ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-21 13:51:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

better asan defaults everwhere

Browse Source
This commit is contained in:
vanhauser-thc
2023-01-26 12:21:47 +01:00
parent e332d37d4e
commit f4a13585a1
8 changed files with 67 additions and 273 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
docs/Changelog.md
View File

@ -24,6 +24,7 @@
- `-t none` now translates to `-t 120000` (120 seconds) - `-t none` now translates to `-t 120000` (120 seconds)
- unicorn_mode updated - unicorn_mode updated
- updated rust custom mutator dependencies and LibAFL custom mutator - updated rust custom mutator dependencies and LibAFL custom mutator
- overall better sanitizer default setting handling
- several minor bugfixes - several minor bugfixes
### Version ++4.04c (release) ### Version ++4.04c (release)

1
include/common.h
View File

@ -43,6 +43,7 @@ u32 check_binary_signatures(u8 *fn);
void detect_file_args(char **argv, u8 *prog_in, bool *use_stdin); void detect_file_args(char **argv, u8 *prog_in, bool *use_stdin);
void print_suggested_envs(char *mispelled_env); void print_suggested_envs(char *mispelled_env);
void check_environment_vars(char **env); void check_environment_vars(char **env);
void set_sanitizer_defaults();
char **argv_cpy_dup(int argc, char **argv); char **argv_cpy_dup(int argc, char **argv);
void argv_cpy_free(char **argv); void argv_cpy_free(char **argv);

84
src/afl-analyze.c
View File

@ -656,28 +656,6 @@ static void set_up_environment(char **argv) {
if (fsrv.out_fd < 0) { PFATAL("Unable to create '%s'", fsrv.out_file); } if (fsrv.out_fd < 0) { PFATAL("Unable to create '%s'", fsrv.out_file); }
/* Set sane defaults... */ /* Set sane defaults... */
x = get_afl_env("ASAN_OPTIONS");
if (x) {
if (!strstr(x, "abort_on_error=1")) {
FATAL("Custom ASAN_OPTIONS set without abort_on_error=1 - please fix!");
}
#ifndef ASAN_BUILD
if (!getenv("AFL_DEBUG") && !strstr(x, "symbolize=0")) {
FATAL("Custom ASAN_OPTIONS set without symbolize=0 - please fix!");
}
#endif
}
x = get_afl_env("MSAN_OPTIONS"); x = get_afl_env("MSAN_OPTIONS");
if (x) { if (x) {
@ -689,69 +667,9 @@ static void set_up_environment(char **argv) {
} }
if (!strstr(x, "symbolize=0")) {
FATAL("Custom MSAN_OPTIONS set without symbolize=0 - please fix!");
} }
} set_sanitizer_defaults();
x = get_afl_env("LSAN_OPTIONS");
if (x) {
if (!strstr(x, "symbolize=0")) {
FATAL("Custom LSAN_OPTIONS set without symbolize=0 - please fix!");
}
}
setenv("ASAN_OPTIONS",
"abort_on_error=1:"
"detect_leaks=0:"
"allocator_may_return_null=1:"
"detect_odr_violation=0:"
"symbolize=0:"
"handle_segv=0:"
"handle_sigbus=0:"
"handle_abort=0:"
"handle_sigfpe=0:"
"handle_sigill=0",
0);
setenv("UBSAN_OPTIONS",
"halt_on_error=1:"
"abort_on_error=1:"
"malloc_context_size=0:"
"allocator_may_return_null=1:"
"symbolize=0:"
"handle_segv=0:"
"handle_sigbus=0:"
"handle_abort=0:"
"handle_sigfpe=0:"
"handle_sigill=0",
0);
setenv("MSAN_OPTIONS", "exit_code=" STRINGIFY(MSAN_ERROR) ":"
"abort_on_error=1:"
"msan_track_origins=0"
"allocator_may_return_null=1:"
"symbolize=0:"
"handle_segv=0:"
"handle_sigbus=0:"
"handle_abort=0:"
"handle_sigfpe=0:"
"handle_sigill=0", 0);
setenv("LSAN_OPTIONS",
"exitcode=" STRINGIFY(LSAN_ERROR) ":"
"fast_unwind_on_malloc=0:"
"symbolize=0:"
"print_suppressions=0",
0);
if (get_afl_env("AFL_PRELOAD")) { if (get_afl_env("AFL_PRELOAD")) {

