From 64fa11d204c13ad32f9fe0dbb9abbfedc00ebb3d Mon Sep 17 00:00:00 2001
From: van Hauser <vh@thc.org>
Date: Mon, 28 Oct 2019 11:52:31 +0100
Subject: updated changelog, afl-analyze AFL_SKIP_BIN_CHECK support

---
 src/afl-analyze.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/afl-analyze.c b/src/afl-analyze.c
index 5555a262..ee281af8 100644
--- a/src/afl-analyze.c
+++ b/src/afl-analyze.c
@@ -987,7 +987,7 @@ int main(int argc, char** argv) {
   if (child_timed_out)
     FATAL("Target binary times out (adjusting -t may help).");
 
-  if (!anything_set()) FATAL("No instrumentation detected.");
+  if (getenv("AFL_SKIP_BIN_CHECK") == NULL && !anything_set()) FATAL("No instrumentation detected.");
 
   analyze(use_argv);
 
-- 
cgit 1.4.1


From c87210820c1566c74bf08ab4345679598cabd71b Mon Sep 17 00:00:00 2001
From: David Carlier <devnexen@gmail.com>
Date: Tue, 29 Oct 2019 15:06:20 +0000
Subject: libtokencap update proposal

- bcmp interception.
- FreeBSD using default argument to get current pid for the mapping
data gathering, getpid seems to cause some issues under certain
conditions (getenv call).
---
 libtokencap/libtokencap.so.c | 28 ++++++++++++++++++++++++----
 llvm_mode/afl-clang-fast.c   |  3 +++
 src/afl-gcc.c                |  1 +
 3 files changed, 28 insertions(+), 4 deletions(-)

(limited to 'src')

diff --git a/libtokencap/libtokencap.so.c b/libtokencap/libtokencap.so.c
index 7e55963c..2fe9ae63 100644
--- a/libtokencap/libtokencap.so.c
+++ b/libtokencap/libtokencap.so.c
@@ -115,7 +115,7 @@ static void __tokencap_load_mappings(void) {
 #elif defined __FreeBSD__ || defined __OpenBSD__ || defined __NetBSD__
 
 #if defined __FreeBSD__
-  int mib[] = {CTL_KERN, KERN_PROC, KERN_PROC_VMMAP, getpid()};
+  int mib[] = {CTL_KERN, KERN_PROC, KERN_PROC_VMMAP, -1};
 #elif defined __OpenBSD__
   int mib[] = {CTL_KERN, KERN_PROC_VMMAP, getpid()};
 #elif defined __NetBSD__
@@ -134,9 +134,7 @@ static void __tokencap_load_mappings(void) {
 #endif
 
   buf = mmap(NULL, len, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_ANON, -1, 0);
-  if (!buf) {
-     return;
-  }
+  if (buf == MAP_FAILED) return;
 
   if (sysctl(mib, miblen, buf, &len, NULL, 0) == -1) {
 
@@ -354,6 +352,28 @@ int memcmp(const void* mem1, const void* mem2, size_t len) {
 
 }
 
+#undef bcmp
+
+int bcmp(const void* mem1, const void* mem2, size_t len) {
+
+  if (__tokencap_is_ro(mem1)) __tokencap_dump(mem1, len, 0);
+  if (__tokencap_is_ro(mem2)) __tokencap_dump(mem2, len, 0);
+
+  const char *strmem1 = (const char *)mem1;
+  const char *strmem2 = (const char *)mem2;
+
+  while (len--) {
+
+    int diff = *strmem1 ^ *strmem2;
+    if (diff != 0) return 1;
+    strmem1++;
+    strmem2++;
+
+  }
+
+  return 0;
+}
+
 #undef strstr
 
 char* strstr(const char* haystack, const char* needle) {
diff --git a/llvm_mode/afl-clang-fast.c b/llvm_mode/afl-clang-fast.c
index a7f6acdc..1acf8856 100644
--- a/llvm_mode/afl-clang-fast.c
+++ b/llvm_mode/afl-clang-fast.c
@@ -273,6 +273,9 @@ static void edit_params(u32 argc, char** argv) {
     cc_params[cc_par_cnt++] = "-fno-builtin-strcasecmp";
     cc_params[cc_par_cnt++] = "-fno-builtin-strncasecmp";
     cc_params[cc_par_cnt++] = "-fno-builtin-memcmp";
+    cc_params[cc_par_cnt++] = "-fno-builtin-bcmp";
+    cc_params[cc_par_cnt++] = "-fno-builtin-strstr";
+    cc_params[cc_par_cnt++] = "-fno-builtin-strcasestr";
 
   }
 
diff --git a/src/afl-gcc.c b/src/afl-gcc.c
index 740442dc..e0706a5f 100644
--- a/src/afl-gcc.c
+++ b/src/afl-gcc.c
@@ -320,6 +320,7 @@ static void edit_params(u32 argc, char** argv) {
     cc_params[cc_par_cnt++] = "-fno-builtin-strcasecmp";
     cc_params[cc_par_cnt++] = "-fno-builtin-strncasecmp";
     cc_params[cc_par_cnt++] = "-fno-builtin-memcmp";
+    cc_params[cc_par_cnt++] = "-fno-builtin-bcmp";
     cc_params[cc_par_cnt++] = "-fno-builtin-strstr";
     cc_params[cc_par_cnt++] = "-fno-builtin-strcasestr";
 
-- 
cgit 1.4.1