SYS-OSS/FRET-LibAFL
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

added initial llmp test

Browse Source
This commit is contained in:
Dominik Maier 2020-11-21 22:07:02 +01:00
parent 75ff5d3d3b
commit cafe610ab4
5 changed files with 102 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
llmp_test/Cargo.toml Normal file
View File

@ -0,0 +1,10 @@
[package]
name = "llmp_test"
version = "0.1.0"
authors = ["Dominik Maier <domenukk@gmail.com>"]
edition = "2018"
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
[dependencies]
afl = { path = "../" }

1
llmp_test/libc::c_int Normal file
View File

@ -0,0 +1 @@
/mnt/c/Users/dcmai/tmp/rust/libAFL

63
llmp_test/src/main.rs Normal file
View File

@ -0,0 +1,63 @@
use std::env::args;
use std::ptr;
use afl::events::llmp_translated;
fn main() {
let thread_count = 1;
/* The main node has a broker, a tcp server, and a few worker threads */
let mut broker = llmp_translated::llmp_broker_state {
last_msg_sent: ptr::null_mut(),
broadcast_map_count: 0,
broadcast_maps: ptr::null_mut(),
msg_hook_count: 0,
msg_hooks: ptr::null_mut(),
llmp_client_count: 0,
llmp_clients: ptr::null_mut(),
};
unsafe {llmp_translated::llmp_broker_init(&mut broker)};
/*
llmp_broker_register_local_server(broker, port);
if (!llmp_broker_register_threaded_clientloop(broker, llmp_clientloop_print_u32, NULL)) {
FATAL("error adding threaded client");
}
int i;
for (i = 0; i < thread_count; i++) {
if (!llmp_broker_register_threaded_clientloop(broker, llmp_clientloop_rand_u32, NULL)) {
FATAL("error adding threaded client");
}
}
OKF("Spawning main on port %d", port);
llmp_broker_run(broker);
} else {
if (thread_count > 1) { WARNF("Multiple threads not supported for clients."); }
OKF("Client will connect to port %d", port);
// Worker only needs to spawn client threads.
llmp_client_t *client_state = llmp_client_new(port);
if (!client_state) { FATAL("Error connecting to broker at port %d", port); }
llmp_clientloop_rand_u32(client_state, NULL);
}
FATAL("Unreachable");
println!("Hello, world!");
*/
}

