ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-14 11:08:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

Move afl-fuzz related env variables into afl_state_t (#252)

Browse Source 
* Move afl-fuzz related env variables into afl_state_t

* Move the env variables assignment from fuzz_init and code Format

* Fix typo

* Remove redundant env variables from afl_env struct

* Rename function to read_afl_environment
This commit is contained in:
Rishi Ranjan
2020-03-15 22:59:23 +05:30
committed by GitHub
parent 7685893cdb
commit 126d1f1cd1
8 changed files with 256 additions and 58 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
include/afl-fuzz.h
View File

@ -302,6 +302,21 @@ typedef struct MOpt_globals {
extern char *power_names[POWER_SCHEDULES_NUM];
typedef struct afl_env_vars {
u8 afl_skip_cpufreq, afl_exit_when_done, afl_no_affinity,
afl_skip_bin_check, afl_dumb_forksrv,
afl_import_first, afl_custom_mutator_only,
afl_no_ui, afl_force_ui, afl_i_dont_care_about_missing_crashes,
afl_bench_just_one, afl_bench_until_crash, afl_debug_child_output,
afl_autoresume;
u8 *afl_tmpdir, *afl_post_library, *afl_custom_mutator_library,
*afl_python_module, *afl_path, *afl_hang_tmout, *afl_skip_crashes,
*afl_preload;
} afl_env_vars_t;
typedef struct afl_state {
/* Position of this state in the global states list */
@ -309,6 +324,7 @@ typedef struct afl_state {
afl_forkserver_t fsrv;
sharedmem_t shm;
afl_env_vars_t afl_env;
char **argv; /* argv if needed */
@ -704,6 +720,7 @@ struct custom_mutator {
void afl_state_init(afl_state_t *);
void afl_state_deinit(afl_state_t *);
void read_afl_environment(afl_state_t *, char **);
/**** Prototypes ****/

37
include/envs.h
View File

@ -1,37 +1,2 @@
const char *afl_environment_variables[] = {
"AFL_ALIGNED_ALLOC", "AFL_ALLOW_TMP", "AFL_ANALYZE_HEX", "AFL_AS",
"AFL_AUTORESUME", "AFL_AS_FORCE_INSTRUMENT", "AFL_BENCH_JUST_ONE",
"AFL_BENCH_UNTIL_CRASH", "AFL_CAL_FAST", "AFL_CC", "AFL_CMIN_ALLOW_ANY",
"AFL_CMIN_CRASHES_ONLY", "AFL_CODE_END", "AFL_CODE_START",
