Go to the source code of this file.
Classes | |
| struct | dfsan_label_info |
| Stores information associated with a specific label identifier. More... | |
Typedefs | |
| typedef uint16_t | dfsan_label |
| typedef void(* | dfsan_write_callback_t) (int fd, const void *buf, size_t count) |
| Signature of the callback argument to dfsan_set_write_callback(). More... | |
Functions | |
| dfsan_label | dfsan_union (dfsan_label l1, dfsan_label l2) |
Computes the union of l1 and l2, possibly creating a union label in the process. More... | |
| dfsan_label | dfsan_create_label (const char *desc, void *userdata) |
| Creates and returns a base label with the given description and user data. More... | |
| void | dfsan_set_label (dfsan_label label, void *addr, size_t size) |
Sets the label for each address in [addr,addr+size) to label. More... | |
| void | dfsan_add_label (dfsan_label label, void *addr, size_t size) |
Sets the label for each address in [addr,addr+size) to the union of the current label for that address and label. More... | |
| dfsan_label | dfsan_get_label (long data) |
| Retrieves the label associated with the given data. More... | |
| dfsan_label | dfsan_read_label (const void *addr, size_t size) |
| Retrieves the label associated with the data at the given address. More... | |
| const struct dfsan_label_info * | dfsan_get_label_info (dfsan_label label) |
| Retrieves a pointer to the dfsan_label_info struct for the given label. More... | |
| int | dfsan_has_label (dfsan_label label, dfsan_label elem) |
| Returns whether the given label label contains the label elem. More... | |
| dfsan_label | dfsan_has_label_with_desc (dfsan_label label, const char *desc) |
| If the given label label contains a label with the description desc, returns that label, else returns 0. More... | |
| size_t | dfsan_get_label_count (void) |
| Returns the number of labels allocated. More... | |
| void | dfsan_flush (void) |
| Flushes the DFSan shadow, i.e. More... | |
| void | dfsan_set_write_callback (dfsan_write_callback_t labeled_write_callback) |
| Sets a callback to be invoked on calls to write(). More... | |
| void | dfsan_dump_labels (int fd) |
| Writes the labels currently used by the program to the given file descriptor. More... | |
| void | dfsan_weak_hook_memcmp (void *caller_pc, const void *s1, const void *s2, size_t n, dfsan_label s1_label, dfsan_label s2_label, dfsan_label n_label) |
| Interceptor hooks. More... | |
| void | dfsan_weak_hook_strncmp (void *caller_pc, const char *s1, const char *s2, size_t n, dfsan_label s1_label, dfsan_label s2_label, dfsan_label n_label) |
Typedef Documentation
◆ dfsan_label
| typedef uint16_t dfsan_label |
Definition at line 24 of file dfsan_interface.h.
◆ dfsan_write_callback_t
Signature of the callback argument to dfsan_set_write_callback().
Definition at line 42 of file dfsan_interface.h.
Function Documentation
◆ dfsan_add_label()
| void dfsan_add_label | ( | dfsan_label | label, |
| void * | addr, | ||
| size_t | size | ||
| ) |
Sets the label for each address in [addr,addr+size) to the union of the current label for that address and label.
◆ dfsan_create_label()
| dfsan_label dfsan_create_label | ( | const char * | desc, |
| void * | userdata | ||
| ) |
Creates and returns a base label with the given description and user data.
◆ dfsan_dump_labels()
| void dfsan_dump_labels | ( | int | fd | ) |
Writes the labels currently used by the program to the given file descriptor.
The lines of the output have the following format:
<label> <parent label 1> <parent label 2> <label description if any>
◆ dfsan_flush()
| void dfsan_flush | ( | void | ) |
Flushes the DFSan shadow, i.e.
forgets about all labels currently associated with the application memory. Will work only if there are no other threads executing DFSan-instrumented code concurrently. Use this call to start over the taint tracking within the same procces.
◆ dfsan_get_label()
| dfsan_label dfsan_get_label | ( | long | data | ) |
Retrieves the label associated with the given data.
The type of 'data' is arbitrary. The function accepts a value of any type, which can be truncated or extended (implicitly or explicitly) as necessary. The truncation/extension operations will preserve the label of the original value.
◆ dfsan_get_label_count()
| size_t dfsan_get_label_count | ( | void | ) |
Returns the number of labels allocated.
◆ dfsan_get_label_info()
| const struct dfsan_label_info* dfsan_get_label_info | ( | dfsan_label | label | ) |
Retrieves a pointer to the dfsan_label_info struct for the given label.
◆ dfsan_has_label()
| int dfsan_has_label | ( | dfsan_label | label, |
| dfsan_label | elem | ||
| ) |
Returns whether the given label label contains the label elem.
◆ dfsan_has_label_with_desc()
| dfsan_label dfsan_has_label_with_desc | ( | dfsan_label | label, |
| const char * | desc | ||
| ) |
If the given label label contains a label with the description desc, returns that label, else returns 0.
◆ dfsan_read_label()
| dfsan_label dfsan_read_label | ( | const void * | addr, |
| size_t | size | ||
| ) |
Retrieves the label associated with the data at the given address.
◆ dfsan_set_label()
| void dfsan_set_label | ( | dfsan_label | label, |
| void * | addr, | ||
| size_t | size | ||
| ) |
Sets the label for each address in [addr,addr+size) to label.
◆ dfsan_set_write_callback()
| void dfsan_set_write_callback | ( | dfsan_write_callback_t | labeled_write_callback | ) |
Sets a callback to be invoked on calls to write().
The callback is invoked before the write is done. The write is not guaranteed to succeed when the callback executes. Pass in NULL to remove any callback.
◆ dfsan_union()
| dfsan_label dfsan_union | ( | dfsan_label | l1, |
| dfsan_label | l2 | ||
| ) |
Computes the union of l1 and l2, possibly creating a union label in the process.
◆ dfsan_weak_hook_memcmp()
| void dfsan_weak_hook_memcmp | ( | void * | caller_pc, |
| const void * | s1, | ||
| const void * | s2, | ||
| size_t | n, | ||
| dfsan_label | s1_label, | ||
| dfsan_label | s2_label, | ||
| dfsan_label | n_label | ||
| ) |
Interceptor hooks.
Whenever a dfsan's custom function is called the corresponding hook is called it non-zero. The hooks should be defined by the user. The primary use case is taint-guided fuzzing, where the fuzzer needs to see the parameters of the function and the labels. FIXME: implement more hooks.
◆ dfsan_weak_hook_strncmp()
| void dfsan_weak_hook_strncmp | ( | void * | caller_pc, |
| const char * | s1, | ||
| const char * | s2, | ||
| size_t | n, | ||
| dfsan_label | s1_label, | ||
| dfsan_label | s2_label, | ||
| dfsan_label | n_label | ||
| ) |