19
src/events/llmp_translated.rs
View File

@ -51,8 +51,9 @@ Then register some clientloops using llmp_broker_register_threaded_clientloop
use ::libc; use ::libc;
use core::sync::atomic::{compiler_fence, Ordering}; use core::sync::atomic::{compiler_fence, Ordering};
use libc::{c_char, c_int, c_uint, c_ulong, c_ushort, c_void}; use libc::{c_int, c_uint, c_ulong, c_ushort, c_void};
use std::process::exit; use std::process::exit;
use std::str;
use crate::utils::next_pow2; use crate::utils::next_pow2;
@ -184,7 +185,7 @@ LLMP_TAG_NEW_PAGE_V1
#[repr(C, packed)] #[repr(C, packed)]
pub struct llmp_payload_new_page { pub struct llmp_payload_new_page {
pub map_size: c_ulong, pub map_size: c_ulong,
pub shm_str: [c_char; 20], pub shm_str: [u8; 20],
} }
/* Returs the container element to this ptr */ /* Returs the container element to this ptr */
@ -677,9 +678,9 @@ pub unsafe extern "C" fn llmp_broker_alloc_next(
} }
/* Registers a new client for the given sharedmap str and size. /* Registers a new client for the given sharedmap str and size.
Be careful: Intenral realloc may change the location of the client map */ Be careful: Intenral realloc may change the location of the client map */
unsafe extern "C" fn llmp_broker_register_client( unsafe fn llmp_broker_register_client(
mut broker: *mut llmp_broker_state, mut broker: *mut llmp_broker_state,
shm_str: *mut c_char, shm_str: &str,
map_size: c_ulong, map_size: c_ulong,
) -> *mut llmp_broker_client_metadata { ) -> *mut llmp_broker_client_metadata {
/* make space for a new client and calculate its id */ /* make space for a new client and calculate its id */
@ -726,7 +727,7 @@ unsafe extern "C" fn llmp_broker_register_client(
} }
/* broker broadcast to its own page for all others to read */ /* broker broadcast to its own page for all others to read */
#[inline] #[inline]
unsafe extern "C" fn llmp_broker_handle_new_msgs( unsafe fn llmp_broker_handle_new_msgs(
mut broker: *mut llmp_broker_state, mut broker: *mut llmp_broker_state,
mut client: *mut llmp_broker_client_metadata, mut client: *mut llmp_broker_client_metadata,
) { ) {
@ -779,7 +780,7 @@ unsafe extern "C" fn llmp_broker_handle_new_msgs(
afl_shmem_deinit(client_map); afl_shmem_deinit(client_map);
if afl_shmem_by_str( if afl_shmem_by_str(
client_map, client_map,
(*pageinfo).shm_str.as_mut_ptr(), str::from_utf8(&(*pageinfo).shm_str).unwrap(),
(*pageinfo).map_size, (*pageinfo).map_size,
) )
.is_null() .is_null()
@ -810,7 +811,7 @@ unsafe extern "C" fn llmp_broker_handle_new_msgs(
let client_id: u32 = (*(*client).client_state).id; let client_id: u32 = (*(*client).client_state).id;
if llmp_broker_register_client( if llmp_broker_register_client(
broker, broker,
(*pageinfo).shm_str.as_mut_ptr(), str::from_utf8(&(*pageinfo).shm_str).unwrap(),
(*pageinfo).map_size, (*pageinfo).map_size,
) )
.is_null() .is_null()
@ -1126,7 +1127,7 @@ pub unsafe extern "C" fn llmp_client_recv(mut client: *mut llmp_client) -> *mut
afl_shmem_deinit(broadcast_map); afl_shmem_deinit(broadcast_map);
if afl_shmem_by_str( if afl_shmem_by_str(
(*client).current_broadcast_map, (*client).current_broadcast_map,
(*pageinfo).shm_str.as_mut_ptr(), str::from_utf8(&(*pageinfo).shm_str).unwrap(),
(*pageinfo).map_size, (*pageinfo).map_size,
) )
.is_null() .is_null()
@ -1356,7 +1357,7 @@ pub unsafe extern "C" fn llmp_broker_register_childprocess_clientloop(
return 0 as c_int != 0; return 0 as c_int != 0;
} }
let mut client: *mut llmp_broker_client_metadata = let mut client: *mut llmp_broker_client_metadata =
llmp_broker_register_client(broker, client_map.shm_str.as_mut_ptr(), client_map.map_size); llmp_broker_register_client(broker, str::from_utf8(&client_map.shm_str).unwrap(), client_map.map_size);
if client.is_null() { if client.is_null() {
afl_shmem_deinit(&mut client_map); afl_shmem_deinit(&mut client_map);
return 0 as c_int != 0; return 0 as c_int != 0;

