custom_net_fuzzer.dll failed with 10022

[hihijskim]

Dear winafl team

Hello, I'm currently testing netmode of winafl and I found a issue. (Especially custom_net_fuzzer.dll)

After 5 hrs of testing, the fuzzer crashes due to sendto() failure with error code 10022 WSAEINVAL. Which is very strange because it runs more than 5 hrs w/o any problem.

The command line I used is

set AFL_CUSTOM_DLL_ARGS=-U -p 7714 -a 127.0.0.1 -w 1000&& afl-fuzz.exe -l custom_net_fuzzer.dll -i C:\host\in -o C:\host\test_netmode -D C:\dynamorio\DynamoRIO-Windows-8.0.18803\bin32 -t 20000+ -- -target_module test_netmode.exe -target_method ?recv_func@@YAXH@Z -coverage_module test_netmode.exe -fuzz_iterations 500000 -nargs 1 -no_loop  -- test_netmode.exe

Since test_netmode.exe is running under infinity loop, I have added -no_loop mode following the winafl.c code and increased fuzz_iterations to 500k.

Another strange thing is the fuzzer could not find any crash for 5 hrs. Since the testing target is very easy target I thought it can find a crash within 10 mins... https://github.com/googleprojectzero/winafl/blob/master/test_netmode.cpp#L50

But after I re-launched it several times, I was able to find a crash with around 66% of chance. (6 / 9 success) Anyway this is another problem.

Thank you very much.

P.S. https://github.com/googleprojectzero/winafl/issues/375#issuecomment-1082540695 The winafl that I'm currently use is the version that I modified following the suggestion in the link above.

[ifratric]

Looks like the socket ended up in invalid state, but it's difficult to say which chain of events led to this.

Perhaps custom_net_fuzzer is too strict about errors and the solution could be, if an error happens during sendto(), close and re-open the socket and try again.