"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "cmdline.c" between
honggfuzz-2.1.tar.gz and honggfuzz-2.2.tar.gz

About: honggfuzz is a security oriented, feedback-driven, evolutionary, easy-to-use fuzzer with powerful analysis options.

cmdline.c  (honggfuzz-2.1):cmdline.c  (honggfuzz-2.2)
skipping to change at line 91 skipping to change at line 91
hfuzz->exe.cmdline[0]); hfuzz->exe.cmdline[0]);
hfuzz->exe.persistent = true; hfuzz->exe.persistent = true;
} }
if (memmem(map, fileSz, _HF_NETDRIVER_SIG, strlen(_HF_NETDRIVER_SIG))) { if (memmem(map, fileSz, _HF_NETDRIVER_SIG, strlen(_HF_NETDRIVER_SIG))) {
LOG_I("NetDriver signature found '%s'", hfuzz->exe.cmdline[0]); LOG_I("NetDriver signature found '%s'", hfuzz->exe.cmdline[0]);
hfuzz->exe.netDriver = true; hfuzz->exe.netDriver = true;
} }
return true; return true;
} }
static const char* cmdlineYesNo(bool yes) {
return (yes ? "true" : "false");
}
static void cmdlineHelp(const char* pname, struct custom_option* opts) { static void cmdlineHelp(const char* pname, struct custom_option* opts) {
LOG_HELP_BOLD("Usage: %s [options] -- path_to_command [args]", pname); LOG_HELP_BOLD("Usage: %s [options] -- path_to_command [args]", pname);
LOG_HELP_BOLD("Options:"); LOG_HELP_BOLD("Options:");
for (int i = 0; opts[i].opt.name; i++) { for (int i = 0; opts[i].opt.name; i++) {
if (isprint(opts[i].opt.val) && opts[i].opt.val < 0x80) { if (isprint(opts[i].opt.val) && opts[i].opt.val < 0x80) {
LOG_HELP_BOLD(" --%s%s%c %s", opts[i].opt.name, "|-", opts[i].opt.va l, LOG_HELP_BOLD(" --%s%s%c %s", opts[i].opt.name, "|-", opts[i].opt.va l,
opts[i].opt.has_arg == required_argument ? "VALUE" : ""); opts[i].opt.has_arg == required_argument ? "VALUE" : "");
} else { } else {
LOG_HELP_BOLD(" --%s %s", opts[i].opt.name, LOG_HELP_BOLD(" --%s %s", opts[i].opt.name,
opts[i].opt.has_arg == required_argument ? "VALUE" : ""); opts[i].opt.has_arg == required_argument ? "VALUE" : "");
skipping to change at line 166 skipping to change at line 162
LOG_W("Replacing envar '%s' with '%s'", hfuzz->exe.env_vals[i], env) ; LOG_W("Replacing envar '%s' with '%s'", hfuzz->exe.env_vals[i], env) ;
snprintf(hfuzz->exe.env_vals[i], sizeof(hfuzz->exe.env_vals[i]), "%s ", env); snprintf(hfuzz->exe.env_vals[i], sizeof(hfuzz->exe.env_vals[i]), "%s ", env);
hfuzz->exe.env_ptrs[i] = hfuzz->exe.env_vals[i]; hfuzz->exe.env_ptrs[i] = hfuzz->exe.env_vals[i];
return true; return true;
} }
} }
LOG_E("No more space for new envars (max.%zu)", ARRAYSIZE(hfuzz->exe.env_ptr s)); LOG_E("No more space for new envars (max.%zu)", ARRAYSIZE(hfuzz->exe.env_ptr s));
return false; return false;
} }
tristate_t cmdlineParseTriState(const char* optname, const char* optarg) {
if (!optarg) {
LOG_F("Option '--%s' needs an argument (true|false|maybe)", optname);
}
/* Probably '-' belong to the next option */
if (optarg[0] == '-') {
LOG_F("Option '--%s' needs an argument (true|false|maybe)", optname);
}
if ((strcasecmp(optarg, "0") == 0) || (strcasecmp(optarg, "false") == 0) ||
(strcasecmp(optarg, "n") == 0) || (strcasecmp(optarg, "no") == 0)) {
return false;
}
if ((strcasecmp(optarg, "1") == 0) || (strcasecmp(optarg, "true") == 0) ||
(strcasecmp(optarg, "y") == 0) || (strcasecmp(optarg, "yes") == 0)) {
return true;
}
if ((strcasecmp(optarg, "-1") == 0) || (strcasecmp(optarg, "maybe") == 0) ||
(strcasecmp(optarg, "m") == 0) || (strcasecmp(optarg, "if_supported") ==
0)) {
return true;
}
LOG_F("Unknown value for option --%s=%s. Use true, false or maybe", optname,
optarg);
return false;
}
