From cafe610ab41674897b178c4a216f291dbf0bab08 Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Sat, 21 Nov 2020 22:07:02 +0100 Subject: [PATCH] added initial llmp test --- llmp_test/Cargo.toml | 10 ++++++ llmp_test/libc::c_int | 1 + llmp_test/src/main.rs | 63 ++++++++++++++++++++++++++++++++++ src/events/llmp_translated.rs | 19 +++++----- src/events/shmem_translated.rs | 43 ++++++++++------------- 5 files changed, 102 insertions(+), 34 deletions(-) create mode 100644 llmp_test/Cargo.toml create mode 100644 llmp_test/libc::c_int create mode 100644 llmp_test/src/main.rs diff --git a/llmp_test/Cargo.toml b/llmp_test/Cargo.toml new file mode 100644 index 0000000000..c7035f5fba --- /dev/null +++ b/llmp_test/Cargo.toml @@ -0,0 +1,10 @@ +[package] +name = "llmp_test" +version = "0.1.0" +authors = ["Dominik Maier "] +edition = "2018" + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html + +[dependencies] +afl = { path = "../" } \ No newline at end of file diff --git a/llmp_test/libc::c_int b/llmp_test/libc::c_int new file mode 100644 index 0000000000..ffa29ba8a2 --- /dev/null +++ b/llmp_test/libc::c_int @@ -0,0 +1 @@ +/mnt/c/Users/dcmai/tmp/rust/libAFL diff --git a/llmp_test/src/main.rs b/llmp_test/src/main.rs new file mode 100644 index 0000000000..488a8f3337 --- /dev/null +++ b/llmp_test/src/main.rs @@ -0,0 +1,63 @@ +use std::env::args; +use std::ptr; + +use afl::events::llmp_translated; + +fn main() { + + let thread_count = 1; + + /* The main node has a broker, a tcp server, and a few worker threads */ + + let mut broker = llmp_translated::llmp_broker_state { + last_msg_sent: ptr::null_mut(), + broadcast_map_count: 0, + broadcast_maps: ptr::null_mut(), + msg_hook_count: 0, + msg_hooks: ptr::null_mut(), + llmp_client_count: 0, + llmp_clients: ptr::null_mut(), + }; + unsafe {llmp_translated::llmp_broker_init(&mut broker)}; + + /* + llmp_broker_register_local_server(broker, port); + + if (!llmp_broker_register_threaded_clientloop(broker, llmp_clientloop_print_u32, NULL)) { + + FATAL("error adding threaded client"); + + } + + int i; + for (i = 0; i < thread_count; i++) { + + if (!llmp_broker_register_threaded_clientloop(broker, llmp_clientloop_rand_u32, NULL)) { + + FATAL("error adding threaded client"); + + } + + } + + OKF("Spawning main on port %d", port); + llmp_broker_run(broker); + + } else { + + if (thread_count > 1) { WARNF("Multiple threads not supported for clients."); } + + OKF("Client will connect to port %d", port); + // Worker only needs to spawn client threads. + llmp_client_t *client_state = llmp_client_new(port); + if (!client_state) { FATAL("Error connecting to broker at port %d", port); } + llmp_clientloop_rand_u32(client_state, NULL); + + } + + FATAL("Unreachable"); + + + println!("Hello, world!"); + */ +} diff --git a/src/events/llmp_translated.rs b/src/events/llmp_translated.rs index df3b1f138e..99b5c25c17 100644 --- a/src/events/llmp_translated.rs +++ b/src/events/llmp_translated.rs @@ -51,8 +51,9 @@ Then register some clientloops using llmp_broker_register_threaded_clientloop use ::libc; use core::sync::atomic::{compiler_fence, Ordering}; -use libc::{c_char, c_int, c_uint, c_ulong, c_ushort, c_void}; +use libc::{c_int, c_uint, c_ulong, c_ushort, c_void}; use std::process::exit; +use std::str; use crate::utils::next_pow2; @@ -184,7 +185,7 @@ LLMP_TAG_NEW_PAGE_V1 #[repr(C, packed)] pub struct llmp_payload_new_page { pub map_size: c_ulong, - pub shm_str: [c_char; 20], + pub shm_str: [u8; 20], } /* Returs the container element to this ptr */ @@ -677,9 +678,9 @@ pub unsafe extern "C" fn llmp_broker_alloc_next( } /* Registers a new client for the given sharedmap str and size. Be careful: Intenral realloc may change the location of the client map */ -unsafe extern "C" fn llmp_broker_register_client( +unsafe fn llmp_broker_register_client( mut broker: *mut llmp_broker_state, - shm_str: *mut c_char, + shm_str: &str, map_size: c_ulong, ) -> *mut llmp_broker_client_metadata { /* make space for a new client and calculate its id */ @@ -726,7 +727,7 @@ unsafe extern "C" fn llmp_broker_register_client( } /* broker broadcast to its own page for all others to read */ #[inline] -unsafe extern "C" fn llmp_broker_handle_new_msgs( +unsafe fn llmp_broker_handle_new_msgs( mut broker: *mut llmp_broker_state, mut client: *mut llmp_broker_client_metadata, ) { @@ -779,7 +780,7 @@ unsafe extern "C" fn llmp_broker_handle_new_msgs( afl_shmem_deinit(client_map); if afl_shmem_by_str( client_map, - (*pageinfo).shm_str.as_mut_ptr(), + str::from_utf8(&(*pageinfo).shm_str).unwrap(), (*pageinfo).map_size, ) .is_null() @@ -810,7 +811,7 @@ unsafe extern "C" fn llmp_broker_handle_new_msgs( let client_id: u32 = (*(*client).client_state).id; if llmp_broker_register_client( broker, - (*pageinfo).shm_str.as_mut_ptr(), + str::from_utf8(&(*pageinfo).shm_str).unwrap(), (*pageinfo).map_size, ) .is_null() @@ -1126,7 +1127,7 @@ pub unsafe extern "C" fn llmp_client_recv(mut client: *mut llmp_client) -> *mut afl_shmem_deinit(broadcast_map); if afl_shmem_by_str( (*client).current_broadcast_map, - (*pageinfo).shm_str.as_mut_ptr(), + str::from_utf8(&(*pageinfo).shm_str).unwrap(), (*pageinfo).map_size, ) .is_null() @@ -1356,7 +1357,7 @@ pub unsafe extern "C" fn llmp_broker_register_childprocess_clientloop( return 0 as c_int != 0; } let mut client: *mut llmp_broker_client_metadata = - llmp_broker_register_client(broker, client_map.shm_str.as_mut_ptr(), client_map.map_size); + llmp_broker_register_client(broker, str::from_utf8(&client_map.shm_str).unwrap(), client_map.map_size); if client.is_null() { afl_shmem_deinit(&mut client_map); return 0 as c_int != 0; diff --git a/src/events/shmem_translated.rs b/src/events/shmem_translated.rs index 89a0cbf0e9..3823567702 100644 --- a/src/events/shmem_translated.rs +++ b/src/events/shmem_translated.rs @@ -78,21 +78,17 @@ pub const AFL_RET_FILE_DUPLICATE: c_uint = 2; pub const AFL_RET_UNKNOWN_ERROR: c_uint = 1; pub const AFL_RET_SUCCESS: c_uint = 0; +// A generic sharememory region to be used by any functions (queues or feedbacks +// too.) + #[derive(Copy, Clone)] #[repr(C)] pub struct afl_shmem { - pub shm_str: [c_char; 20], + pub shm_str: [u8; 20], pub shm_id: c_int, pub map: *mut c_uchar, pub map_size: c_ulong, } -// A generic sharememory region to be used by any functions (queues or feedbacks -// too.) -#[inline] -unsafe fn atoi(mut __nptr: *const c_char) -> c_int { - return strtol(__nptr, 0 as *mut c_void as *mut *mut c_char, - 10 as c_int) as c_int; -} pub unsafe fn afl_shmem_deinit(mut shm: *mut afl_shmem) { if shm.is_null() || (*shm).map.is_null() { @@ -101,7 +97,7 @@ pub unsafe fn afl_shmem_deinit(mut shm: *mut afl_shmem) { return } (*shm).shm_str[0 as c_int as usize] = - '\u{0}' as i32 as c_char; + '\u{0}' as i32 as u8; shmctl((*shm).shm_id, 0 as c_int, 0 as *mut shmid_ds); (*shm).map = 0 as *mut c_uchar; } @@ -117,16 +113,16 @@ pub unsafe fn afl_shmem_init(mut shm: *mut afl_shmem, 0o600 as c_int); if (*shm).shm_id < 0 as c_int { (*shm).shm_str[0 as c_int as usize] = - '\u{0}' as i32 as c_char; + '\u{0}' as i32 as u8; return 0 as *mut c_uchar } - snprintf((*shm).shm_str.as_mut_ptr(), + snprintf((*shm).shm_str.as_mut_ptr() as *mut i8, ::std::mem::size_of::<[c_char; 20]>() as c_ulong, b"%d\x00" as *const u8 as *const c_char, (*shm).shm_id); (*shm).shm_str[(::std::mem::size_of::<[c_char; 20]>() as c_ulong).wrapping_sub(1 as c_int as c_ulong) as - usize] = '\u{0}' as i32 as c_char; + usize] = '\u{0}' as i32 as u8; (*shm).map = shmat((*shm).shm_id, 0 as *const c_void, 0 as c_int) as *mut c_uchar; @@ -135,26 +131,25 @@ pub unsafe fn afl_shmem_init(mut shm: *mut afl_shmem, shmctl((*shm).shm_id, 0 as c_int, 0 as *mut shmid_ds); (*shm).shm_id = -(1 as c_int); (*shm).shm_str[0 as c_int as usize] = - '\u{0}' as i32 as c_char; + '\u{0}' as i32 as u8; return 0 as *mut c_uchar } return (*shm).map; } pub unsafe fn afl_shmem_by_str(mut shm: *mut afl_shmem, - shm_str: *mut c_char, + shm_str: &str, map_size: c_ulong) -> *mut c_uchar { - if shm.is_null() || shm_str.is_null() || - *shm_str.offset(0 as c_int as isize) == 0 || map_size == 0 { + if shm.is_null() || shm_str.len() == 0 || map_size == 0 { return 0 as *mut c_uchar } (*shm).map = 0 as *mut c_uchar; (*shm).map_size = map_size; - strncpy((*shm).shm_str.as_mut_ptr(), shm_str, + strncpy((*shm).shm_str.as_mut_ptr() as *mut c_char, shm_str.as_ptr() as *const c_char, (::std::mem::size_of::<[c_char; 20]>() as c_ulong).wrapping_sub(1 as c_int as c_ulong)); - (*shm).shm_id = atoi(shm_str); + (*shm).shm_id = shm_str.parse::().unwrap(); (*shm).map = shmat((*shm).shm_id, 0 as *const c_void, 0 as c_int) as *mut c_uchar; @@ -162,7 +157,7 @@ pub unsafe fn afl_shmem_by_str(mut shm: *mut afl_shmem, (*shm).map = 0 as *mut c_uchar; (*shm).map_size = 0 as c_int as c_ulong; (*shm).shm_str[0 as c_int as usize] = - '\u{0}' as i32 as c_char; + '\u{0}' as i32 as u8; return 0 as *mut c_uchar } return (*shm).map; @@ -171,19 +166,17 @@ pub unsafe fn afl_shmem_by_str(mut shm: *mut afl_shmem, /* Write sharedmap as env var */ /* Write sharedmap as env var and the size as name#_SIZE */ pub unsafe fn afl_shmem_to_env_var(shmem: *mut afl_shmem, - env_name: *mut c_char) + env_name: &str) -> c_uint { - if env_name.is_null() || shmem.is_null() || - *env_name.offset(0 as c_int as isize) == 0 || - (*shmem).shm_str[0 as c_int as usize] == 0 || - strlen(env_name) > 200 as c_int as c_ulong { + if shmem.is_null() || env_name.len() == 0 || env_name.len() > 200 || + (*shmem).shm_str[0 as c_int as usize] == 0 { return AFL_RET_NULL_PTR } let mut shm_str: [c_char; 256] = [0; 256]; snprintf(shm_str.as_mut_ptr(), ::std::mem::size_of::<[c_char; 256]>() as c_ulong, b"%d\x00" as *const u8 as *const c_char, (*shmem).shm_id); - if setenv(env_name, shm_str.as_mut_ptr(), 1 as c_int) < + if setenv(env_name.as_ptr() as *const c_char, shm_str.as_mut_ptr(), 1 as c_int) < 0 as c_int { return AFL_RET_ERRNO }