"AFL_COMPCOV_BINNAME", "AFL_COMPCOV_LEVEL", "AFL_CUSTOM_MUTATOR_LIBRARY",
"AFL_CUSTOM_MUTATOR_ONLY", "AFL_CXX", "AFL_DEBUG", "AFL_DEBUG_CHILD_OUTPUT",
//"AFL_DEFER_FORKSRV", // not implemented anymore, so warn additionally
"AFL_DISABLE_TRIM", "AFL_DONT_OPTIMIZE", "AFL_DUMB_FORKSRV",
"AFL_ENTRYPOINT", "AFL_EXIT_WHEN_DONE", "AFL_FAST_CAL", "AFL_FORCE_UI",
"AFL_GCC_WHITELIST", "AFL_GCJ", "AFL_HANG_TMOUT", "AFL_HARDEN",
"AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES", "AFL_IMPORT_FIRST",
"AFL_INST_LIBS", "AFL_INST_RATIO", "AFL_KEEP_TRACES", "AFL_KEEP_ASSEMBLY",
"AFL_LD_HARD_FAIL", "AFL_LD_LIMIT_MB", "AFL_LD_NO_CALLOC_OVER",
"AFL_LD_PRELOAD", "AFL_LD_VERBOSE", "AFL_LLVM_CMPLOG", "AFL_LLVM_INSTRIM",
"AFL_LLVM_INSTRIM_LOOPHEAD", "AFL_LLVM_INSTRIM_SKIPSINGLEBLOCK",
"AFL_LLVM_LAF_SPLIT_COMPARES", "AFL_LLVM_LAF_SPLIT_COMPARES_BITW",
"AFL_LLVM_LAF_SPLIT_FLOATS", "AFL_LLVM_LAF_SPLIT_SWITCHES",
"AFL_LLVM_LAF_TRANSFORM_COMPARES", "AFL_LLVM_NOT_ZERO",
"AFL_LLVM_WHITELIST", "AFL_NO_AFFINITY", "AFL_LLVM_LTO_STARTID",
"AFL_LLVM_LTO_DONTWRITEID", "AFL_NO_ARITH", "AFL_NO_BUILTIN",
"AFL_NO_CPU_RED", "AFL_NO_FORKSRV", "AFL_NO_UI",
"AFL_NO_X86", // not really an env but we dont want to warn on it
"AFL_PATH", "AFL_PERFORMANCE_FILE",
//"AFL_PERSISTENT", // not implemented anymore, so warn additionally
"AFL_POST_LIBRARY", "AFL_PRELOAD", "AFL_PYTHON_MODULE", "AFL_QEMU_COMPCOV",
"AFL_QEMU_COMPCOV_DEBUG", "AFL_QEMU_DEBUG_MAPS", "AFL_QEMU_DISABLE_CACHE",
"AFL_QEMU_PERSISTENT_ADDR", "AFL_QEMU_PERSISTENT_CNT",
"AFL_QEMU_PERSISTENT_GPR", "AFL_QEMU_PERSISTENT_HOOK",
"AFL_QEMU_PERSISTENT_RET", "AFL_QEMU_PERSISTENT_RETADDR_OFFSET",
"AFL_QUIET", "AFL_RANDOM_ALLOC_CANARY", "AFL_REAL_PATH",
"AFL_SHUFFLE_QUEUE", "AFL_SKIP_BIN_CHECK", "AFL_SKIP_CPUFREQ",
"AFL_SKIP_CRASHES", "AFL_TMIN_EXACT", "AFL_TMPDIR", "AFL_TOKEN_FILE",
"AFL_TRACE_PC", "AFL_USE_ASAN", "AFL_USE_MSAN", "AFL_USE_TRACE_PC",
"AFL_USE_UBSAN", "AFL_WINE_PATH", NULL};
extern char *afl_environment_variables[];

