From 2b7aae66b64a5da556bb8192acad13b828ab1711 Mon Sep 17 00:00:00 2001 From: Alyssa Coghlan Date: Wed, 21 Aug 2024 19:02:38 +1000 Subject: Offer more explicit core dump handling tip --- src/afl-fuzz-init.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) (limited to 'src') diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index 4f366b0d..b042fce8 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -2443,20 +2443,24 @@ void check_crash_handling(void) { SAYF( "\n" cLRD "[-] " cRST - "Hmm, your system is configured to send core dump notifications to an\n" + "Your system is configured to send core dump notifications to an\n" " external utility. This will cause issues: there will be an " "extended delay\n" " between stumbling upon a crash and having this information " "relayed to the\n" " fuzzer via the standard waitpid() API.\n" - " If you're just testing, set " + " If you're experimenting (so missed crashes don't matter), set " "'AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1'.\n\n" - " To avoid having crashes misinterpreted as timeouts, please log in " - "as root\n" - " and temporarily modify /proc/sys/kernel/core_pattern, like so:\n\n" + " To avoid having crashes misinterpreted as timeouts, please \n" + " temporarily modify /proc/sys/kernel/core_pattern, like so:\n\n" - " echo core >/proc/sys/kernel/core_pattern\n"); + " core_cmd=\"$(cat /proc/sys/kernel/core_pattern)\"\n" + " echo core | sudo tee /proc/sys/kernel/core_pattern\n" + + " After fuzz testing is complete, restore the core handling:\n\n" + + " echo \"$core_cmd\" | sudo tee /proc/sys/kernel/core_pattern\n"); if (!getenv("AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES")) { -- cgit 1.4.1 From cf2ddf437b627fd7c3c71cda245ee18671626444 Mon Sep 17 00:00:00 2001 From: Alyssa Coghlan Date: Wed, 21 Aug 2024 19:05:41 +1000 Subject: Wording tweaks --- src/afl-fuzz-init.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index b042fce8..b7436002 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -2449,14 +2449,14 @@ void check_crash_handling(void) { " between stumbling upon a crash and having this information " "relayed to the\n" " fuzzer via the standard waitpid() API.\n" - " If you're experimenting (so missed crashes don't matter), set " + " If you're just experimenting, set " "'AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1'.\n\n" " To avoid having crashes misinterpreted as timeouts, please \n" " temporarily modify /proc/sys/kernel/core_pattern, like so:\n\n" " core_cmd=\"$(cat /proc/sys/kernel/core_pattern)\"\n" - " echo core | sudo tee /proc/sys/kernel/core_pattern\n" + " echo core | sudo tee /proc/sys/kernel/core_pattern\n\n" " After fuzz testing is complete, restore the core handling:\n\n" -- cgit 1.4.1 From bdb5622bd4e6a9a977e1c58167bde962c378bd8b Mon Sep 17 00:00:00 2001 From: Alyssa Coghlan Date: Wed, 21 Aug 2024 20:03:33 +1000 Subject: Skip the save/restore example --- src/afl-fuzz-init.c | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) (limited to 'src') diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index b7436002..3c8d99f2 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -2455,12 +2455,7 @@ void check_crash_handling(void) { " To avoid having crashes misinterpreted as timeouts, please \n" " temporarily modify /proc/sys/kernel/core_pattern, like so:\n\n" - " core_cmd=\"$(cat /proc/sys/kernel/core_pattern)\"\n" - " echo core | sudo tee /proc/sys/kernel/core_pattern\n\n" - - " After fuzz testing is complete, restore the core handling:\n\n" - - " echo \"$core_cmd\" | sudo tee /proc/sys/kernel/core_pattern\n"); + " echo core | sudo tee /proc/sys/kernel/core_pattern\n\n"); if (!getenv("AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES")) { -- cgit 1.4.1 From d7c99007ffda6846df85da79f55be7522d34b12a Mon Sep 17 00:00:00 2001 From: Alyssa Coghlan Date: Wed, 21 Aug 2024 20:04:30 +1000 Subject: No longer need the extra line break --- src/afl-fuzz-init.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index 3c8d99f2..10951300 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -2455,7 +2455,7 @@ void check_crash_handling(void) { " To avoid having crashes misinterpreted as timeouts, please \n" " temporarily modify /proc/sys/kernel/core_pattern, like so:\n\n" - " echo core | sudo tee /proc/sys/kernel/core_pattern\n\n"); + " echo core | sudo tee /proc/sys/kernel/core_pattern\n"); if (!getenv("AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES")) { -- cgit 1.4.1 From b8cb35fa8c52300b3387a82efc0ca5480147d1d1 Mon Sep 17 00:00:00 2001 From: Samuel Moelius Date: Thu, 5 Sep 2024 09:54:26 -0400 Subject: Use `permissive_create` in `mark_as_variable` --- src/afl-fuzz-queue.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'src') diff --git a/src/afl-fuzz-queue.c b/src/afl-fuzz-queue.c index f4cb930d..313e8ae5 100644 --- a/src/afl-fuzz-queue.c +++ b/src/afl-fuzz-queue.c @@ -367,9 +367,8 @@ void mark_as_variable(afl_state_t *afl, struct queue_entry *q) { if (symlink(ldest, fn)) { - s32 fd = open(fn, O_WRONLY | O_CREAT | O_EXCL, DEFAULT_PERMISSION); - if (fd < 0) { PFATAL("Unable to create '%s'", fn); } - close(fd); + s32 fd = permissive_create(afl, fn); + if (fd >= 0) { close(fd); } } -- cgit 1.4.1 From 6f61fca15af0d15b94b582bdc2701736adcd625c Mon Sep 17 00:00:00 2001 From: Chi-Feng Tsai Date: Fri, 6 Sep 2024 11:39:49 +0800 Subject: Update the doc string of read_foreign_testcases() --- src/afl-fuzz-init.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index 4f366b0d..0e7fae74 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -495,7 +495,9 @@ static void shuffle_ptrs(afl_state_t *afl, void **ptrs, u32 cnt) { } /* Read all testcases from foreign input directories, then queue them for - testing. Called at startup and at sync intervals. + testing. Called at sync intervals. Use env AFL_IMPORT_FIRST to sync at + startup (but may delay the startup depending on the amount of fails + and speed of execution). Does not descend into subdirectories! */ void read_foreign_testcases(afl_state_t *afl, int first) { -- cgit 1.4.1