bool cmdlineParseTrueFalse(const char* optname, const char* optarg) { bool cmdlineParseTrueFalse(const char* optname, const char* optarg) {
if (!optarg) { if (!optarg) {
LOG_F("Option '--%s' needs an argument (true|false)", optname); LOG_F("Option '--%s' needs an argument (true|false)", optname);
} }
/* Probably '-' belong to the next option */ /* Probably '-' belong to the next option */
if (optarg[0] == '-') { if (optarg[0] == '-') {
LOG_F("Option '--%s' needs an argument (true|false)", optname); LOG_F("Option '--%s' needs an argument (true|false)", optname);
} }
if ((strcasecmp(optarg, "0") == 0) || (strcasecmp(optarg, "false") == 0) || if ((strcasecmp(optarg, "0") == 0) || (strcasecmp(optarg, "false") == 0) ||
(strcasecmp(optarg, "n") == 0) || (strcasecmp(optarg, "no") == 0)) { (strcasecmp(optarg, "n") == 0) || (strcasecmp(optarg, "no") == 0)) {
skipping to change at line 212 skipping to change at line 232
PLOG_F("strtoul('%s', 0)", optarg); PLOG_F("strtoul('%s', 0)", optarg);
} }
return val; return val;
} }
static bool cmdlineVerify(honggfuzz_t* hfuzz) { static bool cmdlineVerify(honggfuzz_t* hfuzz) {
if (!cmdlineCheckBinaryType(hfuzz)) { if (!cmdlineCheckBinaryType(hfuzz)) {
LOG_E("Couldn't test binary for signatures"); LOG_E("Couldn't test binary for signatures");
return false; return false;
} }
if (hfuzz->exe.netDriver && hfuzz->arch_linux.useNetNs == HF_MAYBE) {
LOG_I("The binary uses netdriver, disabling network namespacing");
hfuzz->arch_linux.useNetNs = HF_NO;
}
if (!hfuzz->exe.fuzzStdin && !hfuzz->exe.persistent && if (!hfuzz->exe.fuzzStdin && !hfuzz->exe.persistent &&
!checkFor_FILE_PLACEHOLDER(hfuzz->exe.cmdline)) { !checkFor_FILE_PLACEHOLDER(hfuzz->exe.cmdline)) {
LOG_E("You must specify '" _HF_FILE_PLACEHOLDER LOG_E("You must specify '" _HF_FILE_PLACEHOLDER
"' if the -s (stdin fuzzing) or --persistent options are not set") ; "' if the -s (stdin fuzzing) or --persistent options are not set") ;
return false; return false;
} }
if (hfuzz->threads.threadsMax >= _HF_THREAD_MAX) { if (hfuzz->threads.threadsMax >= _HF_THREAD_MAX) {
LOG_E("Too many fuzzing threads specified %zu (>= _HF_THREAD_MAX (%u))", LOG_E("Too many fuzzing threads specified %zu (>= _HF_THREAD_MAX (%u))",
skipping to change at line 257 skipping to change at line 281
} }
if (mkdir(hfuzz->io.crashDir, 0700) && errno != EEXIST) { if (mkdir(hfuzz->io.crashDir, 0700) && errno != EEXIST) {
PLOG_E("Couldn't create the crash directory '%s'", hfuzz->io.crashDir); PLOG_E("Couldn't create the crash directory '%s'", hfuzz->io.crashDir);
return false; return false;
} }
if (hfuzz->mutate.mutationsPerRun == 0U && hfuzz->cfg.useVerifier) { if (hfuzz->mutate.mutationsPerRun == 0U && hfuzz->cfg.useVerifier) {
LOG_I("Verifier enabled with mutationsPerRun == 0, activating the dry ru n mode"); LOG_I("Verifier enabled with mutationsPerRun == 0, activating the dry ru n mode");
} }
if (hfuzz->mutate.maxFileSz > _HF_INPUT_MAX_SIZE) { if (hfuzz->io.maxFileSz > _HF_INPUT_MAX_SIZE) {
LOG_E("Maximum file size '%zu' bigger than the maximum size '%zu'", hfuz LOG_E("Maximum file size '%zu' bigger than the maximum size '%zu'", hfuz
z->mutate.maxFileSz, z->io.maxFileSz,
(size_t)_HF_INPUT_MAX_SIZE); (size_t)_HF_INPUT_MAX_SIZE);
return false; return false;
} }
return true; return true;
} }
bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) {
*hfuzz = (honggfuzz_t){ *hfuzz = (honggfuzz_t){
.threads = .threads =
skipping to change at line 285 skipping to change at line 309
.threadsActiveCnt = 0, .threadsActiveCnt = 0,
