diff options
| author | dobin <dobin@broken.ch> | 2018-04-14 15:55:23 +0200 |
|---|---|---|
| committer | dobin <dobin@broken.ch> | 2018-04-14 15:55:23 +0200 |
| commit | 040a98ed1359b125daec314729378bdc900f603b (patch) | |
| tree | 29b7faad7d658f7e6d6306e96b789a0331933aa1 | |
| parent | b3d0245e327204d487d4ac54c3a536e6e55cef65 (diff) | |
| download | honggfuzz-040a98ed1359b125daec314729378bdc900f603b.tar.gz | |
support for multiple parallel honggfuzz processes in socketfuzzer mode
Adds pid to socket used for socketfuzzer mode, so it is possible
to start and use multiple honggfuzz instances at the same time.
| -rw-r--r-- | socketfuzzer.c | 6 | ||||
| -rwxr-xr-x | socketfuzzer/honggfuzz_socketclient.py | 38 | ||||
| -rw-r--r-- | socketfuzzer/unittest.sh | 2 |
3 files changed, 29 insertions, 17 deletions
diff --git a/socketfuzzer.c b/socketfuzzer.c index b039077a..14a5f246 100644 --- a/socketfuzzer.c +++ b/socketfuzzer.c @@ -124,8 +124,7 @@ bool setupSocketFuzzer(honggfuzz_t* run) { socklen_t t; struct sockaddr_un local, remote; char socketPath[512]; - // snprintf(socketPath, sizeof(socketPath), "/tmp/honggfuzz_socket.%i", getpid()); - snprintf(socketPath, sizeof(socketPath), "/tmp/honggfuzz_socket"); + snprintf(socketPath, sizeof(socketPath), "/tmp/honggfuzz_socket.%i", getpid()); if ((s = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) { perror("socket"); @@ -161,7 +160,6 @@ bool setupSocketFuzzer(honggfuzz_t* run) { void cleanupSocketFuzzer() { char socketPath[512]; - // snprintf(socketPath, sizeof(socketPath), "/tmp/honggfuzz_socket.%i", getpid()); - snprintf(socketPath, sizeof(socketPath), "/tmp/honggfuzz_socket"); + snprintf(socketPath, sizeof(socketPath), "/tmp/honggfuzz_socket.%i", getpid()); unlink(socketPath); } diff --git a/socketfuzzer/honggfuzz_socketclient.py b/socketfuzzer/honggfuzz_socketclient.py index 9c37b23e..8a7bf4bc 100755 --- a/socketfuzzer/honggfuzz_socketclient.py +++ b/socketfuzzer/honggfuzz_socketclient.py @@ -8,14 +8,17 @@ import random class HonggfuzzSocket: - def __init__(self): + def __init__(self, pid): self.sock = None + self.pid = pid - def connect(self, file): + def connect(self): self.sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM) - server_address = file + server_address = "/tmp/honggfuzz_socket" + if self.pid is not None: + server_address += "." + str(self.pid) print( 'connecting to %s' % server_address) try: @@ -119,13 +122,13 @@ def sendResp(targetSocketRes, hfSocket): -def auto(): +def auto(pid): print "Auto" - hfSocket = HonggfuzzSocket() + hfSocket = HonggfuzzSocket(pid) targetSocket = TargetSocket() - hfSocket.connect("/tmp/honggfuzz_socket") + hfSocket.connect() print "" @@ -261,8 +264,8 @@ def auto(): return -def interactive(): - hfSocket = HonggfuzzSocket() +def interactive(pid): + hfSocket = HonggfuzzSocket(pid) targetSocket = TargetSocket() hfSocket.connect("/tmp/honggfuzz_socket") @@ -305,13 +308,24 @@ def interactive(): def main(): - if len(sys.argv) == 2: + mode = None + pid = None + + if len(sys.argv) >= 2: if sys.argv[1] == "auto": - auto() + mode = "auto" elif sys.argv[1] == "interactive": - interactive() + mode = "interactive" + + if len(sys.argv) >= 3: + pid = int(sys.argv[2]) else: - print "honggfuzz_socketclient.py [auto/interactive]" + print "honggfuzz_socketclient.py [auto/interactive] <pid>" + + if mode is "auto": + auto(pid) + elif mode is "interactive": + interactive(pid) main() diff --git a/socketfuzzer/unittest.sh b/socketfuzzer/unittest.sh index 8bd57ec5..9546d173 100644 --- a/socketfuzzer/unittest.sh +++ b/socketfuzzer/unittest.sh @@ -4,4 +4,4 @@ rm -rf HF_SANCOV/ HONGGFUZZ.REPORT.TXT SIGABR* HF.san* ../honggfuzz --keep_output --debug --sanitizers --sancov --stdin_input --threads 1 --verbose --logfile log.txt --socket_fuzzer -- ./vulnserver_cov & -python ./honggfuzz_socketclient.py auto +python ./honggfuzz_socketclient.py auto $! |