ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-14 02:58:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

WIP. basic state working: submitting statsd metrics (path, crashes, hangs)

Browse Source
This commit is contained in:
Edznux
2020-09-17 01:29:09 +02:00
parent ee206da389
commit 4561a9590f
3 changed files with 100 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
include/afl-fuzz.h
View File

@ -65,6 +65,8 @@
#include <dlfcn.h> #include <dlfcn.h>
#include <sched.h> #include <sched.h>
#include <netdb.h>
#include <sys/wait.h> #include <sys/wait.h>
#include <sys/time.h> #include <sys/time.h>
#ifndef USEMMAP #ifndef USEMMAP
@ -76,6 +78,7 @@
#include <sys/mman.h> #include <sys/mman.h>
#include <sys/ioctl.h> #include <sys/ioctl.h>
#include <sys/file.h> #include <sys/file.h>
#include <sys/types.h>
#if defined(__APPLE__) || defined(__FreeBSD__) || defined(__OpenBSD__) || \ #if defined(__APPLE__) || defined(__FreeBSD__) || defined(__OpenBSD__) || \
defined(__NetBSD__) || defined(__DragonFly__) defined(__NetBSD__) || defined(__DragonFly__)
@ -951,6 +954,12 @@ void maybe_update_plot_file(afl_state_t *, double, double);
void show_stats(afl_state_t *); void show_stats(afl_state_t *);
void show_init_stats(afl_state_t *); void show_init_stats(afl_state_t *);
/* StatsD */
int statsd_init(char *host, int port);
int send_statsd_metric(afl_state_t *afl);
void statsd_format_metric(afl_state_t *afl, char *buff, int bufflen);
/* Run */ /* Run */
fsrv_run_result_t fuzz_run_target(afl_state_t *, afl_forkserver_t *fsrv, u32); fsrv_run_result_t fuzz_run_target(afl_state_t *, afl_forkserver_t *fsrv, u32);

5
src/afl-fuzz-run.c
View File

@ -901,7 +901,10 @@ common_fuzz_stuff(afl_state_t *afl, u8 *out_buf, u32 len) {
afl->stage_cur + 1 == afl->stage_max) { afl->stage_cur + 1 == afl->stage_max) {
show_stats(afl); show_stats(afl);
if(send_statsd_metric(afl)){
//Change me to something realistic; don't fail on connection / lookup fail for metrics...
exit(1);
}
} }
return 0; return 0;

87
src/afl-fuzz-statsd.c Normal file
View File

@ -0,0 +1,87 @@
#include <stdio.h>
#include <stdlib.h>
#include <sys/socket.h>
#include <arpa/inet.h>
#include <string.h>
#include <sys/types.h>
#include <netdb.h>
#include <unistd.h>
#include "afl-fuzz.h"
int sock = 0;
struct sockaddr_in server;
int error = 0;
int statsd_init(char *host, int port){
if((sock = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) == -1){
perror("socket");
exit(1);
}
memset(&server, 0, sizeof(server));
server.sin_family = AF_INET;
server.sin_port = htons(port);
struct addrinfo *result;
struct addrinfo hints;
memset(&hints, 0, sizeof(struct addrinfo));
hints.ai_family = AF_INET;
hints.ai_socktype = SOCK_DGRAM;
if ( (error = getaddrinfo(host, NULL, &hints, &result)) ) {
perror("getaddrinfo");
exit(1);
}
memcpy(&(server.sin_addr), &((struct sockaddr_in*)result->ai_addr)->sin_addr, sizeof(struct in_addr));
freeaddrinfo(result);
return 0;
}
int send_statsd_metric(afl_state_t *afl){
u64 cur_ms = get_cur_time();
if (cur_ms - afl->stats_last_plot_ms < 1000) {
return 0;
}
error = statsd_init("127.0.0.1", 12345);
if (error){
perror("Failed to init statsd client. Aborting");
return -1;
}
if(!sock){
perror("sock");
return -1;
}
char buff[512];
statsd_format_metric(afl, buff, 512);
if (sendto(sock, buff, strlen(buff), 0, (struct sockaddr *) &server, sizeof(server)) == -1) {
perror("sendto");
return -1;
}
close(sock);
sock=0;
return 0;
}
void statsd_format_metric(afl_state_t *afl, char *buff, int bufflen){
char *format = "fuzzing.afl.cycle_done:%llu|c\n"
"fuzzing.afl.total_path:%lu|c\n"
"fuzzing.afl.unique_crashes:%llu|c\n"
"fuzzing.afl.total_crashes:%llu|c\n"
"fuzzing.afl.unique_hangs:%llu|c\n";
snprintf(buff, bufflen, format,
afl->queue_cycle,
afl->queued_paths,
afl->unique_crashes,
afl->total_crashes,
afl->unique_hangs
);
}