python3.7 support for afl-fuzz py mutator

Makefile

@@ -39,8 +39,27 @@ CFLAGS     += -Wall -D_FORTIFY_SOURCE=2 -g -Wno-pointer-sign -I include/ \
 
 AFL_FUZZ_FILES = $(wildcard src/afl-fuzz*.c)
 
-PYTHON_INCLUDE	?= /usr/include/python2.7
+PYTHON_INCLUDE	?= $(shell test -e /usr/include/python3.7m && echo /usr/include/python3.7m)
+PYTHON_INCLUDE	?= $(shell test -e /usr/include/python3.7 && echo /usr/include/python3.7)
+PYTHON_INCLUDE	?= $(shell test -e /usr/include/python2.7 && echo /usr/include/python2.7)
 
+ifneq "($filter %3.7m, $(PYTHON_INCLUDE))" ""
+    PYTHON_VERSION=3.7m
+    PYTHON_LIB=-lpython3.7m
+else
+    ifneq "($filter %3.7, $(PYTHON_INCLUDE))" ""
+        PYTHON_VERSION=3.7
+        PYTHON_LIB=
+    else
+        ifneq "($filter %2.7, $(PYTHON_INCLUDE))" ""
+            PYTHON_VERSION=2.7
+            PYTHON_LIB=-lpython2.7
+        else
+            PYTHON_VERSION=none
+            PYTHON_LIB=
+        endif
+    endif
+endif
 
 ifdef SOURCE_DATE_EPOCH
     BUILD_DATE ?= $(shell date -u -d "@$(SOURCE_DATE_EPOCH)" -I 2>/dev/null || date -u -r "$(SOURCE_DATE_EPOCH)" -I 2>/dev/null || date -u -I)
@@ -69,9 +88,9 @@ endif
 COMM_HDR    = include/alloc-inl.h include/config.h include/debug.h include/types.h
 
 
-ifeq "$(shell echo '\#include <Python.h>@int main() {return 0; }' | tr @ '\n' | $(CC) -x c - -o .test -I$(PYTHON_INCLUDE) $(LDFLAGS) -lpython2.7 2>/dev/null && echo 1 || echo 0 )" "1"
+ifeq "$(shell echo '\#include <Python.h>@int main() {return 0; }' | tr @ '\n' | $(CC) -x c - -o .test -I$(PYTHON_INCLUDE) $(LDFLAGS) $(PYTHON_LIB) 2>/dev/null && echo 1 || echo 0 )" "1"
 	PYTHON_OK=1
-	PYFLAGS=-DUSE_PYTHON -I$(PYTHON_INCLUDE) $(LDFLAGS) -lpython2.7
+	PYFLAGS=-DUSE_PYTHON -I$(PYTHON_INCLUDE) $(LDFLAGS) $(PYTHON_LIB)
 else
 	PYTHON_OK=0
 	PYFLAGS=
@@ -171,12 +190,12 @@ ifeq "$(PYTHON_OK)" "1"
 
 test_python27:
 	@rm -f .test 2> /dev/null
-	@echo "[+] Python 2.7 support seems to be working."
+	@echo "[+] Python $(PYTHON_VERSION) support seems to be working."
 
 else
 
 test_python27:
-	@echo "[-] You seem to need to install the package python2.7-dev, but it is optional so we continue"
+	@echo "[-] You seem to need to install the package python3.7-dev or python2.7-dev, but it is optional so we continue"
 
 endif
 

docs/ChangeLog

@@ -24,6 +24,7 @@ Version ++2.58d (dev):
      - added Radamsa and an optional radamsa stage (-R)
      - CPU affinity support for DragonFly
      - added -u command line option to not unlink the fuzz input file
+     - Python3 support
   - llvm_mode:
      - float splitting is now configured via AFL_LLVM_LAF_SPLIT_FLOATS
      - support for llvm 10 included now (thanks to devnexen)

docs/python_mutators.txt

@@ -9,8 +9,9 @@ Adding custom mutators to AFL using Python modules
 
   Implemented by Christian Holler (:decoder) <choller@mozilla.com>.
 
