• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2    american fuzzy lop++ - sample argv fuzzing wrapper
3    ------------------------------------------------
4 
5    Originally written by Michal Zalewski
6 
7    Copyright 2015 Google Inc. All rights reserved.
8 
9    Licensed under the Apache License, Version 2.0 (the "License");
10    you may not use this file except in compliance with the License.
11    You may obtain a copy of the License at:
12 
13      http://www.apache.org/licenses/LICENSE-2.0
14 
15    This file shows a simple way to fuzz command-line parameters with stock
16    afl-fuzz. To use, add:
17 
18    #include "/path/to/argv-fuzz-inl.h"
19 
20    ...to the file containing main(), ideally placing it after all the
21    standard includes. Next, put AFL_INIT_ARGV(); near the very beginning of
22    main().
23 
24    This will cause the program to read NUL-delimited input from stdin and
25    put it in argv[]. Two subsequent NULs terminate the array. Empty
26    params are encoded as a lone 0x02. Lone 0x02 can't be generated, but
27    that shouldn't matter in real life.
28 
29    If you would like to always preserve argv[0], use this instead:
30    AFL_INIT_SET0("prog_name");
31 
32 */
33 
34 #ifndef _HAVE_ARGV_FUZZ_INL
35 #define _HAVE_ARGV_FUZZ_INL
36 
37 #include <unistd.h>
38 
39 #define AFL_INIT_ARGV()          \
40   do {                           \
41                                  \
42     argv = afl_init_argv(&argc); \
43                                  \
44   } while (0)
45 
46 #define AFL_INIT_SET0(_p)        \
47   do {                           \
48                                  \
49     argv = afl_init_argv(&argc); \
50     argv[0] = (_p);              \
51     if (!argc) argc = 1;         \
52                                  \
53   } while (0)
54 
55 #define MAX_CMDLINE_LEN 100000
56 #define MAX_CMDLINE_PAR 50000
57 
afl_init_argv(int * argc)58 static char **afl_init_argv(int *argc) {
59 
60   static char  in_buf[MAX_CMDLINE_LEN];
61   static char *ret[MAX_CMDLINE_PAR];
62 
63   char *ptr = in_buf;
64   int   rc = 0;
65 
66   if (read(0, in_buf, MAX_CMDLINE_LEN - 2) < 0) {}
67 
68   while (*ptr && rc < MAX_CMDLINE_PAR) {
69 
70     ret[rc] = ptr;
71     if (ret[rc][0] == 0x02 && !ret[rc][1]) ret[rc]++;
72     rc++;
73 
74     while (*ptr)
75       ptr++;
76     ptr++;
77 
78   }
79 
80   *argc = rc;
81 
82   return ret;
83 
84 }
85 
86 #undef MAX_CMDLINE_LEN
87 #undef MAX_CMDLINE_PAR
88 
89 #endif                                              /* !_HAVE_ARGV_FUZZ_INL */
90 
91