57
src/afl-common.c
View File

@ -58,6 +58,63 @@ u8 last_intr = 0;
#define AFL_PATH "/usr/local/lib/afl/" #define AFL_PATH "/usr/local/lib/afl/"
#endif #endif
void set_sanitizer_defaults() {
/* Set sane defaults for ASAN if nothing else is specified. */
u8 *have_asan_options = getenv("ASAN_OPTIONS");
u8 *have_ubsan_options = getenv("UBSAN_OPTIONS");
u8 *have_msan_options = getenv("MSAN_OPTIONS");
u8 *have_lsan_options = getenv("LSAN_OPTIONS");
u8 have_san_options = 0;
if (have_asan_options || have_ubsan_options || have_msan_options ||
have_lsan_options)
have_san_options = 1;
u8 default_options[1024] =
"detect_odr_violation=0:abort_on_error=1:symbolize=0:malloc_context_"
"size=0:allocator_may_return_null=1:handle_segv=0:handle_sigbus=0:"
"handle_abort=0:handle_sigfpe=0:handle_sigill=0:";
if (!have_lsan_options) strcat(default_options, "detect_leaks=0:");
/* Set sane defaults for ASAN if nothing else is specified. */
if (!have_san_options) setenv("ASAN_OPTIONS", default_options, 1);
/* Set sane defaults for UBSAN if nothing else is specified. */
if (!have_san_options) setenv("UBSAN_OPTIONS", default_options, 1);
/* MSAN is tricky, because it doesn't support abort_on_error=1 at this
point. So, we do this in a very hacky way. */
if (!have_msan_options) {
u8 buf[2048] = "";
if (!have_san_options) strcpy(buf, default_options);
strcat(buf, "exit_code=" STRINGIFY(MSAN_ERROR) ":msan_track_origins=0:");
setenv("MSAN_OPTIONS", buf, 1);
}
/* LSAN, too, does not support abort_on_error=1. (is this still true??) */
if (!have_lsan_options) {
u8 buf[2048] = "";
if (!have_san_options) strcpy(buf, default_options);
strcat(buf,
"exitcode=" STRINGIFY(
LSAN_ERROR) ":fast_unwind_on_malloc=0:print_suppressions=0:");
setenv("LSAN_OPTIONS", buf, 1);
}
/* Envs for QASan */
setenv("QASAN_MAX_CALL_STACK", "0", 0);
setenv("QASAN_SYMBOLIZE", "0", 0);
}
u32 check_binary_signatures(u8 *fn) { u32 check_binary_signatures(u8 *fn) {
int ret = 0, fd = open(fn, O_RDONLY); int ret = 0, fd = open(fn, O_RDONLY);