.mainThread = pthread_self(), .mainThread = pthread_self(),
.mainPid = getpid(), .mainPid = getpid(),
}, },
.io = .io =
{ {
.inputDir = NULL, .inputDir = NULL,
.outputDir = NULL, .outputDir = NULL,
.inputDirPtr = NULL, .inputDirPtr = NULL,
.fileCnt = 0, .fileCnt = 0,
.fileCntDone = false, .testedFileCnt = 0,
.maxFileSz = 0,
.newUnitsAdded = 0, .newUnitsAdded = 0,
.fileExtn = "fuzz", .fileExtn = "fuzz",
.workDir = {}, .workDir = {},
.crashDir = NULL, .crashDir = NULL,
.covDirNew = NULL, .covDirNew = NULL,
.saveUnique = true, .saveUnique = true,
.dynfileqMaxSz = 0U,
.dynfileqCnt = 0U, .dynfileqCnt = 0U,
.dynfileq_mutex = PTHREAD_RWLOCK_INITIALIZER, .dynfileq_mutex = PTHREAD_RWLOCK_INITIALIZER,
.dynfileqCurrent = NULL, .dynfileqCurrent = NULL,
.dynfileq2Current = NULL,
.exportFeedback = false, .exportFeedback = false,
}, },
.exe = .exe =
{ {
.argc = 0, .argc = 0,
.cmdline = NULL, .cmdline = NULL,
.nullifyStdio = true, .nullifyStdio = true,
.fuzzStdin = false, .fuzzStdin = false,
.externalCommand = NULL, .externalCommand = NULL,
.postExternalCommand = NULL, .postExternalCommand = NULL,
skipping to change at line 320 skipping to change at line 347
.dataLimit = 0U, .dataLimit = 0U,
.stackLimit = 0U, .stackLimit = 0U,
.clearEnv = false, .clearEnv = false,
.env_ptrs = {}, .env_ptrs = {},
.env_vals = {}, .env_vals = {},
}, },
.timing = .timing =
{ {
.timeStart = time(NULL), .timeStart = time(NULL),
.runEndTime = 0, .runEndTime = 0,
.tmOut = 10, .tmOut = 1,
.lastCovUpdate = time(NULL), .lastCovUpdate = time(NULL),
.timeOfLongestUnitInMilliseconds = 0, .timeOfLongestUnitUSecs = 0,
.tmoutVTALRM = false, .tmoutVTALRM = false,
}, },
.mutate = .mutate =
{ {
.mutationsMax = 0, .mutationsMax = 0,
.dictionaryFile = NULL, .dictionary = {},
.dictionaryCnt = 0, .dictionaryCnt = 0,
.mutationsPerRun = 6U, .dictionaryFile = NULL,
.maxFileSz = 0UL, .mutationsPerRun = 5,
.maxInputSz = 0,
}, },
.display = .display =
{ {
.useScreen = true, .useScreen = true,
.lastDisplayMillis = util_timeNowMillis(), .lastDisplayUSecs = util_timeNowUSecs(),
.cmdline_txt[0] = '\0', .cmdline_txt[0] = '\0',
}, },
.cfg = .cfg =
{ {
.useVerifier = false, .useVerifier = false,
.exitUponCrash = false, .exitUponCrash = false,
.report_mutex = PTHREAD_MUTEX_INITIALIZER, .report_mutex = PTHREAD_MUTEX_INITIALIZER,
.reportFile = NULL, .reportFile = NULL,
.dynFileIterExpire = 0, .dynFileIterExpire = 0,
.only_printable = false, .only_printable = false,
skipping to change at line 362 skipping to change at line 390
.enable = false, .enable = false,
.del_report = false, .del_report = false,
}, },
.feedback = .feedback =
{ {
.covFeedbackMap = NULL, .covFeedbackMap = NULL,
.covFeedbackFd = -1, .covFeedbackFd = -1,
.covFeedback_mutex = PTHREAD_MUTEX_INITIALIZER, .covFeedback_mutex = PTHREAD_MUTEX_INITIALIZER,
.cmpFeedbackMap = NULL, .cmpFeedbackMap = NULL,
.cmpFeedbackFd = -1, .cmpFeedbackFd = -1,
.cmpFeedback = false, .cmpFeedback = true,
.blacklistFile = NULL, .blacklistFile = NULL,
.blacklist = NULL, .blacklist = NULL,
.blacklistCnt = 0, .blacklistCnt = 0,
.skipFeedbackOnTimeout = false, .skipFeedbackOnTimeout = false,
.dynFileMethod = _HF_DYNFILE_SOFT, .dynFileMethod = _HF_DYNFILE_SOFT,
.state = _HF_STATE_UNSET, .state = _HF_STATE_UNSET,
.hwCnts =
{
.cpuInstrCnt = 0ULL,
.cpuBranchCnt = 0ULL,
.bbCnt = 0ULL,
.newBBCnt = 0ULL,
.softCntPc = 0ULL,
.softCntCmp = 0ULL,
},
}, },
.cnts = .cnts =
{ {
.mutationsCnt = 0, .mutationsCnt = 0,
.crashesCnt = 0, .crashesCnt = 0,
.uniqueCrashesCnt = 0, .uniqueCrashesCnt = 0,