36
src/afl-common.c
View File

@ -38,6 +38,42 @@
#include <limits.h>
extern u8 be_quiet;
char * afl_environment_variables[] = {
"AFL_ALIGNED_ALLOC", "AFL_ALLOW_TMP", "AFL_ANALYZE_HEX", "AFL_AS",
"AFL_AUTORESUME", "AFL_AS_FORCE_INSTRUMENT", "AFL_BENCH_JUST_ONE",
"AFL_BENCH_UNTIL_CRASH", "AFL_CAL_FAST", "AFL_CC", "AFL_CMIN_ALLOW_ANY",
"AFL_CMIN_CRASHES_ONLY", "AFL_CODE_END", "AFL_CODE_START",
"AFL_COMPCOV_BINNAME", "AFL_COMPCOV_LEVEL", "AFL_CUSTOM_MUTATOR_LIBRARY",
"AFL_CUSTOM_MUTATOR_ONLY", "AFL_CXX", "AFL_DEBUG", "AFL_DEBUG_CHILD_OUTPUT",
//"AFL_DEFER_FORKSRV", // not implemented anymore, so warn additionally
"AFL_DISABLE_TRIM", "AFL_DONT_OPTIMIZE", "AFL_DUMB_FORKSRV",
"AFL_ENTRYPOINT", "AFL_EXIT_WHEN_DONE", "AFL_FAST_CAL", "AFL_FORCE_UI",
"AFL_GCC_WHITELIST", "AFL_GCJ", "AFL_HANG_TMOUT", "AFL_HARDEN",
"AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES", "AFL_IMPORT_FIRST",
"AFL_INST_LIBS", "AFL_INST_RATIO", "AFL_KEEP_TRACES", "AFL_KEEP_ASSEMBLY",
"AFL_LD_HARD_FAIL", "AFL_LD_LIMIT_MB", "AFL_LD_NO_CALLOC_OVER",
"AFL_LD_PRELOAD", "AFL_LD_VERBOSE", "AFL_LLVM_CMPLOG", "AFL_LLVM_INSTRIM",
"AFL_LLVM_INSTRIM_LOOPHEAD", "AFL_LLVM_INSTRIM_SKIPSINGLEBLOCK",
"AFL_LLVM_LAF_SPLIT_COMPARES", "AFL_LLVM_LAF_SPLIT_COMPARES_BITW",
"AFL_LLVM_LAF_SPLIT_FLOATS", "AFL_LLVM_LAF_SPLIT_SWITCHES",
"AFL_LLVM_LAF_TRANSFORM_COMPARES", "AFL_LLVM_NOT_ZERO",
"AFL_LLVM_WHITELIST", "AFL_NO_AFFINITY", "AFL_LLVM_LTO_STARTID",
"AFL_LLVM_LTO_DONTWRITEID", "AFL_NO_ARITH", "AFL_NO_BUILTIN",
"AFL_NO_CPU_RED", "AFL_NO_FORKSRV", "AFL_NO_UI",
"AFL_NO_X86", // not really an env but we dont want to warn on it
"AFL_PATH", "AFL_PERFORMANCE_FILE",
//"AFL_PERSISTENT", // not implemented anymore, so warn additionally
"AFL_POST_LIBRARY", "AFL_PRELOAD", "AFL_PYTHON_MODULE", "AFL_QEMU_COMPCOV",
"AFL_QEMU_COMPCOV_DEBUG", "AFL_QEMU_DEBUG_MAPS", "AFL_QEMU_DISABLE_CACHE",
"AFL_QEMU_PERSISTENT_ADDR", "AFL_QEMU_PERSISTENT_CNT",
"AFL_QEMU_PERSISTENT_GPR", "AFL_QEMU_PERSISTENT_HOOK",
"AFL_QEMU_PERSISTENT_RET", "AFL_QEMU_PERSISTENT_RETADDR_OFFSET",
"AFL_QUIET", "AFL_RANDOM_ALLOC_CANARY", "AFL_REAL_PATH",
"AFL_SHUFFLE_QUEUE", "AFL_SKIP_BIN_CHECK", "AFL_SKIP_CPUFREQ",
"AFL_SKIP_CRASHES", "AFL_TMIN_EXACT", "AFL_TMPDIR", "AFL_TOKEN_FILE",
"AFL_TRACE_PC", "AFL_USE_ASAN", "AFL_USE_MSAN", "AFL_USE_TRACE_PC",
"AFL_USE_UBSAN", "AFL_WINE_PATH", NULL};
void detect_file_args(char **argv, u8 *prog_in, u8 *use_stdin) {

2
src/afl-fuzz-cmplog.c
View File

@ -89,7 +89,7 @@ void init_cmplog_forkserver(afl_state_t *afl) {
setsid();
if (!get_afl_env("AFL_DEBUG_CHILD_OUTPUT")) {
if (!(afl->afl_env.afl_debug_child_output)) {
dup2(afl->fsrv.dev_null_fd, 1);
dup2(afl->fsrv.dev_null_fd, 2);

