External command is responsible for providing the files

riusksk · Apr 2, 2016 · a34b302 · a34b302
1 parent 8f94f5b
commit a34b302
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 33 deletions.
diff --git a/cmdline.c b/cmdline.c
@@ -238,7 +238,7 @@ bool cmdlineParse(int argc, char *argv[], honggfuzz_t * hfuzz)
         {{"wokspace", required_argument, NULL, 'W'}, "Workspace directory to save crashes & runtime files (default: '.')"},
         {{"wordlist", required_argument, NULL, 'w'}, "Wordlist file (tokens delimited by NUL-bytes)"},
         {{"stackhash_bl", required_argument, NULL, 'B'}, "Stackhashes blacklist file (one entry per line)"},
-        {{"mutate_cmd", required_argument, NULL, 'c'}, "External command modifying the input corpus of files, instead of -r param"},
+        {{"mutate_cmd", required_argument, NULL, 'c'}, "External commnd providing fuzz files,, instead of muating the input corpus"},
         {{"iterations", required_argument, NULL, 'N'}, "Number of fuzzing iterations (default: '0' [no limit])"},
         {{"rlimit_as", required_argument, NULL, 0x100}, "Per process memory limit in MiB (default: '0' [no limit])"},
         {{"report", required_argument, NULL, 'R'}, "Write report to this file (default: '" _HF_REPORT_FILE "')"},

diff --git a/files.c b/files.c
@@ -210,11 +210,12 @@ static bool files_readdir(honggfuzz_t * hfuzz)
 bool files_init(honggfuzz_t * hfuzz)
 {
     hfuzz->files = util_Malloc(sizeof(char *));
-    if (hfuzz->externalCommand && !hfuzz->inputFile) {
-        hfuzz->fileCnt = 1;
-        hfuzz->files[0] = "CREATED";
+    hfuzz->files[0] = "NONE";
+    hfuzz->fileCnt = 0;
+
+    if (hfuzz->externalCommand) {
         LOG_I
-            ("No input file corpus specified, the external command '%s' is responsible for creating the fuzz files",
+            ("No input file corpus loaded, the external command '%s' is responsible for creating the fuzz files",
              hfuzz->externalCommand);
         return true;
     }

diff --git a/fuzz.c b/fuzz.c
@@ -220,34 +220,16 @@ static bool fuzz_prepareFile(honggfuzz_t * hfuzz, fuzzer_t * fuzzer, int rnd_ind
     return true;
 }
 
-static bool fuzz_prepareFileExternally(honggfuzz_t * hfuzz, fuzzer_t * fuzzer, int rnd_index)
+static bool fuzz_prepareFileExternally(honggfuzz_t * hfuzz, fuzzer_t * fuzzer)
 {
-    {
-        int dstfd = open(fuzzer->fileName, O_CREAT | O_EXCL | O_RDWR, 0644);
-        if (dstfd == -1) {
-            PLOG_E("Couldn't create a temporary file '%s'", fuzzer->fileName);
-            return false;
-        }
-        DEFER(close(dstfd));
-
-        LOG_D("Created '%s' as an input file", fuzzer->fileName);
-
-        if (hfuzz->inputFile) {
-            size_t fileSz = files_readFileToBufMax(hfuzz->files[rnd_index], fuzzer->dynamicFile,
-                                                   hfuzz->maxFileSz);
-            if (fileSz == 0UL) {
-                LOG_E("Couldn't read '%s'", hfuzz->files[rnd_index]);
-                unlink(fuzzer->fileName);
-                return false;
-            }
-
-            if (files_writeToFd(dstfd, fuzzer->dynamicFile, fileSz) == false) {
-                unlink(fuzzer->fileName);
-                return false;
-            }
-        }
-
+    int dstfd = open(fuzzer->fileName, O_CREAT | O_EXCL | O_RDWR, 0644);
+    if (dstfd == -1) {
+        PLOG_E("Couldn't create a temporary file '%s'", fuzzer->fileName);
+        return false;
     }
+    close(dstfd);
+
+    LOG_D("Created '%s' as an input file", fuzzer->fileName);
 
     pid_t pid = fork();
     if (pid == -1) {
@@ -576,7 +558,7 @@ static void fuzz_fuzzLoop(honggfuzz_t * hfuzz, fuzzer_t * fuzzer)
             exit(EXIT_FAILURE);
         }
     } else if (hfuzz->externalCommand != NULL) {
-        if (!fuzz_prepareFileExternally(hfuzz, fuzzer, rnd_index)) {
+        if (!fuzz_prepareFileExternally(hfuzz, fuzzer)) {
             exit(EXIT_FAILURE);
         }
     } else {
@@ -612,7 +594,9 @@ static void fuzz_fuzzLoop(honggfuzz_t * hfuzz, fuzzer_t * fuzzer)
     LOG_D("Launched new process, pid: %d, (concurrency: %zd)", fuzzer->pid, hfuzz->threadsMax);
 
     arch_reapChild(hfuzz, fuzzer);
-    unlink(fuzzer->fileName);
+    if (hfuzz->persistent == false) {
+        unlink(fuzzer->fileName);
+    }
 
     if (hfuzz->dynFileMethod != _HF_DYNFILE_NONE) {
         fuzz_perfFeedback(hfuzz, fuzzer);