ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-11 01:31:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

critical bugfix for afl-tmin

Browse Source
This commit is contained in:
van Hauser 2019-12-30 22:01:36 +01:00
parent f7e1397d98
commit 878a80de7f
11 changed files with 29 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
docs/ChangeLog
View File

@ -17,6 +17,7 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
Version ++2.59d (develop): Version ++2.59d (develop):
-------------------------- --------------------------
- fixed a critical bug in afl-tmin that was introduced during ++2.53d
- added ./experimental/argv_fuzzing ld_preload library by Kjell Braden - added ./experimental/argv_fuzzing ld_preload library by Kjell Braden
- added preeny's desock_dup ld_preload library as - added preeny's desock_dup ld_preload library as
./experimental/socket_fuzzing for network fuzzing ./experimental/socket_fuzzing for network fuzzing

1
include/afl-fuzz.h
View File

@ -271,6 +271,7 @@ extern u64 mem_limit; /* Memory cap for child (MB) */
extern u8 cal_cycles, /* Calibration cycles defaults */ extern u8 cal_cycles, /* Calibration cycles defaults */
cal_cycles_long, /* Calibration cycles defaults */ cal_cycles_long, /* Calibration cycles defaults */
no_unlink, /* do not unlink cur_input */ no_unlink, /* do not unlink cur_input */
use_stdin, /* use stdin for sending data */
debug, /* Debug mode */ debug, /* Debug mode */
custom_only, /* Custom mutator only mode */ custom_only, /* Custom mutator only mode */
python_only; /* Python-only mode */ python_only; /* Python-only mode */

2
src/afl-analyze.c
View File

@ -75,7 +75,7 @@ static u64 mem_limit = MEM_LIMIT; /* Memory limit (MB) */
static s32 dev_null_fd = -1; /* FD to /dev/null */ static s32 dev_null_fd = -1; /* FD to /dev/null */
static u8 edges_only, /* Ignore hit counts? */ u8 edges_only, /* Ignore hit counts? */
use_hex_offsets, /* Show hex offsets? */ use_hex_offsets, /* Show hex offsets? */
use_stdin = 1; /* Use stdin for program input? */ use_stdin = 1; /* Use stdin for program input? */

5
src/afl-as.c
View File

@ -208,8 +208,9 @@ static void edit_params(int argc, char** argv) {
NSS. */ NSS. */
if (strncmp(input_file, tmp_dir, strlen(tmp_dir)) && if (strncmp(input_file, tmp_dir, strlen(tmp_dir)) &&
strncmp(input_file, "/var/tmp/", 9) && strncmp(input_file, "/tmp/", 5) strncmp(input_file, "/var/tmp/", 9) &&
&& getenv("AFL_AS_FORCE_INSTRUMENT") == NULL) strncmp(input_file, "/tmp/", 5) &&
getenv("AFL_AS_FORCE_INSTRUMENT") == NULL)
pass_thru = 1; pass_thru = 1;
else if (getenv("AFL_AS_FORCE_INSTRUMENT")) else if (getenv("AFL_AS_FORCE_INSTRUMENT"))
unsetenv("AFL_AS_FORCE_INSTRUMENT"); unsetenv("AFL_AS_FORCE_INSTRUMENT");

5
src/afl-common.c
View File

@ -35,7 +35,8 @@
#include <unistd.h> #include <unistd.h>
#endif #endif
u8* target_path; /* Path to target binary */ u8* target_path; /* Path to target binary */
extern u8 use_stdin;
void detect_file_args(char** argv, u8* prog_in) { void detect_file_args(char** argv, u8* prog_in) {
@ -78,6 +79,8 @@ void detect_file_args(char** argv, u8* prog_in) {
else else
aa_subst = alloc_printf("%s/%s", cwd, prog_in); aa_subst = alloc_printf("%s/%s", cwd, prog_in);
use_stdin = 0;
/* Construct a replacement argv value. */ /* Construct a replacement argv value. */
*aa_loc = 0; *aa_loc = 0;

4
src/afl-forkserver.c
View File

@ -43,6 +43,8 @@
/* a program that includes afl-forkserver needs to define these */ /* a program that includes afl-forkserver needs to define these */
extern u8 uses_asan; extern u8 uses_asan;
extern u8 *trace_bits; extern u8 *trace_bits;
extern u8 use_stdin;
extern s32 forksrv_pid, child_pid, fsrv_ctl_fd, fsrv_st_fd; extern s32 forksrv_pid, child_pid, fsrv_ctl_fd, fsrv_st_fd;
extern s32 out_fd, out_dir_fd, dev_null_fd; /* initialize these with -1 */ extern s32 out_fd, out_dir_fd, dev_null_fd; /* initialize these with -1 */
#ifndef HAVE_ARC4RANDOM #ifndef HAVE_ARC4RANDOM
@ -211,7 +213,7 @@ void init_forkserver(char **argv) {
} }
if (out_file) { if (!use_stdin) {
dup2(dev_null_fd, 0); dup2(dev_null_fd, 0);