54
src/afl-forkserver.c
View File

@ -688,58 +688,8 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv,
if (!getenv("LD_BIND_LAZY")) { setenv("LD_BIND_NOW", "1", 1); } if (!getenv("LD_BIND_LAZY")) { setenv("LD_BIND_NOW", "1", 1); }
/* Set sane defaults for ASAN if nothing else is specified. */ /* Set sane defaults for sanitizers */
u8 *have_asan_options = getenv("ASAN_OPTIONS"); set_sanitizer_defaults();
u8 *have_ubsan_options = getenv("UBSAN_OPTIONS");
u8 *have_msan_options = getenv("MSAN_OPTIONS");
u8 *have_lsan_options = getenv("LSAN_OPTIONS");
u8 have_san_options = 0;
if (have_asan_options || have_ubsan_options || have_msan_options ||
have_lsan_options)
have_san_options = 1;
u8 default_options[1024] =
"detect_odr_violation=0:abort_on_error=1:symbolize=0:malloc_context_"
"size=0:allocator_may_return_null=1:handle_segv=0:handle_sigbus=0:"
"handle_abort=0:handle_sigfpe=0:handle_sigill=0:";
if (!have_lsan_options) strcat(default_options, "detect_leaks=0:");
/* Set sane defaults for ASAN if nothing else is specified. */
if (!have_san_options) setenv("ASAN_OPTIONS", default_options, 1);
/* Set sane defaults for UBSAN if nothing else is specified. */
if (!have_san_options) setenv("UBSAN_OPTIONS", default_options, 1);
/* MSAN is tricky, because it doesn't support abort_on_error=1 at this
point. So, we do this in a very hacky way. */
if (!have_msan_options) {
u8 buf[2048] = "";
if (!have_san_options) strcpy(buf, default_options);
strcat(buf, "exit_code=" STRINGIFY(MSAN_ERROR) ":msan_track_origins=0:");
setenv("MSAN_OPTIONS", buf, 1);
}
/* LSAN, too, does not support abort_on_error=1. (is this still true??) */
if (!have_lsan_options) {
u8 buf[2048] = "";
if (!have_san_options) strcpy(buf, default_options);
strcat(buf,
"exitcode=" STRINGIFY(
LSAN_ERROR) ":fast_unwind_on_malloc=0:print_suppressions=0:");
setenv("LSAN_OPTIONS", buf, 1);
}
/* Envs for QASan */
setenv("QASAN_MAX_CALL_STACK", "0", 0);
setenv("QASAN_SYMBOLIZE", "0", 0);
fsrv->init_child_func(fsrv, argv); fsrv->init_child_func(fsrv, argv);

43
src/afl-showmap.c
View File

@ -597,49 +597,8 @@ static void set_up_environment(afl_forkserver_t *fsrv, char **argv) {
char *afl_preload; char *afl_preload;
char *frida_afl_preload = NULL; char *frida_afl_preload = NULL;
setenv("ASAN_OPTIONS",
"abort_on_error=1:"
"detect_leaks=0:"
"allocator_may_return_null=1:"
"symbolize=0:"
"detect_odr_violation=0:"
"handle_segv=0:"
"handle_sigbus=0:"
"handle_abort=0:"
"handle_sigfpe=0:"
"handle_sigill=0",
0);
setenv("LSAN_OPTIONS", set_sanitizer_defaults();
"exitcode=" STRINGIFY(LSAN_ERROR) ":"
"fast_unwind_on_malloc=0:"
"symbolize=0:"
"print_suppressions=0",
0);
setenv("UBSAN_OPTIONS",
"halt_on_error=1:"
"abort_on_error=1:"
"malloc_context_size=0:"
"allocator_may_return_null=1:"
"symbolize=0:"
"handle_segv=0:"
"handle_sigbus=0:"
"handle_abort=0:"
"handle_sigfpe=0:"
"handle_sigill=0",
0);
setenv("MSAN_OPTIONS", "exit_code=" STRINGIFY(MSAN_ERROR) ":"
"abort_on_error=1:"
"msan_track_origins=0"
"allocator_may_return_null=1:"
"symbolize=0:"
"handle_segv=0:"
"handle_sigbus=0:"
"handle_abort=0:"
"handle_sigfpe=0:"
"handle_sigill=0", 0);
if (get_afl_env("AFL_PRELOAD")) { if (get_afl_env("AFL_PRELOAD")) {

