ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-15 11:28:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

python3.7 support for afl-fuzz py mutator

Browse Source
This commit is contained in:
van Hauser
2019-12-03 10:11:39 +01:00
parent 2b0cfe1ab5
commit 674fbc39f8
6 changed files with 58 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
Makefile
View File

@ -39,8 +39,27 @@ CFLAGS += -Wall -D_FORTIFY_SOURCE=2 -g -Wno-pointer-sign -I include/ \
AFL_FUZZ_FILES = $(wildcard src/afl-fuzz*.c) AFL_FUZZ_FILES = $(wildcard src/afl-fuzz*.c)
PYTHON_INCLUDE ?= /usr/include/python2.7 PYTHON_INCLUDE ?= $(shell test -e /usr/include/python3.7m && echo /usr/include/python3.7m)
PYTHON_INCLUDE ?= $(shell test -e /usr/include/python3.7 && echo /usr/include/python3.7)
PYTHON_INCLUDE ?= $(shell test -e /usr/include/python2.7 && echo /usr/include/python2.7)
ifneq "($filter %3.7m, $(PYTHON_INCLUDE))" ""
PYTHON_VERSION=3.7m
PYTHON_LIB=-lpython3.7m
else
ifneq "($filter %3.7, $(PYTHON_INCLUDE))" ""
PYTHON_VERSION=3.7
PYTHON_LIB=
else
ifneq "($filter %2.7, $(PYTHON_INCLUDE))" ""
PYTHON_VERSION=2.7
PYTHON_LIB=-lpython2.7
else
PYTHON_VERSION=none
PYTHON_LIB=
endif
endif
endif
ifdef SOURCE_DATE_EPOCH ifdef SOURCE_DATE_EPOCH
BUILD_DATE ?= $(shell date -u -d "@$(SOURCE_DATE_EPOCH)" -I 2>/dev/null || date -u -r "$(SOURCE_DATE_EPOCH)" -I 2>/dev/null || date -u -I) BUILD_DATE ?= $(shell date -u -d "@$(SOURCE_DATE_EPOCH)" -I 2>/dev/null || date -u -r "$(SOURCE_DATE_EPOCH)" -I 2>/dev/null || date -u -I)
@ -69,9 +88,9 @@ endif
COMM_HDR = include/alloc-inl.h include/config.h include/debug.h include/types.h COMM_HDR = include/alloc-inl.h include/config.h include/debug.h include/types.h
ifeq "$(shell echo '\#include <Python.h>@int main() {return 0; }' | tr @ '\n' | $(CC) -x c - -o .test -I$(PYTHON_INCLUDE) $(LDFLAGS) -lpython2.7 2>/dev/null && echo 1 || echo 0 )" "1" ifeq "$(shell echo '\#include <Python.h>@int main() {return 0; }' | tr @ '\n' | $(CC) -x c - -o .test -I$(PYTHON_INCLUDE) $(LDFLAGS) $(PYTHON_LIB) 2>/dev/null && echo 1 || echo 0 )" "1"
PYTHON_OK=1 PYTHON_OK=1
PYFLAGS=-DUSE_PYTHON -I$(PYTHON_INCLUDE) $(LDFLAGS) -lpython2.7 PYFLAGS=-DUSE_PYTHON -I$(PYTHON_INCLUDE) $(LDFLAGS) $(PYTHON_LIB)
else else
PYTHON_OK=0 PYTHON_OK=0
PYFLAGS= PYFLAGS=
@ -171,12 +190,12 @@ ifeq "$(PYTHON_OK)" "1"
test_python27: test_python27:
@rm -f .test 2> /dev/null @rm -f .test 2> /dev/null
@echo "[+] Python 2.7 support seems to be working." @echo "[+] Python $(PYTHON_VERSION) support seems to be working."
else else
test_python27: test_python27:
@echo "[-] You seem to need to install the package python2.7-dev, but it is optional so we continue" @echo "[-] You seem to need to install the package python3.7-dev or python2.7-dev, but it is optional so we continue"
endif endif

1
docs/ChangeLog
View File

@ -24,6 +24,7 @@ Version ++2.58d (dev):
- added Radamsa and an optional radamsa stage (-R) - added Radamsa and an optional radamsa stage (-R)
- CPU affinity support for DragonFly - CPU affinity support for DragonFly
- added -u command line option to not unlink the fuzz input file - added -u command line option to not unlink the fuzz input file
- Python3 support
- llvm_mode: - llvm_mode:
- float splitting is now configured via AFL_LLVM_LAF_SPLIT_FLOATS - float splitting is now configured via AFL_LLVM_LAF_SPLIT_FLOATS
- support for llvm 10 included now (thanks to devnexen) - support for llvm 10 included now (thanks to devnexen)

