Skip to content

Commit

Permalink
Set rlimit to inifinity for core dumps if AFL_DEBUG=1 (AFLplusplus#2643)
Browse files Browse the repository at this point in the history
* forkserver: set rlimit to inifinity for core dumps if AFL_DEBUG=1

* move coredump rlimit to a separate func

* update docs
  • Loading branch information
R9295 authored Nov 6, 2024
1 parent cfe1240 commit d1c746a
Showing 1 changed file with 29 additions and 8 deletions.
37 changes: 29 additions & 8 deletions libafl/src/executors/forkserver.rs
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ use libafl_bolts::{
tuples::{Handle, Handled, MatchNameRef, Prepend, RefIndexable},
AsSlice, AsSliceMut, Truncate,
};
use libc::RLIM_INFINITY;
use nix::{
sys::{
select::{pselect, FdSet},
Expand Down Expand Up @@ -134,6 +135,8 @@ pub trait ConfigTarget {
fn setsid(&mut self) -> &mut Self;
/// Sets a mem limit
fn setlimit(&mut self, memlimit: u64) -> &mut Self;
/// enables core dumps (rlimit = infinity)
fn set_coredump(&mut self, enable: bool) -> &mut Self;
/// Sets the stdin
fn setstdin(&mut self, fd: RawFd, use_stdin: bool) -> &mut Self;
/// Sets the AFL forkserver pipes
Expand Down Expand Up @@ -220,19 +223,27 @@ impl ConfigTarget for Command {
rlim_cur: memlimit,
rlim_max: memlimit,
};
let r0 = libc::rlimit {
rlim_cur: 0,
rlim_max: 0,
};

#[cfg(target_os = "openbsd")]
let mut ret = unsafe { libc::setrlimit(libc::RLIMIT_RSS, &r) };
let ret = unsafe { libc::setrlimit(libc::RLIMIT_RSS, &r) };
#[cfg(not(target_os = "openbsd"))]
let mut ret = unsafe { libc::setrlimit(libc::RLIMIT_AS, &r) };
let ret = unsafe { libc::setrlimit(libc::RLIMIT_AS, &r) };
if ret < 0 {
return Err(io::Error::last_os_error());
}
ret = unsafe { libc::setrlimit(libc::RLIMIT_CORE, &r0) };
Ok(())
};
// # Safety
// This calls our non-shady function from above.
unsafe { self.pre_exec(func) }
}

fn set_coredump(&mut self, enable: bool) -> &mut Self {
let func = move || {
let r0 = libc::rlimit {
rlim_cur: if enable { RLIM_INFINITY } else { 0 },
rlim_max: if enable { RLIM_INFINITY } else { 0 },
};
let ret = unsafe { libc::setrlimit(libc::RLIMIT_CORE, &r0) };
if ret < 0 {
return Err(io::Error::last_os_error());
}
Expand Down Expand Up @@ -367,6 +378,15 @@ impl Forkserver {
return Err(Error::unknown("__AFL_SHM_ID not set. It is necessary to set this env, otherwise the forkserver cannot communicate with the fuzzer".to_string()));
}

let afl_debug = if let Ok(afl_debug) = env::var("AFL_DEBUG") {
if afl_debug != "1" && afl_debug != "0" {
return Err(Error::illegal_argument("AFL_DEBUG must be either 1 or 0"));
}
afl_debug == "1"
} else {
false
};

let mut st_pipe = Pipe::new().unwrap();
let mut ctl_pipe = Pipe::new().unwrap();

Expand Down Expand Up @@ -409,6 +429,7 @@ impl Forkserver {
.env("LD_BIND_NOW", "1")
.envs(envs)
.setlimit(memlimit)
.set_coredump(afl_debug)
.setsid()
.setstdin(input_filefd, use_stdin)
.setpipe(
Expand Down

0 comments on commit d1c746a

Please sign in to comment.