.verifiedCrashesCnt = 0, .verifiedCrashesCnt = 0,
.blCrashesCnt = 0, .blCrashesCnt = 0,
.timeoutedCnt = 0, .timeoutedCnt = 0,
}, },
.socketFuzzer = .socketFuzzer =
{ {
.enabled = false, .enabled = false,
.serverSocket = -1, .serverSocket = -1,
.clientSocket = -1, .clientSocket = -1,
}, },
/* Linux code */ /* Linux code */
.linux = .arch_linux =
{ {
.exeFd = -1, .exeFd = -1,
.hwCnts =
{
.cpuInstrCnt = 0ULL,
.cpuBranchCnt = 0ULL,
.bbCnt = 0ULL,
.newBBCnt = 0ULL,
.softCntPc = 0ULL,
.softCntCmp = 0ULL,
},
.dynamicCutOffAddr = ~(0ULL), .dynamicCutOffAddr = ~(0ULL),
.disableRandomization = true, .disableRandomization = true,
.ignoreAddr = NULL, .ignoreAddr = NULL,
.symsBlFile = NULL, .symsBlFile = NULL,
.symsBlCnt = 0, .symsBlCnt = 0,
.symsBl = NULL, .symsBl = NULL,
.symsWlFile = NULL, .symsWlFile = NULL,
.symsWlCnt = 0, .symsWlCnt = 0,
.symsWl = NULL, .symsWl = NULL,
.cloneFlags = 0, .cloneFlags = 0,
.useNetNs = HF_MAYBE,
.kernelOnly = false, .kernelOnly = false,
.useClone = true, .useClone = true,
}, },
/* NetBSD code */ /* NetBSD code */
.netbsd = .arch_netbsd =
{ {
.ignoreAddr = NULL, .ignoreAddr = NULL,
.symsBlFile = NULL, .symsBlFile = NULL,
.symsBlCnt = 0, .symsBlCnt = 0,
.symsBl = NULL, .symsBl = NULL,
.symsWlFile = NULL, .symsWlFile = NULL,
.symsWlCnt = 0, .symsWlCnt = 0,
.symsWl = NULL, .symsWl = NULL,
}, },
}; };
TAILQ_INIT(&hfuzz->io.dynfileq); TAILQ_INIT(&hfuzz->io.dynfileq);
TAILQ_INIT(&hfuzz->mutate.dictq);
// clang-format off // clang-format off
struct custom_option custom_opts[] = { struct custom_option custom_opts[] = {
{ { "help", no_argument, NULL, 'h' }, "Help plz.." }, { { "help", no_argument, NULL, 'h' }, "Help plz.." },
{ { "input", required_argument, NULL, 'i' }, "Path to a directory contai ning initial file corpus" }, { { "input", required_argument, NULL, 'i' }, "Path to a directory contai ning initial file corpus" },
{ { "output", required_argument, NULL, 'o' }, "Output data (new dynamic coverage corpus, or the minimized coverage corpus) is written to this directory (default: input directory is re-used)" }, { { "output", required_argument, NULL, 'o' }, "Output data (new dynamic coverage corpus, or the minimized coverage corpus) is written to this directory (default: input directory is re-used)" },
{ { "persistent", no_argument, NULL, 'P' }, "Enable persistent fuzzing ( use hfuzz_cc/hfuzz-clang to compile code). This will be auto-detected!!!" }, { { "persistent", no_argument, NULL, 'P' }, "Enable persistent fuzzing ( use hfuzz_cc/hfuzz-clang to compile code). This will be auto-detected!!!" },
{ { "instrument", no_argument, NULL, 'z' }, "*DEFAULT-MODE-BY-DEFAULT* E nable compile-time instrumentation (use hfuzz_cc/hfuzz-clang to compile code)" } , { { "instrument", no_argument, NULL, 'z' }, "*DEFAULT-MODE-BY-DEFAULT* E nable compile-time instrumentation (use hfuzz_cc/hfuzz-clang to compile code)" } ,
{ { "minimize", no_argument, NULL, 'M' }, "Minimize the input corpus. It will most likely delete some corpus files (from the --input directory) if no -- output is used!" }, { { "minimize", no_argument, NULL, 'M' }, "Minimize the input corpus. It will most likely delete some corpus files (from the --input directory) if no -- output is used!" },
{ { "noinst", no_argument, NULL, 'x' }, "Static mode only, disable any i nstrumentation (hw/sw) feedback" }, { { "noinst", no_argument, NULL, 'x' }, "Static mode only, disable any i nstrumentation (hw/sw) feedback" },
