From 319c7a1be919627e6cdf4b060ef6f817a618e473 Mon Sep 17 00:00:00 2001
From: van Hauser <vh@thc.org>
Date: Sun, 20 Dec 2020 11:52:34 +0100
Subject: [PATCH] add port option

---
 fuzzers/libfuzzer/src/lib.rs | 30 +++++++++++++++++++-----------
 fuzzers/libfuzzer/test.sh    | 12 +++++++++++-
 2 files changed, 30 insertions(+), 12 deletions(-)

diff --git a/fuzzers/libfuzzer/src/lib.rs b/fuzzers/libfuzzer/src/lib.rs
index ddd01fc4c4..dd56dc5c24 100644
--- a/fuzzers/libfuzzer/src/lib.rs
+++ b/fuzzers/libfuzzer/src/lib.rs
@@ -49,6 +49,13 @@ const NAME_COV_MAP: &str = "cov_map";
 pub extern "C" fn afl_libfuzzer_main() {
     let matches = App::new("libAFLrs fuzzer harness")
         .about("libAFLrs fuzzer harness help options.")
+        .arg(
+            Arg::with_name("port")
+                .short("p")
+                .value_name("PORT")
+                .takes_value(true)
+                .help("Broker TCP port to use."),
+        )
         .arg(
             Arg::with_name("dictionary")
                 .short("x")
@@ -72,6 +79,7 @@ pub extern "C" fn afl_libfuzzer_main() {
         .get_matches();
 
     let statstime = value_t!(matches, "statstime", u32).unwrap_or(5);
+    let broker_port = value_t!(matches, "port", u16).unwrap_or(1337);
 
     let workdir = if matches.is_present("workdir") {
         matches.value_of("workdir").unwrap().to_string()
@@ -90,6 +98,10 @@ pub extern "C" fn afl_libfuzzer_main() {
         input = Some(values_t!(matches, "workdir", String).unwrap_or_else(|e| e.exit()));
     }
 
+    if dictionary != None || input != None {
+        println!("Information: the first process started is the broker and only processes the \'-p PORT\' option if present.");
+    }
+
     // debug prints
 
     println!("workdir: {}", workdir);
@@ -113,23 +125,13 @@ pub extern "C" fn afl_libfuzzer_main() {
     let mut generator = RandPrintablesGenerator::new(32);
 
     let stats = SimpleStats::new(|s| println!("{}", s));
-    let mut mgr = LlmpEventManager::new_on_port(1337, stats).unwrap();
+    let mut mgr = LlmpEventManager::new_on_port(broker_port, stats).unwrap();
     if mgr.is_broker() {
         println!("Doing broker things.");
         mgr.broker_loop().unwrap();
     }
     println!("We're a client, let's fuzz :)");
 
-    //    unsafe {
-
-    //        if afl_libfuzzer_init(...) == -1 {
-
-    //            println("Warning: LLVMFuzzerInitialize failed with -1")
-
-    //        }
-
-    //    }
-
     let edges_observer =
         StdMapObserver::new_from_ptr(&NAME_COV_MAP, unsafe { __lafl_edges_map }, unsafe {
             __lafl_max_edges_size as usize
@@ -141,6 +143,12 @@ pub extern "C" fn afl_libfuzzer_main() {
 
     let mut engine = Engine::new(executor);
 
+    //    unsafe {
+    //        if afl_libfuzzer_init(...) == -1 {
+    //            println("Warning: LLVMFuzzerInitialize failed with -1")
+    //        }
+    //    }
+
     if input != None {
         state
             .load_initial_inputs(
diff --git a/fuzzers/libfuzzer/test.sh b/fuzzers/libfuzzer/test.sh
index 216e32c98f..b9fd14c809 100755
--- a/fuzzers/libfuzzer/test.sh
+++ b/fuzzers/libfuzzer/test.sh
@@ -7,6 +7,16 @@ rm -f test_fuzz.elf test_fuzz.o
 ./compiler -flto=thin -c test/test.c -o test_fuzz.o || exit 1
 ./compiler -flto=thin test_fuzz.o -o test_fuzz.elf || exit 1
 
-RUST_BACKTRACE=1 ./test_fuzz.elf -x a -x b -T5 foo bar
+RUST_BACKTRACE=1 ./test_fuzz.elf &
+PID1=$!
 
+test "$PID1" -gt 0 && {
 
+  usleep 250
+  RUST_BACKTRACE=1 ./test_fuzz.elf -x a -x b -T5 in1 in2 &
+  sleep 10
+  kill $!
+
+}
+sleep 10
+kill $PID1