-  NOTE: This is for Python 2.7 !
-  Anyone who wants to add Python 3.7 support is happily welcome :)
+  NOTE: Python 3.7 and 2.7 are supported so far (3.8 upcomming).
+  Depending on with which version afl-fuzz was compiled, you must use
+  python2 or python3 syntax in your scripts!
 
   For an example and a template see ../python_mutators/
 
@@ -56,16 +57,19 @@ further information about this feature.
 3) How to compile AFLFuzz with Python support
 ---------------------------------------------
 
-You must install the python 2.7 development package of your Linux distribution
-before this will work. On Debian/Ubuntu/Kali this can be done with:
+You must install the python 3.7 or 2.7 development package of your Linux
+distribution before this will work. On Debian/Ubuntu/Kali this can be done
+with either:
+  apt install python3.7-dev
+pr
   apt install python2.7-dev
 
 A prerequisite for using this mode is to compile AFLFuzz with Python support.
 
-The afl Makefile performs some magic and detects Python 2.7 if it is in the
-default path and compiles afl-fuzz with the feature if available (which is
-/usr/include/python2.7 for the Python.h include and /usr/lib/x86_64-linux-gnu
-for the libpython2.7.a library)
+The afl Makefile performs some magic and detects Python 3.7 and 2.7 if it is
+in the default path and compiles afl-fuzz with the feature if available (which
+is /usr/include/python2.7 for the Python.h include and
+/usr/lib/x86_64-linux-gnu for the libpython2.7.a library)
 
 In case your setup is different set the necessary variables like this:
 PYTHON_INCLUDE=/path/to/python2.7/include LDFLAGS=-L/path/to/python2.7/lib make

docs/technical_details.txt

@@ -165,7 +165,7 @@ of new tuples, and the remainder is associated with changes in hit counts.
 
 The following table compares the relative ability to discover file syntax and
 explore program states when using several different approaches to guided
-fuzzing. The instrumented target was GNU patch 2.7.3 compiled with -O3 and
+fuzzing. The instrumented target was GNU patch 2.7k.3 compiled with -O3 and
 seeded with a dummy text file; the session consisted of a single pass over the
 input queue with afl-fuzz:
 

python_mutators/README

@@ -1,6 +1,9 @@
 These are example and helper files for the AFL_PYTHON_MODULE feature.
 See docs/python_mutators.txt for more information
 
+Note that if you compile with python3.7 you must use python3 scripts, and if
+you use pyton2.7 to compile python2 scripts!
+
 
 example.py	- this is the template you can use, the functions are there
 		  but they are empty

src/afl-fuzz-python.c

@@ -35,7 +35,11 @@ int init_py() {
 
   if (module_name) {
 
+#if PY_MAJOR_VERSION >= 3
+    PyObject* py_name = PyUnicode_FromString(module_name);
+#else
     PyObject* py_name = PyString_FromString(module_name);
+#endif
 
     py_module = PyImport_Import(py_name);
     Py_DECREF(py_name);
@@ -91,7 +95,12 @@ int init_py() {
 
       /* Provide the init function a seed for the Python RNG */
       py_args = PyTuple_New(1);
+#if PY_MAJOR_VERSION >= 3
+      py_value = PyLong_FromLong(UR(0xFFFFFFFF));
+#else
       py_value = PyInt_FromLong(UR(0xFFFFFFFF));
+#endif
+
       if (!py_value) {
 
         Py_DECREF(py_args);
@@ -216,7 +225,11 @@ u32 init_trim_py(char* buf, size_t buflen) {
 
   if (py_value != NULL) {
 
+#if PY_MAJOR_VERSION >= 3
+    u32 retcnt = (u32) PyLong_AsLong(py_value);
+#else
     u32 retcnt = PyInt_AsLong(py_value);
+#endif
     Py_DECREF(py_value);
     return retcnt;
 
@@ -250,7 +263,11 @@ u32 post_trim_py(char success) {
 
   if (py_value != NULL) {
 
+#if PY_MAJOR_VERSION >= 3
+    u32 retcnt = (u32) PyLong_AsLong(py_value);
+#else
     u32 retcnt = PyInt_AsLong(py_value);
+#endif
     Py_DECREF(py_value);
     return retcnt;