{ { "keep_output", no_argument, NULL, 'Q' }, "Don't close children's std in, stdout, stderr; can be noisy" }, { { "keep_output", no_argument, NULL, 'Q' }, "Don't close children's std in, stdout, stderr; can be noisy" },
{ { "timeout", required_argument, NULL, 't' }, "Timeout in seconds (defa ult: 10)" }, { { "timeout", required_argument, NULL, 't' }, "Timeout in seconds (defa ult: 1 (second))" },
{ { "threads", required_argument, NULL, 'n' }, "Number of concurrent fuz zing threads (default: number of CPUs / 2)" }, { { "threads", required_argument, NULL, 'n' }, "Number of concurrent fuz zing threads (default: number of CPUs / 2)" },
{ { "stdin_input", no_argument, NULL, 's' }, "Provide fuzzing input on S TDIN, instead of " _HF_FILE_PLACEHOLDER }, { { "stdin_input", no_argument, NULL, 's' }, "Provide fuzzing input on S TDIN, instead of " _HF_FILE_PLACEHOLDER },
{ { "mutations_per_run", required_argument, NULL, 'r' }, "Maximal number of mutations per one run (default: 6)" }, { { "mutations_per_run", required_argument, NULL, 'r' }, "Maximal number of mutations per one run (default: 6)" },
{ { "logfile", required_argument, NULL, 'l' }, "Log file" }, { { "logfile", required_argument, NULL, 'l' }, "Log file" },
{ { "verbose", no_argument, NULL, 'v' }, "Disable ANSI console; use simp le log output" }, { { "verbose", no_argument, NULL, 'v' }, "Disable ANSI console; use simp le log output" },
{ { "verifier", no_argument, NULL, 'V' }, "Enable crashes verifier" }, { { "verifier", no_argument, NULL, 'V' }, "Enable crashes verifier" },
{ { "debug", no_argument, NULL, 'd' }, "Show debug messages (level >= 4) " }, { { "debug", no_argument, NULL, 'd' }, "Show debug messages (level >= 4) " },
{ { "quiet", no_argument, NULL, 'q' }, "Show only warnings and more seri ous messages (level <= 1)" }, { { "quiet", no_argument, NULL, 'q' }, "Show only warnings and more seri ous messages (level <= 1)" },
{ { "extension", required_argument, NULL, 'e' }, "Input file extension ( e.g. 'swf'), (default: 'fuzz')" }, { { "extension", required_argument, NULL, 'e' }, "Input file extension ( e.g. 'swf'), (default: 'fuzz')" },
{ { "workspace", required_argument, NULL, 'W' }, "Workspace directory to save crashes & runtime files (default: '.')" }, { { "workspace", required_argument, NULL, 'W' }, "Workspace directory to save crashes & runtime files (default: '.')" },
skipping to change at line 479 skipping to change at line 507
{ { "tmout_sigvtalrm", no_argument, NULL, 'T' }, "Use SIGVTALRM to kill timeouting processes (default: use SIGKILL)" }, { { "tmout_sigvtalrm", no_argument, NULL, 'T' }, "Use SIGVTALRM to kill timeouting processes (default: use SIGKILL)" },
{ { "sanitizers", no_argument, NULL, 'S' }, "** DEPRECATED ** Enable san itizers settings (default: false)" }, { { "sanitizers", no_argument, NULL, 'S' }, "** DEPRECATED ** Enable san itizers settings (default: false)" },
{ { "sanitizers_del_report", required_argument, NULL, 0x10F }, "Delete s anitizer report after use (default: false)" }, { { "sanitizers_del_report", required_argument, NULL, 0x10F }, "Delete s anitizer report after use (default: false)" },
{ { "monitor_sigabrt", required_argument, NULL, 0x105 }, "** DEPRECATED ** SIGABRT is always monitored" }, { { "monitor_sigabrt", required_argument, NULL, 0x105 }, "** DEPRECATED ** SIGABRT is always monitored" },
{ { "no_fb_timeout", required_argument, NULL, 0x106 }, "Skip feedback if the process has timeouted (default: false)" }, { { "no_fb_timeout", required_argument, NULL, 0x106 }, "Skip feedback if the process has timeouted (default: false)" },