43
src/events/shmem_translated.rs
View File

@ -78,21 +78,17 @@ pub const AFL_RET_FILE_DUPLICATE: c_uint = 2;
pub const AFL_RET_UNKNOWN_ERROR: c_uint = 1; pub const AFL_RET_UNKNOWN_ERROR: c_uint = 1;
pub const AFL_RET_SUCCESS: c_uint = 0; pub const AFL_RET_SUCCESS: c_uint = 0;
// A generic sharememory region to be used by any functions (queues or feedbacks
// too.)
#[derive(Copy, Clone)] #[derive(Copy, Clone)]
#[repr(C)] #[repr(C)]
pub struct afl_shmem { pub struct afl_shmem {
pub shm_str: [c_char; 20], pub shm_str: [u8; 20],
pub shm_id: c_int, pub shm_id: c_int,
pub map: *mut c_uchar, pub map: *mut c_uchar,
pub map_size: c_ulong, pub map_size: c_ulong,
} }
// A generic sharememory region to be used by any functions (queues or feedbacks
// too.)
#[inline]
unsafe fn atoi(mut __nptr: *const c_char) -> c_int {
return strtol(__nptr, 0 as *mut c_void as *mut *mut c_char,
10 as c_int) as c_int;
}
pub unsafe fn afl_shmem_deinit(mut shm: *mut afl_shmem) { pub unsafe fn afl_shmem_deinit(mut shm: *mut afl_shmem) {
if shm.is_null() || (*shm).map.is_null() { if shm.is_null() || (*shm).map.is_null() {
@ -101,7 +97,7 @@ pub unsafe fn afl_shmem_deinit(mut shm: *mut afl_shmem) {
return return
} }
(*shm).shm_str[0 as c_int as usize] = (*shm).shm_str[0 as c_int as usize] =
'\u{0}' as i32 as c_char; '\u{0}' as i32 as u8;
shmctl((*shm).shm_id, 0 as c_int, 0 as *mut shmid_ds); shmctl((*shm).shm_id, 0 as c_int, 0 as *mut shmid_ds);
(*shm).map = 0 as *mut c_uchar; (*shm).map = 0 as *mut c_uchar;
} }
@ -117,16 +113,16 @@ pub unsafe fn afl_shmem_init(mut shm: *mut afl_shmem,
0o600 as c_int); 0o600 as c_int);
if (*shm).shm_id < 0 as c_int { if (*shm).shm_id < 0 as c_int {
(*shm).shm_str[0 as c_int as usize] = (*shm).shm_str[0 as c_int as usize] =
'\u{0}' as i32 as c_char; '\u{0}' as i32 as u8;
return 0 as *mut c_uchar return 0 as *mut c_uchar
} }
snprintf((*shm).shm_str.as_mut_ptr(), snprintf((*shm).shm_str.as_mut_ptr() as *mut i8,
::std::mem::size_of::<[c_char; 20]>() as c_ulong, ::std::mem::size_of::<[c_char; 20]>() as c_ulong,
b"%d\x00" as *const u8 as *const c_char, (*shm).shm_id); b"%d\x00" as *const u8 as *const c_char, (*shm).shm_id);
(*shm).shm_str[(::std::mem::size_of::<[c_char; 20]>() as (*shm).shm_str[(::std::mem::size_of::<[c_char; 20]>() as
c_ulong).wrapping_sub(1 as c_int as c_ulong).wrapping_sub(1 as c_int as
c_ulong) as c_ulong) as
usize] = '\u{0}' as i32 as c_char; usize] = '\u{0}' as i32 as u8;
(*shm).map = (*shm).map =
shmat((*shm).shm_id, 0 as *const c_void, 0 as c_int) as shmat((*shm).shm_id, 0 as *const c_void, 0 as c_int) as
*mut c_uchar; *mut c_uchar;
@ -135,26 +131,25 @@ pub unsafe fn afl_shmem_init(mut shm: *mut afl_shmem,
shmctl((*shm).shm_id, 0 as c_int, 0 as *mut shmid_ds); shmctl((*shm).shm_id, 0 as c_int, 0 as *mut shmid_ds);
(*shm).shm_id = -(1 as c_int); (*shm).shm_id = -(1 as c_int);
(*shm).shm_str[0 as c_int as usize] = (*shm).shm_str[0 as c_int as usize] =
'\u{0}' as i32 as c_char; '\u{0}' as i32 as u8;