180
src/afl-fuzz-globals.c
View File

@ -24,6 +24,7 @@
*/
#include "afl-fuzz.h"
#include "envs.h"
s8 interesting_8[] = {INTERESTING_8};
s16 interesting_16[] = {INTERESTING_8, INTERESTING_16};
@ -119,6 +120,185 @@ void afl_state_init(afl_state_t *afl) {
}
/*This sets up the environment variables for afl-fuzz into the afl_state
* struct*/
void read_afl_environment(afl_state_t *afl, char **envp) {
int index = 0, found = 0;
char *env;
while ((env = envp[index++]) != NULL) {
if (strncmp(env, "ALF_", 4) == 0) {
WARNF("Potentially mistyped AFL environment variable: %s", env);
found++;
} else if (strncmp(env, "AFL_", 4) == 0) {
int i = 0, match = 0;
while (match == 0 && afl_environment_variables[i] != NULL) {
if (strncmp(env, afl_environment_variables[i],
strlen(afl_environment_variables[i])) == 0 &&
env[strlen(afl_environment_variables[i])] == '=') {
match = 1;
if (strncmp(env, "AFL_SKIP_CPUFREQ",
strlen(afl_environment_variables[i]) == 0)) {
afl->afl_env.afl_skip_cpufreq = (u8)get_afl_env(env);
} else if (!strncmp(env, "AFL_EXIT_WHEN_DONE",
strlen(afl_environment_variables[i]))) {
afl->afl_env.afl_exit_when_done = (u8)get_afl_env(env);
} else if (!strncmp(env, "AFL_NO_AFFINITY",
strlen(afl_environment_variables[i]))) {
afl->afl_env.afl_no_affinity = (u8)get_afl_env(env);
} else if (!strncmp(env, "AFL_SKIP_CRASHES",
strlen(afl_environment_variables[i]))) {
afl->afl_env.afl_skip_crashes = (u8)get_afl_env(env);
} else if (!strncmp(env, "AFL_HANG_TMOUT",
strlen(afl_environment_variables[i]))) {
afl->afl_env.afl_hang_tmout = (u8)get_afl_env(env);
} else if (!strncmp(env, "AFL_SKIP_BIN_CHECK",
strlen(afl_environment_variables[i]))) {
afl->afl_env.afl_skip_bin_check = (u8)get_afl_env(env);
} else if (!strncmp(env, "AFL_DUMB_FORKSRV",
strlen(afl_environment_variables[i]))) {
afl->afl_env.afl_dumb_forksrv = (u8)get_afl_env(env);
} else if (!strncmp(env, "AFL_IMPORT_FIRST",
strlen(afl_environment_variables[i]))) {
afl->afl_env.afl_import_first = (u8)get_afl_env(env);
} else if (!strncmp(env, "AFL_CUSTOM_MUTATOR_ONLY",
strlen(afl_environment_variables[i]))) {
afl->afl_env.afl_custom_mutator_only = (u8)get_afl_env(env);
} else if (!strncmp(env, "AFL_NO_UI",
strlen(afl_environment_variables[i]))) {
afl->afl_env.afl_no_ui = (u8)get_afl_env(env);
} else if (!strncmp(env, "AFL_FORCE_UI",
strlen(afl_environment_variables[i]))) {
afl->afl_env.afl_force_ui = (u8)get_afl_env(env);
} else if (!strncmp(env, "AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES",
strlen(afl_environment_variables[i]))) {
afl->afl_env.afl_i_dont_care_about_missing_crashes =
(u8)get_afl_env(env);
} else if (!strncmp(env, "AFL_BENCH_JUST_ONE",
strlen(afl_environment_variables[i]))) {
afl->afl_env.afl_bench_just_one = (u8)get_afl_env(env);
} else if (!strncmp(env, "AFL_BENCH_UNTIL_CRASH",
strlen(afl_environment_variables[i]))) {
afl->afl_env.afl_bench_until_crash = (u8)get_afl_env(env);
} else if (!strncmp(env, "AFL_DEBUG_CHILD_OUTPUT",
strlen(afl_environment_variables[i]))) {
afl->afl_env.afl_debug_child_output = (u8)get_afl_env(env);
} else if (!strncmp(env, "AFL_AUTORESUME",
strlen(afl_environment_variables[i]))) {
afl->afl_env.afl_autoresume = (u8)get_afl_env(env);
} else if (!strncmp(env, "AFL_TMPDIR",
strlen(afl_environment_variables[i]))) {
afl->afl_env.afl_tmpdir = (u8 *)get_afl_env(env);
} else if (!strncmp(env, "AFL_POST_LIBRARY",
strlen(afl_environment_variables[i]))) {
afl->afl_env.afl_post_library = (u8 *)get_afl_env(env);
} else if (!strncmp(env, "AFL_CUSTOM_MUTATOR_LIBRARY",
strlen(afl_environment_variables[i]))) {
afl->afl_env.afl_custom_mutator_library = (u8 *)get_afl_env(env);
} else if (!strncmp(env, "AFL_PYTHON_MODULE",
strlen(afl_environment_variables[i]))) {
afl->afl_env.afl_python_module = (u8 *)get_afl_env(env);
} else if (!strncmp(env, "AFL_PATH",
strlen(afl_environment_variables[i]))) {
afl->afl_env.afl_path = (u8 *)get_afl_env(env);
} else if (!strncmp(env, "AFL_PRELOAD",
strlen(afl_environment_variables[i]))) {
afl->afl_env.afl_preload = (u8 *)get_afl_env(env);
}
} else
i++;
}
if (match == 0) {
WARNF("Mistyped AFL environment variable: %s", env);
found++;
}
}
}
if (found) sleep(2);
}
/* Removes this afl_state instance and frees it. */
void afl_state_deinit(afl_state_t *afl) {