{ { "exit_upon_crash", no_argument, NULL, 0x107 }, "Exit upon seeing the first crash (default: false)" }, { { "exit_upon_crash", no_argument, NULL, 0x107 }, "Exit upon seeing the first crash (default: false)" },
{ { "socket_fuzzer", no_argument, NULL, 0x10B }, "Instrument external fu zzer via socket" }, { { "socket_fuzzer", no_argument, NULL, 0x10B }, "Instrument external fu zzer via socket" },
{ { "netdriver", no_argument, NULL, 0x10C }, "Use netdriver (libhfnetdri ver/). In most cases it will be autodetected through a binary signature" }, { { "netdriver", no_argument, NULL, 0x10C }, "Use netdriver (libhfnetdri ver/). In most cases it will be autodetected through a binary signature" },
{ { "only_printable", no_argument, NULL, 0x10D }, "Only generate printab le inputs" }, { { "only_printable", no_argument, NULL, 0x10D }, "Only generate printab le inputs" },
{ { "export_feedback", no_argument, NULL, 0x10E }, "Export the coverage feedback structure as ./hfuzz-feedback" }, { { "export_feedback", no_argument, NULL, 0x10E }, "Export the coverage feedback structure as ./hfuzz-feedback" },
{ { "experimental_const_feedback", required_argument, NULL, 0x112 }, "** * EXPERIMENTAL *** Use constant integer/string values from fuzzed programs to ma ngle input files (default: false)" }, { { "const_feedback", required_argument, NULL, 0x112 }, "Use constant in teger/string values from fuzzed programs to mangle input files via a dynamic dic tionary (default: true)" },
#if defined(_HF_ARCH_LINUX) #if defined(_HF_ARCH_LINUX)
{ { "linux_symbols_bl", required_argument, NULL, 0x504 }, "Symbols black list filter file (one entry per line)" }, { { "linux_symbols_bl", required_argument, NULL, 0x504 }, "Symbols black list filter file (one entry per line)" },
{ { "linux_symbols_wl", required_argument, NULL, 0x505 }, "Symbols white list filter file (one entry per line)" }, { { "linux_symbols_wl", required_argument, NULL, 0x505 }, "Symbols white list filter file (one entry per line)" },
{ { "linux_addr_low_limit", required_argument, NULL, 0x500 }, "Address l imit (from si.si_addr) below which crashes are not reported, (default: 0)" }, { { "linux_addr_low_limit", required_argument, NULL, 0x500 }, "Address l imit (from si.si_addr) below which crashes are not reported, (default: 0)" },
{ { "linux_keep_aslr", no_argument, NULL, 0x501 }, "Don't disable ASLR r andomization, might be useful with MSAN" }, { { "linux_keep_aslr", no_argument, NULL, 0x501 }, "Don't disable ASLR r andomization, might be useful with MSAN" },
{ { "linux_perf_ignore_above", required_argument, NULL, 0x503 }, "Ignore perf events which report IPs above this address" }, { { "linux_perf_ignore_above", required_argument, NULL, 0x503 }, "Ignore perf events which report IPs above this address" },
{ { "linux_perf_instr", no_argument, NULL, 0x510 }, "Use PERF_COUNT_HW_I NSTRUCTIONS perf" }, { { "linux_perf_instr", no_argument, NULL, 0x510 }, "Use PERF_COUNT_HW_I NSTRUCTIONS perf" },
{ { "linux_perf_branch", no_argument, NULL, 0x511 }, "Use PERF_COUNT_HW_ BRANCH_INSTRUCTIONS perf" }, { { "linux_perf_branch", no_argument, NULL, 0x511 }, "Use PERF_COUNT_HW_ BRANCH_INSTRUCTIONS perf" },
{ { "linux_perf_bts_edge", no_argument, NULL, 0x513 }, "Use Intel BTS to count unique edges" }, { { "linux_perf_bts_edge", no_argument, NULL, 0x513 }, "Use Intel BTS to count unique edges" },
{ { "linux_perf_ipt_block", no_argument, NULL, 0x514 }, "Use Intel Proce ssor Trace to count unique blocks (requires libipt.so)" }, { { "linux_perf_ipt_block", no_argument, NULL, 0x514 }, "Use Intel Proce ssor Trace to count unique blocks (requires libipt.so)" },
