From d46183751180a87b7ab3461334db4044fad5864c Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Tue, 8 Dec 2015 10:42:03 +0100 Subject: [PATCH] afl: add --afl-parse-rules to return 0 on any rule When fuzzing, AFL will create lots of malformed rules. We don't want to error out on those. As we're fuzzing the parser any non-crash should return 0. Crashes (ASAN or not) will return a non-0 code. --- src/suricata-common.h | 1 + src/suricata.c | 11 +++++++++++ 2 files changed, 12 insertions(+) diff --git a/src/suricata-common.h b/src/suricata-common.h index da6487e162..ea97b3303b 100644 --- a/src/suricata-common.h +++ b/src/suricata-common.h @@ -231,6 +231,7 @@ #define AFLFUZZ_NO_RANDOM 1 #define AFLFUZZ_DISABLE_MGTTHREADS 1 #define AFLFUZZ_PCAP_RUNMODE 1 +#define AFLFUZZ_CONF_TEST 1 /* we need this to stringify the defines which are supplied at compiletime see: http://gcc.gnu.org/onlinedocs/gcc-3.4.1/cpp/Stringification.html#Stringification */ diff --git a/src/suricata.c b/src/suricata.c index 68736961f7..543f662fc2 100644 --- a/src/suricata.c +++ b/src/suricata.c @@ -1113,6 +1113,9 @@ static TmEcode ParseCommandLine(int argc, char** argv, SCInstance *suri) int list_keywords = 0; int build_info = 0; int conf_test = 0; +#ifdef AFLFUZZ_CONF_TEST + int conf_test_force_success = 0; +#endif int engine_analysis = 0; int set_log_directory = 0; int ret = TM_ECODE_OK; @@ -1167,6 +1170,9 @@ static TmEcode ParseCommandLine(int argc, char** argv, SCInstance *suri) {"set", required_argument, 0, 0}, #ifdef HAVE_NFLOG {"nflog", optional_argument, 0, 0}, +#endif +#ifdef AFLFUZZ_CONF_TEST + {"afl-parse-rules", 0, &conf_test_force_success, 1}, #endif {NULL, 0, NULL, 0} }; @@ -1761,6 +1767,11 @@ static TmEcode ParseCommandLine(int argc, char** argv, SCInstance *suri) SCLogError(SC_ERR_INITIALIZATION, "can't use -s/-S when detection is disabled"); return TM_ECODE_FAILED; } +#ifdef AFLFUZZ_CONF_TEST + if (conf_test && conf_test_force_success) { + (void)ConfSetFinal("engine.init-failure-fatal", "0"); + } +#endif if ((suri->run_mode == RUNMODE_UNIX_SOCKET) && set_log_directory) { SCLogError(SC_ERR_INITIALIZATION, "can't use -l and unix socket runmode at the same time");