[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug-wget] afl-fuzz'ing wget?

From: Jacek Wielemborek
Subject: [Bug-wget] afl-fuzz'ing wget?
Date: Sat, 15 Aug 2015 12:29:45 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.1.0


I was looking into fuzzing wget with afl-fuzz [1]. While I hadn't
managed to crash it yet, I found a lot of code paths so far with the
following input:

> HTTP/1.1 200 OK
> Server: nginx
> Date: Mon, 10 Aug 2015 20:31:38 GMT
> Content-Type: text/html; charset=utf-8
> Content-Length: 283087
> Connection: keep-alive
> Vary: Accept-Encoding
> cache-control: no-cache
> qwe

The command I used was:

~/workspace/afl-1.86b/afl-fuzz -m 100 -i indir -o outdir -t 1000
src/wget  --timeout=0.1 -t 1 -O/dev/null

I believe I could trigger a lot more code if I tested --mirror
functionality as well. Has anybody tried that? If not, could you share
any pointers on how to provoke as much coverage as possible?


[1] http://lcamtuf.coredump.cx/afl/

Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]