From 01d8b705c846595bb15c31ed6718e426c0d467cf Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Sun, 22 Nov 2020 03:13:05 +0100 Subject: [PATCH] fixed examle, format --- llmp_test/src/main.rs | 41 ++++----- src/events/llmp_translated.rs | 38 ++++---- src/events/shmem_translated.rs | 159 +++++++++++++++++---------------- 3 files changed, 117 insertions(+), 121 deletions(-) diff --git a/llmp_test/src/main.rs b/llmp_test/src/main.rs index ebec9173c9..964960db01 100644 --- a/llmp_test/src/main.rs +++ b/llmp_test/src/main.rs @@ -5,12 +5,13 @@ use std::ptr; use afl::events::llmp_translated::*; +use std::convert::TryInto; use std::{thread, time}; fn llmp_test_clientloop(client: *mut llmp_client, _data: *mut c_void) -> ! { let mut counter: u32 = 0; loop { - counter += 10; + counter += 1; unsafe { let llmp_message = llmp_client_alloc_next(client, 10); @@ -28,34 +29,34 @@ fn llmp_test_clientloop(client: *mut llmp_client, _data: *mut c_void) -> ! { } fn broker_message_hook( - broker: *mut llmp_broker_state, + _broker: *mut llmp_broker_state, client_metadata: *mut llmp_broker_client_metadata, message: *mut llmp_message, _data: *mut c_void, ) -> LlmpMessageHookResult { - unsafe { - match (*message).tag { - 1 => { - // TODO: use higher bits - let counter_lowest = (std::slice::from_raw_parts((*message).buf.as_ptr(), 4))[3]; - println!( - "Got message {:?} from client {:?}", - counter_lowest, - (*client_metadata).pid - ); - LlmpMessageHookResult::Handled - }, - _ => { - println!("Unknwon message id received!"); - LlmpMessageHookResult::ForwardToClients + match (*message).tag { + 1 => { + println!( + "Client {:?} sent message: {:?}", + (*client_metadata).pid, + u32::from_be_bytes( + std::slice::from_raw_parts((*message).buf.as_ptr(), 4) + .try_into() + .unwrap() + ), + ); + LlmpMessageHookResult::Handled + } + _ => { + println!("Unknwon message id received!"); + LlmpMessageHookResult::ForwardToClients + } } } - } } fn main() { - /* The main node has a broker, a tcp server, and a few worker threads */ let mut broker = llmp_broker_state { @@ -67,7 +68,7 @@ fn main() { llmp_client_count: 0, llmp_clients: ptr::null_mut(), }; - let thread_count = 4; + let thread_count = 3; unsafe { llmp_broker_init(&mut broker).expect("Could not init"); for i in 0..thread_count { diff --git a/src/events/llmp_translated.rs b/src/events/llmp_translated.rs index 92b2057650..dc0ee56e97 100644 --- a/src/events/llmp_translated.rs +++ b/src/events/llmp_translated.rs @@ -54,10 +54,10 @@ use core::sync::atomic::{compiler_fence, Ordering}; use libc::{c_int, c_uint, c_ulong, c_ushort, c_void}; use std::ffi::CStr; -use crate::AflError; use crate::utils::next_pow2; +use crate::AflError; -use super::shmem_translated::{afl_shmem_deinit, afl_shmem_init, afl_shmem_by_str, afl_shmem}; +use super::shmem_translated::{afl_shmem, afl_shmem_by_str, afl_shmem_deinit, afl_shmem_init}; extern "C" { #[no_mangle] @@ -319,10 +319,7 @@ unsafe fn _llmp_next_msg_ptr(last_msg: *mut llmp_message) -> *mut llmp_message { .offset((*last_msg).buf_len_padded as isize) as *mut llmp_message; } /* Read next message. */ -pub unsafe fn llmp_recv( - page: *mut llmp_page, - last_msg: *mut llmp_message, -) -> *mut llmp_message { +pub unsafe fn llmp_recv(page: *mut llmp_page, last_msg: *mut llmp_message) -> *mut llmp_message { /* DBG("llmp_recv %p %p\n", page, last_msg); */ compiler_fence(Ordering::SeqCst); if (*page).current_msg_id == 0 { @@ -894,7 +891,7 @@ pub unsafe fn llmp_broker_once(broker: *mut llmp_broker_state) { } /* The broker walks all pages and looks for changes, then broadcasts them on * its own shared page */ -pub unsafe fn llmp_broker_loop(broker: *mut llmp_broker_state) -> !