thuanpv / aflnwe Goto Github PK
View Code? Open in Web Editor NEWLicense: Apache License 2.0
License: Apache License 2.0
See here: profuzzbench/profuzzbench#6
This is the fix: tlspuffin@eca297d
AFlnwe crashed while fuzzing:
[-] PROGRAM ABORT : Short read from input file
Location : get_test_case(), afl-fuzz.c:468
When using -f .file
the race condition is still present, it just crashes differently, because lseek returns -f
because the .file
was unlinked and not found.
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1 0x00007ffff7dec859 in __GI_abort () at abort.c:79
#2 0x0000555555568196 in DFL_ck_alloc_nozero (size=4294967295) at alloc-inl.h:114
#3 DFL_ck_alloc (size=4294967295) at alloc-inl.h:136
#4 get_test_case (fsize=<optimized out>) at afl-fuzz.c:468
#5 0x000055555556856f in send_over_network () at afl-fuzz.c:578
#6 0x00005555555694cf in run_target (argv=0x7fffffffe980, timeout=40) at afl-fuzz.c:2687
#7 0x000055555556d10f in common_fuzz_stuff (argv=0x7fffffffe980, out_buf=0x5555556b7258 "\026\003\001", len=<optimized out>) at afl-fuzz.c:4906
#8 0x000055555556e902 in fuzz_one (argv=<optimized out>) at afl-fuzz.c:6774
#9 0x0000555555559bb8 in main (argc=29, argv=<optimized out>) at afl-fuzz.c:8396
The latter crash is not fixed by this one: tlspuffin@feaf31c
I fixed it using these two commits:
By hard linking the timestamps of the test cases in queue/
do not reflect the execution time, but the time when the seeds were created.
This is the fix: tlspuffin@eca297d
aflnwe aims to fuzz stateful systems. Unfortunately, since it restarts the SUT after every iteration, it seems to fuzz only the initial state (for instance, in LightFTP, the state in the SUT that lies before any authentication -- State 0 in figure).
Also by printing all the messages received by the LightFtp server, it seems aflnwe cannot explore in deep the state model. Am I missing something?
These are the state coverage results I obtained on LightFTP:
AFLNet
Total states discovered: 5 \ 5. State coverage: 100%. Messages sent: 3898
State: 0 - Hit: 3302
State: 1 - Hit: 350
State: 2 - Hit: 49
State: 3 - Hit: 149
State: 4 - Hit: 48
aflnwe
Total states discovered: 1 \ 5. State coverage: 20%. Messages sent: 1799
State: 0 - Hit: 1799
State: 1 - Hit: 0
State: 2 - Hit: 0
State: 3 - Hit: 0
State: 4 - Hit: 0
OpenSSL exits immeditaley when stdin is not connected when spawning a subprocess.
This can be fixed in OpenSSL using:
diff --git a/apps/s_server.c b/apps/s_server.c
index 0ba75999..30dce3af 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -2462,7 +2462,7 @@ static int sv_body(int s, int stype, int prot, unsigned char *context)
if (FD_ISSET(s, &readfds))
read_from_sslcon = 1;
}
- if (read_from_terminal) {
+ if (0 && read_from_terminal) {
if (s_crlf) {
int j, lf_num;
In AFLNet this fix is not needed. Not sure why it is required in AFlnwe. I plan on reporting this to OpenSSL.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.