14
src/afl-fuzz-init.c
View File

@ -43,7 +43,7 @@ void bind_to_free_cpu(afl_state_t *afl) {
if (afl->cpu_core_count < 2) return;
if (getenv("AFL_NO_AFFINITY")) {
if (afl->afl_env.afl_no_affinity) {
WARNF("Not binding to a CPU core (AFL_NO_AFFINITY set).");
return;
@ -275,7 +275,7 @@ cpuset_destroy(c);
void setup_post(afl_state_t *afl) {
void *dh;
u8 * fn = get_afl_env("AFL_POST_LIBRARY");
u8 * fn = afl->afl_env.afl_post_library;
u32 tlen = 6;
if (!fn) return;
@ -448,7 +448,7 @@ void perform_dry_run(afl_state_t *afl) {
struct queue_entry *q = afl->queue;
u32 cal_failures = 0;
u8 * skip_crashes = get_afl_env("AFL_SKIP_CRASHES");
u8 * skip_crashes = afl->afl_env.afl_skip_crashes;
while (q) {
@ -1538,7 +1538,7 @@ void check_cpu_governor(afl_state_t *afl) {
u8 tmp[128];
u64 min = 0, max = 0;
if (get_afl_env("AFL_SKIP_CPUFREQ")) return;
if (afl->afl_env.afl_skip_cpufreq) return;
if (afl->cpu_aff > 0)
snprintf(tmp, sizeof(tmp), "%s%d%s", "/sys/devices/system/cpu/cpu",
@ -1619,7 +1619,7 @@ void check_cpu_governor(afl_state_t *afl) {
#elif defined __APPLE__
u64 min = 0, max = 0;
size_t mlen = sizeof(min);
if (get_afl_env("AFL_SKIP_CPUFREQ")) return;
if (afl->afl_env.afl_skip_cpufreq) return;
ACTF("Checking CPU scaling governor...");
@ -1906,7 +1906,7 @@ void check_binary(afl_state_t *afl, u8 *fname) {
}
if (get_afl_env("AFL_SKIP_BIN_CHECK") || afl->use_wine) return;
if (afl->afl_env.afl_skip_bin_check || afl->use_wine) return;
/* Check for blatant user errors. */
@ -2078,7 +2078,7 @@ void check_if_tty(afl_state_t *afl) {
struct winsize ws;
if (get_afl_env("AFL_NO_UI")) {
if (afl->afl_env.afl_no_ui) {
OKF("Disabling the UI because AFL_NO_UI is set.");
afl->not_on_tty = 1;

6
src/afl-fuzz-stats.c
View File

@ -274,10 +274,10 @@ void show_stats(afl_state_t *afl) {
/* Honor AFL_EXIT_WHEN_DONE and AFL_BENCH_UNTIL_CRASH. */
if (!afl->dumb_mode && afl->cycles_wo_finds > 100 &&
!afl->pending_not_fuzzed && get_afl_env("AFL_EXIT_WHEN_DONE"))
!afl->pending_not_fuzzed && afl->afl_env.afl_exit_when_done)
afl->stop_soon = 2;
if (afl->total_crashes && get_afl_env("AFL_BENCH_UNTIL_CRASH"))
if (afl->total_crashes && afl->afl_env.afl_bench_until_crash)
afl->stop_soon = 2;
/* If we're not on TTY, bail out. */
@ -860,7 +860,7 @@ void show_init_stats(afl_state_t *afl) {
/* In dumb mode, re-running every timing out test case with a generous time
limit is very expensive, so let's select a more conservative default. */
if (afl->dumb_mode && !get_afl_env("AFL_HANG_TMOUT"))
if (afl->dumb_mode && !(afl->afl_env.afl_hang_tmout))
afl->hang_tmout = MIN(EXEC_TIMEOUT, afl->fsrv.exec_tmout * 2 + 100);
OKF("All set and ready to roll!");

