl_state_t *afl){ - - char buff[MAX_STATSD_PACKET_SIZE] = {0}; - /* Default port and host. - Will be overwritten by AFL_STATSD_PORT and AFL_STATSD_HOST environment variable, if they exists. - */ - u16 port = STATSD_DEFAULT_PORT; - char* host = STATSD_DEFAULT_HOST; - - char* port_env; - char* host_env; - if ((port_env = getenv("AFL_STATSD_PORT")) != NULL) { - port = atoi(port_env); - } - if ((host_env = getenv("AFL_STATSD_HOST")) != NULL) { - host = host_env; - } +int statsd_send_metric(afl_state_t *afl) { - /* statds_sock is a global variable. We set it once in the beginning and reuse the socket. - If the sendto later fail, we reset it to 0 to be able to recreate it. - */ - if(!statds_sock){ - statds_sock = statsd_socket_init(host, port); - if(!statds_sock){ - perror("Cannot create socket"); - return -1; - } - } + char buff[MAX_STATSD_PACKET_SIZE] = {0}; + /* Default port and host. + Will be overwritten by AFL_STATSD_PORT and AFL_STATSD_HOST environment + variable, if they exists. + */ + u16 port = STATSD_DEFAULT_PORT; + char *host = STATSD_DEFAULT_HOST; + + char *port_env; + char *host_env; + if ((port_env = getenv("AFL_STATSD_PORT")) != NULL) { port = atoi(port_env); } + if ((host_env = getenv("AFL_STATSD_HOST")) != NULL) { host = host_env; } + + /* statds_sock is a global variable. We set it once in the beginning and reuse + the socket. If the sendto later fail, we reset it to 0 to be able to recreate + it. + */ + if (!statds_sock) { + + statds_sock = statsd_socket_init(host, port); + if (!statds_sock) { + + WARNF("Cannot create socket"); + return -1; - statsd_format_metric(afl, buff, MAX_STATSD_PACKET_SIZE); - if (sendto(statds_sock, buff, strlen(buff), 0, (struct sockaddr *)&server, sizeof(server)) == -1) { - if(!close(statds_sock)){ - perror("Cannot close socket"); - } - statds_sock = 0; - perror("Cannot sendto"); - return -1; } - return 0; + } + + statsd_format_metric(afl, buff, MAX_STATSD_PACKET_SIZE); + if (sendto(statds_sock, buff, strlen(buff), 0, (struct sockaddr *)&server, + sizeof(server)) == -1) { + + if (!close(statds_sock)) { perror("Cannot close socket"); } + statds_sock = 0; + WARNF("Cannot sendto"); + return -1; + + } + + return 0; + +} + +int statsd_format_metric(afl_state_t *afl, char *buff, size_t bufflen) { + +/* Metric format: +:| +*/ +#ifdef USE_DOGSTATSD_TAGS + /* Tags format: DogStatsD + :||#key:value,key:value,key + */ + char tags[MAX_TAG_LEN * 2] = {0}; + snprintf(tags, MAX_TAG_LEN * 2, "|#banner:%s,afl_version:%s", afl->use_banner, + VERSION); +#else + /* No tags. + */ + char *tags = ""; +#endif + /* Sends multiple metrics with one UDP Packet. + bufflen will limit to the max safe size. + */ + snprintf(buff, bufflen, + METRIC_PREFIX ".cycle_done:%llu|g%s\n" METRIC_PREFIX + ".cycles_wo_finds:%llu|g%s\n" METRIC_PREFIX + ".execs_done:%llu|g%s\n" METRIC_PREFIX + ".execs_per_sec:%0.02f|g%s\n" METRIC_PREFIX + ".paths_total:%u|g%s\n" METRIC_PREFIX + ".paths_favored:%u|g%s\n" METRIC_PREFIX + ".paths_found:%u|g%s\n" METRIC_PREFIX + ".paths_imported:%u|g%s\n" METRIC_PREFIX + ".max_depth:%u|g%s\n" METRIC_PREFIX + ".cur_path:%u|g%s\n" METRIC_PREFIX + ".pending_favs:%u|g%s\n" METRIC_PREFIX + ".pending_total:%u|g%s\n" METRIC_PREFIX + ".variable_paths:%u|g%s\n" METRIC_PREFIX + ".unique_crashes:%llu|g%s\n" METRIC_PREFIX + ".unique_hangs:%llu|g%s\n" METRIC_PREFIX + ".total_crashes:%llu|g%s\n" METRIC_PREFIX + ".slowest_exec_ms:%u|g%s\n" METRIC_PREFIX + ".edges_found:%u|g%s\n" METRIC_PREFIX + ".var_byte_count:%u|g%s\n" METRIC_PREFIX + ".havoc_expansion:%u|g%s\n", + afl->queue_cycle ? (afl->queue_cycle - 1) : 0, tags, + afl->cycles_wo_finds, tags, afl->fsrv.total_execs, tags, + afl->fsrv.total_execs / + ((double)(get_cur_time() - afl->start_time) / 1000), + tags, afl->queued_paths, tags, afl->queued_favored, tags, + afl->queued_discovered, tags, afl->queued_imported, tags, + afl->max_depth, tags, afl->current_entry, tags, afl->pending_favored, + tags, afl->pending_not_fuzzed, tags, afl->queued_variable, tags, + afl->unique_crashes, tags, afl->unique_hangs, tags, + afl->total_crashes, tags, afl->slowest_exec_ms, tags, + count_non_255_bytes(afl, afl->virgin_bits), tags, + afl->var_byte_count, tags, afl->expand_havoc, tags); + + return 0; + } -int statsd_format_metric(afl_state_t *afl, char *buff, size_t bufflen){ - /* Metric format: - :| - */ - #ifdef USE_DOGSTATSD_TAGS - /* Tags format: DogStatsD - :||#key:value,key:value,key - */ - char tags[MAX_TAG_LEN * 2] = {0}; - snprintf(tags, MAX_TAG_LEN * 2, - "|#banner:%s,afl_version:%s", - afl->use_banner, - VERSION); - #else - /* No tags. - */ - char *tags = ""; - #endif - /* Sends multiple metrics with one UDP Packet. - bufflen will limit to the max safe size. - */ - snprintf(buff, bufflen, - METRIC_PREFIX".cycle_done:%llu|g%s\n" - METRIC_PREFIX".cycles_wo_finds:%llu|g%s\n" - METRIC_PREFIX".execs_done:%llu|g%s\n" - METRIC_PREFIX".execs_per_sec:%0.02f|g%s\n" - METRIC_PREFIX".paths_total:%u|g%s\n" - METRIC_PREFIX".paths_favored:%u|g%s\n" - METRIC_PREFIX".paths_found:%u|g%s\n" - METRIC_PREFIX".paths_imported:%u|g%s\n" - METRIC_PREFIX".max_depth:%u|g%s\n" - METRIC_PREFIX".cur_path:%u|g%s\n" - METRIC_PREFIX".pending_favs:%u|g%s\n" - METRIC_PREFIX".pending_total:%u|g%s\n" - METRIC_PREFIX".variable_paths:%u|g%s\n" - METRIC_PREFIX".unique_crashes:%llu|g%s\n" - METRIC_PREFIX".unique_hangs:%llu|g%s\n" - METRIC_PREFIX".total_crashes:%llu|g%s\n" - METRIC_PREFIX".slowest_exec_ms:%u|g%s\n" - METRIC_PREFIX".edges_found:%u|g%s\n" - METRIC_PREFIX".var_byte_count:%u|g%s\n" - METRIC_PREFIX".havoc_expansion:%u|g%s\n", - afl->queue_cycle ? (afl->queue_cycle - 1) : 0, tags, - afl->cycles_wo_finds, tags, - afl->fsrv.total_execs, tags, - afl->fsrv.total_execs / ((double)(get_cur_time() - afl->start_time) / 1000), tags, - afl->queued_paths, tags, - afl->queued_favored, tags, - afl->queued_discovered, tags, - afl->queued_imported, tags, - afl->max_depth, tags, - afl->current_entry, tags, - afl->pending_favored, tags, - afl->pending_not_fuzzed, tags, - afl->queued_variable, tags, - afl->unique_crashes, tags, - afl->unique_hangs, tags, - afl->total_crashes, tags, - afl->slowest_exec_ms, tags, - count_non_255_bytes(afl, afl->virgin_bits), tags, - afl->var_byte_count, tags, - afl->expand_havoc, tags - ); - - return 0; -} \ No newline at end of file -- cgit 1.4.1 From 2bf3a70e2b5cd0961cb5b1d525f3fd58c4408ba5 Mon Sep 17 00:00:00 2001 From: Edznux Date: Mon, 5 Oct 2020 22:01:50 +0200 Subject: Correctly handle env var. --- include/afl-fuzz.h | 2 +- src/afl-fuzz-state.c | 13 +++++++++++++ src/afl-fuzz-statsd.c | 6 ++---- 3 files changed, 16 insertions(+), 5 deletions(-) (limited to 'src/afl-fuzz-statsd.c') diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index 75dfc4e5..d79920bd 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -359,7 +359,7 @@ typedef struct afl_env_vars { u8 *afl_tmpdir, *afl_custom_mutator_library, *afl_python_module, *afl_path, *afl_hang_tmout, *afl_forksrv_init_tmout, *afl_skip_crashes, *afl_preload, - *afl_max_det_extras; + *afl_max_det_extras, *afl_statsd_host, *afl_statsd_port; } afl_env_vars_t; diff --git a/src/afl-fuzz-state.c b/src/afl-fuzz-state.c index 4e817843..aefa226d 100644 --- a/src/afl-fuzz-state.c +++ b/src/afl-fuzz-state.c @@ -363,6 +363,19 @@ void read_afl_environment(afl_state_t *afl, char **envp) { afl->afl_env.afl_forksrv_init_tmout = (u8 *)get_afl_env(afl_environment_variables[i]); + } else if (!strncmp(env, "AFL_STATSD_HOST", + + afl_environment_variable_len)) { + + afl->afl_env.afl_statsd_host = + (u8 *)get_afl_env(afl_environment_variables[i]); + } else if (!strncmp(env, "AFL_STATSD_PORT", + + afl_environment_variable_len)) { + + afl->afl_env.afl_statsd_port = + (u8 *)get_afl_env(afl_environment_variables[i]); + } } else { diff --git a/src/afl-fuzz-statsd.c b/src/afl-fuzz-statsd.c index e94f090c..7ae2efca 100644 --- a/src/afl-fuzz-statsd.c +++ b/src/afl-fuzz-statsd.c @@ -60,10 +60,8 @@ int statsd_send_metric(afl_state_t *afl) { u16 port = STATSD_DEFAULT_PORT; char *host = STATSD_DEFAULT_HOST; - char *port_env; - char *host_env; - if ((port_env = getenv("AFL_STATSD_PORT")) != NULL) { port = atoi(port_env); } - if ((host_env = getenv("AFL_STATSD_HOST")) != NULL) { host = host_env; } + if (afl->afl_env.afl_statsd_port) { port = atoi(afl->afl_env.afl_statsd_port); } + if (afl->afl_env.afl_statsd_host) { host = afl->afl_env.afl_statsd_host; } /* statds_sock is a global variable. We set it once in the beginning and reuse the socket. If the sendto later fail, we reset it to 0 to be able to recreate -- cgit 1.4.1 From 916b6fd3171bab1b17e576e088f094080ff5f6cf Mon Sep 17 00:00:00 2001 From: Edznux Date: Mon, 5 Oct 2020 22:21:01 +0200 Subject: Refactor global var into afl_state_t struct --- include/afl-fuzz.h | 7 +++++-- src/afl-fuzz-statsd.c | 51 +++++++++++++++++++++++---------------------------- 2 files changed, 28 insertions(+), 30 deletions(-) (limited to 'src/afl-fuzz-statsd.c') diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index d79920bd..7eeeb79b 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -633,8 +633,11 @@ typedef struct afl_state { u64 plot_prev_qc, plot_prev_uc, plot_prev_uh, plot_prev_ed; u64 stats_last_stats_ms, stats_last_plot_ms, stats_last_ms, stats_last_execs; - // StatsD + + /* StatsD */ u64 statsd_last_send_ms; + struct sockaddr_in statsd_server; + int statsd_sock; double stats_avg_exec; @@ -958,7 +961,7 @@ void show_init_stats(afl_state_t *); /* StatsD */ -int statsd_socket_init(char *host, int port); +int statsd_socket_init(afl_state_t *afl); int statsd_send_metric(afl_state_t *afl); int statsd_format_metric(afl_state_t *afl, char *buff, size_t bufflen); diff --git a/src/afl-fuzz-statsd.c b/src/afl-fuzz-statsd.c index 7ae2efca..0ec1bcb7 100644 --- a/src/afl-fuzz-statsd.c +++ b/src/afl-fuzz-statsd.c @@ -12,11 +12,16 @@ #define MAX_TAG_LEN 200 #define METRIC_PREFIX "fuzzing" -struct sockaddr_in server; -int error = 0; -int statds_sock = 0; +int statsd_socket_init(afl_state_t *afl) { + /* Default port and host. + Will be overwritten by AFL_STATSD_PORT and AFL_STATSD_HOST environment + variable, if they exists. + */ + u16 port = STATSD_DEFAULT_PORT; + char *host = STATSD_DEFAULT_HOST; -int statsd_socket_init(char *host, int port) { + if (afl->afl_env.afl_statsd_port) { port = atoi(afl->afl_env.afl_statsd_port); } + if (afl->afl_env.afl_statsd_host) { host = afl->afl_env.afl_statsd_host; } int sock; if ((sock = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) == -1) { @@ -25,9 +30,9 @@ int statsd_socket_init(char *host, int port) { } - memset(&server, 0, sizeof(server)); - server.sin_family = AF_INET; - server.sin_port = htons(port); + memset(&afl->statsd_server, 0, sizeof(afl->statsd_server)); + afl->statsd_server.sin_family = AF_INET; + afl->statsd_server.sin_port = htons(port); struct addrinfo *result; struct addrinfo hints; @@ -36,13 +41,13 @@ int statsd_socket_init(char *host, int port) { hints.ai_family = AF_INET; hints.ai_socktype = SOCK_DGRAM; - if ((error = getaddrinfo(host, NULL, &hints, &result))) { + if ((getaddrinfo(host, NULL, &hints, &result))) { FATAL("Fail to getaddrinfo"); } - memcpy(&(server.sin_addr), &((struct