From 124ec8d297269b6b3066123782a7e92c802d2248 Mon Sep 17 00:00:00 2001 From: Andrea Fioraldi Date: Mon, 2 Dec 2019 14:34:21 +0100 Subject: code format (contributors, do it!) --- src/afl-fuzz.c | 54 ++++++++++++++++++++++++++++-------------------------- 1 file changed, 28 insertions(+), 26 deletions(-) (limited to 'src/afl-fuzz.c') diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 42bdaebd..bdbc48e0 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -28,7 +28,7 @@ static u8* get_libradamsa_path(u8* own_loc) { u8 *tmp, *cp, *rsl, *own_copy; - + tmp = getenv("AFL_PATH"); if (tmp) { @@ -51,8 +51,7 @@ static u8* get_libradamsa_path(u8* own_loc) { cp = alloc_printf("%s/libradamsa.so", own_copy); ck_free(own_copy); - if (!access(cp, X_OK)) - return cp; + if (!access(cp, X_OK)) return cp; } else @@ -70,11 +69,12 @@ static u8* get_libradamsa_path(u8* own_loc) { } - SAYF("\n" cLRD "[-] " cRST - "Oops, unable to find the 'libradamsa.so' binary. The binary must be " - "built\n" - " separately using 'make radamsa'. If you already have the binary " - "installed,\n you may need to specify AFL_PATH in the environment.\n"); + SAYF( + "\n" cLRD "[-] " cRST + "Oops, unable to find the 'libradamsa.so' binary. The binary must be " + "built\n" + " separately using 'make radamsa'. If you already have the binary " + "installed,\n you may need to specify AFL_PATH in the environment.\n"); FATAL("Failed to locate 'libradamsa.so'."); @@ -109,10 +109,12 @@ static void usage(u8* argv0) { " -m megs - memory limit for child process (%d MB)\n" " -Q - use binary-only instrumentation (QEMU mode)\n" " -U - use unicorn-based instrumentation (Unicorn mode)\n" - " -W - use qemu-based instrumentation with Wine (Wine mode)\n\n" + " -W - use qemu-based instrumentation with Wine (Wine " + "mode)\n\n" "Mutator settings:\n" - " -R[R] - add Radamsa as mutator, add another -R to exclusivly run it\n" + " -R[R] - add Radamsa as mutator, add another -R to exclusivly " + "run it\n" " -L minutes - use MOpt(imize) mode and set the limit time for " "entering the\n" " pacemaker mode (minutes of no new paths, 0 = " @@ -184,9 +186,8 @@ int main(int argc, char** argv) { struct timeval tv; struct timezone tz; - SAYF(cCYA - "afl-fuzz" VERSION cRST - " based on afl by Michal Zalewski and a big online community\n"); + SAYF(cCYA "afl-fuzz" VERSION cRST + " based on afl by Michal Zalewski and a big online community\n"); doc_path = access(DOC_PATH, F_OK) ? "docs" : DOC_PATH; @@ -568,9 +569,9 @@ int main(int argc, char** argv) { usage(argv[0]); return -1; break; // not needed - + case 'R': - + if (use_radamsa) use_radamsa = 2; else @@ -595,28 +596,30 @@ int main(int argc, char** argv) { if (fixed_seed) OKF("Running with fixed seed: %u", (u32)init_seed); srandom((u32)init_seed); - + if (use_radamsa) { - + OKF("Using Radamsa add-on"); - - u8* libradamsa_path = get_libradamsa_path(argv[0]); + + u8* libradamsa_path = get_libradamsa_path(argv[0]); void* handle = dlopen(libradamsa_path, RTLD_NOW); ck_free(libradamsa_path); - + if (!handle) FATAL("Failed to dlopen() libradamsa"); void (*radamsa_init_ptr)(void) = dlsym(handle, "radamsa_init"); radamsa_mutate_ptr = dlsym(handle, "radamsa"); - if (!radamsa_init_ptr || !radamsa_mutate_ptr) FATAL("Failed to dlsym() libradamsa"); + if (!radamsa_init_ptr || !radamsa_mutate_ptr) + FATAL("Failed to dlsym() libradamsa"); - /* randamsa_init installs some signal hadlers, call it before setup_signal_handlers - so that AFL++ can then replace those signal handlers */ + /* randamsa_init installs some signal hadlers, call it before + setup_signal_handlers so that AFL++ can then replace those signal + handlers */ radamsa_init_ptr(); } - + setup_signal_handlers(); check_asan_opts(); @@ -648,8 +651,7 @@ int main(int argc, char** argv) { } - if (getenv("AFL_DISABLE_TRIM")) - disable_trim = 1; + if (getenv("AFL_DISABLE_TRIM")) disable_trim = 1; if (getenv("AFL_NO_UI") && getenv("AFL_FORCE_UI")) FATAL("AFL_NO_UI and AFL_FORCE_UI are mutually exclusive"); -- cgit 1.4.1 From f8bc9b54dabc759e9ad1eb82e5ee36af3bb4e1a6 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Mon, 2 Dec 2019 15:25:17 +0100 Subject: added -N no_unlink option --- docs/ChangeLog | 6 ++++-- include/afl-fuzz.h | 4 +++- src/afl-fuzz-globals.c | 4 +++- src/afl-fuzz-run.c | 33 +++++++++++++++++++++++++++------ src/afl-fuzz.c | 13 +++++++++++-- 5 files changed, 48 insertions(+), 12 deletions(-) (limited to 'src/afl-fuzz.c') diff --git a/docs/ChangeLog b/docs/ChangeLog index e0042f24..cc742797 100644 --- a/docs/ChangeLog +++ b/docs/ChangeLog @@ -20,7 +20,10 @@ Version ++2.58d (dev): - qbdi_mode: fuzz android native libraries via QBDI framework - afl-analyze: added AFL_SKIP_BIN_CHECK support - better random numbers for gcc_plugin and llvm_mode (thanks to devnexen) - - afl-fuzz: CPU affinity support for DragonFly + - afl-fuzz: + - added Radamsa and an optional radamsa stage (-R) + - CPU affinity support for DragonFly + - added -u command line option to not unlink the fuzz input file - llvm_mode: float splitting is now configured via AFL_LLVM_LAF_SPLIT_FLOATS - libtokencap: support for *BSD/OSX added - compcov: floating point splitting support for QEMU on x86 targets @@ -30,7 +33,6 @@ Version ++2.58d (dev): download succeeded. f*ckin travis fails downloading 40% of the time! - added the few Android stuff we didnt have already from Google afl repository - removed unnecessary warnings - - added the radamsa stage -------------------------- diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index c85883dd..0d759a19 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -265,7 +265,9 @@ extern u32 hang_tmout; /* Timeout used for hang det (ms) */ extern u64 mem_limit; /* Memory cap for child (MB) */ extern u8 cal_cycles, /* Calibration cycles defaults */ - cal_cycles_long, debug, /* Debug mode */ + cal_cycles_long, /* Calibration cycles defaults */ + no_unlink, /* do not unlink cur_input */ + debug, /* Debug mode */ custom_only, /* Custom mutator only mode */ python_only; /* Python-only mode */ diff --git a/src/afl-fuzz-globals.c b/src/afl-fuzz-globals.c index 5c36eb0b..de716098 100644 --- a/src/afl-fuzz-globals.c +++ b/src/afl-fuzz-globals.c @@ -83,7 +83,9 @@ u32 hang_tmout = EXEC_TIMEOUT; /* Timeout used for hang det (ms) */ u64 mem_limit = MEM_LIMIT; /* Memory cap for child (MB) */ u8 cal_cycles = CAL_CYCLES, /* Calibration cycles defaults */ - cal_cycles_long = CAL_CYCLES_LONG, debug, /* Debug mode */ + cal_cycles_long = CAL_CYCLES_LONG, /* Calibration cycles defaults */ + debug, /* Debug mode */ + no_unlink, /* do not unlink cur_input */ custom_only, /* Custom mutator only mode */ python_only; /* Python-only mode */ diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index 8fa91afd..8f72d0fe 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -288,9 +288,16 @@ void write_to_testcase(void* mem, u32 len) { if (out_file) { - unlink(out_file); /* Ignore errors. */ + if (no_unlink) { - fd = open(out_file, O_WRONLY | O_CREAT | O_EXCL, 0600); + fd = open(out_file, O_WRONLY | O_CREAT | O_TRUNC, 0600); + + } else { + + unlink(out_file); /* Ignore errors. */ + fd = open(out_file, O_WRONLY | O_CREAT | O_EXCL, 0600); + + } if (fd < 0) PFATAL("Unable to create '%s'", out_file); @@ -330,9 +337,16 @@ void write_with_gap(void* mem, u32 len, u32 skip_at, u32 skip_len) { if (out_file) { - unlink(out_file); /* Ignore errors. */ + if (no_unlink) { + + fd = open(out_file, O_WRONLY | O_CREAT | O_TRUNC, 0600); + + } else { - fd = open(out_file, O_WRONLY | O_CREAT | O_EXCL, 0600); + unlink(out_file); /* Ignore errors. */ + fd = open(out_file, O_WRONLY | O_CREAT | O_EXCL, 0600); + + } if (fd < 0) PFATAL("Unable to create '%s'", out_file); @@ -760,9 +774,16 @@ u8 trim_case(char** argv, struct queue_entry* q, u8* in_buf) { s32 fd; - unlink(q->fname); /* ignore errors */ + if (no_unlink) { + + fd = open(q->fname, O_WRONLY | O_CREAT | O_TRUNC, 0600); - fd = open(q->fname, O_WRONLY | O_CREAT | O_EXCL, 0600); + } else { + + unlink(q->fname); /* ignore errors */ + fd = open(q->fname, O_WRONLY | O_CREAT | O_EXCL, 0600); + + } if (fd < 0) PFATAL("Unable to create '%s'", q->fname); diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index bdbc48e0..3a5b0b4e 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -122,9 +122,11 @@ static void usage(u8* argv0) { " a recommended value is 10-60. see docs/README.MOpt\n\n" "Fuzzing behavior settings:\n" + " -N - do not unlink the fuzzing input file\n" " -d - quick & dirty mode (skips deterministic steps)\n" " -n - fuzz without instrumentation (dumb mode)\n" - " -x dir - optional fuzzer dictionary (see README)\n\n" + " -x dir - optional fuzzer dictionary (see README, its really " + "good!)\n\n" "Testing settings:\n" " -s seed - use a fixed seed for the RNG\n" @@ -195,7 +197,7 @@ int main(int argc, char** argv) { init_seed = tv.tv_sec ^ tv.tv_usec ^ getpid(); while ((opt = getopt(argc, argv, - "+i:I:o:f:m:t:T:dnCB:S:M:x:QUWe:p:s:V:E:L:hR")) > 0) + "+i:I:o:f:m:t:T:dnCB:S:M:x:QNUWe:p:s:V:E:L:hR")) > 0) switch (opt) { @@ -426,6 +428,13 @@ int main(int argc, char** argv) { break; + case 'N': /* Unicorn mode */ + + if (no_unlink) FATAL("Multiple -N options not supported"); + no_unlink = 1; + + break; + case 'U': /* Unicorn mode */ if (unicorn_mode) FATAL("Multiple -U options not supported"); -- cgit 1.4.1