ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-19 04:58:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

various fixes

Browse Source
This commit is contained in:
vanhauser-thc
2023-03-09 17:36:13 +01:00
parent dc7ef967d8
commit 5221938945
9 changed files with 71 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/Changelog.md
View File

@ -20,7 +20,7 @@
- better sanitizer default options support for all tools - better sanitizer default options support for all tools
- unicorn_mode: updated and minor issues fixed - unicorn_mode: updated and minor issues fixed
- frida_mode: fix issue on MacOS - frida_mode: fix issue on MacOS
- more minor fixes - more minor fixes and cross-platform support
### Version ++4.05c (release) ### Version ++4.05c (release)
- MacOS: libdislocator, libtokencap etc. do not work with modern - MacOS: libdislocator, libtokencap etc. do not work with modern

3
include/common.h
View File

@ -143,5 +143,8 @@ FILE *create_ffile(u8 *fn);
/* create a file */ /* create a file */
s32 create_file(u8 *fn); s32 create_file(u8 *fn);
/* memmem implementation as not all platforms support this */
void *afl_memmem(const void *haystack, size_t haystacklen, const void *needle, size_t needlelen);
#endif #endif

8
instrumentation/afl-compiler-rt.o.c
View File

@ -1622,7 +1622,9 @@ void __sanitizer_cov_trace_pc_guard_init(uint32_t *start, uint32_t *stop) {
} }
if (__afl_already_initialized_shm && __afl_final_loc > __afl_map_size) { if (__afl_already_initialized_shm) {
if (__afl_final_loc > __afl_map_size) {
if (__afl_debug) { if (__afl_debug) {
@ -1636,6 +1638,10 @@ void __sanitizer_cov_trace_pc_guard_init(uint32_t *start, uint32_t *stop) {
} }
__afl_map_size = __afl_final_loc + 1;
}
} }
///// CmpLog instrumentation ///// CmpLog instrumentation

4
src/afl-analyze.c
View File

@ -725,7 +725,11 @@ static void setup_signal_handlers(void) {
struct sigaction sa; struct sigaction sa;
sa.sa_handler = NULL; sa.sa_handler = NULL;
#ifdef SA_RESTART
sa.sa_flags = SA_RESTART; sa.sa_flags = SA_RESTART;
#else
sa.sa_flags = 0;
#endif
sa.sa_sigaction = NULL; sa.sa_sigaction = NULL;
sigemptyset(&sa.sa_mask); sigemptyset(&sa.sa_mask);