22
src/afl-fuzz.c
View File

@ -245,6 +245,8 @@ int main(int argc, char **argv_orig, char **envp) {
afl_state_init(afl);
afl_fsrv_init(&afl->fsrv);
read_afl_environment(afl, envp);
SAYF(cCYA "afl-fuzz" VERSION cRST
" based on afl by Michal Zalewski and a big online community\n");
@ -472,7 +474,7 @@ int main(int argc, char **argv_orig, char **envp) {
case 'n': /* dumb mode */
if (afl->dumb_mode) FATAL("Multiple -n options not supported");
if (get_afl_env("AFL_DUMB_FORKSRV"))
if (afl->afl_env.afl_dumb_forksrv)
afl->dumb_mode = 2;
else
afl->dumb_mode = 1;
@ -681,8 +683,6 @@ int main(int argc, char **argv_orig, char **envp) {
"Using -M master with the AFL_CUSTOM_MUTATOR_ONLY mutator options will "
"result in no deterministic mutations being done!");
check_environment_vars(envp);
if (afl->fixed_seed) OKF("Running with fixed seed: %u", (u32)afl->init_seed);
srandom((u32)afl->init_seed);
@ -768,16 +768,16 @@ int main(int argc, char **argv_orig, char **envp) {
if (get_afl_env("AFL_SHUFFLE_QUEUE")) afl->shuffle_queue = 1;
if (get_afl_env("AFL_FAST_CAL")) afl->fast_cal = 1;
if (get_afl_env("AFL_AUTORESUME")) {
if (afl->afl_env.afl_autoresume) {
afl->autoresume = 1;
if (afl->in_place_resume) SAYF("AFL_AUTORESUME has no effect for '-i -'");
}
if (get_afl_env("AFL_HANG_TMOUT")) {
if (afl->afl_env.afl_hang_tmout) {
afl->hang_tmout = atoi(getenv("AFL_HANG_TMOUT"));
afl->hang_tmout = atoi(afl->afl_env.afl_hang_tmout);
if (!afl->hang_tmout) FATAL("Invalid value of AFL_HANG_TMOUT");
}
@ -792,7 +792,7 @@ int main(int argc, char **argv_orig, char **envp) {
"LD_PRELOAD is set, are you sure that is what to you want to do "
"instead of using AFL_PRELOAD?");
if (get_afl_env("AFL_PRELOAD")) {
if (afl->afl_env.afl_preload) {
if (afl->qemu_mode) {
@ -838,7 +838,7 @@ int main(int argc, char **argv_orig, char **envp) {
fix_up_banner(afl, argv[optind]);
check_if_tty(afl);
if (get_afl_env("AFL_FORCE_UI")) afl->not_on_tty = 0;
if (afl->afl_env.afl_force_ui) afl->not_on_tty = 0;
if (get_afl_env("AFL_CAL_FAST")) {
@ -850,7 +850,7 @@ int main(int argc, char **argv_orig, char **envp) {
if (get_afl_env("AFL_DEBUG")) afl->debug = 1;
if (get_afl_env("AFL_CUSTOM_MUTATOR_ONLY")) {
if (afl->afl_env.afl_custom_mutator_only) {
/* This ensures we don't proceed to havoc/splice */
afl->custom_only = 1;
@ -894,7 +894,7 @@ int main(int argc, char **argv_orig, char **envp) {
if (!afl->timeout_given) find_timeout(afl);
if ((afl->tmp_dir = get_afl_env("AFL_TMPDIR")) != NULL &&
if ((afl->tmp_dir = afl->afl_env.afl_tmpdir) != NULL &&
!afl->in_place_resume) {
char tmpfile[afl->file_extension ? strlen(afl->tmp_dir) + 1 + 10 + 1 +
@ -1067,7 +1067,7 @@ int main(int argc, char **argv_orig, char **envp) {
prev_queued = afl->queued_paths;
if (afl->sync_id && afl->queue_cycle == 1 &&
get_afl_env("AFL_IMPORT_FIRST"))
afl->afl_env.afl_import_first)
sync_fuzzers(afl);
}