return 0 as *mut c_uchar return 0 as *mut c_uchar
} }
return (*shm).map; return (*shm).map;
} }
pub unsafe fn afl_shmem_by_str(mut shm: *mut afl_shmem, pub unsafe fn afl_shmem_by_str(mut shm: *mut afl_shmem,
shm_str: *mut c_char, shm_str: &str,
map_size: c_ulong) -> *mut c_uchar { map_size: c_ulong) -> *mut c_uchar {
if shm.is_null() || shm_str.is_null() || if shm.is_null() || shm_str.len() == 0 || map_size == 0 {
*shm_str.offset(0 as c_int as isize) == 0 || map_size == 0 {
return 0 as *mut c_uchar return 0 as *mut c_uchar
} }
(*shm).map = 0 as *mut c_uchar; (*shm).map = 0 as *mut c_uchar;
(*shm).map_size = map_size; (*shm).map_size = map_size;
strncpy((*shm).shm_str.as_mut_ptr(), shm_str, strncpy((*shm).shm_str.as_mut_ptr() as *mut c_char, shm_str.as_ptr() as *const c_char,
(::std::mem::size_of::<[c_char; 20]>() as (::std::mem::size_of::<[c_char; 20]>() as
c_ulong).wrapping_sub(1 as c_int as c_ulong).wrapping_sub(1 as c_int as
c_ulong)); c_ulong));
(*shm).shm_id = atoi(shm_str); (*shm).shm_id = shm_str.parse::<i32>().unwrap();
(*shm).map = (*shm).map =
shmat((*shm).shm_id, 0 as *const c_void, 0 as c_int) as shmat((*shm).shm_id, 0 as *const c_void, 0 as c_int) as
*mut c_uchar; *mut c_uchar;
@ -162,7 +157,7 @@ pub unsafe fn afl_shmem_by_str(mut shm: *mut afl_shmem,
(*shm).map = 0 as *mut c_uchar; (*shm).map = 0 as *mut c_uchar;
(*shm).map_size = 0 as c_int as c_ulong; (*shm).map_size = 0 as c_int as c_ulong;
(*shm).shm_str[0 as c_int as usize] = (*shm).shm_str[0 as c_int as usize] =
'\u{0}' as i32 as c_char; '\u{0}' as i32 as u8;
return 0 as *mut c_uchar return 0 as *mut c_uchar
} }
return (*shm).map; return (*shm).map;
@ -171,19 +166,17 @@ pub unsafe fn afl_shmem_by_str(mut shm: *mut afl_shmem,
/* Write sharedmap as env var */ /* Write sharedmap as env var */
/* Write sharedmap as env var and the size as name#_SIZE */ /* Write sharedmap as env var and the size as name#_SIZE */
pub unsafe fn afl_shmem_to_env_var(shmem: *mut afl_shmem, pub unsafe fn afl_shmem_to_env_var(shmem: *mut afl_shmem,
env_name: *mut c_char) env_name: &str)
-> c_uint { -> c_uint {
if env_name.is_null() || shmem.is_null() || if shmem.is_null() || env_name.len() == 0 || env_name.len() > 200 ||
*env_name.offset(0 as c_int as isize) == 0 || (*shmem).shm_str[0 as c_int as usize] == 0 {
(*shmem).shm_str[0 as c_int as usize] == 0 ||
strlen(env_name) > 200 as c_int as c_ulong {
return AFL_RET_NULL_PTR return AFL_RET_NULL_PTR
} }
let mut shm_str: [c_char; 256] = [0; 256]; let mut shm_str: [c_char; 256] = [0; 256];
snprintf(shm_str.as_mut_ptr(), snprintf(shm_str.as_mut_ptr(),
::std::mem::size_of::<[c_char; 256]>() as c_ulong, ::std::mem::size_of::<[c_char; 256]>() as c_ulong,
b"%d\x00" as *const u8 as *const c_char, (*shmem).shm_id); b"%d\x00" as *const u8 as *const c_char, (*shmem).shm_id);
if setenv(env_name, shm_str.as_mut_ptr(), 1 as c_int) < if setenv(env_name.as_ptr() as *const c_char, shm_str.as_mut_ptr(), 1 as c_int) <
0 as c_int { 0 as c_int {
return AFL_RET_ERRNO return AFL_RET_ERRNO
} }