【发布时间】:2019-11-13 18:16:37
【问题描述】:
我试图弄清楚如何使用AFL,但我似乎无法运行一个简单的示例。
这是我的 C 程序:
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <assert.h>
char *remove_white_space(char *s)
{
while (s && *s++)
if (*s == ' ')
return "moish";
return s;
}
int main(int argc, char **argv)
{
char buffer[256]={0};
FILE *fl = fopen(argv[1],"rt");
if (fl == NULL) return 0;
assert(fscanf(fl,"%s",buffer) > 0);
char *res = remove_white_space(buffer);
if (strcmp(res,"a b c d") == 0)
{
assert(0);
}
fclose(fl);
return 0;
}
我的输入种子是一个包含一行abhgsd 的文本文件。
这是我所做的:
$ afl-gcc main.c -o main
afl-cc 2.56b by <lcamtuf@google.com>
afl-as 2.56b by <lcamtuf@google.com>
[+] Instrumented 62 locations (64-bit, non-hardened mode, ratio 100%).
$ afl-fuzz -i INPUTS/ -o OUTPUTS ./main @@
我收到了这条红色的 CAPITAL CRASH 消息:
afl-fuzz 2.56b by <lcamtuf@google.com>
[+] You have 8 CPU cores and 1 runnable tasks (utilization: 12%).
[+] Try parallel jobs - see /usr/local/share/doc/afl/parallel_fuzzing.txt.
[*] Checking CPU core loadout...
[+] Found a free CPU core, binding to #0.
[*] Checking core_pattern...
[-] Hmm, your system is configured to send core dump notifications to an
external utility. This will cause issues: there will be an extended delay
between stumbling upon a crash and having this information relayed to the
fuzzer via the standard waitpid() API.
To avoid having crashes misinterpreted as timeouts, please log in as root
and temporarily modify /proc/sys/kernel/core_pattern, like so:
echo core >/proc/sys/kernel/core_pattern
[-] PROGRAM ABORT : Pipe at the beginning of 'core_pattern'
Location : check_crash_handling(), afl-fuzz.c:7316
除非我确定自己在做什么,否则我有点不愿意改变一些东西。 这里发生了什么?我应该听听 AFL 在说什么吗?
【问题讨论】:
标签: fuzzing american-fuzzy-lop