static bool cmdlineVerify(honggfuzz_t* hfuzz) {
if (!cmdlineCheckBinaryType(hfuzz)) {
LOG_E("Couldn't test binary for signatures");
return false;
}
if (!hfuzz->exe.fuzzStdin && !hfuzz->exe.persistent &&
!checkFor_FILE_PLACEHOLDER(hfuzz->exe.cmdline)) {
LOG_E("You must specify '" _HF_FILE_PLACEHOLDER
"' if the -s (stdin fuzzing) or --persistent options are not set");
return false;
}
if (hfuzz->exe.fuzzStdin && hfuzz->exe.persistent) {
LOG_E(
"Stdin fuzzing (-s) and persistent fuzzing (-P) cannot be specified at the same time");
return false;
}
if (hfuzz->threads.threadsMax >= _HF_THREAD_MAX) {
LOG_E("Too many fuzzing threads specified %zu (>= _HF_THREAD_MAX (%u))",
hfuzz->threads.threadsMax, _HF_THREAD_MAX);
return false;
}
if (strchr(hfuzz->io.fileExtn, '/')) {
LOG_E("The file extension contains the '/' character: '%s'", hfuzz->io.fileExtn);
return false;
}
if (hfuzz->io.workDir == NULL) {
hfuzz->io.workDir = ".";
}
if (mkdir(hfuzz->io.workDir, 0700) == -1 && errno != EEXIST) {
PLOG_E("Couldn't create the workspace directory '%s'", hfuzz->io.workDir);
return false;
}
if (hfuzz->io.crashDir == NULL) {
hfuzz->io.crashDir = hfuzz->io.workDir;
}
if (mkdir(hfuzz->io.crashDir, 0700) && errno != EEXIST) {
PLOG_E("Couldn't create the crash directory '%s'", hfuzz->io.crashDir);
return false;
}
if (hfuzz->mutate.mutationsPerRun == 0U && hfuzz->cfg.useVerifier) {
LOG_I("Verifier enabled with mutationsPerRun == 0, activating the dry run mode");
}
if (hfuzz->mutate.maxFileSz > _HF_INPUT_MAX_SIZE) {
LOG_E("Maximum file size '%zu' bigger than the maximum size '%zu'", hfuzz->mutate.maxFileSz,
(size_t)_HF_INPUT_MAX_SIZE);
return false;
}
return true;
}
int main(int argc, char **argv)
{
int c;
int ll = l_INFO;
honggfuzz_t hfuzz;
hfuzz.inputFile = NULL;
hfuzz.nullifyStdio = false;
hfuzz.fuzzStdin = false;
hfuzz.saveUnique = false;
hfuzz.fileExtn = "fuzz";
hfuzz.flipRate = 0.001f;
hfuzz.flipMode = 'B';
hfuzz.fuzzStart = 0;
hfuzz.fuzzEnd = UINT_MAX;
hfuzz.externalCommand = NULL;
hfuzz.tmOut = 3;
hfuzz.ignoreAddr = (void *)0UL;
hfuzz.threadsMax = 5;
hfuzz.asLimit = 0UL;
hfuzz.cmdline = NULL;
hfuzz.pid = 0;
hfuzz.files = NULL;
hfuzz.threadsCnt = 0;
printf(AB PROG_NAME " version " PROG_VERSION "\n" PROG_AUTHORS AC "\n");
if (argc < 2) {
usage();
exit(EXIT_SUCCESS);
}
for (;;) {
c = getopt(argc, argv, "hqsuf:d:e:r:m:c:t:a:n:l:p:b:w:");
if (c < 0)
break;
switch (c) {
case 'f':
hfuzz.inputFile = optarg;
break;
case 'h':
usage();
break;
case 'q':
hfuzz.nullifyStdio = true;
break;
case 's':
hfuzz.fuzzStdin = true;
break;
case 'u':
hfuzz.saveUnique = true;
break;
case 'd':
ll = atoi(optarg);
break;
case 'e':
hfuzz.fileExtn = optarg;
break;
case 'r':
hfuzz.flipRate = atof(optarg);
break;
case 'm':
hfuzz.flipMode = optarg[0];
break;
case 'c':
hfuzz.externalCommand = optarg;
break;
case 't':
hfuzz.tmOut = atol(optarg);
break;
case 'a':
hfuzz.ignoreAddr = (void *)atol(optarg);
break;
case 'n':
hfuzz.threadsMax = atol(optarg);
break;
case 'l':
hfuzz.asLimit = strtoul(optarg, NULL, 10);
break;
case 'p':
hfuzz.pid = atoi(optarg);
break;
case 'b':
hfuzz.fuzzStart = strtoul(optarg, NULL, 10);
break;
case 'w':
hfuzz.fuzzEnd = strtoul(optarg, NULL, 10);
break;
default:
break;
}
}
hfuzz.cmdline = &argv[optind];
util_rndInit();
log_setMinLevel(ll);
if (!hfuzz.cmdline[0]) {
LOGMSG(l_FATAL, "Please specify binary to fuzz");
usage();
}
if (!hfuzz.fuzzStdin && !checkFor_FILE_PLACEHOLDER(hfuzz.cmdline)) {
LOGMSG(l_FATAL,
"You must specify '" FILE_PLACEHOLDER
"' when the -s (stdin fuzzing) option is not set");
usage();
}
if (hfuzz.pid) {
LOGMSG(l_INFO, "External PID specified, concurrency disabled");
hfuzz.threadsMax = 1;
}
if (strchr(hfuzz.fileExtn, '/')) {
LOGMSG(l_FATAL, "The file extension contains the '/' character: '%s'", hfuzz.fileExtn);
usage();
}
if (hfuzz.fuzzStart > hfuzz.fuzzEnd || hfuzz.fuzzStart == hfuzz.fuzzEnd) {
LOGMSG(l_FATAL, "Invalid mangle fuzz area file offsets");
usage();
}
LOGMSG(l_INFO,
"debugLevel: %d, inputFile '%s', nullifyStdio: %d, fuzzStdin: %d, saveUnique: %d, flipRate: %lf, "
"flipMode: '%c', externalCommand: '%s', tmOut: %ld, threadsMax: %ld, fileExtn '%s', ignoreAddr: %p, "
"memoryLimit: %lu (MiB), fuzzExe: '%s', fuzzedPid: %d",
ll, hfuzz.inputFile, hfuzz.nullifyStdio ? 1 : 0,
hfuzz.fuzzStdin ? 1 : 0, hfuzz.saveUnique ? 1 : 0, hfuzz.flipRate, hfuzz.flipMode,
hfuzz.externalCommand == NULL ? "NULL" : hfuzz.externalCommand, hfuzz.tmOut,
hfuzz.threadsMax, hfuzz.fileExtn, hfuzz.ignoreAddr, hfuzz.asLimit, hfuzz.cmdline[0],
hfuzz.pid);
if (!(hfuzz.fuzzers = malloc(sizeof(hfuzz.fuzzers[0]) * hfuzz.threadsMax))) {
LOGMSG_P(l_FATAL, "Couldn't allocate memory");
exit(EXIT_FAILURE);
}
memset(hfuzz.fuzzers, '\0', sizeof(hfuzz.fuzzers[0]) * hfuzz.threadsMax);
if (!files_init(&hfuzz)) {
LOGMSG(l_FATAL, "Couldn't load input files");
exit(EXIT_FAILURE);
}
/*
* So far so good
*/
fuzz_main(&hfuzz);
abort(); /* NOTREACHED */
return EXIT_SUCCESS;
}
