[Bug-wget] afl-fuzz'ing wget?

bug-wget

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug-wget] afl-fuzz'ing wget?

From:	Jacek Wielemborek
Subject:	[Bug-wget] afl-fuzz'ing wget?
Date:	Sat, 15 Aug 2015 12:29:45 +0200
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.1.0

Hello,

I was looking into fuzzing wget with afl-fuzz [1]. While I hadn't
managed to crash it yet, I found a lot of code paths so far with the
following input:

> HTTP/1.1 200 OK
> Server: nginx
> Date: Mon, 10 Aug 2015 20:31:38 GMT
> Content-Type: text/html; charset=utf-8
> Content-Length: 283087
> Connection: keep-alive
> Vary: Accept-Encoding
> cache-control: no-cache
> 
> 
> qwe

The command I used was:

LD_PRELOAD=~/workspace/preeny/x86_64-redhat-linux/desock.so
~/workspace/afl-1.86b/afl-fuzz -m 100 -i indir -o outdir -t 1000
src/wget 127.0.0.1  --timeout=0.1 -t 1 -O/dev/null

I believe I could trigger a lot more code if I tested --mirror
functionality as well. Has anybody tried that? If not, could you share
any pointers on how to provoke as much coverage as possible?

Cheers,
d33tah

[1] http://lcamtuf.coredump.cx/afl/

signature.asc
Description: OpenPGP digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug-wget] afl-fuzz'ing wget?, Jacek Wielemborek <=
- Re: [Bug-wget] afl-fuzz'ing wget?, Tim Rühsen, 2015/08/15
  - Re: [Bug-wget] afl-fuzz'ing wget?, Jacek Wielemborek, 2015/08/15
    - Re: [Bug-wget] afl-fuzz'ing wget?, Tim Rühsen, 2015/08/15

Prev by Date: Re: [Bug-wget] [PATCH] Use u8_check() instead our own utf8 checking
Next by Date: Re: [Bug-wget] [Patch] fix bug #44516, -o- log to stdout
Previous by thread: [Bug-wget] Fwd: New Defects reported by Coverity Scan for GNU Wget
Next by thread: Re: [Bug-wget] afl-fuzz'ing wget?
Index(es):
- Date
- Thread