afl: add support for AFL PERSISTANT_MODE

Add support for AFL PERSISTANT_MODE when Suricata is compiled with
a supported compiler (only afl-clang-fast for now).

This gives a ~10x performance boost when fuzzing.

configure.ac

@@ -8,6 +8,31 @@
 
     AC_LANG_C
     AC_PROG_CC_C99
+
+    # enable modifications for AFL fuzzing
+    AC_ARG_ENABLE(afl,
+           AS_HELP_STRING([--enable-afl], Enable AFL fuzzing logic[])], [enable_afl="$enableval"],[enable_afl=no])
+
+    AS_IF([test "x$enable_afl" = "xyes"], [
+        AC_DISABLE_SHARED
+        AC_DEFINE([AFLFUZZ_NO_RANDOM], [1], [Disable all use of random functions])
+        AC_DEFINE([AFLFUZZ_DISABLE_MGTTHREADS], [1], [Disable all management threads])
+        AC_DEFINE([AFLFUZZ_PCAP_RUNMODE], [1], [Enable special AFL 'single' runmode])
+        AC_DEFINE([AFLFUZZ_CONF_TEST], [1], [Enable special --afl-parse-rules commandline option])
+        AC_DEFINE([AFLFUZZ_APPLAYER], [1], [Enable --afl-$proto-request commandline option])
+        AC_DEFINE([AFLFUZZ_MIME], [1], [Enable --afl-mime commandline option])
+        AC_DEFINE([AFLFUZZ_DECODER], [1], [Enable --afl-decoder-$proto commandline option])
+        AC_DEFINE([AFLFUZZ_DER], [1], [Enable --afl-der commandline option])
+
+        # test for AFL PERSISTANT_MODE support
+        CFLAGS_ORIG=$CFLAGS
+        CFLAGS="-Werror"
+        AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[while (__AFL_LOOP(1000))]])],
+                [AC_DEFINE([AFLFUZZ_PERSISTANT_MODE], [1], [Enable AFL PERSISTANT_MODE])],
+                [])
+        CFLAGS=$CFLAGS_ORIG
+    ])
+
     AC_PROG_LIBTOOL
     PKG_PROG_PKG_CONFIG(0.21) # 0.21 is the CentOS 5.11 version
 
@@ -259,20 +284,6 @@
     esac
     AC_MSG_RESULT(ok)
 
-  # enable modifications for AFL fuzzing
-    AC_ARG_ENABLE(afl,
-           AS_HELP_STRING([--enable-afl], Enable AFL fuzzing logic[])], [enable_afl="$enableval"],[enable_afl=no])
-    AS_IF([test "x$enable_afl" = "xyes"], [
-            AC_DEFINE([AFLFUZZ_NO_RANDOM], [1], [Disable all use of random functions])
-            AC_DEFINE([AFLFUZZ_DISABLE_MGTTHREADS], [1], [Disable all management threads])
-            AC_DEFINE([AFLFUZZ_PCAP_RUNMODE], [1], [Enable special AFL 'single' runmode])
-            AC_DEFINE([AFLFUZZ_CONF_TEST], [1], [Enable special --afl-parse-rules commandline option])
-            AC_DEFINE([AFLFUZZ_APPLAYER], [1], [Enable --afl-$proto-request commandline option])
-            AC_DEFINE([AFLFUZZ_MIME], [1], [Enable --afl-mime commandline option])
-            AC_DEFINE([AFLFUZZ_DECODER], [1], [Enable --afl-decoder-$proto commandline option])
-            AC_DEFINE([AFLFUZZ_DER], [1], [Enable --afl-der commandline option])
-    ])
-
   # disable TLS on user request
     AC_ARG_ENABLE(threading-tls,
            AS_HELP_STRING([--disable-threading-tls], [Disable TLS (thread local storage)]), [enable_tls="$enableval"],[enable_tls=yes])

src/app-layer-parser.c

@@ -1213,11 +1213,17 @@ int AppLayerParserRequestFromFile(AppProto alproto, char *filename)
     f->proto = IPPROTO_TCP;
     f->alproto = alproto;
 
+    uint8_t buffer[64];
+
+#ifdef AFLFUZZ_PERSISTANT_MODE
+    while (__AFL_LOOP(1000)) {
+        /* reset state */
+        memset(buffer, 0, sizeof(buffer));
+#endif /* AFLFUZZ_PERSISTANT_MODE */
+
         FILE *fp = fopen(filename, "r");
         BUG_ON(fp == NULL);
 
-    uint8_t buffer[256];
-
         int start = 1;
         while (1) {
             int done = 0;
@@ -1242,8 +1248,14 @@ int AppLayerParserRequestFromFile(AppProto alproto, char *filename)
                 break;
         }
 
-    result = 0;
         fclose(fp);
+
+#ifdef AFLFUZZ_PERSISTANT_MODE
+    }
+#endif /* AFLFUZZ_PERSISTANT_MODE */
+
+    result = 0;
+
 end:
     if (alp_tctx != NULL)
         AppLayerParserThreadCtxFree(alp_tctx);
@@ -1276,11 +1288,17 @@ int AppLayerParserFromFile(AppProto alproto, char *filename)
     f->proto = IPPROTO_TCP;
     f->alproto = alproto;
 