37
src/afl-common.c
View File

@ -58,6 +58,25 @@ u8 last_intr = 0;
#define AFL_PATH "/usr/local/lib/afl/" #define AFL_PATH "/usr/local/lib/afl/"
#endif #endif
void *afl_memmem(const void *haystack, size_t haystacklen, const void *needle,
size_t needlelen) {
if (unlikely(needlelen > haystacklen)) { return NULL; }
for (u32 i = 0; i <= haystacklen - needlelen; ++i) {
if (unlikely(memcmp(haystack + i, needle, needlelen) == 0)) {
return (void *)(haystack + i);
}
}
return (void *)NULL;
}
void set_sanitizer_defaults() { void set_sanitizer_defaults() {
/* Set sane defaults for ASAN if nothing else is specified. */ /* Set sane defaults for ASAN if nothing else is specified. */
@ -67,9 +86,9 @@ void set_sanitizer_defaults() {
u8 *have_lsan_options = getenv("LSAN_OPTIONS"); u8 *have_lsan_options = getenv("LSAN_OPTIONS");
u8 have_san_options = 0; u8 have_san_options = 0;
u8 default_options[1024] = u8 default_options[1024] =
"detect_odr_violation=0:abort_on_error=1:symbolize=0:malloc_context_" "detect_odr_violation=0:abort_on_error=1:symbolize=0:allocator_may_"
"size=0:allocator_may_return_null=1:handle_segv=0:handle_sigbus=0:" "return_null=1:handle_segv=0:handle_sigbus=0:handle_abort=0:handle_"
"handle_abort=0:handle_sigfpe=0:handle_sigill=0:"; "sigfpe=0:handle_sigill=0:";
if (have_asan_options || have_ubsan_options || have_msan_options || if (have_asan_options || have_ubsan_options || have_msan_options ||
have_lsan_options) { have_lsan_options) {
@ -84,14 +103,18 @@ void set_sanitizer_defaults() {
u8 buf[2048] = ""; u8 buf[2048] = "";
if (!have_san_options) { strcpy(buf, default_options); } if (!have_san_options) { strcpy(buf, default_options); }
strcat(buf, "exitcode=" STRINGIFY(LSAN_ERROR) ":fast_unwind_on_malloc=0:print_suppressions=0:detect_leaks=1:"); strcat(buf, "exitcode=" STRINGIFY(LSAN_ERROR) ":fast_unwind_on_malloc=0:print_suppressions=0:detect_leaks=1:malloc_context_size=30:");
setenv("LSAN_OPTIONS", buf, 1); setenv("LSAN_OPTIONS", buf, 1);
} }
/* for everything not LSAN we disable detect_leaks */ /* for everything not LSAN we disable detect_leaks */
if (!have_lsan_options) { strcat(default_options, "detect_leaks=0:"); } if (!have_lsan_options) {
strcat(default_options, "detect_leaks=0:malloc_context_size=0:");
}
/* Set sane defaults for ASAN if nothing else is specified. */ /* Set sane defaults for ASAN if nothing else is specified. */
@ -130,7 +153,7 @@ u32 check_binary_signatures(u8 *fn) {
if (f_data == MAP_FAILED) { PFATAL("Unable to mmap file '%s'", fn); } if (f_data == MAP_FAILED) { PFATAL("Unable to mmap file '%s'", fn); }
close(fd); close(fd);
if (memmem(f_data, f_len, PERSIST_SIG, strlen(PERSIST_SIG) + 1)) { if (afl_memmem(f_data, f_len, PERSIST_SIG, strlen(PERSIST_SIG) + 1)) {
if (!be_quiet) { OKF(cPIN "Persistent mode binary detected."); } if (!be_quiet) { OKF(cPIN "Persistent mode binary detected."); }
setenv(PERSIST_ENV_VAR, "1", 1); setenv(PERSIST_ENV_VAR, "1", 1);
@ -155,7 +178,7 @@ u32 check_binary_signatures(u8 *fn) {
} }
if (memmem(f_data, f_len, DEFER_SIG, strlen(DEFER_SIG) + 1)) { if (afl_memmem(f_data, f_len, DEFER_SIG, strlen(DEFER_SIG) + 1)) {
if (!be_quiet) { OKF(cPIN "Deferred forkserver binary detected."); } if (!be_quiet) { OKF(cPIN "Deferred forkserver binary detected."); }
setenv(DEFER_ENV_VAR, "1", 1); setenv(DEFER_ENV_VAR, "1", 1);