{ +pub unsafe fn llmp_broker_loop(broker: *mut llmp_broker_state) -> ! { loop { compiler_fence(Ordering::SeqCst); llmp_broker_once(broker); @@ -922,9 +919,7 @@ unsafe fn llmp_clientrigger_new_out_page_hooks(client: *mut llmp_client) { } } /* A wrapper around unpacking the data, calling through to the loop */ -unsafe fn _llmp_client_wrapped_loop( - llmp_client_broker_metadata_ptr: *mut c_void, -) -> ! { +unsafe fn _llmp_client_wrapped_loop(llmp_client_broker_metadata_ptr: *mut c_void) -> ! { let metadata: *mut llmp_broker_client_metadata = llmp_client_broker_metadata_ptr as *mut llmp_broker_client_metadata; /* Before doing anything else:, notify registered hooks about the new page we're about to use */ @@ -986,7 +981,9 @@ pub unsafe fn llmp_broker_launch_client( //return 1 as c_int != 0; } -pub unsafe fn llmp_broker_launch_clientloops(broker: *mut llmp_broker_state) -> Result<(), AflError> { +pub unsafe fn llmp_broker_launch_clientloops( + broker: *mut llmp_broker_state, +) -> Result<(), AflError> { let mut i: c_ulong = 0; while i < (*broker).llmp_client_count { if (*(*broker).llmp_clients.offset(i as isize)).client_type as c_uint @@ -994,7 +991,7 @@ pub unsafe fn llmp_broker_launch_clientloops(broker: *mut llmp_broker_state) -> { if !llmp_broker_launch_client(broker, &mut *(*broker).llmp_clients.offset(i as isize)) { println!("[!] WARNING: Could not launch all clients"); - return Err(AflError::Unknown("Failed to launch clients".into())) + return Err(AflError::Unknown("Failed to launch clients".into())); } } i = i.wrapping_add(1) @@ -1154,10 +1151,7 @@ pub unsafe fn llmp_client_recv_blocking(client: *mut llmp_client) -> *mut llmp_m } /* The current page could have changed in recv (EOP) */ /* Alloc the next message, internally handling end of page by allocating a new one. */ -pub unsafe fn llmp_client_alloc_next( - client: *mut llmp_client, - size: c_ulong, -) -> *mut llmp_message { +pub unsafe fn llmp_client_alloc_next(client: *mut llmp_client, size: c_ulong) -> *mut llmp_message { if client.is_null() { panic!("Client is NULL"); } @@ -1231,10 +1225,7 @@ pub unsafe fn llmp_client_cancel(client: *mut llmp_client, mut msg: *mut llmp_me ) as c_ulong; } /* Commits a msg to the client's out ringbuf */ -pub unsafe fn llmp_client_send( - mut client_state: *mut llmp_client, - msg: *mut llmp_message, -) -> bool { +pub unsafe fn llmp_client_send(mut client_state: *mut llmp_client, msg: *mut llmp_message) -> bool { let page: *mut llmp_page = shmem2page( &mut *(*client_state).out_maps.offset( (*client_state) @@ -1334,8 +1325,11 @@ pub unsafe fn llmp_broker_register_childprocess_clientloop( { return Err(AflError::Unknown("Alloc".into())); } - let mut client: *mut llmp_broker_client_metadata = - llmp_broker_register_client(broker, CStr::from_ptr(&client_map.shm_str as *const i8), client_map.map_size); + let mut client: *mut llmp_broker_client_metadata = llmp_broker_register_client( + broker, + CStr::from_ptr(&client_map.shm_str as *const i8), + client_map.map_size, + ); if client.is_null() { afl_shmem_deinit(&mut client_map); return Err(AflError::Unknown("Something in clients failed".into())); diff --git a/src/events/shmem_translated.rs b/src/events/shmem_translated.rs index b3809b8552..a9da60f9a5 100644 --- a/src/events/shmem_translated.rs +++ b/src/events/shmem_translated.rs @@ -1,31 +1,24 @@ use ::libc; -use libc::{c_int, c_uint, c_char, c_uchar, c_ushort, c_long, c_ulong, c_void}; +use libc::{c_char, c_int, c_long, c_uchar, c_uint, c_ulong, c_ushort, c_void}; use std::ffi::CStr; extern "C" { #[no_mangle] - fn snprintf(_: *mut