20
docs/python_mutators.txt
View File

@ -9,8 +9,9 @@ Adding custom mutators to AFL using Python modules
Implemented by Christian Holler (:decoder) <choller@mozilla.com>. Implemented by Christian Holler (:decoder) <choller@mozilla.com>.
NOTE: This is for Python 2.7 ! NOTE: Python 3.7 and 2.7 are supported so far (3.8 upcomming).
Anyone who wants to add Python 3.7 support is happily welcome :) Depending on with which version afl-fuzz was compiled, you must use
python2 or python3 syntax in your scripts!
For an example and a template see ../python_mutators/ For an example and a template see ../python_mutators/
@ -56,16 +57,19 @@ further information about this feature.
3) How to compile AFLFuzz with Python support 3) How to compile AFLFuzz with Python support
--------------------------------------------- ---------------------------------------------
You must install the python 2.7 development package of your Linux distribution You must install the python 3.7 or 2.7 development package of your Linux
before this will work. On Debian/Ubuntu/Kali this can be done with: distribution before this will work. On Debian/Ubuntu/Kali this can be done
with either:
apt install python3.7-dev
pr
apt install python2.7-dev apt install python2.7-dev
A prerequisite for using this mode is to compile AFLFuzz with Python support. A prerequisite for using this mode is to compile AFLFuzz with Python support.
The afl Makefile performs some magic and detects Python 2.7 if it is in the The afl Makefile performs some magic and detects Python 3.7 and 2.7 if it is
default path and compiles afl-fuzz with the feature if available (which is in the default path and compiles afl-fuzz with the feature if available (which
/usr/include/python2.7 for the Python.h include and /usr/lib/x86_64-linux-gnu is /usr/include/python2.7 for the Python.h include and
for the libpython2.7.a library) /usr/lib/x86_64-linux-gnu for the libpython2.7.a library)
In case your setup is different set the necessary variables like this: In case your setup is different set the necessary variables like this:
PYTHON_INCLUDE=/path/to/python2.7/include LDFLAGS=-L/path/to/python2.7/lib make PYTHON_INCLUDE=/path/to/python2.7/include LDFLAGS=-L/path/to/python2.7/lib make

2
docs/technical_details.txt
View File

@ -165,7 +165,7 @@ of new tuples, and the remainder is associated with changes in hit counts.
The following table compares the relative ability to discover file syntax and The following table compares the relative ability to discover file syntax and
explore program states when using several different approaches to guided explore program states when using several different approaches to guided
fuzzing. The instrumented target was GNU patch 2.7.3 compiled with -O3 and fuzzing. The instrumented target was GNU patch 2.7k.3 compiled with -O3 and
seeded with a dummy text file; the session consisted of a single pass over the seeded with a dummy text file; the session consisted of a single pass over the
input queue with afl-fuzz: input queue with afl-fuzz:

3
python_mutators/README
View File

@ -1,6 +1,9 @@
These are example and helper files for the AFL_PYTHON_MODULE feature. These are example and helper files for the AFL_PYTHON_MODULE feature.
See docs/python_mutators.txt for more information See docs/python_mutators.txt for more information
Note that if you compile with python3.7 you must use python3 scripts, and if
you use pyton2.7 to compile python2 scripts!
example.py - this is the template you can use, the functions are there example.py - this is the template you can use, the functions are there
but they are empty but they are empty

17
src/afl-fuzz-python.c
View File

@ -35,7 +35,11 @@ int init_py() {
if (module_name) { if (module_name) {
#if PY_MAJOR_VERSION >= 3
PyObject* py_name = PyUnicode_FromString(module_name);
#else
PyObject* py_name = PyString_FromString(module_name); PyObject* py_name = PyString_FromString(module_name);
#endif
py_module = PyImport_Import(py_name); py_module = PyImport_Import(py_name);
Py_DECREF(py_name); Py_DECREF(py_name);
@ -91,7 +95,12 @@ int init_py() {
/* Provide the init function a seed for the Python RNG */ /* Provide the init function a seed for the Python RNG */
py_args = PyTuple_New(1); py_args = PyTuple_New(1);
#if PY_MAJOR_VERSION >= 3
py_value = PyLong_FromLong(UR(0xFFFFFFFF));
#else
py_value = PyInt_FromLong(UR(0xFFFFFFFF)); py_value = PyInt_FromLong(UR(0xFFFFFFFF));
#endif
if (!py_value) { if (!py_value) {
Py_DECREF(py_args); Py_DECREF(py_args);
@ -216,7 +225,11 @@ u32 init_trim_py(char* buf, size_t buflen) {
if (py_value != NULL) { if (py_value != NULL) {
#if PY_MAJOR_VERSION >= 3
u32 retcnt = (u32) PyLong_AsLong(py_value);
#else
u32 retcnt = PyInt_AsLong(py_value); u32 retcnt = PyInt_AsLong(py_value);
#endif
Py_DECREF(py_value); Py_DECREF(py_value);
return retcnt; return retcnt;
@ -250,7 +263,11 @@ u32 post_trim_py(char success) {
if (py_value != NULL) { if (py_value != NULL) {
#if PY_MAJOR_VERSION >= 3
u32 retcnt = (u32) PyLong_AsLong(py_value);
#else
u32 retcnt = PyInt_AsLong(py_value); u32 retcnt = PyInt_AsLong(py_value);
#endif
Py_DECREF(py_value); Py_DECREF(py_value);
return retcnt; return retcnt;