sockaddr_in *)result->ai_addr)->sin_addr, + memcpy(&(afl->statsd_server.sin_addr), &((struct sockaddr_in *)result->ai_addr)->sin_addr, sizeof(struct in_addr)); freeaddrinfo(result); @@ -53,24 +58,14 @@ int statsd_socket_init(char *host, int port) { int statsd_send_metric(afl_state_t *afl) { char buff[MAX_STATSD_PACKET_SIZE] = {0}; - /* Default port and host. - Will be overwritten by AFL_STATSD_PORT and AFL_STATSD_HOST environment - variable, if they exists. - */ - u16 port = STATSD_DEFAULT_PORT; - char *host = STATSD_DEFAULT_HOST; - - if (afl->afl_env.afl_statsd_port) { port = atoi(afl->afl_env.afl_statsd_port); } - if (afl->afl_env.afl_statsd_host) { host = afl->afl_env.afl_statsd_host; } - /* statds_sock is a global variable. We set it once in the beginning and reuse - the socket. If the sendto later fail, we reset it to 0 to be able to recreate - it. + /* afl->statsd_sock is set once in the initialisation of afl-fuzz and reused each time + If the sendto later fail, we reset it to 0 to be able to recreates it. */ - if (!statds_sock) { + if (!afl->statsd_sock) { - statds_sock = statsd_socket_init(host, port); - if (!statds_sock) { + afl->statsd_sock = statsd_socket_init(afl); + if (!afl->statsd_sock) { WARNF("Cannot create socket"); return -1; @@ -80,11 +75,11 @@ int statsd_send_metric(afl_state_t *afl) { } statsd_format_metric(afl, buff, MAX_STATSD_PACKET_SIZE); - if (sendto(statds_sock, buff, strlen(buff), 0, (struct sockaddr *)&server, - sizeof(server)) == -1) { + if (sendto(afl->statsd_sock, buff, strlen(buff), 0, (struct sockaddr *)&afl->statsd_server, + sizeof(afl->statsd_server)) == -1) { - if (!close(statds_sock)) { perror("Cannot close socket"); } - statds_sock = 0; + if (!close(afl->statsd_sock)) { perror("Cannot close socket"); } + afl->statsd_sock = 0; WARNF("Cannot sendto"); return -1; -- cgit 1.4.1 From 9ac9aa25111b67cd6a2ee7ce8376a445368b215f Mon Sep 17 00:00:00 2001 From: Edznux Date: Mon, 5 Oct 2020 22:21:24 +0200 Subject: Fix code format --- include/afl-fuzz.h | 4 ++-- src/afl-fuzz-state.c | 1 + src/afl-fuzz-statsd.c | 19 ++++++++++++++----- 3 files changed, 17 insertions(+), 7 deletions(-) (limited to 'src/afl-fuzz-statsd.c') diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index 7eeeb79b..92375b2c 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -635,9 +635,9 @@ typedef struct afl_state { u64 stats_last_stats_ms, stats_last_plot_ms, stats_last_ms, stats_last_execs; /* StatsD */ - u64 statsd_last_send_ms; + u64 statsd_last_send_ms; struct sockaddr_in statsd_server; - int statsd_sock; + int statsd_sock; double stats_avg_exec; diff --git a/src/afl-fuzz-state.c b/src/afl-fuzz-state.c index aefa226d..5e719a85 100644 --- a/src/afl-fuzz-state.c +++ b/src/afl-fuzz-state.c @@ -369,6 +369,7 @@ void read_afl_environment(afl_state_t *afl, char **envp) { afl->afl_env.afl_statsd_host = (u8 *)get_afl_env(afl_environment_variables[i]); + } else if (!strncmp(env, "AFL_STATSD_PORT", afl_environment_variable_len)) { diff --git a/src/afl-fuzz-statsd.c b/src/afl-fuzz-statsd.c index 0ec1bcb7..9cb8fde4 100644 --- a/src/afl-fuzz-statsd.c +++ b/src/afl-fuzz-statsd.c @@ -13,6 +13,7 @@ #define METRIC_PREFIX "fuzzing" int statsd_socket_init(afl_state_t *afl) { + /* Default port and host. Will be overwritten by AFL_STATSD_PORT and AFL_STATSD_HOST environment variable, if they exists. @@ -20,7 +21,12 @@ int statsd_socket_init(afl_state_t *afl) { u16 port = STATSD_DEFAULT_PORT; char *host = STATSD_DEFAULT_HOST; - if (afl->afl_env.afl_statsd_port) { port = atoi(afl->afl_env.afl_statsd_port); } + if (afl->afl_env.afl_statsd_port) { + + port = atoi(afl->afl_env.afl_statsd_port); + + } + if (afl->afl_env.afl_statsd_host) { host = afl->afl_env.afl_statsd_host; } int sock; @@ -47,7 +53,8 @@ int statsd_socket_init(afl_state_t *afl) { } - memcpy(&(afl->statsd_server.sin_addr), &((struct sockaddr_in *)result->ai_addr)->sin_addr, + memcpy(&(afl->statsd_server.sin_addr), + &((struct sockaddr_in *)result->ai_addr)->sin_addr, sizeof(struct in_addr)); freeaddrinfo(result); @@ -59,8 +66,9 @@ int statsd_send_metric(afl_state_t *afl) { char buff[MAX_STATSD_PACKET_SIZE] = {0}; - /* afl->statsd_sock is set once in the initialisation of afl-fuzz and reused each time - If the sendto later fail, we reset it to 0 to be able to recreates it. + /* afl->statsd_sock is set once in the initialisation of afl-fuzz and reused + each time If the sendto later fail, we reset it to 0 to be able to recreates + it. */ if (!afl->statsd_sock) { @@ -75,7 +83,8 @@ int statsd_send_metric(afl_state_t *afl) { } statsd_format_metric(afl, buff, MAX_STATSD_PACKET_SIZE); - if (sendto(afl->statsd_sock, buff, strlen(buff), 0, (struct sockaddr *)&afl->statsd_server, + if (sendto(afl->statsd_sock, buff, strlen(buff), 0, + (struct sockaddr *)&afl->statsd_server, sizeof(afl->statsd_server)) == -1) { if (!close(afl->statsd_sock)) { perror("Cannot close socket"); } -- cgit 1.4.1 From 3d7bdc9f0b6892cb359fc07a0cef387851cbd8b1 Mon Sep 17 00:00:00 2001 From: Edznux Date: Tue, 6 Oct 2020 23:00:11 +0200 Subject: [WIP: segfault on non dogstatsd] Adding MACROS for format --- include/afl-fuzz.h | 13 +++-- include/config.h | 3 -- include/envs.h | 1 + src/afl-fuzz-state.c | 7 +++ src/afl-fuzz-statsd.c | 140 +++++++++++++++++++++++++++++++++++++------------- src/afl-fuzz.c | 5 ++ 6 files changed, 127 insertions(+), 42 deletions(-) (limited to 'src/afl-fuzz-statsd.c') diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index 92375b2c..ffb518ad 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -359,7 +359,8 @@ typedef