c_char, _: c_ulong, - _: *const c_char, _: ...) -> c_int; + fn snprintf(_: *mut c_char, _: c_ulong, _: *const c_char, _: ...) -> c_int; #[no_mangle] - fn strncpy(_: *mut c_char, _: *const c_char, _: c_ulong) - -> *mut c_char; + fn strncpy(_: *mut c_char, _: *const c_char, _: c_ulong) -> *mut c_char; #[no_mangle] fn strlen(_: *const c_char) -> c_ulong; #[no_mangle] - fn shmctl(__shmid: c_int, __cmd: c_int, __buf: *mut shmid_ds) - -> c_int; + fn shmctl(__shmid: c_int, __cmd: c_int, __buf: *mut shmid_ds) -> c_int; #[no_mangle] - fn shmget(__key: c_int, __size: c_ulong, __shmflg: c_int) - -> c_int; + fn shmget(__key: c_int, __size: c_ulong, __shmflg: c_int) -> c_int; #[no_mangle] - fn shmat(__shmid: c_int, __shmaddr: *const c_void, - __shmflg: c_int) -> *mut c_void; + fn shmat(__shmid: c_int, __shmaddr: *const c_void, __shmflg: c_int) -> *mut c_void; #[no_mangle] - fn strtol(_: *const c_char, _: *mut *mut c_char, - _: c_int) -> c_long; + fn strtol(_: *const c_char, _: *mut *mut c_char, _: c_int) -> c_long; #[no_mangle] - fn setenv(__name: *const c_char, __value: *const c_char, - __replace: c_int) -> c_int; + fn setenv(__name: *const c_char, __value: *const c_char, __replace: c_int) -> c_int; } #[derive(Copy, Clone)] #[repr(C)] @@ -95,104 +88,112 @@ pub unsafe fn afl_shmem_deinit(mut shm: *mut afl_shmem) { if shm.is_null() || (*shm).map.is_null() { /* Serialized map id */ // Not set or not initialized; - return + return; } - (*shm).shm_str[0 as usize] = - '\u{0}' as c_char; + (*shm).shm_str[0 as usize] = '\u{0}' as c_char; shmctl((*shm).shm_id, 0 as c_int, 0 as *mut shmid_ds); (*shm).map = 0 as *mut c_uchar; } // Functions to create Shared memory region, for observation channels and // opening inputs and stuff. -pub unsafe fn afl_shmem_init(mut shm: *mut afl_shmem, - map_size: c_ulong) -> *mut c_uchar { +pub unsafe fn afl_shmem_init(mut shm: *mut afl_shmem, map_size: c_ulong) -> *mut c_uchar { (*shm).map_size = map_size; (*shm).map = 0 as *mut c_uchar; - (*shm).shm_id = - shmget(0 as c_int, map_size, - 0o1000 as c_int | 0o2000 as c_int | - 0o600 as c_int); + (*shm).shm_id = shmget( + 0 as c_int, + map_size, + 0o1000 as c_int | 0o2000 as c_int | 0o600 as c_int, + ); if (*shm).shm_id < 0 as c_int { - (*shm).shm_str[0] = - '\u{0}' as c_char; - return 0 as *mut c_uchar + (*shm).shm_str[0] = '\u{0}' as c_char; + return 0 as *mut c_uchar; } - snprintf((*shm).shm_str.as_mut_ptr() as *mut i8, - ::std::mem::size_of::<[c_char; 20]>() as c_ulong, - b"%d\x00" as *const u8 as *const c_char, (*shm).shm_id); - (*shm).shm_str[(::std::mem::size_of::<[c_char; 20]>() as - c_ulong).wrapping_sub(1 as c_int as - c_ulong) as - usize] = '\u{0}' as c_char; - (*shm).map = - shmat((*shm).shm_id, 0 as *const c_void, 0 as c_int) as - *mut c_uchar; - if (*shm).map == -(1 as c_int) as *mut c_void as *mut c_uchar || - (*shm).map.is_null() { + snprintf( + (*shm).shm_str.as_mut_ptr() as *mut i8, + ::std::mem::size_of::<[c_char; 20]>() as c_ulong, + b"%d\x00" as *const u8 as *const c_char, + (*shm).shm_id, + ); + (*shm).shm_str[(::std::mem::size_of::<[c_char; 20]>() as c_ulong) + .wrapping_sub(1 as c_int as c_ulong) as usize] = '\u{0}' as c_char; + (*shm).map = shmat((*shm).shm_id, 0 as *const c_void, 0 as c_int) as *mut c_uchar; + if (*shm).map == -(1 as c_int) as *mut c_void as *mut c_uchar || (*shm).map.is_null() { shmctl((*shm).shm_id, 0 as c_int, 0 as *mut shmid_ds); (*shm).shm_id = -(1 as c_int); - (*shm).shm_str[0 as c_int as usize] = - '\u{0}' as c_char; - return 0 as *mut c_uchar + (*shm).shm_str[0 as c_int as usize] = '\u{0}' as c_char; + return 0 as *mut c_uchar; } return (*shm).map; } -pub unsafe