diff --git a/libafl/src/events/centralized.rs b/libafl/src/events/centralized.rs index e6034fd881..c628d3f99f 100644 --- a/libafl/src/events/centralized.rs +++ b/libafl/src/events/centralized.rs @@ -28,6 +28,7 @@ use crate::{ EventManagerId, EventProcessor, EventRestarter, HasEventManagerId, LogSeverity, }, executors::{Executor, HasObservers}, + feedbacks::transferred::TransferringMetadata, fuzzer::{EvaluatorObservers, ExecutionProcessor}, inputs::{Input, UsesInput}, observers::ObserversTuple, @@ -663,6 +664,9 @@ where } => { log::info!("Received new Testcase from {client_id:?} ({client_config:?}, forward {forward_id:?})"); + if let Ok(meta) = state.metadata_mut::() { + meta.set_transferring(true); + } let res = if client_config.match_with(&self.configuration()) && observers_buf.is_some() { let observers: E::Observers = @@ -692,6 +696,10 @@ where false, )? }; + if let Ok(meta) = state.metadata_mut::() { + meta.set_transferring(false); + } + if let Some(item) = res.1 { if res.1.is_some() { self.inner.fire( diff --git a/libafl/src/events/llmp.rs b/libafl/src/events/llmp.rs index a8fd02d88f..42dac53e01 100644 --- a/libafl/src/events/llmp.rs +++ b/libafl/src/events/llmp.rs @@ -46,6 +46,7 @@ use crate::{ EventProcessor, EventRestarter, HasCustomBufHandlers, HasEventManagerId, ProgressReporter, }, executors::{Executor, HasObservers}, + feedbacks::transferred::TransferringMetadata, fuzzer::{EvaluatorObservers, ExecutionProcessor}, inputs::{Input, InputConverter, UsesInput}, monitors::Monitor, @@ -590,6 +591,9 @@ where } => { log::info!("Received new Testcase from {client_id:?} ({client_config:?}, forward {forward_id:?})"); + if let Ok(meta) = state.metadata_mut::() { + meta.set_transferring(true); + } let res = if client_config.match_with(&self.configuration) && observers_buf.is_some() { @@ -615,6 +619,9 @@ where state, executor, self, input, false, )? }; + if let Ok(meta) = state.metadata_mut::() { + meta.set_transferring(false); + } if let Some(item) = res.1 { log::info!("Added received Testcase as item #{item}"); } @@ -1451,7 +1458,7 @@ where impl LlmpEventConverter where - S: UsesInput + HasExecutions, + S: UsesInput + HasExecutions + HasMetadata, SP: ShMemProvider + 'static, IC: InputConverter, ICB: InputConverter, @@ -1568,6 +1575,9 @@ where return Ok(()); }; + if let Ok(meta) = state.metadata_mut::() { + meta.set_transferring(true); + } let res = fuzzer.evaluate_input_with_observers::( state, executor, @@ -1575,6 +1585,10 @@ where converter.convert(input)?, false, )?; + if let Ok(meta) = state.metadata_mut::() { + meta.set_transferring(false); + } + if let Some(item) = res.1 { log::info!("Added received Testcase as item #{item}"); } diff --git a/libafl/src/events/tcp.rs b/libafl/src/events/tcp.rs index 45c73ceebf..5e824c9e07 100644 --- a/libafl/src/events/tcp.rs +++ b/libafl/src/events/tcp.rs @@ -44,6 +44,7 @@ use crate::{ EventProcessor, EventRestarter, HasCustomBufHandlers, HasEventManagerId, ProgressReporter, }, executors::{Executor, HasObservers}, + feedbacks::transferred::TransferringMetadata, fuzzer::{EvaluatorObservers, ExecutionProcessor}, inputs::{Input, UsesInput}, monitors::Monitor, @@ -457,7 +458,7 @@ where impl TcpEventManager where - S: State + HasExecutions, + S: State + HasExecutions + HasMetadata, { /// Create a manager from a raw TCP client specifying the client id pub fn existing( @@ -559,6 +560,9 @@ where } => { log::info!("Received new Testcase from {client_id:?} ({client_config:?}, forward {forward_id:?})"); + if let Ok(meta) = state.metadata_mut::() { + meta.set_transferring(true); + } let _res = if client_config.match_with(&self.configuration) && observers_buf.is_some() { @@ -578,6 +582,9 @@ where state, executor, self, input, false, )? }; + if let Ok(meta) = state.metadata_mut::() { + meta.set_transferring(false); + } if let Some(item) = _res.1 { log::info!