struct afl_env_vars { u8 *afl_tmpdir, *afl_custom_mutator_library, *afl_python_module, *afl_path, *afl_hang_tmout, *afl_forksrv_init_tmout, *afl_skip_crashes, *afl_preload, - *afl_max_det_extras, *afl_statsd_host, *afl_statsd_port; + *afl_max_det_extras, *afl_statsd_host, *afl_statsd_port, + *afl_statsd_tags_flavor; } afl_env_vars_t; @@ -638,6 +639,9 @@ typedef struct afl_state { u64 statsd_last_send_ms; struct sockaddr_in statsd_server; int statsd_sock; + char * statsd_tags_flavor; + char * statsd_tags_format; + char * statsd_metric_format; double stats_avg_exec; @@ -961,9 +965,10 @@ void show_init_stats(afl_state_t *); /* StatsD */ -int statsd_socket_init(afl_state_t *afl); -int statsd_send_metric(afl_state_t *afl); -int statsd_format_metric(afl_state_t *afl, char *buff, size_t bufflen); +void statsd_setup_format(afl_state_t *afl); +int statsd_socket_init(afl_state_t *afl); +int statsd_send_metric(afl_state_t *afl); +int statsd_format_metric(afl_state_t *afl, char *buff, size_t bufflen); /* Run */ diff --git a/include/config.h b/include/config.h index c0a04565..3d6b0395 100644 --- a/include/config.h +++ b/include/config.h @@ -50,9 +50,6 @@ Server config can be adjusted with AFL_STATSD_HOST and AFL_STATSD_PORT env var. #define STATSD_DEFAULT_PORT 8125 #define STATSD_DEFAULT_HOST "127.0.0.1" -/* comment out to disable tags. */ -#define USE_DOGSTATSD_TAGS - /* If you want to have the original afl internal memory corruption checks. Disabled by default for speed. it is better to use "make ASAN_BUILD=1". */ diff --git a/include/envs.h b/include/envs.h index 1fc9e83d..16da14cb 100644 --- a/include/envs.h +++ b/include/envs.h @@ -137,6 +137,7 @@ static char *afl_environment_variables[] = { "AFL_SKIP_CRASHES", "AFL_STATSD_HOST", "AFL_STATSD_PORT", + "AFL_STATSD_TAGS_FLAVOR", "AFL_TMIN_EXACT", "AFL_TMPDIR", "AFL_TOKEN_FILE", diff --git a/src/afl-fuzz-state.c b/src/afl-fuzz-state.c index 5e719a85..77b30b5b 100644 --- a/src/afl-fuzz-state.c +++ b/src/afl-fuzz-state.c @@ -377,6 +377,13 @@ void read_afl_environment(afl_state_t *afl, char **envp) { afl->afl_env.afl_statsd_port = (u8 *)get_afl_env(afl_environment_variables[i]); + } else if (!strncmp(env, "AFL_STATSD_TAGS_FLAVOR", + + afl_environment_variable_len)) { + + afl->afl_env.afl_statsd_tags_flavor = + (u8 *)get_afl_env(afl_environment_variables[i]); + } } else { diff --git a/src/afl-fuzz-statsd.c b/src/afl-fuzz-statsd.c index 9cb8fde4..f77df17e 100644 --- a/src/afl-fuzz-statsd.c +++ b/src/afl-fuzz-statsd.c @@ -12,6 +12,107 @@ #define MAX_TAG_LEN 200 #define METRIC_PREFIX "fuzzing" +/* Tags format for metrics + DogStatsD: + metric.name:||#key:value,key2:value2 + + InfluxDB + metric.name,key=value,key2=value2:| + + Librato + metric.name#key=value,key2=value2:| + + SignalFX + metric.name[key=value,key2=value2]:| + +*/ + +// after the whole metric. +#define DOGSTATSD_TAGS_FORMAT "|#banner:%s,afl_version:%s" + +// just after the metric name. +#define LIBRATO_TAGS_FORMAT "#banner=%s,afl_version=%s" +#define INFLUXDB_TAGS_FORMAT ",banner=%s,afl_version=%s" +#define SIGNALFX_TAGS_FORMAT "[banner=%s,afl_version=%s]" + +// For DogstatsD +#define STATSD_TAGS_AFTER_METRICS \ + METRIC_PREFIX \ + ".cycle_done:%llu|g%s\n" METRIC_PREFIX \ + ".cycles_wo_finds:%llu|g%s\n" METRIC_PREFIX \ + ".execs_done:%llu|g%s\n" METRIC_PREFIX \ + ".execs_per_sec:%0.02f|g%s\n" METRIC_PREFIX \ + ".paths_total:%u|g%s\n" METRIC_PREFIX \ + ".paths_favored:%u|g%s\n" METRIC_PREFIX \ + ".paths_found:%u|g%s\n" METRIC_PREFIX \ + ".paths_imported:%u|g%s\n" METRIC_PREFIX \ + ".max_depth:%u|g%s\n" METRIC_PREFIX ".cur_path:%u|g%s\n" METRIC_PREFIX \ + ".pending_favs:%u|g%s\n" METRIC_PREFIX \ + ".pending_total:%u|g%s\n" METRIC_PREFIX \ + ".variable_paths:%u|g%s\n" METRIC_PREFIX \ + ".unique_crashes:%llu|g%s\n" METRIC_PREFIX \ + ".unique_hangs:%llu|g%s\n" METRIC_PREFIX \ + ".total_crashes:%llu|g%s\n" METRIC_PREFIX \ + ".slowest_exec_ms:%u|g%s\n" METRIC_PREFIX \ + ".edges_found:%u|g%s\n" METRIC_PREFIX \ + ".var_byte_count:%u|g%s\n" METRIC_PREFIX ".havoc_expansion:%u|g%s\n" + +// For Librato, InfluxDB, SignalFX +#define STATSD_TAGS_MID_METRICS \ + METRIC_PREFIX \ + ".cycle_done%s:%llu|g\n" METRIC_PREFIX \ + ".cycles_wo_finds%s:%llu|g\n" METRIC_PREFIX \ + ".execs_done%s:%llu|g\n" METRIC_PREFIX \ + ".execs_per_sec%s:%0.02f|g\n" METRIC_PREFIX \ + ".paths_total%s:%u|g\n" METRIC_PREFIX \ + ".paths_favored%s:%u|g\n" METRIC_PREFIX \ + ".paths_found%s:%u|g\n" METRIC_PREFIX \ + ".paths_imported%s:%u|g\n" METRIC_PREFIX \ + ".max_depth%s:%u|g\n" METRIC_PREFIX ".cur_path%s:%u|g\n" METRIC_PREFIX \ + ".pending_favs%s:%u|g\n" METRIC_PREFIX \ + ".pending_total%s:%u|g\n" METRIC_PREFIX \ + ".variable_paths%s:%u|g\n" METRIC_PREFIX \ + ".unique_crashes%s:%llu|g\n" METRIC_PREFIX \ + ".unique_hangs%s:%llu|g\n" METRIC_PREFIX \ + ".total_crashes%s:%llu|g\n" METRIC_PREFIX \ + ".slowest_exec_ms%s:%u|g\n" METRIC_PREFIX \ + ".edges_found%s:%u|g\n" METRIC_PREFIX \ + ".var_byte_count%s:%u|g\n" METRIC_PREFIX ".havoc_expansion%s:%u|g\n" + +void statsd_setup_format(afl_state_t *afl) { + + if (strcmp(afl->afl_env.afl_statsd_tags_flavor, "dogstatsd") == 0) { + + afl->statsd_tags_format = DOGSTATSD_TAGS_FORMAT; + afl->statsd_metric_format = STATSD_TAGS_AFTER_METRICS; + + } else if (strcmp(afl->afl_env.afl_statsd_tags_flavor, "librato") == 0) { + + afl->statsd_tags_format = LIBRATO_TAGS_FORMAT; + afl->statsd_metric_format = STATSD_TAGS_MID_METRICS; + + } else if (strcmp(afl->afl_env.afl_statsd_tags_flavor, "influxdb") == 0) { + + afl->statsd_tags_format = INFLUXDB_TAGS_FORMAT; + afl->statsd_metric_format = STATSD_TAGS_MID_METRICS; + + } else if (strcmp(afl->afl_env.afl_statsd_tags_flavor, "signalfx") == 0) { + + afl->statsd_tags_format = SIGNALFX_TAGS_FORMAT; + afl->statsd_metric_format = STATSD_TAGS_MID_METRICS; + + } else { + + // No tags at all. + afl->statsd_tags_format = ""; + // Still need to pick a format. Doesn't change anything since if will be + // replaced by the empty string anyway. + afl->statsd_metric_format = STATSD_TAGS_MID_METRICS; + + } + +} + int statsd_socket_init(afl_state_t *afl) { /* Default port and host. @@ -87,7 +188,7 @@ int statsd_send_metric(afl_state_t *afl) { (struct sockaddr *)&afl->statsd_server, sizeof(afl->statsd_server)) == -1) { - if (!close(afl->statsd_sock)) { perror("Cannot close socket"); } + if (!close(afl->statsd_sock)) { FATAL("Cannot close socket"); } afl->statsd_sock = 0; WARNF("Cannot sendto"); return -1; @@ -100,45 +201,14 @@ int statsd_send_metric(afl_state_t *afl) { int statsd_format_metric(afl_state_t *afl, char *buff, size_t bufflen) { -/* Metric format: -:| -*/ -#ifdef USE_DOGSTATSD_TAGS - /* Tags format: DogStatsD - :||#key:value,key:value,key - */ char tags[MAX_TAG_LEN * 2] = {0}; - snprintf(tags, MAX_TAG_LEN * 2, "|#banner:%s,afl_version:%s", afl->use_banner, + snprintf(tags, MAX_TAG_LEN * 2, afl->statsd_tags_format, afl->use_banner, VERSION); -#else - /* No tags. - */ - char *tags = ""; -#endif + /* Sends multiple metrics with one UDP Packet. bufflen will limit to the max safe size. */ - snprintf(buff, bufflen, - METRIC_PREFIX ".cycle_done:%llu|g%s\n" METRIC_PREFIX - ".cycles_wo_finds:%llu|g%s\n" METRIC_PREFIX - ".execs_done:%llu|g%s\n" METRIC_PREFIX - ".execs_per_sec:%0.02f|g%s\n" METRIC_PREFIX - ".paths_total:%u|g%s\n" METRIC_PREFIX - ".paths_favored:%u|g%s\n" METRIC_PREFIX - ".paths_found:%u|g%s\n" METRIC_PREFIX - ".paths_imported:%u|g%s\n" METRIC_PREFIX - ".max_depth:%u|g%s\n" METRIC_PREFIX - ".cur_path:%u|g%s\n" METRIC_PREFIX - ".pending_favs:%u|g%s\n" METRIC_PREFIX - ".pending_total:%u|g%s\n" METRIC_PREFIX - ".variable_paths:%u|g%s\n" METRIC_PREFIX - ".unique_crashes:%llu|g%s\n" METRIC_PREFIX - ".unique_hangs:%llu|g%s\n" METRIC_PREFIX - ".total_crashes:%llu|g%s\n" METRIC_PREFIX - ".slowest_exec_ms:%u|g%s\n" METRIC_PREFIX - ".edges_found:%u|g%s\n" METRIC_PREFIX - ".var_byte_count:%u|g%s\n" METRIC_PREFIX - ".havoc_expansion:%u|g%s\n", + snprintf(buff, bufflen, afl->statsd_metric_format, afl->queue_cycle ? (afl->queue_cycle - 1) : 0, tags, afl->cycles_wo_finds, tags, afl->fsrv.total_execs, tags, afl->fsrv.total_execs / diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 0b08f426..e0e9487f 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -891,6 +891,11 @@ int main(int argc, char **argv_orig, char **envp) { } + #ifdef USE_STATSD + statsd_setup_format(afl); + statsd_socket_init(afl); + #endif + if (strchr(argv[optind], '/') == NULL && !afl->unicorn_mode) { WARNF(cLRD -- cgit 1.4.1 From 17abe7d36e1bf63e149b3c0be20d3d0b7076746f Mon Sep 17 00:00:00 2001 From: Edznux Date: Tue, 6 Oct 2020 23:23:45 +0200 Subject: Fixed segfault because wrong order in args --- include/afl-fuzz.h | 1 + src/afl-fuzz-statsd.c | 137 ++++++++++++++++++++++++++++++-------------------- 2 files changed, 83 insertions(+), 55 deletions(-) (limited to 'src/afl-fuzz-statsd.c') diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index ffb518ad..df7dd644 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -642,6 +642,7 @@ typedef struct afl_state { char * statsd_tags_flavor; char * statsd_tags_format; char * statsd_metric_format; + int statsd_metric_format_type; double stats_avg_exec; diff --git a/src/afl-fuzz-statsd.c b/src/afl-fuzz-statsd.c index f77df17e..e6640977 100644 --- a/src/afl-fuzz-statsd.c +++ b/src/afl-fuzz-statsd.c @@ -36,70 +36,74 @@ #define SIGNALFX_TAGS_FORMAT "[banner=%s,afl_version=%s]" // For DogstatsD -#define STATSD_TAGS_AFTER_METRICS \ - METRIC_PREFIX \ - ".cycle_done:%llu|g%s\n" METRIC_PREFIX \ - ".cycles_wo_finds:%llu|g%s\n" METRIC_PREFIX \ - ".execs_done:%llu|g%s\n" METRIC_PREFIX \ - ".execs_per_sec:%0.02f|g%s\n" METRIC_PREFIX \ - ".paths_total:%u|g%s\n" METRIC_PREFIX \ - ".paths_favored:%u|g%s\n" METRIC_PREFIX \ - ".paths_found:%u|g%s\n" METRIC_PREFIX \ - ".paths_imported:%u|g%s\n" METRIC_PREFIX \ - ".max_depth:%u|g%s\n" METRIC_PREFIX ".cur_path:%u|g%s\n" METRIC_PREFIX \ - ".pending_favs:%u|g%s\n" METRIC_PREFIX \ - ".pending_total:%u|g%s\n" METRIC_PREFIX \ - ".variable_paths:%u|g%s\n" METRIC_PREFIX \ - ".unique_crashes:%llu|g%s\n" METRIC_PREFIX \ - ".unique_hangs:%llu|g%s\n" METRIC_PREFIX \ - ".total_crashes:%llu|g%s\n" METRIC_PREFIX \ - ".slowest_exec_ms:%u|g%s\n" METRIC_PREFIX \ - ".edges_found:%u|g%s\n" METRIC_PREFIX \ - ".var_byte_count:%u|g%s\n" METRIC_PREFIX ".havoc_expansion:%u|g%s\n" +#define STATSD_TAGS_TYPE_SUFFIX 1 +#define STATSD_TAGS_SUFFIX_METRICS \ + METRIC_PREFIX \ + ".cycle_done:%llu|g%s\n" METRIC_PREFIX \ + ".cycles_wo_finds:%llu|g%s\n" METRIC_PREFIX \ + ".execs_done:%llu|g%s\n" METRIC_PREFIX \ + ".execs_per_sec:%0.02f|g%s\n" METRIC_PREFIX \ + ".paths_total:%u|g%s\n" METRIC_PREFIX \ + ".paths_favored:%u|g%s\n" METRIC_PREFIX \ + ".paths_found:%u|g%s\n" METRIC_PREFIX \ + ".paths_imported:%u|g%s\n" METRIC_PREFIX ".max_depth:%u|g%s\n" METRIC_PREFIX \ + ".cur_path:%u|g%s\n" METRIC_PREFIX ".pending_favs:%u|g%s\n" METRIC_PREFIX \ + ".pending_total:%u|g%s\n" METRIC_PREFIX \ + ".variable_paths:%u|g%s\n" METRIC_PREFIX \ + ".unique_crashes:%llu|g%s\n" METRIC_PREFIX \ + ".unique_hangs:%llu|g%s\n" METRIC_PREFIX \ + ".total_crashes:%llu|g%s\n" METRIC_PREFIX \ + ".slowest_exec_ms:%u|g%s\n" METRIC_PREFIX \ + ".edges_found:%u|g%s\n" METRIC_PREFIX \ + ".var_byte_count:%u|g%s\n" METRIC_PREFIX ".havoc_expansion:%u|g%s\n" // For Librato, InfluxDB, SignalFX -#define STATSD_TAGS_MID_METRICS \ - METRIC_PREFIX \ - ".cycle_done%s:%llu|g\n" METRIC_PREFIX \ - ".cycles_wo_finds%s:%llu|g\n" METRIC_PREFIX \ - ".execs_done%s:%llu|g\n" METRIC_PREFIX \ - ".execs_per_sec%s:%0.02f|g\n" METRIC_PREFIX \ - ".paths_total%s:%u|g\n" METRIC_PREFIX \ - ".paths_favored%s:%u|g\n" METRIC_PREFIX \ - ".paths_found%s:%u|g\n" METRIC_PREFIX \ - ".paths_imported%s:%u|g\n" METRIC_PREFIX \ - ".max_depth%s:%u|g\n" METRIC_PREFIX ".cur_path%s:%u|g\n" METRIC_PREFIX \ - ".pending_favs%s:%u|g\n" METRIC_PREFIX \ - ".pending_total%s:%u|g\n" METRIC_PREFIX \ - ".variable_paths%s:%u|g\n" METRIC_PREFIX \ - ".unique_crashes%s:%llu|g\n" METRIC_PREFIX \ - ".unique_hangs%s:%llu|g\n" METRIC_PREFIX \ - ".total_crashes%s:%llu|g\n" METRIC_PREFIX \ - ".slowest_exec_ms%s:%u|g\n" METRIC_PREFIX \ - ".edges_found%s:%u|g\n" METRIC_PREFIX \ - ".var_byte_count%s:%u|g\n" METRIC_PREFIX ".havoc_expansion%s:%u|g\n" +#define STATSD_TAGS_TYPE_MID 2 +#define STATSD_TAGS_MID_METRICS \ + METRIC_PREFIX \ + ".cycle_done%s:%llu|g\n" METRIC_PREFIX \ + ".cycles_wo_finds%s:%llu|g\n" METRIC_PREFIX \ + ".execs_done%s:%llu|g\n" METRIC_PREFIX \ + ".execs_per_sec%s:%0.02f|g\n" METRIC_PREFIX \ + ".paths_total%s:%u|g\n" METRIC_PREFIX \ + ".paths_favored%s:%u|g\n" METRIC_PREFIX \ + ".paths_found%s:%u|g\n" METRIC_PREFIX \ + ".paths_imported%s:%u|g\n" METRIC_PREFIX ".max_depth%s:%u|g\n" METRIC_PREFIX \ + ".cur_path%s:%u|g\n" METRIC_PREFIX ".pending_favs%s:%u|g\n" METRIC_PREFIX \ + ".pending_total%s:%u|g\n" METRIC_PREFIX \ + ".variable_paths%s:%u|g\n" METRIC_PREFIX \ + ".unique_crashes%s:%llu|g\n" METRIC_PREFIX \ + ".unique_hangs%s:%llu|g\n" METRIC_PREFIX \ + ".total_crashes%s:%llu|g\n" METRIC_PREFIX \ + ".slowest_exec_ms%s:%u|g\n" METRIC_PREFIX \ + ".edges_found%s:%u|g\n" METRIC_PREFIX \ + ".var_byte_count%s:%u|g\n" METRIC_PREFIX ".havoc_expansion%s:%u|g\n" void statsd_setup_format(afl_state_t *afl) { if (strcmp(afl->afl_env.afl_statsd_tags_flavor, "dogstatsd") == 0) { afl->statsd_tags_format = DOGSTATSD_TAGS_FORMAT; - afl->statsd_metric_format = STATSD_TAGS_AFTER_METRICS; + afl->statsd_metric_format = STATSD_TAGS_SUFFIX_METRICS; + afl->statsd_metric_format_type = STATSD_TAGS_TYPE_SUFFIX; } else if (strcmp(afl->afl_env.afl_statsd_tags_flavor, "librato") == 0) { afl->statsd_tags_format = LIBRATO_TAGS_FORMAT; afl->statsd_metric_format = STATSD_TAGS_MID_METRICS; + afl->statsd_metric_format_type = STATSD_TAGS_TYPE_MID; } else if (strcmp(afl->afl_env.afl_statsd_tags_flavor, "influxdb") == 0) { afl->statsd_tags_format = INFLUXDB_TAGS_FORMAT; afl->statsd_metric_format = STATSD_TAGS_MID_METRICS; + afl->statsd_metric_format_type = STATSD_TAGS_TYPE_MID; } else if (strcmp(afl->afl_env.afl_statsd_tags_flavor, "signalfx") == 0) { afl->statsd_tags_format = SIGNALFX_TAGS_FORMAT; afl->statsd_metric_format = STATSD_TAGS_MID_METRICS; + afl->statsd_metric_format_type = STATSD_TAGS_TYPE_MID; } else { @@ -108,6 +112,7 @@ void statsd_setup_format(afl_state_t *afl) { // Still need to pick a format. Doesn't change anything since if will be // replaced by the empty string anyway. afl->statsd_metric_format = STATSD_TAGS_MID_METRICS; + afl->statsd_metric_format_type = STATSD_TAGS_TYPE_MID; } @@ -188,7 +193,7 @@ int statsd_send_metric(afl_state_t *afl) { (struct sockaddr *)&afl->statsd_server, sizeof(afl->statsd_server)) == -1) { - if (!close(afl->statsd_sock)) { FATAL("Cannot close socket"); } + if (!close(afl->statsd_sock)) { PFATAL("Cannot close socket"); } afl->statsd_sock = 0; WARNF("Cannot sendto"); return -1; @@ -208,19 +213,41 @@ int statsd_format_metric(afl_state_t *afl, char *buff, size_t bufflen) { /* Sends multiple metrics with one UDP Packet. bufflen will limit to the max safe size. */ - snprintf(buff, bufflen, afl->statsd_metric_format, - afl->queue_cycle ? (afl->queue_cycle - 1) : 0, tags, - afl->cycles_wo_finds, tags, afl->fsrv.total_execs, tags, - afl->fsrv.total_execs / - ((double)(get_cur_time() - afl->start_time) / 1000), - tags, afl->queued_paths, tags, afl->queued_favored, tags, - afl->queued_discovered, tags, afl->queued_imported, tags, - afl->max_depth, tags, afl->current_entry, tags, afl->pending_favored, - tags, afl->pending_not_fuzzed, tags, afl->queued_variable, tags, - afl->unique_crashes, tags, afl->unique_hangs, tags, - afl->total_crashes, tags, afl->slowest_exec_ms, tags, - count_non_255_bytes(afl, afl->virgin_bits), tags, - afl->var_byte_count, tags, afl->expand_havoc, tags); + if (afl->statsd_metric_format_type == STATSD_TAGS_TYPE_SUFFIX) { + + snprintf(buff, bufflen, afl->statsd_metric_format, + afl->queue_cycle ? (afl->queue_cycle - 1) : 0, tags, + afl->cycles_wo_finds, tags, afl->fsrv.total_execs, tags, + afl->fsrv.total_execs / + ((double)(get_cur_time() - afl->start_time) / 1000), + tags, afl->queued_paths, tags, afl->queued_favored, tags, + afl->queued_discovered, tags, afl->queued_imported, tags, + afl->max_depth, tags, afl->current_entry, tags, + afl->pending_favored, tags, afl->pending_not_fuzzed, tags, + afl->queued_variable, tags, afl->unique_crashes, tags, + afl->unique_hangs, tags, afl->total_crashes, tags, + afl->slowest_exec_ms, tags, + count_non_255_bytes(afl, afl->virgin_bits), tags, + afl->var_byte_count, tags, afl->expand_havoc, tags); + + } else if (afl->statsd_metric_format_type == STATSD_TAGS_TYPE_MID) { + + snprintf(buff, bufflen, afl->statsd_metric_format, tags, + afl->queue_cycle ? (afl->queue_cycle - 1) : 