add check_binary_signatures for afl-* utils

2025-06-15 03:18:07 +00:00 · 2021-09-07 17:15:54 +02:00
parent cb01d56616
commit f760e80729
6 changed files with 71 additions and 1 deletions
--- a/docs/Changelog.md
+++ b/docs/Changelog.md
@ -15,7 +15,8 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
      information on how to deal with instrumenting libraries
    - fix a regression introduced in 3.10 that resulted in less
      coverage being detected. thanks to Collin May for reporting!
-
+  - afl-showmap, afl-tmin and afl-analyze now honor persistent mode
+    for more speed. thanks to dloffre-snl for reporting!
  - afl-cc:
    - fix for shared linking on MacOS
    - llvm and LTO mode verified to work with new llvm 14-dev
--- a/include/common.h
+++ b/include/common.h
@ -38,6 +38,7 @@

 #define STRINGIFY_VAL_SIZE_MAX (16)

+u32  check_binary_signatures(u8 *fn);
 void detect_file_args(char **argv, u8 *prog_in, bool *use_stdin);
 void print_suggested_envs(char *mispelled_env);
 void check_environment_vars(char **env);
--- a/src/afl-analyze.c
+++ b/src/afl-analyze.c
@ -1093,6 +1093,7 @@ int main(int argc, char **argv_orig, char **envp) {
      parse_afl_kill_signal_env(getenv("AFL_KILL_SIGNAL"), SIGKILL);

  read_initial_file();
+  (void)check_binary_signatures(fsrv.target_path);

  ACTF("Performing dry run (mem limit = %llu MB, timeout = %u ms%s)...",
       mem_limit, exec_tmout, edges_only ? ", edges only" : "");
--- a/src/afl-common.c
+++ b/src/afl-common.c
@ -25,8 +25,12 @@

 #include <stdlib.h>
 #include <stdio.h>
+#define _GNU_SOURCE
+#define __USE_GNU
+#include <string.h>
 #include <strings.h>
 #include <math.h>
+#include <sys/mman.h>

 #include "debug.h"
 #include "alloc-inl.h"
@ -51,6 +55,66 @@ u8  last_intr = 0;
  #define AFL_PATH "/usr/local/lib/afl/"
 #endif

+u32 check_binary_signatures(u8 *fn) {
+
+  int ret = 0, fd = open(fn, O_RDONLY);
+  if (fd < 0) { PFATAL("Unable to open '%s'", fn); }
+  struct stat st;
+  if (fstat(fd, &st) < 0) { PFATAL("Unable to fstat '%s'", fn); }
+  u32 f_len = st.st_size;
+  u8 *f_data = mmap(0, f_len, PROT_READ, MAP_PRIVATE, fd, 0);
+  if (f_data == MAP_FAILED) { PFATAL("Unable to mmap file '%s'", fn); }
+  close(fd);
+
+  if (memmem(f_data, f_len, PERSIST_SIG, strlen(PERSIST_SIG) + 1)) {
+
+    if (!be_quiet) { OKF(cPIN "Persistent mode binary detected."); }
+    setenv(PERSIST_ENV_VAR, "1", 1);
+    ret = 1;
+
+  } else if (getenv("AFL_PERSISTENT")) {
+
+    if (!be_quiet) {
+
+      WARNF("AFL_PERSISTENT is no longer supported and may misbehave!");
+
+    }
+
+  } else if (getenv("AFL_FRIDA_PERSISTENT_ADDR")) {
+
+    if (!be_quiet) {
+
+      OKF("FRIDA Persistent mode configuration options detected.");
+
+    }
+
+    setenv(PERSIST_ENV_VAR, "1", 1);
+    ret = 1;
+
+  }
+
+  if (memmem(f_data, f_len, DEFER_SIG, strlen(DEFER_SIG) + 1)) {
+
+    if (!be_quiet) { OKF(cPIN "Deferred forkserver binary detected."); }
+    setenv(DEFER_ENV_VAR, "1", 1);
+    ret += 2;
+
+  } else if (getenv("AFL_DEFER_FORKSRV")) {
+
+    if (!be_quiet) {
+
+      WARNF("AFL_DEFER_FORKSRV is no longer supported and may misbehave!");
+
+    }
+
+  }
+
+  if (munmap(f_data, f_len)) { PFATAL("unmap() failed"); }
+
+  return ret;
+
+}
+
 void detect_file_args(char **argv, u8 *prog_in, bool *use_stdin) {

  u32 i = 0;
--- a/src/afl-showmap.c
+++ b/src/afl-showmap.c
@ -1189,6 +1189,8 @@ int main(int argc, char **argv_orig, char **envp) {

  }

+  (void)check_binary_signatures(fsrv->target_path);
+
  shm_fuzz = ck_alloc(sizeof(sharedmem_t));

  /* initialize cmplog_mode */
--- a/src/afl-tmin.c
+++ b/src/afl-tmin.c
@ -1209,6 +1209,7 @@ int main(int argc, char **argv_orig, char **envp) {
  fsrv->shmem_fuzz = map + sizeof(u32);

  read_initial_file();
+  (void)check_binary_signatures(fsrv->target_path);

  if (!fsrv->qemu_mode && !unicorn_mode) {