ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-14 19:08:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

added afl-fuzz -I cmdline option

Browse Source
This commit is contained in:
van Hauser
2019-10-08 11:53:31 +02:00
parent 45bb85cd8f
commit 20f009e927
6 changed files with 17 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
docs/ChangeLog
View File

@ -21,10 +21,11 @@ Version ++2.54d (dev):
- custom mutator library is now a standard mutator, to exclusivly use it - custom mutator library is now a standard mutator, to exclusivly use it
add AFL_CUSTOM_MUTATOR_ONLY (that will trigger the previous behaviour) add AFL_CUSTOM_MUTATOR_ONLY (that will trigger the previous behaviour)
- new library qemu_mode/unsigaction which filters sigaction events - new library qemu_mode/unsigaction which filters sigaction events
- afl-fuzz: new command line option -I to execute a command on a new crash
- no more unlinking the input file, this way the input file can also be a - no more unlinking the input file, this way the input file can also be a
FIFO or disk partition FIFO or disk partition
- setting LLVM_CONFIG for llvm_mode will now again switch to the selected - setting LLVM_CONFIG for llvm_mode will now again switch to the selected
llvm version. If you setup is correct. llvm version. If your setup is correct.
- fuzzing strategy yields for custom mutator were missing from the UI, added them :) - fuzzing strategy yields for custom mutator were missing from the UI, added them :)
- added "make tests" which will perform checks to see that all functionality - added "make tests" which will perform checks to see that all functionality
is working as expected. this is currently the starting point, its not complete :) is working as expected. this is currently the starting point, its not complete :)

1
include/afl-fuzz.h
View File

@ -250,6 +250,7 @@ extern u8 *in_dir, /* Input directory with test cases */
*file_extension, /* File extension */ *file_extension, /* File extension */
*orig_cmdline, /* Original command line */ *orig_cmdline, /* Original command line */
*doc_path, /* Path to documentation dir */ *doc_path, /* Path to documentation dir */
*infoexec, /* Command to execute on a new crash */
*out_file; /* File to fuzz, if any */ *out_file; /* File to fuzz, if any */
extern u32 exec_tmout; /* Configurable exec timeout (ms) */ extern u32 exec_tmout; /* Configurable exec timeout (ms) */

4
src/afl-fuzz-bitmap.c
View File

@ -684,6 +684,10 @@ u8 save_if_interesting(char** argv, void* mem, u32 len, u8 fault) {
++unique_crashes; ++unique_crashes;
if (infoexec) // if the user wants to be informed on new crashes - do that
if (system(infoexec) == -1)
hnb += 0; // we dont care if system errors, but we dont want a compiler warning either
last_crash_time = get_cur_time(); last_crash_time = get_cur_time();
last_crash_execs = total_execs; last_crash_execs = total_execs;

3
src/afl-fuzz-globals.c
View File

@ -74,7 +74,8 @@ u8 *in_dir, /* Input directory with test cases */
*file_extension, /* File extension */ *file_extension, /* File extension */
*orig_cmdline; /* Original command line */ *orig_cmdline; /* Original command line */
u8 *doc_path, /* Path to documentation dir */ u8 *doc_path, /* Path to documentation dir */
*out_file; /* File to fuzz, if any */ *infoexec, /* Command to execute on a new crash */
*out_file; /* File to fuzz, if any */
u32 exec_tmout = EXEC_TIMEOUT; /* Configurable exec timeout (ms) */ u32 exec_tmout = EXEC_TIMEOUT; /* Configurable exec timeout (ms) */
u32 hang_tmout = EXEC_TIMEOUT; /* Timeout used for hang det (ms) */ u32 hang_tmout = EXEC_TIMEOUT; /* Timeout used for hang det (ms) */

8
src/afl-fuzz.c
View File

@ -76,6 +76,7 @@ static void usage(u8* argv0) {
"Other stuff:\n" "Other stuff:\n"
" -T text - text banner to show on the screen\n" " -T text - text banner to show on the screen\n"
" -M / -S id - distributed mode (see parallel_fuzzing.txt)\n" " -M / -S id - distributed mode (see parallel_fuzzing.txt)\n"
" -I command - execute this command/script when a new crash is found\n"
" -B bitmap.txt - mutate a specific test case, use the out/fuzz_bitmap " " -B bitmap.txt - mutate a specific test case, use the out/fuzz_bitmap "
"file\n" "file\n"
" -C - crash exploration mode (the peruvian rabbit thing)\n" " -C - crash exploration mode (the peruvian rabbit thing)\n"
@ -133,10 +134,15 @@ int main(int argc, char** argv) {
init_seed = tv.tv_sec ^ tv.tv_usec ^ getpid(); init_seed = tv.tv_sec ^ tv.tv_usec ^ getpid();
while ((opt = getopt(argc, argv, while ((opt = getopt(argc, argv,
"+i:o:f:m:t:T:dnCB:S:M:x:QUWe:p:s:V:E:L:h")) > 0) "+i:I:o:f:m:t:T:dnCB:S:M:x:QUWe:p:s:V:E:L:h")) > 0)
switch (opt) { switch (opt) {
case 'I':
infoexec = optarg;
break;
case 's': { case 's': {
init_seed = strtoul(optarg, 0L, 10); init_seed = strtoul(optarg, 0L, 10);

1
test/test.sh
View File

@ -238,6 +238,7 @@ test -e ../afl-qemu-trace && {
} || $ECHO "$RED[-] gcc compilation of test targets failed - what is going on??" } || $ECHO "$RED[-] gcc compilation of test targets failed - what is going on??"
$ECHO "$YELLOW[?] we need a test case for qemu_mode persistent mode" $ECHO "$YELLOW[?] we need a test case for qemu_mode persistent mode"
$ECHO "$YELLOW[?] we need a test case for qemu_mode unsigaction library"
# This works but there are already problems with persistent (e.g. stability) # This works but there are already problems with persistent (e.g. stability)
#$ECHO "$GREY[*] running afl-fuzz for persistent qemu_mode, this will take approx 10 seconds" #$ECHO "$GREY[*] running afl-fuzz for persistent qemu_mode, this will take approx 10 seconds"
#{ #{