diff --git a/afl-analyze.c b/afl-analyze.c index 2870ac30..fd0a5226 100644 --- a/afl-analyze.c +++ b/afl-analyze.c @@ -244,9 +244,6 @@ static u32 run_target(char** argv, u8* mem, u32 len, u8 first_run) { s32 prog_in_fd; u32 cksum; - if (getenv("AFL_LD_PRELOAD")) - setenv("LD_PRELOAD", getenv("AFL_LD_PRELOAD"), 1); - memset(trace_bits, 0, MAP_SIZE); MEM_BARRIER(); @@ -710,8 +707,10 @@ static void set_up_environment(void) { "allocator_may_return_null=1:" "msan_track_origins=0", 0); - if (getenv("AFL_LD_PRELOAD")) - setenv("LD_PRELOAD", getenv("AFL_LD_PRELOAD"), 1); + if (getenv("AFL_PRELOAD")) { + setenv("LD_PRELOAD", getenv("AFL_PRELOAD"), 1); + setenv("DYLD_INSERT_LIBRARIES", getenv("AFL_PRELOAD"), 1); + } } diff --git a/afl-fuzz.c b/afl-fuzz.c index 41d0518d..0feb000f 100644 --- a/afl-fuzz.c +++ b/afl-fuzz.c @@ -7821,8 +7821,13 @@ int main(int argc, char** argv) { if (dumb_mode == 2 && no_forkserver) FATAL("AFL_DUMB_FORKSRV and AFL_NO_FORKSRV are mutually exclusive"); + if (getenv("AFL_PRELOAD")) { + setenv("LD_PRELOAD", getenv("AFL_PRELOAD"), 1); + setenv("DYLD_INSERT_LIBRARIES", getenv("AFL_PRELOAD"), 1); + } + if (getenv("AFL_LD_PRELOAD")) - setenv("LD_PRELOAD", getenv("AFL_LD_PRELOAD"), 1); + FATAL("Use AFL_PRELOAD instead of AFL_LD_PRELOAD"); save_cmdline(argc, argv); diff --git a/afl-showmap.c b/afl-showmap.c index 52dc7aae..bb96002e 100644 --- a/afl-showmap.c +++ b/afl-showmap.c @@ -215,9 +215,6 @@ static void run_target(char** argv) { static struct itimerval it; int status = 0; - if (getenv("AFL_LD_PRELOAD")) - setenv("LD_PRELOAD", getenv("AFL_LD_PRELOAD"), 1); - if (!quiet_mode) SAYF("-- Program output begins --\n" cRST); @@ -345,8 +342,10 @@ static void set_up_environment(void) { "allocator_may_return_null=1:" "msan_track_origins=0", 0); - if (getenv("AFL_LD_PRELOAD")) - setenv("LD_PRELOAD", getenv("AFL_LD_PRELOAD"), 1); + if (getenv("AFL_PRELOAD")) { + setenv("LD_PRELOAD", getenv("AFL_PRELOAD"), 1); + setenv("DYLD_INSERT_LIBRARIES", getenv("AFL_PRELOAD"), 1); + } } diff --git a/afl-tmin.c b/afl-tmin.c index af1a3740..912acae5 100644 --- a/afl-tmin.c +++ b/afl-tmin.c @@ -237,9 +237,6 @@ static u8 run_target(char** argv, u8* mem, u32 len, u8 first_run) { s32 prog_in_fd; u32 cksum; - if (getenv("AFL_LD_PRELOAD")) - setenv("LD_PRELOAD", getenv("AFL_LD_PRELOAD"), 1); - memset(trace_bits, 0, MAP_SIZE); MEM_BARRIER(); @@ -701,8 +698,10 @@ static void set_up_environment(void) { "allocator_may_return_null=1:" "msan_track_origins=0", 0); - if (getenv("AFL_LD_PRELOAD")) - setenv("LD_PRELOAD", getenv("AFL_LD_PRELOAD"), 1); + if (getenv("AFL_PRELOAD")) { + setenv("LD_PRELOAD", getenv("AFL_PRELOAD"), 1); + setenv("DYLD_INSERT_LIBRARIES", getenv("AFL_PRELOAD"), 1); + } } diff --git a/config.h b/config.h index e4932085..cd7b3491 100644 --- a/config.h +++ b/config.h @@ -21,7 +21,7 @@ /* Version string: */ -#define VERSION "2.25b" +#define VERSION "2.26b" /****************************************************** * * diff --git a/docs/ChangeLog b/docs/ChangeLog index 