[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-wget] afl-fuzz'ing wget?
|
From: |
Tim Rühsen |
|
Subject: |
Re: [Bug-wget] afl-fuzz'ing wget? |
|
Date: |
Sat, 15 Aug 2015 23:55:03 +0200 |
|
User-agent: |
KMail/4.14.2 (Linux/4.1.0-1-amd64; KDE/4.14.2; x86_64; ; ) |
Am Samstag, 15. August 2015, 23:08:03 schrieb Jacek Wielemborek:
> W dniu 15.08.2015 o 22:23, Tim Rühsen pisze:
> > Am Samstag, 15. August 2015, 12:29:45 schrieb Jacek Wielemborek:
> >> Hello,
> >>
> >> I was looking into fuzzing wget with afl-fuzz [1]. While I hadn't
> >> managed to crash it yet, I found a lot of code paths so far with the
> >>
> >> following input:
> >>> HTTP/1.1 200 OK
> >>> Server: nginx
> >>> Date: Mon, 10 Aug 2015 20:31:38 GMT
> >>> Content-Type: text/html; charset=utf-8
> >>> Content-Length: 283087
> >>> Connection: keep-alive
> >>> Vary: Accept-Encoding
> >>> cache-control: no-cache
> >>>
> >>>
> >>> qwe
> >
> > Hi Jacek,
> >
> > what exactly did you find ?
> >
> > Maybe you can give us an example wget command line that produces
> > unexpected
> > behavior. Or better, give us a pointer to the code that fails.
> > We highly appreciate patches to wget (non-trivial patches needs an FSF
> > copyright assignment by you).
> >
> > Looking forward to hear from you.
> >
> > Tim
>
> Hello,
>
> I found nothing because I was only testing it under a netbook so far,
> but I wanted to know if it was tested before and if not, encourage you
> people to do that by giving some pointers on how this can be achieved.
> I'll let you know once I find anything.
I am not sure how afl-fuzz handles bidirectional communication resp. how the
input files have to look like. Try to simulate/test a FTP connection - this is
a sequence of input and output. If you get this working, --mirror resp. -r
should be straight forward. There are examples (including HTML documents) in
tests/ and testenv/ directories.
Tim
signature.asc
Description: This is a digitally signed message part.