added -N no_unlink option

2025-06-08 08:11:34 +00:00 · 2019-12-02 15:25:17 +01:00 · 2019-12-02 15:25:17 +01:00 · f8bc9b54da
commit f8bc9b54da
parent 60c8121c1d
5 changed files with 48 additions and 12 deletions
--- a/docs/ChangeLog
+++ b/docs/ChangeLog
@ -20,7 +20,10 @@ Version ++2.58d (dev):
  - qbdi_mode: fuzz android native libraries via QBDI framework
  - afl-analyze: added AFL_SKIP_BIN_CHECK support
  - better random numbers for gcc_plugin and llvm_mode (thanks to devnexen)
-  - afl-fuzz: CPU affinity support for DragonFly
+  - afl-fuzz:
+     - added Radamsa and an optional radamsa stage (-R)
+     - CPU affinity support for DragonFly
+     - added -u command line option to not unlink the fuzz input file
  - llvm_mode: float splitting is now configured via AFL_LLVM_LAF_SPLIT_FLOATS
  - libtokencap: support for *BSD/OSX added
  - compcov: floating point splitting support for QEMU on x86 targets
@ -30,7 +33,6 @@ Version ++2.58d (dev):
    download succeeded. f*ckin travis fails downloading 40% of the time!
  - added the few Android stuff we didnt have already from Google afl repository
  - removed unnecessary warnings
-  - added the radamsa stage


 --------------------------
--- a/include/afl-fuzz.h
+++ b/include/afl-fuzz.h
@ -265,7 +265,9 @@ extern u32 hang_tmout;                  /* Timeout used for hang det (ms)   */
 extern u64 mem_limit;                   /* Memory cap for child (MB)        */

 extern u8 cal_cycles,                   /* Calibration cycles defaults      */
-    cal_cycles_long, debug,             /* Debug mode                       */
+    cal_cycles_long,                    /* Calibration cycles defaults      */
+    no_unlink,                          /* do not unlink cur_input          */
+    debug,                              /* Debug mode                       */
    custom_only,                        /* Custom mutator only mode         */
    python_only;                        /* Python-only mode                 */

--- a/src/afl-fuzz-globals.c
+++ b/src/afl-fuzz-globals.c
@ -83,7 +83,9 @@ u32 hang_tmout = EXEC_TIMEOUT;          /* Timeout used for hang det (ms)   */
 u64 mem_limit = MEM_LIMIT;              /* Memory cap for child (MB)        */

 u8 cal_cycles = CAL_CYCLES,             /* Calibration cycles defaults      */
-    cal_cycles_long = CAL_CYCLES_LONG, debug,                 /* Debug mode */
+    cal_cycles_long = CAL_CYCLES_LONG,  /* Calibration cycles defaults      */
+    debug,                              /* Debug mode                       */
+    no_unlink,                          /* do not unlink cur_input          */
    custom_only,                        /* Custom mutator only mode         */
    python_only;                        /* Python-only mode                 */

--- a/src/afl-fuzz-run.c
+++ b/src/afl-fuzz-run.c
@ -288,10 +288,17 @@ void write_to_testcase(void* mem, u32 len) {

  if (out_file) {

-    unlink(out_file);                                     /* Ignore errors. */
+    if (no_unlink) {

+      fd = open(out_file, O_WRONLY | O_CREAT | O_TRUNC, 0600);
+
+    } else {
+
+      unlink(out_file);                                   /* Ignore errors. */
      fd = open(out_file, O_WRONLY | O_CREAT | O_EXCL, 0600);

+    }
+
    if (fd < 0) PFATAL("Unable to create '%s'", out_file);

  } else
@ -330,10 +337,17 @@ void write_with_gap(void* mem, u32 len, u32 skip_at, u32 skip_len) {

  if (out_file) {

-    unlink(out_file);                                     /* Ignore errors. */
+    if (no_unlink) {

+      fd = open(out_file, O_WRONLY | O_CREAT | O_TRUNC, 0600);
+
+    } else {
+
+      unlink(out_file);                                   /* Ignore errors. */
      fd = open(out_file, O_WRONLY | O_CREAT | O_EXCL, 0600);

+    }
+
    if (fd < 0) PFATAL("Unable to create '%s'", out_file);

  } else
@ -760,10 +774,17 @@ u8 trim_case(char** argv, struct queue_entry* q, u8* in_buf) {

    s32 fd;

-    unlink(q->fname);                                      /* ignore errors */
+    if (no_unlink) {

+      fd = open(q->fname, O_WRONLY | O_CREAT | O_TRUNC, 0600);
+
+    } else {
+
+      unlink(q->fname);                                    /* ignore errors */
      fd = open(q->fname, O_WRONLY | O_CREAT | O_EXCL, 0600);

+    }
+
    if (fd < 0) PFATAL("Unable to create '%s'", q->fname);

    ck_write(fd, in_buf, q->len, q->fname);
--- a/src/afl-fuzz.c
+++ b/src/afl-fuzz.c
@ -122,9 +122,11 @@ static void usage(u8* argv0) {
      "                  a recommended value is 10-60. see docs/README.MOpt\n\n"

      "Fuzzing behavior settings:\n"
+      "  -N            - do not unlink the fuzzing input file\n"
      "  -d            - quick & dirty mode (skips deterministic steps)\n"
      "  -n            - fuzz without instrumentation (dumb mode)\n"
-      "  -x dir        - optional fuzzer dictionary (see README)\n\n"
+      "  -x dir        - optional fuzzer dictionary (see README, its really "
+      "good!)\n\n"

      "Testing settings:\n"
      "  -s seed       - use a fixed seed for the RNG\n"
@ -195,7 +197,7 @@ int main(int argc, char** argv) {
  init_seed = tv.tv_sec ^ tv.tv_usec ^ getpid();

  while ((opt = getopt(argc, argv,
-                       "+i:I:o:f:m:t:T:dnCB:S:M:x:QUWe:p:s:V:E:L:hR")) > 0)
+                       "+i:I:o:f:m:t:T:dnCB:S:M:x:QNUWe:p:s:V:E:L:hR")) > 0)

    switch (opt) {

@ -426,6 +428,13 @@ int main(int argc, char** argv) {

        break;

+      case 'N':                                             /* Unicorn mode */
+
+        if (no_unlink) FATAL("Multiple -N options not supported");
+        no_unlink = 1;
+
+        break;
+
      case 'U':                                             /* Unicorn mode */

        if (unicorn_mode) FATAL("Multiple -U options not supported");