26518896..d7a01fe0 100644 --- a/docs/ChangeLog +++ b/docs/ChangeLog @@ -16,6 +16,16 @@ Not sure if you should upgrade? The lowest currently recommended version is 2.21b. If you're stuck on an earlier release, it's strongly advisable to get on with the times. +-------------- +Version 2.26b: +-------------- + + - Made a fix for libdislocator.so to compile on MacOS X. + + - Added support for DYLD_INSERT_LIBRARIES. + + - Renamed AFL_LD_PRELOAD to AFL_PRELOAD. + -------------- Version 2.25b: -------------- diff --git a/docs/README b/docs/README index a3c424be..18dcbc34 100644 --- a/docs/README +++ b/docs/README @@ -116,7 +116,7 @@ $ CC=/path/to/afl/afl-gcc ./configure --disable-shared Setting AFL_HARDEN=1 when calling 'make' will cause the CC wrapper to automatically enable code hardening options that make it easier to detect simple memory bugs. Preloading 'libdislocator.so' (an abusive allocator) can -help uncover heap corruption isses, too; see libdislocator.so.c for info and +help uncover heap corruption issues, too; see libdislocator.so.c for info and usage tips. PS. ASAN users are advised to review notes_for_asan.txt file for important diff --git a/docs/env_variables.txt b/docs/env_variables.txt index ea4875e0..95ca9b07 100644 --- a/docs/env_variables.txt +++ b/docs/env_variables.txt @@ -138,7 +138,7 @@ checks or alter some of the more exotic semantics of the tool: - In QEMU mode (-Q), AFL_PATH will be searched for afl-qemu-trace. - - Setting AFL_LD_PRELOAD causes AFL to set LD_PRELOAD for the target binary + - Setting AFL_PRELOAD causes AFL to set LD_PRELOAD for the target binary without disrupting the afl-fuzz process itself. This is useful, among other things, for bootstrapping libdislocator.so. diff --git a/libdislocator.so.c b/libdislocator.so.c index de162567..d91a185d 100644 --- a/libdislocator.so.c +++ b/libdislocator.so.c @@ -54,11 +54,10 @@ To use this library, run AFL like so: - AFL_LD_PRELOAD=/path/to/libdislocator.so ./afl-fuzz [...other params...] + AFL_PRELOAD=/path/to/libdislocator.so ./afl-fuzz [...other params...] You *have* to specify path, even if it's just ./libdislocator.so or - $PWD/libdislocator.so. On MacOS X, you may have to use DYLD_INSERT_LIBRARIES - instead of LD_PRELOAD. + $PWD/libdislocator.so. Similarly to afl-tmin, the library is not "proprietary" and can be used with other fuzzers or testing tools without the need for any code @@ -82,6 +81,10 @@ # define PAGE_SIZE 4096 #endif /* !PAGE_SIZE */ +#ifndef MAP_ANONYMOUS +# define MAP_ANONYMOUS MAP_ANON +#endif /* !MAP_ANONYMOUS */ + /* Error / message handling: */ #define DEBUGF(_x...) do { \ @@ -123,7 +126,7 @@ static u8 alloc_verbose, /* Additional debug messages */ static __thread size_t total_mem; /* Currently allocated mem */ -static __thread u32 call_depth; +static __thread u32 call_depth; /* To avoid recursion via fprintf() */ /* This is the main alloc function. It allocates one page more than necessary, sets that tailing page to PROT_NONE, and then increments the return address