19
src/afl-fuzz-init.c
View File

@ -24,7 +24,9 @@
*/ */
#include "afl-fuzz.h" #include "afl-fuzz.h"
#include "common.h"
#include <limits.h> #include <limits.h>
#include <string.h>
#include "cmplog.h" #include "cmplog.h"
#ifdef HAVE_AFFINITY #ifdef HAVE_AFFINITY
@ -2786,7 +2788,7 @@ void check_binary(afl_state_t *afl, u8 *fname) {
!afl->fsrv.nyx_mode && !afl->fsrv.nyx_mode &&
#endif #endif
!afl->fsrv.cs_mode && !afl->non_instrumented_mode && !afl->fsrv.cs_mode && !afl->non_instrumented_mode &&
!memmem(f_data, f_len, SHM_ENV_VAR, strlen(SHM_ENV_VAR) + 1)) { !afl_memmem(f_data, f_len, SHM_ENV_VAR, strlen(SHM_ENV_VAR) + 1)) {
SAYF("\n" cLRD "[-] " cRST SAYF("\n" cLRD "[-] " cRST
"Looks like the target binary is not instrumented! The fuzzer depends " "Looks like the target binary is not instrumented! The fuzzer depends "
@ -2817,7 +2819,7 @@ void check_binary(afl_state_t *afl, u8 *fname) {
} }
if ((afl->fsrv.cs_mode || afl->fsrv.qemu_mode || afl->fsrv.frida_mode) && if ((afl->fsrv.cs_mode || afl->fsrv.qemu_mode || afl->fsrv.frida_mode) &&
memmem(f_data, f_len, SHM_ENV_VAR, strlen(SHM_ENV_VAR) + 1)) { afl_memmem(f_data, f_len, SHM_ENV_VAR, strlen(SHM_ENV_VAR) + 1)) {
SAYF("\n" cLRD "[-] " cRST SAYF("\n" cLRD "[-] " cRST
"This program appears to be instrumented with afl-gcc, but is being " "This program appears to be instrumented with afl-gcc, but is being "
@ -2830,9 +2832,9 @@ void check_binary(afl_state_t *afl, u8 *fname) {
} }
if (memmem(f_data, f_len, "__asan_init", 11) || if (afl_memmem(f_data, f_len, "__asan_init", 11) ||
memmem(f_data, f_len, "__msan_init", 11) || afl_memmem(f_data, f_len, "__msan_init", 11) ||
memmem(f_data, f_len, "__lsan_init", 11)) { afl_memmem(f_data, f_len, "__lsan_init", 11)) {
afl->fsrv.uses_asan = 1; afl->fsrv.uses_asan = 1;
@ -2840,7 +2842,7 @@ void check_binary(afl_state_t *afl, u8 *fname) {
/* Detect persistent & deferred init signatures in the binary. */ /* Detect persistent & deferred init signatures in the binary. */
if (memmem(f_data, f_len, PERSIST_SIG, strlen(PERSIST_SIG) + 1)) { if (afl_memmem(f_data, f_len, PERSIST_SIG, strlen(PERSIST_SIG) + 1)) {
OKF(cPIN "Persistent mode binary detected."); OKF(cPIN "Persistent mode binary detected.");
setenv(PERSIST_ENV_VAR, "1", 1); setenv(PERSIST_ENV_VAR, "1", 1);
@ -2867,7 +2869,7 @@ void check_binary(afl_state_t *afl, u8 *fname) {
} }
if (afl->fsrv.frida_mode || if (afl->fsrv.frida_mode ||
memmem(f_data, f_len, DEFER_SIG, strlen(DEFER_SIG) + 1)) { afl_memmem(f_data, f_len, DEFER_SIG, strlen(DEFER_SIG) + 1)) {
OKF(cPIN "Deferred forkserver binary detected."); OKF(cPIN "Deferred forkserver binary detected.");
setenv(DEFER_ENV_VAR, "1", 1); setenv(DEFER_ENV_VAR, "1", 1);
@ -2923,8 +2925,11 @@ void setup_signal_handlers(void) {
struct sigaction sa; struct sigaction sa;
memset((void*)&sa, 0, sizeof(sa));
sa.sa_handler = NULL; sa.sa_handler = NULL;
#ifdef SA_RESTART
sa.sa_flags = SA_RESTART; sa.sa_flags = SA_RESTART;
#endif
sa.sa_sigaction = NULL; sa.sa_sigaction = NULL;
sigemptyset(&sa.sa_mask); sigemptyset(&sa.sa_mask);

2
src/afl-fuzz-stats.c
View File

@ -62,7 +62,7 @@ void write_setup_file(afl_state_t *afl, u32 argc, char **argv) {
if (memchr(argv[i], '\'', strlen(argv[i]))) { if (memchr(argv[i], '\'', strlen(argv[i]))) {
#else #else
if (index(argv[i], '\'')) { if (strchr(argv[i], '\'')) {
#endif #endif

4
src/afl-showmap.c
View File

@ -654,7 +654,11 @@ static void setup_signal_handlers(void) {
struct sigaction sa; struct sigaction sa;
sa.sa_handler = NULL; sa.sa_handler = NULL;
#ifdef SA_RESTART
sa.sa_flags = SA_RESTART; sa.sa_flags = SA_RESTART;
#else
sa.sa_flags = 0;
#endif
sa.sa_sigaction = NULL; sa.sa_sigaction = NULL;
sigemptyset(&sa.sa_mask); sigemptyset(&sa.sa_mask);

4
src/afl-tmin.c
View File

@ -743,7 +743,11 @@ static void setup_signal_handlers(void) {
struct sigaction sa; struct sigaction sa;
sa.sa_handler = NULL; sa.sa_handler = NULL;
#ifdef SA_RESTART
sa.sa_flags = SA_RESTART; sa.sa_flags = SA_RESTART;
#else
sa.sa_flags = 0;
#endif
sa.sa_sigaction = NULL; sa.sa_sigaction = NULL;
sigemptyset(&sa.sa_mask); sigemptyset(&sa.sa_mask);