("Added received Testcase as item #{item}"); } @@ -681,7 +688,7 @@ where impl EventProcessor for TcpEventManager where - S: State + HasExecutions, + S: State + HasExecutions + HasMetadata, E: HasObservers + Executor, for<'a> E::Observers: Deserialize<'a>, Z: EvaluatorObservers + ExecutionProcessor, @@ -874,7 +881,7 @@ impl EventProcessor for TcpRestartingEventManager where E: HasObservers + Executor, Z>, for<'a> E::Observers: Deserialize<'a>, - S: State + HasExecutions, + S: State + HasExecutions + HasMetadata, SP: ShMemProvider + 'static, Z: EvaluatorObservers + ExecutionProcessor, //CE: CustomEvent, { @@ -978,7 +985,7 @@ pub fn setup_restarting_mgr_tcp( ) -> Result<(Option, TcpRestartingEventManager), Error> where MT: Monitor + Clone, - S: State + HasExecutions, + S: State + HasExecutions + HasMetadata, { TcpRestartingMgr::builder() .shmem_provider(StdShMemProvider::new()?) @@ -1039,7 +1046,7 @@ where impl TcpRestartingMgr where SP: ShMemProvider, - S: State + HasExecutions, + S: State + HasExecutions + HasMetadata, MT: Monitor + Clone, { /// Internal function, returns true when shuttdown is requested by a `SIGINT` signal diff --git a/libafl/src/feedbacks/mod.rs b/libafl/src/feedbacks/mod.rs index d7ac970d7e..05f39baa38 100644 --- a/libafl/src/feedbacks/mod.rs +++ b/libafl/src/feedbacks/mod.rs @@ -23,6 +23,8 @@ pub use new_hash_feedback::NewHashFeedbackMetadata; #[cfg(feature = "nautilus")] pub mod nautilus; +pub mod transferred; + use alloc::string::{String, ToString}; use core::{ fmt::{self, Debug, Formatter}, diff --git a/libafl/src/feedbacks/transferred.rs b/libafl/src/feedbacks/transferred.rs new file mode 100644 index 0000000000..86f8cd06e3 --- /dev/null +++ b/libafl/src/feedbacks/transferred.rs @@ -0,0 +1,71 @@ +//! Feedbacks and associated metadata for detecting whether a given testcase was transferred from +//! another node. + +use libafl_bolts::{impl_serdeany, Error, Named}; +use serde::{Deserialize, Serialize}; + +use crate::{ + events::EventFirer, + executors::ExitKind, + feedbacks::Feedback, + observers::ObserversTuple, + state::{HasMetadata, State}, +}; + +/// Constant name of the [`TransferringMetadata`]. +pub const TRANSFERRED_FEEDBACK_NAME: &str = "transferred_feedback_internal"; + +/// Metadata which denotes whether we are currently transferring an input. Implementors of +/// multi-node communication systems (like [`crate::events::LlmpEventManager`]) should wrap any +/// [`crate::EvaluatorObservers::evaluate_input_with_observers`] or +/// [`crate::ExecutionProcessor::process_execution`] calls with setting this metadata to true/false +/// before and after. +#[derive(Copy, Clone, Debug, Deserialize, Serialize)] +pub struct TransferringMetadata { + transferring: bool, +} + +impl_serdeany!(TransferringMetadata); + +impl TransferringMetadata { + /// Indicate to the metadata that we are currently transferring data. + pub fn set_transferring(&mut self, transferring: bool) { + self.transferring = transferring; + } +} + +/// Simple feedback which may be used to test whether the testcase was transferred from another node +/// in a multi-node fuzzing arrangement. +#[derive(Copy, Clone, Debug)] +pub struct TransferredFeedback; + +impl Named for TransferredFeedback { + fn name(&self) -> &str { + TRANSFERRED_FEEDBACK_NAME + } +} + +impl Feedback for TransferredFeedback +where + S: HasMetadata + State, +{ + fn init_state(&mut self, state: &mut S) -> Result<(), Error> { + state.add_metadata(TransferringMetadata { transferring: true }); + Ok(()) + } + + fn is_interesting( + &mut self, + state: &mut S, + _manager: &mut EM, + _input: &S::Input, + _observers: &OT, + _exit_kind: &ExitKind, + ) -> Result + where + EM: EventFirer, + OT: ObserversTuple, + { + Ok(state.metadata::()?.transferring) + } +}