SYS-OSS/FRET-LibAFL
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add port option

Browse Source
This commit is contained in:
van Hauser 2020-12-20 11:52:34 +01:00
parent 416b20cdf5
commit 319c7a1be9
2 changed files with 30 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
fuzzers/libfuzzer/src/lib.rs
View File

@ -49,6 +49,13 @@ const NAME_COV_MAP: &str = "cov_map";
pub extern "C" fn afl_libfuzzer_main() { pub extern "C" fn afl_libfuzzer_main() {
let matches = App::new("libAFLrs fuzzer harness") let matches = App::new("libAFLrs fuzzer harness")
.about("libAFLrs fuzzer harness help options.") .about("libAFLrs fuzzer harness help options.")
.arg(
Arg::with_name("port")
.short("p")
.value_name("PORT")
.takes_value(true)
.help("Broker TCP port to use."),
)
.arg( .arg(
Arg::with_name("dictionary") Arg::with_name("dictionary")
.short("x") .short("x")
@ -72,6 +79,7 @@ pub extern "C" fn afl_libfuzzer_main() {
.get_matches(); .get_matches();
let statstime = value_t!(matches, "statstime", u32).unwrap_or(5); let statstime = value_t!(matches, "statstime", u32).unwrap_or(5);
let broker_port = value_t!(matches, "port", u16).unwrap_or(1337);
let workdir = if matches.is_present("workdir") { let workdir = if matches.is_present("workdir") {
matches.value_of("workdir").unwrap().to_string() matches.value_of("workdir").unwrap().to_string()
@ -90,6 +98,10 @@ pub extern "C" fn afl_libfuzzer_main() {
input = Some(values_t!(matches, "workdir", String).unwrap_or_else(|e| e.exit())); input = Some(values_t!(matches, "workdir", String).unwrap_or_else(|e| e.exit()));
} }
if dictionary != None || input != None {
println!("Information: the first process started is the broker and only processes the \'-p PORT\' option if present.");
}
// debug prints // debug prints
println!("workdir: {}", workdir); println!("workdir: {}", workdir);
@ -113,23 +125,13 @@ pub extern "C" fn afl_libfuzzer_main() {
let mut generator = RandPrintablesGenerator::new(32); let mut generator = RandPrintablesGenerator::new(32);
let stats = SimpleStats::new(|s| println!("{}", s)); let stats = SimpleStats::new(|s| println!("{}", s));
let mut mgr = LlmpEventManager::new_on_port(1337, stats).unwrap(); let mut mgr = LlmpEventManager::new_on_port(broker_port, stats).unwrap();
if mgr.is_broker() { if mgr.is_broker() {
println!("Doing broker things."); println!("Doing broker things.");
mgr.broker_loop().unwrap(); mgr.broker_loop().unwrap();
} }
println!("We're a client, let's fuzz :)"); println!("We're a client, let's fuzz :)");
// unsafe {
// if afl_libfuzzer_init(...) == -1 {
// println("Warning: LLVMFuzzerInitialize failed with -1")
// }
// }
let edges_observer = let edges_observer =
StdMapObserver::new_from_ptr(&NAME_COV_MAP, unsafe { __lafl_edges_map }, unsafe { StdMapObserver::new_from_ptr(&NAME_COV_MAP, unsafe { __lafl_edges_map }, unsafe {
__lafl_max_edges_size as usize __lafl_max_edges_size as usize
@ -141,6 +143,12 @@ pub extern "C" fn afl_libfuzzer_main() {
let mut engine = Engine::new(executor); let mut engine = Engine::new(executor);
// unsafe {
// if afl_libfuzzer_init(...) == -1 {
// println("Warning: LLVMFuzzerInitialize failed with -1")
// }
// }
if input != None { if input != None {
state state
.load_initial_inputs( .load_initial_inputs(

12
fuzzers/libfuzzer/test.sh
View File

@ -7,6 +7,16 @@ rm -f test_fuzz.elf test_fuzz.o
./compiler -flto=thin -c test/test.c -o test_fuzz.o || exit 1 ./compiler -flto=thin -c test/test.c -o test_fuzz.o || exit 1
./compiler -flto=thin test_fuzz.o -o test_fuzz.elf || exit 1 ./compiler -flto=thin test_fuzz.o -o test_fuzz.elf || exit 1
RUST_BACKTRACE=1 ./test_fuzz.elf -x a -x b -T5 foo bar RUST_BACKTRACE=1 ./test_fuzz.elf &
PID1=$!
test "$PID1" -gt 0 && {
usleep 250
RUST_BACKTRACE=1 ./test_fuzz.elf -x a -x b -T5 in1 in2 &
sleep 10
kill $!
}
sleep 10
kill $PID1