0, tags, + afl->cycles_wo_finds, tags, afl->fsrv.total_execs, tags, + afl->fsrv.total_execs / + ((double)(get_cur_time() - afl->start_time) / 1000), + tags, afl->queued_paths, tags, afl->queued_favored, tags, + afl->queued_discovered, tags, afl->queued_imported, tags, + afl->max_depth, tags, afl->current_entry, tags, + afl->pending_favored, tags, afl->pending_not_fuzzed, tags, + afl->queued_variable, tags, afl->unique_crashes, tags, + afl->unique_hangs, tags, afl->total_crashes, tags, + afl->slowest_exec_ms, tags, + count_non_255_bytes(afl, afl->virgin_bits), tags, + afl->var_byte_count, tags, afl->expand_havoc); + + } return 0; -- cgit 1.4.1 From 1fd2ffaf14efb3623ae01951ae0266e0f4f553f2 Mon Sep 17 00:00:00 2001 From: Edznux Date: Wed, 7 Oct 2020 00:51:31 +0200 Subject: Fix read on undefined char*. --- src/afl-fuzz-statsd.c | 23 +++++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-) (limited to 'src/afl-fuzz-statsd.c') diff --git a/src/afl-fuzz-statsd.c b/src/afl-fuzz-statsd.c index e6640977..69cafd90 100644 --- a/src/afl-fuzz-statsd.c +++ b/src/afl-fuzz-statsd.c @@ -81,25 +81,32 @@ void statsd_setup_format(afl_state_t *afl) { - if (strcmp(afl->afl_env.afl_statsd_tags_flavor, "dogstatsd") == 0) { + if (afl->afl_env.afl_statsd_tags_flavor && + strcmp(afl->afl_env.afl_statsd_tags_flavor, "dogstatsd") == 0) { afl->statsd_tags_format = DOGSTATSD_TAGS_FORMAT; afl->statsd_metric_format = STATSD_TAGS_SUFFIX_METRICS; afl->statsd_metric_format_type = STATSD_TAGS_TYPE_SUFFIX; - } else if (strcmp(afl->afl_env.afl_statsd_tags_flavor, "librato") == 0) { + } else if (afl->afl_env.afl_statsd_tags_flavor && + + strcmp(afl->afl_env.afl_statsd_tags_flavor, "librato") == 0) { afl->statsd_tags_format = LIBRATO_TAGS_FORMAT; afl->statsd_metric_format = STATSD_TAGS_MID_METRICS; afl->statsd_metric_format_type = STATSD_TAGS_TYPE_MID; - } else if (strcmp(afl->afl_env.afl_statsd_tags_flavor, "influxdb") == 0) { + } else if (afl->afl_env.afl_statsd_tags_flavor && + + strcmp(afl->afl_env.afl_statsd_tags_flavor, "influxdb") == 0) { afl->statsd_tags_format = INFLUXDB_TAGS_FORMAT; afl->statsd_metric_format = STATSD_TAGS_MID_METRICS; afl->statsd_metric_format_type = STATSD_TAGS_TYPE_MID; - } else if (strcmp(afl->afl_env.afl_statsd_tags_flavor, "signalfx") == 0) { + } else if (afl->afl_env.afl_statsd_tags_flavor && + + strcmp(afl->afl_env.afl_statsd_tags_flavor, "signalfx") == 0) { afl->statsd_tags_format = SIGNALFX_TAGS_FORMAT; afl->statsd_metric_format = STATSD_TAGS_MID_METRICS; @@ -207,8 +214,12 @@ int statsd_send_metric(afl_state_t *afl) { int statsd_format_metric(afl_state_t *afl, char *buff, size_t bufflen) { char tags[MAX_TAG_LEN * 2] = {0}; - snprintf(tags, MAX_TAG_LEN * 2, afl->statsd_tags_format, afl->use_banner, - VERSION); + if (afl->statsd_tags_format) { + + snprintf(tags, MAX_TAG_LEN * 2, afl->statsd_tags_format, afl->use_banner, + VERSION); + + } /* Sends multiple metrics with one UDP Packet. bufflen will limit to the max safe size. -- cgit 1.4.1 From 209c5ba4657b641bf261da7ac9ce7d3f809109c2 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sun, 7 Feb 2021 05:33:02 +0100 Subject: larger map, stats reload fix, code format --- docs/Changelog.md | 2 + instrumentation/afl-compiler-rt.o.c | 2 +- instrumentation/afl-llvm-lto-instrumentation.so.cc | 3 +- qemu_mode/libqasan/dlmalloc.c | 5 ++ src/afl-fuzz-bitmap.c | 3 +- src/afl-fuzz-statsd.c | 63 ++++++++++++---------- utils/afl_untracer/afl-untracer.c | 10 ++-- 7 files changed, 52 insertions(+), 36 deletions(-) (limited to 'src/afl-fuzz-statsd.c') diff --git a/docs/Changelog.md b/docs/Changelog.md index e9efdf38..f2041917 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -26,6 +26,8 @@ sending a mail to . `-i` or resumes (as these have most likely already been done) - fix crash for very, very fast targets+systems (thanks to mhlakhani for reporting) + - on restarts (-i)/autoresume (AFL_AUTORESUME) the stats are now + reloaded and used, thanks to Vimal Joseph for this PR! - if determinstic mode is active (-D, or -M without -d) then we sync after every queue entry as this can take very long time otherwise - better detection if a target needs a large shared map diff --git a/instrumentation/afl-compiler-rt.o.c b/instrumentation/afl-compiler-rt.o.c index 65a5d3d2..059691ec 100644 --- a/instrumentation/afl-compiler-rt.o.c +++ b/instrumentation/afl-compiler-rt.o.c @@ -70,7 +70,7 @@ run. It will end up as .comm, so it shouldn't be too wasteful. */ #if MAP_SIZE <= 65536 - #define MAP_INITIAL_SIZE 1048576 + #define MAP_INITIAL_SIZE 2097152 #else #define MAP_INITIAL_SIZE MAP_SIZE #endif diff --git a/instrumentation/afl-llvm-lto-instrumentation.so.cc b/instrumentation/afl-llvm-lto-instrumentation.so.cc index fa494f44..841d52e5 100644 --- a/instrumentation/afl-llvm-lto-instrumentation.so.cc +++ b/instrumentation/afl-llvm-lto-instrumentation.so.cc @@ -69,7 +69,8 @@ class AFLLTOPass : public ModulePass { if (getenv("AFL_DEBUG")) debug = 1; if ((ptr = getenv("AFL_LLVM_LTO_STARTID")) != NULL) - if ((afl_global_id = (uint32_t)atoi(ptr)) < 0 || afl_global_id >= MAP_SIZE) + if ((afl_global_id = (uint32_t)atoi(ptr)) < 0 || + afl_global_id >= MAP_SIZE) FATAL("AFL_LLVM_LTO_STARTID value of \"%s\" is not between 0 and %u\n", ptr, MAP_SIZE - 1); diff --git a/qemu_mode/libqasan/dlmalloc.c b/qemu_mode/libqasan/dlmalloc.c index 39ca4301..ce94451d 100644 --- a/qemu_mode/libqasan/dlmalloc.c +++ b/qemu_mode/libqasan/dlmalloc.c @@ -3907,6 +3907,7 @@ static void internal_malloc_stats(mstate m) { clear_smallmap(M, I); \ \ } else if (RTCHECK(B == smallbin_at(M, I) || \ + \ (ok_address(M, B) && B->fd == P))) { \ \ F->bk = B; \ @@ -4117,6 +4118,7 @@ static void internal_malloc_stats(mstate m) { XP->child[1] = R; \ \ } else \ + \ CORRUPTION_ERROR_ACTION(M); \ if (R != 0) { \ \ @@ -4132,6 +4134,7 @@ static void internal_malloc_stats(mstate m) { C0->parent = R; \ \ } else \ + \ CORRUPTION_ERROR_ACTION(M); \ \ } \ @@ -4143,11 +4146,13 @@ static void internal_malloc_stats(mstate m) { C1->parent = R; \ \ } else \ + \ CORRUPTION_ERROR_ACTION(M); \ \ } \ \ } else \ + \ CORRUPTION_ERROR_ACTION(M); \ \ } \ diff --git a/src/afl-fuzz-bitmap.c b/src/afl-fuzz-bitmap.c index 0c4a114e..4ed59364 100644 --- a/src/afl-fuzz-bitmap.c +++ b/src/afl-fuzz-bitmap.c @@ -325,7 +325,8 @@ u8 *describe_op(afl_state_t *afl, u8 new_bits, size_t max_description_len) { } - sprintf(ret + strlen(ret), ",time:%llu", get_cur_time() - afl->start_time); + sprintf(ret + strlen(ret), ",time:%llu", + get_cur_time() + afl->prev_run_time - afl->start_time); if (afl->current_custom_fuzz && afl->current_custom_fuzz->afl_custom_describe) { diff --git a/src/afl-fuzz-statsd.c b/src/afl-fuzz-statsd.c index 69cafd90..461bbbf6 100644 --- a/src/afl-fuzz-statsd.c +++ b/src/afl-fuzz-statsd.c @@ -1,3 +1,8 @@ +/* + * This implements rpc.statsd support, see docs/rpc_statsd.md + * + */ + #include #include #include @@ -226,37 +231,39 @@ int statsd_format_metric(afl_state_t *afl, char *buff, size_t bufflen) { */ if (afl->statsd_metric_format_type == STATSD_TAGS_TYPE_SUFFIX) { - snprintf(buff, bufflen, afl->statsd_metric_format, - afl->queue_cycle ? (afl->queue_cycle - 1) : 0, tags, - afl->cycles_wo_finds, tags, afl->fsrv.total_execs, tags, - afl->fsrv.total_execs / - ((double)(get_cur_time() - afl->start_time) / 1000), - tags, afl->queued_paths, tags, afl->queued_favored, tags, - afl->queued_discovered, tags, afl->queued_imported, tags, - afl->max_depth, tags, afl->current_entry, tags, - afl->pending_favored, tags, afl->pending_not_fuzzed, tags, - afl->queued_variable, tags, afl->unique_crashes, tags, - afl->unique_hangs, tags, afl->total_crashes, tags, - afl->slowest_exec_ms, tags, - count_non_255_bytes(afl, afl->virgin_bits), tags, - afl->var_byte_count, tags, afl->expand_havoc, tags); + snprintf( + buff, bufflen, afl->statsd_metric_format, + afl->queue_cycle ? (afl->queue_cycle - 1) : 0, tags, + afl->cycles_wo_finds, tags, afl->fsrv.total_execs, tags, + afl->fsrv.total_execs / + ((double)(get_cur_time() + afl->prev_run_time - afl->start_time) / + 1000), + tags, afl->queued_paths, tags, afl->queued_favored, tags, + afl->queued_discovered, tags, afl->queued_imported, tags, + afl->max_depth, tags, afl->current_entry, tags, afl->pending_favored, + tags, afl->pending_not_fuzzed, tags, afl->queued_variable, tags, + afl->unique_crashes, tags, afl->unique_hangs, tags, afl->total_crashes, + tags, afl->slowest_exec_ms, tags, + count_non_255_bytes(afl, afl->virgin_bits), tags, afl->var_byte_count, + tags, afl->expand_havoc, tags); } else if (afl->statsd_metric_format_type == STATSD_TAGS_TYPE_MID) { - snprintf(buff, bufflen, afl->statsd_metric_format, tags, - afl->queue_cycle ? (afl->queue_cycle - 1) : 0, tags, - afl->cycles_wo_finds, tags, afl->fsrv.total_execs, tags, - afl->fsrv.total_execs / - ((double)(get_cur_time() - afl->start_time) / 1000), - tags, afl->queued_paths, tags, afl->queued_favored, tags, - afl->queued_discovered, tags, afl->queued_imported, tags, - afl->max_depth, tags, afl->current_entry, tags, - afl->pending_favored, tags, afl->pending_not_fuzzed, tags, - afl->queued_variable, tags, afl->unique_crashes, tags, - afl->unique_hangs, tags, afl->total_crashes, tags, - afl->slowest_exec_ms, tags, - count_non_255_bytes(afl, afl->virgin_bits), tags, - afl->var_byte_count, tags, afl->expand_havoc); + snprintf( + buff, bufflen, afl->statsd_metric_format, tags, + afl->queue_cycle ? (afl->queue_cycle - 1) : 0, tags, + afl->cycles_wo_finds, tags, afl->fsrv.total_execs, tags, + afl->fsrv.total_execs / + ((double)(get_cur_time() + afl->prev_run_time - afl->start_time) / + 1000), + tags, afl->queued_paths, tags, afl->queued_favored, tags, + afl->queued_discovered, tags, afl->queued_imported, tags, + afl->max_depth, tags, afl->current_entry, tags, afl->pending_favored, + tags, afl->pending_not_fuzzed, tags, afl->queued_variable, tags, + afl->unique_crashes, tags, afl->unique_hangs, tags, afl->total_crashes, + tags, afl->slowest_exec_ms, tags, + count_non_255_bytes(afl, afl->virgin_bits), tags, afl->var_byte_count, + tags, afl->expand_havoc); } diff --git a/utils/afl_untracer/afl-untracer.c b/utils/afl_untracer/afl-untracer.c index 1f1a10ea..2baeb58d 100644 --- a/utils/afl_untracer/afl-untracer.c +++ b/utils/afl_untracer/afl-untracer.c @@ -480,9 +480,9 @@ void setup_trap_instrumentation(void) { // Index into the coverage bitmap for the current trap instruction. #ifdef __aarch64__ uint64_t bitmap_index = 0; -#ifdef __APPLE__ + #ifdef __APPLE__ pthread_jit_write_protect_np(0); -#endif + #endif #else uint32_t bitmap_index = 0; #endif @@ -627,13 +627,13 @@ static void sigtrap_handler(int signum, siginfo_t *si, void *context) { // Must re-execute the instruction, so decrement PC by one instruction. ucontext_t *ctx = (ucontext_t *)context; #if defined(__APPLE__) && defined(__LP64__) -#if defined(__x86_64__) + #if defined(__x86_64__) ctx->uc_mcontext->__ss.__rip -= 1; addr = ctx->uc_mcontext->__ss.__rip; -#else + #else ctx->uc_mcontext->__ss.__pc -= 4; addr = ctx->uc_mcontext->__ss.__pc; -#endif + #endif #elif defined(__linux__) #if defined(__x86_64__) || defined(__i386__) ctx->uc_mcontext.gregs[REG_RIP] -= 1; -- cgit 1.4.1