{ { "linux_perf_kernel_only", no_argument, NULL, 0x515 }, "Gather kernel -only coverage with Intel PT and with Intel BTS" }, { { "linux_perf_kernel_only", no_argument, NULL, 0x515 }, "Gather kernel -only coverage with Intel PT and with Intel BTS" },
{ { "linux_ns_net", no_argument, NULL, 0x0530 }, "Use Linux NET namespac e isolation" }, { { "linux_ns_net", required_argument, NULL, 0x0530 }, "Use Linux NET na mespace isolation (yes/no/maybe [default:maybe/if_supported])" },
{ { "linux_ns_pid", no_argument, NULL, 0x0531 }, "Use Linux PID namespac e isolation" }, { { "linux_ns_pid", no_argument, NULL, 0x0531 }, "Use Linux PID namespac e isolation" },
{ { "linux_ns_ipc", no_argument, NULL, 0x0532 }, "Use Linux IPC namespac e isolation" }, { { "linux_ns_ipc", no_argument, NULL, 0x0532 }, "Use Linux IPC namespac e isolation" },
#endif // defined(_HF_ARCH_LINUX) #endif // defined(_HF_ARCH_LINUX)
#if defined(_HF_ARCH_NETBSD) #if defined(_HF_ARCH_NETBSD)
{ { "netbsd_symbols_bl", required_argument, NULL, 0x504 }, "Symbols blac klist filter file (one entry per line)" }, { { "netbsd_symbols_bl", required_argument, NULL, 0x504 }, "Symbols blac klist filter file (one entry per line)" },
{ { "netbsd_symbols_wl", required_argument, NULL, 0x505 }, "Symbols whit elist filter file (one entry per line)" }, { { "netbsd_symbols_wl", required_argument, NULL, 0x505 }, "Symbols whit elist filter file (one entry per line)" },
{ { "netbsd_addr_low_limit", required_argument, NULL, 0x500 }, "Address limit (from si.si_addr) below which crashes are not reported, (default: 0)" }, { { "netbsd_addr_low_limit", required_argument, NULL, 0x500 }, "Address limit (from si.si_addr) below which crashes are not reported, (default: 0)" },
#endif // defined(_HF_ARCH_NETBSD) #endif // defined(_HF_ARCH_NETBSD)
{ { 0, 0, 0, 0 }, NULL }, { { 0, 0, 0, 0 }, NULL },
skipping to change at line 607 skipping to change at line 635
case 0x112: case 0x112:
hfuzz->feedback.cmpFeedback = cmdlineParseTrueFalse(opts[opt_ind ex].name, optarg); hfuzz->feedback.cmpFeedback = cmdlineParseTrueFalse(opts[opt_ind ex].name, optarg);
break; break;
case 'z': case 'z':
hfuzz->feedback.dynFileMethod |= _HF_DYNFILE_SOFT; hfuzz->feedback.dynFileMethod |= _HF_DYNFILE_SOFT;
break; break;
case 'M': case 'M':
hfuzz->cfg.minimize = true; hfuzz->cfg.minimize = true;
break; break;
case 'F': case 'F':
hfuzz->mutate.maxFileSz = strtoul(optarg, NULL, 0); hfuzz->io.maxFileSz = strtoul(optarg, NULL, 0);
break; break;
case 't': case 't':
hfuzz->timing.tmOut = atol(optarg); hfuzz->timing.tmOut = atol(optarg);
break; break;
case 'R': case 'R':
hfuzz->cfg.reportFile = optarg; hfuzz->cfg.reportFile = optarg;
break; break;
case 'n': case 'n':
if (optarg[0] == 'a') { if (optarg[0] == 'a') {
long ncpus = sysconf(_SC_NPROCESSORS_ONLN); long ncpus = sysconf(_SC_NPROCESSORS_ONLN);
skipping to change at line 685 skipping to change at line 713
} }
break; break;
case 'w': case 'w':
hfuzz->mutate.dictionaryFile = optarg; hfuzz->mutate.dictionaryFile = optarg;
break; break;
case 'B': case 'B':
hfuzz->feedback.blacklistFile = optarg; hfuzz->feedback.blacklistFile = optarg;
break; break;
#if defined(_HF_ARCH_LINUX) #if defined(_HF_ARCH_LINUX)
case 0x500: case 0x500:
hfuzz->linux.ignoreAddr = (void*)strtoul(optarg, NULL, 0); hfuzz->arch_linux.ignoreAddr = (void*)strtoul(optarg, NULL, 0);
break; break;
case 0x501: case 0x501:
hfuzz->linux.disableRandomization = false; hfuzz->arch_linux.disableRandomization = false;