+    uint8_t buffer[64];
+
+#ifdef AFLFUZZ_PERSISTANT_MODE
+    while (__AFL_LOOP(1000)) {
+        /* reset state */
+        memset(buffer, 0, sizeof(buffer));
+#endif /* AFLFUZZ_PERSISTANT_MODE */
+
         FILE *fp = fopen(filename, "r");
         BUG_ON(fp == NULL);
 
-    uint8_t buffer[64];
-
         int start = 1;
         int flip = 0;
         while (1) {
@@ -1313,8 +1331,13 @@ int AppLayerParserFromFile(AppProto alproto, char *filename)
                 break;
         }
 
-    result = 0;
         fclose(fp);
+
+#ifdef AFLFUZZ_PERSISTANT_MODE
+    }
+#endif /* AFLFUZZ_PERSISTANT_MODE */
+
+    result = 0;
 end:
     if (alp_tctx != NULL)
         AppLayerParserThreadCtxFree(alp_tctx);
@@ -1323,7 +1346,7 @@ end:
     }
     return result;
 }
-#endif
+#endif /* AFLFUZZ_APPLAYER */
 
 /***** Unittests *****/
 

src/decode.c

@@ -582,10 +582,17 @@ void CaptureStatsSetup(ThreadVars *tv, CaptureStats *s)
 
 #ifdef AFLFUZZ_DECODER
 int DecoderParseDataFromFile(char *filename, DecoderFunc Decoder) {
+    uint8_t buffer[65536];
     int result = 1;
+
+#ifdef AFLFUZZ_PERSISTANT_MODE
+    while (__AFL_LOOP(1000)) {
+        /* reset state */
+        memset(buffer, 0, sizeof(buffer));
+#endif /* AFLFUZZ_PERSISTANT_MODE */
+
         FILE *fp = fopen(filename, "r");
         BUG_ON(fp == NULL);
-    uint8_t buffer[65536];
 
         ThreadVars tv;
         memset(&tv, 0, sizeof(tv));
@@ -610,12 +617,17 @@ int DecoderParseDataFromFile(char *filename, DecoderFunc Decoder) {
         }
         DecodeThreadVarsFree(&tv, dtv);
 
-    result = 0;
         fclose(fp);
+
+#ifdef AFLFUZZ_PERSISTANT_MODE
+    }
+#endif /* AFLFUZZ_PERSISTANT_MODE */
+
+    result = 0;
     return result;
 
 }
-#endif
+#endif /* AFLFUZZ_DECODER */
 
 /**
  * @}

src/util-decode-der.c

@@ -901,30 +901,29 @@ Asn1Generic * DecodeDer(const unsigned char *buffer, uint32_t size,
 #ifdef AFLFUZZ_DER
 int DerParseDataFromFile(char *filename)
 {
-    int result = 1;
-    FILE *fp = fopen(filename, "r");
-    BUG_ON(fp == NULL);
     uint8_t buffer[65536];
-
     uint32_t errcode = 0;
 
-    while (1) {
-        int done = 0;
-        size_t result = fread(&buffer, 1, sizeof(buffer), fp);
-        if (result < sizeof(buffer))
-            done = 1;
+#ifdef AFLFUZZ_PERSISTANT_MODE
+    while (__AFL_LOOP(1000)) {
+        /* reset state */
+        memset(buffer, 0, sizeof(buffer));
+#endif /* AFLFUZZ_PERSISTANT_MODE */
+
+        FILE *fp = fopen(filename, "r");
+        BUG_ON(fp == NULL);
 
+        size_t result = fread(&buffer, 1, sizeof(buffer), fp);
         DecodeDer(buffer, result, &errcode);
+        fclose(fp);
 
-        if (done)
-            break;
+#ifdef AFLFUZZ_PERSISTANT_MODE
     }
+#endif /* AFLFUZZ_PERSISTANT_MODE */
 
-    result = 0;
-    fclose(fp);
-    return result;
+    return 0;
 }
-#endif
+#endif /* AFLFUZZ_DER */
 
 void DerFree(Asn1Generic *a)
 {

src/util-decode-mime.c

@@ -2624,9 +2624,16 @@ static int MimeParserDataFromFileCB(const uint8_t *chunk, uint32_t len,
 int MimeParserDataFromFile(char *filename)
 {
     int result = 1;
+    uint8_t buffer[256];
+
+#ifdef AFLFUZZ_PERSISTANT_MODE
+    while (__AFL_LOOP(1000)) {
+        /* reset state */
+        memset(buffer, 0, sizeof(buffer));
+#endif /* AFLFUZZ_PERSISTANT_MODE */
+
         FILE *fp = fopen(filename, "r");
         BUG_ON(fp == NULL);
-    uint8_t buffer[256];
 
         uint32_t line_count = 0;
 
@@ -2651,14 +2658,20 @@ int MimeParserDataFromFile(char *filename)
         if (state->msg) {
             MimeDecFreeEntity(state->msg);
         }
+
         /* De Init parser */
         MimeDecDeInitParser(state);
 
-    result = 0;
         fclose(fp);
+
+#ifdef AFLFUZZ_PERSISTANT_MODE
+    }
+#endif /* AFLFUZZ_PERSISTANT_MODE */
+
+    result = 0;
     return result;
 }
-#endif
+#endif /* AFLFUZZ_MIME */
 
 #ifdef UNITTESTS