def __respond_verification(self, response):
jobs = response.data[0]
methods = response.data[1]
results = []
i = 0
self.comm.slave_locks_A[self.slave_id].acquire()
while True:
payload, payload_shm_size = self.q.copy_master_payload(self.comm.get_master_payload_shm(self.slave_id), i, self.comm.get_master_payload_shm_size())
payload_content_len_init = struct.unpack("I", payload[0:4])[0]
payload_content_len = perform_trim(payload_content_len_init, self.q.send_payload, self.q.modify_payload_size, self.error_handler)
if payload_content_len_init != payload_content_len:
log_slave("TRIM: " + "{0:.2f}".format(((payload_content_len*1.0)/(payload_content_len_init*1.0))*100.0) + "% (" + str(payload_content_len) + "/" + str(payload_content_len_init) + ")", self.slave_id)
patches = jobs[0]
if len(patches) > 0:
log_slave("Got payload to fix with size: %d and patches %s"%( payload_content_len, patches), self.slave_id )
if len(patches):
log_redq("Slave "+str(self.slave_id)+" Orig Payload: " + repr(payload[4:4+payload_content_len]))
hash = HashFixer(self.q, self.redqueen_state)
new_payload = hash.try_fix_data(payload[4:4+payload_content_len])
if new_payload:
log_redq("Slave "+str(self.slave_id)+"Fixed Payload: " + repr("".join(map(chr,new_payload))))
payload = payload[:4]+"".join(map(chr,new_payload))
self.q.set_payload(new_payload)
start_time = time.time()
bitmap = self.q.send_payload(apply_patches=False)
performance = time.time() - start_time
log_slave("performance: " + str(1.0/performance) + " -> " + str(performance), self.slave_id)
break
if not bitmap:
log_slave("SHM ERROR....", self.slave_id)
new_bits = self.q.copy_bitmap(self.comm.get_bitmap_shm(self.slave_id), i, self.comm.get_bitmap_shm_size(),
bitmap, payload, payload_shm_size, effector_mode_hash=None, apply_patches = False)
if new_bits:
self.q.copy_mapserver_payload(self.comm.get_mapserver_payload_shm(self.slave_id), i, self.comm.get_mapserver_payload_shm_size())
results.append(FuzzingResult(i, self.q.crashed, self.q.timeout, self.q.kasan, jobs[i], self.slave_id, performance, methods[i], mmh3.hash64(bitmap), reloaded=(self.q.timeout or self.q.crashed or self.q.kasan), new_bits=new_bits, qid=self.slave_id))
self.comm.slave_locks_B[self.slave_id].release()
send_msg(KAFL_TAG_RESULT, results, self.comm.to_mapserver_queue, source=self.slave_id)
def handle_initial(self, payload, metadata):
time_initial_start = time.time()
if self.config.argument_values["trace"]:
self.stage_update_label("trace")
self.slave.trace_payload(payload, metadata)
self.stage_update_label("calibrate")
# Update input performance using multiple randomized executions
# Scheduler will de-prioritize execution of very slow nodes..
num_execs = 10
timer_start = time.time()
havoc.mutate_seq_havoc_array(payload, self.execute, num_execs)
timer_end = time.time()
self.performance = (timer_end - timer_start) / num_execs
# Trimming only for stable + non-crashing inputs
if metadata["info"][
"exit_reason"] != "regular": # or metadata["info"]["stable"]:
log_slave("Validate: Skip trimming..", self.slave.slave_id)
return None
center_trim = False
new_payload = perform_trim(payload, metadata, self.execute)
if center_trim:
new_payload = perform_center_trim(new_payload,
metadata,
self.execute,
trimming_bytes=2)
self.initial_time += time.time() - time_initial_start
if new_payload == payload:
return None
#log_slave("before trim:\t\t{}".format(repr(payload)), self.slave.slave_id)
#log_slave("after trim:\t\t{}".format(repr(new_payload)), self.slave.slave_id)
return new_payload
def handle_initial(self, payload, metadata):
time_initial_start = time.time()
center_trim = False
default_info = {"method": "trim", "parent": metadata["id"]}
new_payload = perform_trim(payload, metadata, self.execute_with_bitmap,
default_info,
self.slave.execution_exited_abnormally)
if center_trim:
default_info = {"method": "center_trim", "parent": metadata["id"]}
new_payload = perform_center_trim(
new_payload,
metadata,
self.execute_with_bitmap,
default_info,
self.slave.execution_exited_abnormally,
trimming_bytes=2)
self.initial_time += time.time() - time_initial_start
if new_payload == payload:
return None
safe_print("before trim:\t\t{}".format(repr(payload)))
safe_print("after trim:\t\t{}".format(repr(new_payload)))
return new_payload