break; break;
case 0x503: case 0x503:
hfuzz->linux.dynamicCutOffAddr = strtoull(optarg, NULL, 0); hfuzz->arch_linux.dynamicCutOffAddr = strtoull(optarg, NULL, 0);
break; break;
case 0x504: case 0x504:
hfuzz->linux.symsBlFile = optarg; hfuzz->arch_linux.symsBlFile = optarg;
break; break;
case 0x505: case 0x505:
hfuzz->linux.symsWlFile = optarg; hfuzz->arch_linux.symsWlFile = optarg;
break; break;
case 0x510: case 0x510:
hfuzz->feedback.dynFileMethod |= _HF_DYNFILE_INSTR_COUNT; hfuzz->feedback.dynFileMethod |= _HF_DYNFILE_INSTR_COUNT;
break; break;
case 0x511: case 0x511:
hfuzz->feedback.dynFileMethod |= _HF_DYNFILE_BRANCH_COUNT; hfuzz->feedback.dynFileMethod |= _HF_DYNFILE_BRANCH_COUNT;
break; break;
case 0x513: case 0x513:
hfuzz->feedback.dynFileMethod |= _HF_DYNFILE_BTS_EDGE; hfuzz->feedback.dynFileMethod |= _HF_DYNFILE_BTS_EDGE;
break; break;
case 0x514: case 0x514:
hfuzz->feedback.dynFileMethod |= _HF_DYNFILE_IPT_BLOCK; hfuzz->feedback.dynFileMethod |= _HF_DYNFILE_IPT_BLOCK;
break; break;
case 0x515: case 0x515:
hfuzz->linux.kernelOnly = true; hfuzz->arch_linux.kernelOnly = true;
break; break;
case 0x530: case 0x530:
hfuzz->linux.cloneFlags |= (CLONE_NEWUSER | CLONE_NEWNET); hfuzz->arch_linux.useNetNs = cmdlineParseTriState(opts[opt_index
].name, optarg);
if (hfuzz->arch_linux.useNetNs == HF_YES) {
hfuzz->arch_linux.cloneFlags |= (CLONE_NEWUSER | CLONE_NEWNE
T);
}
break; break;
case 0x531: case 0x531:
hfuzz->linux.cloneFlags |= (CLONE_NEWUSER | CLONE_NEWPID); hfuzz->arch_linux.cloneFlags |= (CLONE_NEWUSER | CLONE_NEWPID);
break; break;
case 0x532: case 0x532:
hfuzz->linux.cloneFlags |= (CLONE_NEWUSER | CLONE_NEWIPC); hfuzz->arch_linux.cloneFlags |= (CLONE_NEWUSER | CLONE_NEWIPC);
break; break;
#endif /* defined(_HF_ARCH_LINUX) */ #endif /* defined(_HF_ARCH_LINUX) */
#if defined(_HF_ARCH_NETBSD) #if defined(_HF_ARCH_NETBSD)
case 0x500: case 0x500:
hfuzz->netbsd.ignoreAddr = (void*)strtoul(optarg, NULL, 0); hfuzz->arch_netbsd.ignoreAddr = (void*)strtoul(optarg, NULL, 0);
break; break;
case 0x504: case 0x504:
hfuzz->netbsd.symsBlFile = optarg; hfuzz->arch_netbsd.symsBlFile = optarg;
break; break;
case 0x505: case 0x505:
hfuzz->netbsd.symsWlFile = optarg; hfuzz->arch_netbsd.symsWlFile = optarg;
break; break;
#endif /* defined(_HF_ARCH_NETBSD) */ #endif /* defined(_HF_ARCH_NETBSD) */
default: default:
cmdlineUsage(argv[0], custom_opts); cmdlineUsage(argv[0], custom_opts);
return false; return false;
break; break;
} }
} }
logInitLogFile(logfile, -1, ll); logInitLogFile(logfile, -1, ll);
skipping to change at line 761 skipping to change at line 792
if (!files_exists(hfuzz->exe.cmdline[0])) { if (!files_exists(hfuzz->exe.cmdline[0])) {
LOG_E("Your fuzzed binary '%s' doesn't seem to exist", hfuzz->exe.cmdlin e[0]); LOG_E("Your fuzzed binary '%s' doesn't seem to exist", hfuzz->exe.cmdlin e[0]);
return false; return false;
} }
if (!cmdlineVerify(hfuzz)) { if (!cmdlineVerify(hfuzz)) {
return false; return false;
} }
display_createTargetStr(hfuzz); display_createTargetStr(hfuzz);
LOG_I("cmdline:'%s', bin:'%s' inputDir:'%s', fuzzStdin:%s, mutationsPerRun:%
u, "
"timeout:%ld, mutationsMax:%zu, threadsMax:%zu",
hfuzz->display.cmdline_txt, hfuzz->exe.cmdline[0], hfuzz->io.inputDir,
cmdlineYesNo(hfuzz->exe.fuzzStdin), hfuzz->mutate.mutationsPerRun,
(long)hfuzz->timing.tmOut, hfuzz->mutate.mutationsMax, hfuzz->threads.th
readsMax);
return true; return true;
} }
 End of changes. 36 change blocks. 
51 lines changed or deleted 78 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)