afl: add --afl-parse-rules to return 0 on any rule

When fuzzing, AFL will create lots of malformed rules. We don't want to error out on those. As we're fuzzing the parser any non-crash should return 0. Crashes (ASAN or not) will return a non-0 code.
9 years ago · d461837511
parent e824a8be76
commit d461837511
2 changed files with 12 additions and 0 deletions
--- a/src/suricata-common.h
+++ b/src/suricata-common.h
@ -231,6 +231,7 @@
 #define AFLFUZZ_NO_RANDOM 1
 #define AFLFUZZ_DISABLE_MGTTHREADS 1
 #define AFLFUZZ_PCAP_RUNMODE 1
+#define AFLFUZZ_CONF_TEST 1

 /* we need this to stringify the defines which are supplied at compiletime see:
   http://gcc.gnu.org/onlinedocs/gcc-3.4.1/cpp/Stringification.html#Stringification */
--- a/src/suricata.c
+++ b/src/suricata.c
@ -1113,6 +1113,9 @@ static TmEcode ParseCommandLine(int argc, char** argv, SCInstance *suri)
    int list_keywords = 0;
    int build_info = 0;
    int conf_test = 0;
+#ifdef AFLFUZZ_CONF_TEST
+    int conf_test_force_success = 0;
+#endif
    int engine_analysis = 0;
    int set_log_directory = 0;
    int ret = TM_ECODE_OK;
@ -1167,6 +1170,9 @@ static TmEcode ParseCommandLine(int argc, char** argv, SCInstance *suri)
        {"set", required_argument, 0, 0},
 #ifdef HAVE_NFLOG
        {"nflog", optional_argument, 0, 0},
+#endif
+#ifdef AFLFUZZ_CONF_TEST
+        {"afl-parse-rules", 0, &conf_test_force_success, 1},
 #endif
        {NULL, 0, NULL, 0}
    };
@ -1761,6 +1767,11 @@ static TmEcode ParseCommandLine(int argc, char** argv, SCInstance *suri)
        SCLogError(SC_ERR_INITIALIZATION, "can't use -s/-S when detection is disabled");
        return TM_ECODE_FAILED;
    }
+#ifdef AFLFUZZ_CONF_TEST
+    if (conf_test && conf_test_force_success) {
+        (void)ConfSetFinal("engine.init-failure-fatal", "0");
+    }
+#endif

    if ((suri->run_mode == RUNMODE_UNIX_SOCKET) && set_log_directory) {
        SCLogError(SC_ERR_INITIALIZATION, "can't use -l and unix socket runmode at the same time");