83
src/afl-tmin.c
View File

@ -674,27 +674,6 @@ static void set_up_environment(afl_forkserver_t *fsrv, char **argv) {
/* Set sane defaults... */ /* Set sane defaults... */
x = get_afl_env("ASAN_OPTIONS");
if (x) {
if (!strstr(x, "abort_on_error=1")) {
FATAL("Custom ASAN_OPTIONS set without abort_on_error=1 - please fix!");
}
#ifndef ASAN_BUILD
if (!getenv("AFL_DEBUG") && !strstr(x, "symbolize=0")) {
FATAL("Custom ASAN_OPTIONS set without symbolize=0 - please fix!");
}
#endif
}
x = get_afl_env("MSAN_OPTIONS"); x = get_afl_env("MSAN_OPTIONS");
if (x) { if (x) {
@ -706,69 +685,9 @@ static void set_up_environment(afl_forkserver_t *fsrv, char **argv) {
} }
if (!strstr(x, "symbolize=0")) {
FATAL("Custom MSAN_OPTIONS set without symbolize=0 - please fix!");
} }
} set_sanitizer_defaults();
x = get_afl_env("LSAN_OPTIONS");
if (x) {
if (!strstr(x, "symbolize=0")) {
FATAL("Custom LSAN_OPTIONS set without symbolize=0 - please fix!");
}
}
setenv("ASAN_OPTIONS",
"abort_on_error=1:"
"detect_leaks=0:"
"allocator_may_return_null=1:"
"symbolize=0:"
"detect_odr_violation=0:"
"handle_segv=0:"
"handle_sigbus=0:"
"handle_abort=0:"
"handle_sigfpe=0:"
"handle_sigill=0",
0);
setenv("UBSAN_OPTIONS",
"halt_on_error=1:"
"abort_on_error=1:"
"malloc_context_size=0:"
"allocator_may_return_null=1:"
"symbolize=0:"
"handle_segv=0:"
"handle_sigbus=0:"
"handle_abort=0:"
"handle_sigfpe=0:"
"handle_sigill=0",
0);
setenv("MSAN_OPTIONS", "exit_code=" STRINGIFY(MSAN_ERROR) ":"
"abort_on_error=1:"
"msan_track_origins=0"
"allocator_may_return_null=1:"
"symbolize=0:"
"handle_segv=0:"
"handle_sigbus=0:"
"handle_abort=0:"
"handle_sigfpe=0:"
"handle_sigill=0", 0);
setenv("LSAN_OPTIONS",
"exitcode=" STRINGIFY(LSAN_ERROR) ":"
"fast_unwind_on_malloc=0:"
"symbolize=0:"
"print_suppressions=0",
0);
if (get_afl_env("AFL_PRELOAD")) { if (get_afl_env("AFL_PRELOAD")) {

17
utils/afl_network_proxy/afl-network-server.c
View File

@ -194,7 +194,7 @@ static void set_up_environment(afl_forkserver_t *fsrv) {
} }
if (!strstr(x, "symbolize=0")) { if (!getenv("AFL_DEBUG") && !strstr(x, "symbolize=0")) {
FATAL("Custom ASAN_OPTIONS set without symbolize=0 - please fix!"); FATAL("Custom ASAN_OPTIONS set without symbolize=0 - please fix!");
@ -213,7 +213,7 @@ static void set_up_environment(afl_forkserver_t *fsrv) {
} }
if (!strstr(x, "symbolize=0")) { if (!getenv("AFL_DEBUG") && !strstr(x, "symbolize=0")) {
FATAL("Custom MSAN_OPTIONS set without symbolize=0 - please fix!"); FATAL("Custom MSAN_OPTIONS set without symbolize=0 - please fix!");
@ -221,18 +221,7 @@ static void set_up_environment(afl_forkserver_t *fsrv) {
} }
setenv("ASAN_OPTIONS", set_sanitizer_defaults();
"abort_on_error=1:"
"detect_leaks=0:"
"symbolize=0:"
"allocator_may_return_null=1",
0);
setenv("MSAN_OPTIONS", "exit_code=" STRINGIFY(MSAN_ERROR) ":"
"symbolize=0:"
"abort_on_error=1:"
"allocator_may_return_null=1:"
"msan_track_origins=0", 0);
if (get_afl_env("AFL_PRELOAD")) { if (get_afl_env("AFL_PRELOAD")) {