static bool cmdlineVerify(honggfuzz_t* hfuzz) { if (!cmdlineCheckBinaryType(hfuzz)) { LOG_E("Couldn't test binary for signatures"); return false; } if (!hfuzz->exe.fuzzStdin && !hfuzz->exe.persistent && !checkFor_FILE_PLACEHOLDER(hfuzz->exe.cmdline)) { LOG_E("You must specify '" _HF_FILE_PLACEHOLDER "' if the -s (stdin fuzzing) or --persistent options are not set"); return false; } if (hfuzz->exe.fuzzStdin && hfuzz->exe.persistent) { LOG_E( "Stdin fuzzing (-s) and persistent fuzzing (-P) cannot be specified at the same time"); return false; } if (hfuzz->threads.threadsMax >= _HF_THREAD_MAX) { LOG_E("Too many fuzzing threads specified %zu (>= _HF_THREAD_MAX (%u))", hfuzz->threads.threadsMax, _HF_THREAD_MAX); return false; } if (strchr(hfuzz->io.fileExtn, '/')) { LOG_E("The file extension contains the '/' character: '%s'", hfuzz->io.fileExtn); return false; } if (hfuzz->io.workDir == NULL) { hfuzz->io.workDir = "."; } if (mkdir(hfuzz->io.workDir, 0700) == -1 && errno != EEXIST) { PLOG_E("Couldn't create the workspace directory '%s'", hfuzz->io.workDir); return false; } if (hfuzz->io.crashDir == NULL) { hfuzz->io.crashDir = hfuzz->io.workDir; } if (mkdir(hfuzz->io.crashDir, 0700) && errno != EEXIST) { PLOG_E("Couldn't create the crash directory '%s'", hfuzz->io.crashDir); return false; } if (hfuzz->mutate.mutationsPerRun == 0U && hfuzz->cfg.useVerifier) { LOG_I("Verifier enabled with mutationsPerRun == 0, activating the dry run mode"); } if (hfuzz->mutate.maxFileSz > _HF_INPUT_MAX_SIZE) { LOG_E("Maximum file size '%zu' bigger than the maximum size '%zu'", hfuzz->mutate.maxFileSz, (size_t)_HF_INPUT_MAX_SIZE); return false; } return true; }
int main(int argc, char **argv) { int c; int ll = l_INFO; honggfuzz_t hfuzz; hfuzz.inputFile = NULL; hfuzz.nullifyStdio = false; hfuzz.fuzzStdin = false; hfuzz.saveUnique = false; hfuzz.fileExtn = "fuzz"; hfuzz.flipRate = 0.001f; hfuzz.flipMode = 'B'; hfuzz.fuzzStart = 0; hfuzz.fuzzEnd = UINT_MAX; hfuzz.externalCommand = NULL; hfuzz.tmOut = 3; hfuzz.ignoreAddr = (void *)0UL; hfuzz.threadsMax = 5; hfuzz.asLimit = 0UL; hfuzz.cmdline = NULL; hfuzz.pid = 0; hfuzz.files = NULL; hfuzz.threadsCnt = 0; printf(AB PROG_NAME " version " PROG_VERSION "\n" PROG_AUTHORS AC "\n"); if (argc < 2) { usage(); exit(EXIT_SUCCESS); } for (;;) { c = getopt(argc, argv, "hqsuf:d:e:r:m:c:t:a:n:l:p:b:w:"); if (c < 0) break; switch (c) { case 'f': hfuzz.inputFile = optarg; break; case 'h': usage(); break; case 'q': hfuzz.nullifyStdio = true; break; case 's': hfuzz.fuzzStdin = true; break; case 'u': hfuzz.saveUnique = true; break; case 'd': ll = atoi(optarg); break; case 'e': hfuzz.fileExtn = optarg; break; case 'r': hfuzz.flipRate = atof(optarg); break; case 'm': hfuzz.flipMode = optarg[0]; break; case 'c': hfuzz.externalCommand = optarg; break; case 't': hfuzz.tmOut = atol(optarg); break; case 'a': hfuzz.ignoreAddr = (void *)atol(optarg); break; case 'n': hfuzz.threadsMax = atol(optarg); break; case 'l': hfuzz.asLimit = strtoul(optarg, NULL, 10); break; case 'p': hfuzz.pid = atoi(optarg); break; case 'b': hfuzz.fuzzStart = strtoul(optarg, NULL, 10); break; case 'w': hfuzz.fuzzEnd = strtoul(optarg, NULL, 10); break; default: break; } } hfuzz.cmdline = &argv[optind]; util_rndInit(); log_setMinLevel(ll); if (!hfuzz.cmdline[0]) { LOGMSG(l_FATAL, "Please specify binary to fuzz"); usage(); } if (!hfuzz.fuzzStdin && !checkFor_FILE_PLACEHOLDER(hfuzz.cmdline)) { LOGMSG(l_FATAL, "You must specify '" FILE_PLACEHOLDER "' when the -s (stdin fuzzing) option is not set"); usage(); } if (hfuzz.pid) { LOGMSG(l_INFO, "External PID specified, concurrency disabled"); hfuzz.threadsMax = 1; } if (strchr(hfuzz.fileExtn, '/')) { LOGMSG(l_FATAL, "The file extension contains the '/' character: '%s'", hfuzz.fileExtn); usage(); } if (hfuzz.fuzzStart > hfuzz.fuzzEnd || hfuzz.fuzzStart == hfuzz.fuzzEnd) { LOGMSG(l_FATAL, "Invalid mangle fuzz area file offsets"); usage(); } LOGMSG(l_INFO, "debugLevel: %d, inputFile '%s', nullifyStdio: %d, fuzzStdin: %d, saveUnique: %d, flipRate: %lf, " "flipMode: '%c', externalCommand: '%s', tmOut: %ld, threadsMax: %ld, fileExtn '%s', ignoreAddr: %p, " "memoryLimit: %lu (MiB), fuzzExe: '%s', fuzzedPid: %d", ll, hfuzz.inputFile, hfuzz.nullifyStdio ? 1 : 0, hfuzz.fuzzStdin ? 1 : 0, hfuzz.saveUnique ? 1 : 0, hfuzz.flipRate, hfuzz.flipMode, hfuzz.externalCommand == NULL ? "NULL" : hfuzz.externalCommand, hfuzz.tmOut, hfuzz.threadsMax, hfuzz.fileExtn, hfuzz.ignoreAddr, hfuzz.asLimit, hfuzz.cmdline[0], hfuzz.pid); if (!(hfuzz.fuzzers = malloc(sizeof(hfuzz.fuzzers[0]) * hfuzz.threadsMax))) { LOGMSG_P(l_FATAL, "Couldn't allocate memory"); exit(EXIT_FAILURE); } memset(hfuzz.fuzzers, '\0', sizeof(hfuzz.fuzzers[0]) * hfuzz.threadsMax); if (!files_init(&hfuzz)) { LOGMSG(l_FATAL, "Couldn't load input files"); exit(EXIT_FAILURE); } /* * So far so good */ fuzz_main(&hfuzz); abort(); /* NOTREACHED */ return EXIT_SUCCESS; }