custom_send example

custom_mutators/examples/custom_send.c

@@ -0,0 +1,56 @@
+// cc -O3 -fPIC -shared -g -o custom_send.so -I../../include custom_send.c
+// cd ../..
+// afl-cc -o test-instr test-instr.c
+// afl-fuzz -i in -o out -- ./test-instr -f /tmp/foo
+
+#include "custom_mutator_helpers.h"
+
+#include <stdio.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <fcntl.h>
+
+typedef struct my_mutator {
+
+  afl_t *afl;
+
+} my_mutator_t;
+
+my_mutator_t *afl_custom_init(afl_t *afl, unsigned int seed) {
+
+  my_mutator_t *data = calloc(1, sizeof(my_mutator_t));
+  if (!data) {
+
+    perror("afl_custom_init alloc");
+    return NULL;
+
+  }
+
+  data->afl = afl;
+
+  return data;
+
+}
+
+void afl_custom_fuzz_send(my_mutator_t *data, uint8_t *buf, size_t buf_size) {
+
+  int fd = open("/tmp/foo", O_CREAT | O_NOFOLLOW | O_TRUNC | O_RDWR, 0644);
+
+  if (fd >= 0) {
+
+    (void)write(fd, buf, buf_size);
+    close(fd);
+
+  }
+
+  return;
+
+}
+
+void afl_custom_deinit(my_mutator_t *data) {
+
+  free(data);
+
+}
+

docs/custom_mutators.md

@@ -177,6 +177,7 @@ def deinit():  # optional for Python
     This method can be used if you want to send data to the target yourself,
     e.g. via IPC. This replaces some usage of utils/afl_proxy but requires
     that you start the target with afl-fuzz.
+    Example: [custom_mutators/examples/custom_send.c](custom_mutators/examples/custom_send.c)
 
 - `queue_new_entry` (optional):
 

src/afl-fuzz-mutators.c

@@ -211,8 +211,16 @@ struct custom_mutator *load_custom_mutator(afl_state_t *afl, const char *fn) {
 
       WARNF("Symbol 'afl_custom_mutator' not found.");
 
+    } else {
+
+      OKF("Found 'afl_custom_mutator'.");
+
     }
 
+  } else {
+
+    OKF("Found 'afl_custom_mutator'.");
+
   }
 
   /* "afl_custom_introspection", optional */
@@ -222,6 +230,10 @@ struct custom_mutator *load_custom_mutator(afl_state_t *afl, const char *fn) {
 
     ACTF("optional symbol 'afl_custom_introspection' not found.");
 
+  } else {
+
+    OKF("Found 'afl_custom_introspection'.");
+
   }
 
 #endif
@@ -232,6 +244,10 @@ struct custom_mutator *load_custom_mutator(afl_state_t *afl, const char *fn) {
 
     ACTF("optional symbol 'afl_custom_fuzz_count' not found.");
 
+  } else {
+
+    OKF("Found 'afl_custom_fuzz_count'.");
+
   }
 
   /* "afl_custom_deinit", optional for backward compatibility */
@@ -248,6 +264,10 @@ struct custom_mutator *load_custom_mutator(afl_state_t *afl, const char *fn) {
 
     ACTF("optional symbol 'afl_custom_post_process' not found.");
 
+  } else {
+
+    OKF("Found 'afl_custom_post_process'.");
+
   }
 
   u8 notrim = 0;
@@ -258,6 +278,10 @@ struct custom_mutator *load_custom_mutator(afl_state_t *afl, const char *fn) {
     notrim = 1;
     ACTF("optional symbol 'afl_custom_init_trim' not found.");
 
+  } else {
+
+    OKF("Found 'afl_custom_init_trim'.");
+
   }
 
   /* "afl_custom_trim", optional */
@@ -267,6 +291,10 @@ struct custom_mutator *load_custom_mutator(afl_state_t *afl, const char *fn) {
     notrim = 1;
     ACTF("optional symbol 'afl_custom_trim' not found.");
 
+  } else {
+
+    OKF("Found 'afl_custom_trim'.");
+
   }
 
   /* "afl_custom_post_trim", optional */
@@ -276,6 +304,10 @@ struct custom_mutator *load_custom_mutator(afl_state_t *afl, const char *fn) {
     notrim = 1;
     ACTF("optional symbol 'afl_custom_post_trim' not found.");
 
+  } else {
+
+    OKF("Found 'afl_custom_post_trim'.");
+
   }
 
   if (notrim) {
@@ -295,6 +327,10 @@ struct custom_mutator *load_custom_mutator(afl_state_t *afl, const char *fn) {
 
     ACTF("optional symbol 'afl_custom_havoc_mutation' not found.");
 
+  } else {
+
+    OKF("Found 'afl_custom_havoc_mutation'.");
+
   }
 
   /* "afl_custom_havoc_mutation", optional */
@@ -304,6 +340,10 @@ struct custom_mutator *load_custom_mutator(afl_state_t *afl, const char *fn) {
 
     ACTF("optional symbol 'afl_custom_havoc_mutation_probability' not found.");
 
+  } else {
+
+    OKF("Found 'afl_custom_havoc_mutation_probability'.");
+
   }
 
   /* "afl_custom_queue_get", optional */
@@ -312,6 +352,10 @@ struct custom_mutator *load_custom_mutator(afl_state_t *afl, const char *fn) {
 
     ACTF("optional symbol 'afl_custom_queue_get' not found.");
 
+  } else {
+
+    OKF("Found 'afl_custom_queue_get'.");
+
   }
 
   /* "afl_custom_fuzz_send", optional */
@@ -320,6 +364,10 @@ struct custom_mutator *load_custom_mutator(afl_state_t *afl, const char *fn) {
 
     ACTF("optional symbol 'afl_custom_fuzz_send' not found.");
 
+  } else {
+
+    OKF("Found 'afl_custom_fuzz_send'.");
+
   }
 
   /* "afl_custom_queue_new_entry", optional */
@@ -328,13 +376,21 @@ struct custom_mutator *load_custom_mutator(afl_state_t *afl, const char *fn) {
 
     ACTF("optional symbol 'afl_custom_queue_new_entry' not found");
 
+  } else {
+
+    OKF("Found 'afl_custom_queue_new_entry'.");
+
   }
 
   /* "afl_custom_describe", optional */
   mutator->afl_custom_describe = dlsym(dh, "afl_custom_describe");
   if (!mutator->afl_custom_describe) {
 
-    ACTF("Symbol 'afl_custom_describe' not found.");
+    ACTF("optional symbol 'afl_custom_describe' not found.");
+
+  } else {
+
+    OKF("Found 'afl_custom_describe'.");
 
   }