1
src/afl-fuzz-globals.c
View File

@ -86,6 +86,7 @@ u8 cal_cycles = CAL_CYCLES, /* Calibration cycles defaults */
cal_cycles_long = CAL_CYCLES_LONG, /* Calibration cycles defaults */ cal_cycles_long = CAL_CYCLES_LONG, /* Calibration cycles defaults */
debug, /* Debug mode */ debug, /* Debug mode */
no_unlink, /* do not unlink cur_input */ no_unlink, /* do not unlink cur_input */
use_stdin = 1, /* use stdin for sending data */
custom_only, /* Custom mutator only mode */ custom_only, /* Custom mutator only mode */
python_only; /* Python-only mode */ python_only; /* Python-only mode */

3
src/afl-fuzz.c
View File

@ -304,6 +304,7 @@ int main(int argc, char** argv) {
if (out_file) FATAL("Multiple -f options not supported"); if (out_file) FATAL("Multiple -f options not supported");
out_file = optarg; out_file = optarg;
use_stdin = 0;
break; break;
case 'x': /* dictionary */ case 'x': /* dictionary */
@ -836,6 +837,8 @@ int main(int argc, char** argv) {
if (aa_loc && !out_file) { if (aa_loc && !out_file) {
use_stdin = 0;
if (file_extension) { if (file_extension) {
out_file = alloc_printf("%s/.cur_input.%s", out_dir, file_extension); out_file = alloc_printf("%s/.cur_input.%s", out_dir, file_extension);

12
src/afl-showmap.c
View File

@ -72,11 +72,12 @@ static u32 total, highest; /* tuple content information */
static u64 mem_limit = MEM_LIMIT; /* Memory limit (MB) */ static u64 mem_limit = MEM_LIMIT; /* Memory limit (MB) */
static u8 quiet_mode, /* Hide non-essential messages? */ u8 quiet_mode, /* Hide non-essential messages? */
edges_only, /* Ignore hit counts? */ edges_only, /* Ignore hit counts? */
raw_instr_output, /* Do not apply AFL filters */ raw_instr_output, /* Do not apply AFL filters */
cmin_mode, /* Generate output in afl-cmin mode? */ cmin_mode, /* Generate output in afl-cmin mode? */
binary_mode, /* Write output as a binary map */ binary_mode, /* Write output as a binary map */
use_stdin = 1, /* use stdin - unused here */
keep_cores; /* Allow coredumps? */ keep_cores; /* Allow coredumps? */
static volatile u8 stop_soon, /* Ctrl-C pressed? */ static volatile u8 stop_soon, /* Ctrl-C pressed? */
@ -535,7 +536,7 @@ int main(int argc, char** argv) {
doc_path = access(DOC_PATH, F_OK) ? "docs" : DOC_PATH; doc_path = access(DOC_PATH, F_OK) ? "docs" : DOC_PATH;
while ((opt = getopt(argc, argv, "+o:m:t:A:eqZQUWbcrh")) > 0) while ((opt = getopt(argc, argv, "+o:f:m:t:A:eqZQUWbcrh")) > 0)
switch (opt) { switch (opt) {
@ -583,6 +584,13 @@ int main(int argc, char** argv) {
break; break;
case 'f': // only in here to avoid a compiler warning for use_stdin
use_stdin = 0;
FATAL("Option -f is not supported in afl-showmap");
break;
case 't': case 't':
if (timeout_given) FATAL("Multiple -t options not supported"); if (timeout_given) FATAL("Multiple -t options not supported");

2
src/afl-tmin.c
View File

@ -88,7 +88,7 @@ u64 mem_limit = MEM_LIMIT; /* Memory limit (MB) */
s32 dev_null_fd = -1; /* FD to /dev/null */ s32 dev_null_fd = -1; /* FD to /dev/null */
static u8 crash_mode, /* Crash-centric mode? */ u8 crash_mode, /* Crash-centric mode? */
exit_crash, /* Treat non-zero exit as crash? */ exit_crash, /* Treat non-zero exit as crash? */
edges_only, /* Ignore hit counts? */ edges_only, /* Ignore hit counts? */
exact_mode, /* Require path match for crashes? */ exact_mode, /* Require path match for crashes? */

1
test-instr.c
View File

@ -27,6 +27,7 @@ int main(int argc, char** argv) {
if (argc > 1) { if (argc > 1) {
buf = argv[1]; buf = argv[1];
printf("Input %s - ", buf);
} else if (read(0, buf, sizeof(buf)) < 1) { } else if (read(0, buf, sizeof(buf)) < 1) {