fn afl_shmem_by_str(mut shm: *mut afl_shmem, - shm_str: &CStr, - map_size: c_ulong) -> *mut c_uchar { +pub unsafe fn afl_shmem_by_str( + mut shm: *mut afl_shmem, + shm_str: &CStr, + map_size: c_ulong, +) -> *mut c_uchar { if shm.is_null() || shm_str.to_bytes().len() == 0 || map_size == 0 { - return 0 as *mut c_uchar + return 0 as *mut c_uchar; } (*shm).map = 0 as *mut c_uchar; (*shm).map_size = map_size; - strncpy((*shm).shm_str.as_mut_ptr() as *mut c_char, shm_str.as_ptr() as *const c_char, - (::std::mem::size_of::<[c_char; 20]>() as - c_ulong).wrapping_sub(1 as c_int as - c_ulong)); - (*shm).shm_id = shm_str.to_str().expect(&format!("illegal shm_str {:?}", shm_str)).parse::().unwrap(); - (*shm).map = - shmat((*shm).shm_id, 0 as *const c_void, 0 as c_int) as - *mut c_uchar; + strncpy( + (*shm).shm_str.as_mut_ptr() as *mut c_char, + shm_str.as_ptr() as *const c_char, + (::std::mem::size_of::<[c_char; 20]>() as c_ulong).wrapping_sub(1 as c_int as c_ulong), + ); + (*shm).shm_id = shm_str + .to_str() + .expect(&format!("illegal shm_str {:?}", shm_str)) + .parse::() + .unwrap(); + (*shm).map = shmat((*shm).shm_id, 0 as *const c_void, 0 as c_int) as *mut c_uchar; if (*shm).map == -(1 as c_int) as *mut c_void as *mut c_uchar { (*shm).map = 0 as *mut c_uchar; (*shm).map_size = 0 as c_int as c_ulong; - (*shm).shm_str[0 as c_int as usize] = - '\u{0}' as c_char; - return 0 as *mut c_uchar + (*shm).shm_str[0 as c_int as usize] = '\u{0}' as c_char; + return 0 as *mut c_uchar; } return (*shm).map; } /* Write sharedmap as env var */ /* Write sharedmap as env var and the size as name#_SIZE */ -pub unsafe fn afl_shmem_to_env_var(shmem: &afl_shmem, - env_name: &CStr) - -> c_uint { +pub unsafe fn afl_shmem_to_env_var(shmem: &afl_shmem, env_name: &CStr) -> c_uint { let env_len = env_name.to_bytes().len(); - if env_len == 0 || env_len > 200 || - (*shmem).shm_str[0 as c_int as usize] == 0 { - return AFL_RET_NULL_PTR + if env_len == 0 || env_len > 200 || (*shmem).shm_str[0 as c_int as usize] == 0 { + return AFL_RET_NULL_PTR; } let mut shm_str: [c_char; 256] = [0; 256]; - snprintf(shm_str.as_mut_ptr(), - ::std::mem::size_of::<[c_char; 256]>() as c_ulong, - b"%d\x00" as *const u8 as *const c_char, (*shmem).shm_id); - if setenv(env_name.as_ptr() as *const c_char, shm_str.as_mut_ptr(), 1 as c_int) < - 0 as c_int { - return AFL_RET_ERRNO + snprintf( + shm_str.as_mut_ptr(), + ::std::mem::size_of::<[c_char; 256]>() as c_ulong, + b"%d\x00" as *const u8 as *const c_char, + (*shmem).shm_id, + ); + if setenv( + env_name.as_ptr() as *const c_char, + shm_str.as_mut_ptr(), + 1 as c_int, + ) < 0 as c_int + { + return AFL_RET_ERRNO; } /* Write the size to env, too */ let mut size_env_name: [c_char; 256] = [0; 256]; - snprintf(size_env_name.as_mut_ptr(), - ::std::mem::size_of::<[c_char; 256]>() as c_ulong, - b"%s_SIZE\x00" as *const u8 as *const c_char, env_name); - snprintf(shm_str.as_mut_ptr(), - ::std::mem::size_of::<[c_char; 256]>() as c_ulong, - b"%d\x00" as *const u8 as *const c_char, (*shmem).shm_id); - if setenv(size_env_name.as_mut_ptr(), shm_str.as_mut_ptr(), - 1 as c_int) < 0 as c_int { - return AFL_RET_ERRNO + snprintf( + size_env_name.as_mut_ptr(), + ::std::mem::size_of::<[c_char; 256]>() as c_ulong, + b"%s_SIZE\x00" as *const u8 as *const c_char, + env_name, + ); + snprintf( + shm_str.as_mut_ptr(), + ::std::mem::size_of::<[c_char; 256]>() as c_ulong, + b"%d\x00" as *const u8 as *const c_char, + (*shmem).shm_id, + ); + if setenv(size_env_name.as_mut_ptr(), shm_str.as_mut_ptr(), 1 as c_int) < 0 as c_int { + return AFL_RET_ERRNO; } return AFL_RET_SUCCESS; -} \ No newline at end of file +}