[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-wget] afl-fuzz'ing wget?
|
From: |
Jacek Wielemborek |
|
Subject: |
Re: [Bug-wget] afl-fuzz'ing wget? |
|
Date: |
Sat, 15 Aug 2015 23:08:03 +0200 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.1.0 |
W dniu 15.08.2015 o 22:23, Tim Rühsen pisze:
> Am Samstag, 15. August 2015, 12:29:45 schrieb Jacek Wielemborek:
>> Hello,
>>
>> I was looking into fuzzing wget with afl-fuzz [1]. While I hadn't
>> managed to crash it yet, I found a lot of code paths so far with the
>>
>> following input:
>>> HTTP/1.1 200 OK
>>> Server: nginx
>>> Date: Mon, 10 Aug 2015 20:31:38 GMT
>>> Content-Type: text/html; charset=utf-8
>>> Content-Length: 283087
>>> Connection: keep-alive
>>> Vary: Accept-Encoding
>>> cache-control: no-cache
>>>
>>>
>>> qwe
>
> Hi Jacek,
>
> what exactly did you find ?
>
> Maybe you can give us an example wget command line that produces unexpected
> behavior. Or better, give us a pointer to the code that fails.
> We highly appreciate patches to wget (non-trivial patches needs an FSF
> copyright assignment by you).
>
> Looking forward to hear from you.
>
> Tim
>
Hello,
I found nothing because I was only testing it under a netbook so far,
but I wanted to know if it was tested before and if not, encourage you
people to do that by giving some pointers on how this can be achieved.
I'll let you know once I find anything.
Cheers,
d33tah
signature.asc
Description: OpenPGP digital signature