fuzzing NTPsec with afl

Royce Williams royce at tycho.org
Mon Nov 21 23:34:58 UTC 2016


On Mon, Nov 21, 2016 at 2:18 PM, Kurt Roeckx <kurt at roeckx.be> wrote:
> On Mon, Nov 21, 2016 at 02:11:12PM -0900, Royce Williams wrote:
>>
>> If those minimal changes are turned into a compile-time option, this
>> would enable adding fuzzing to the rolling test suite, perhaps using
>> some of Susan's resources.
>
> Google also provides resources via oss-fuzz. If you can read from
> stdin, it should also be easy to fuzz with other fuzzers like
> libfuzzer.

Indeed. And my understanding is that stdin is often much faster than
equivalent network-level testing, which translates to a lot more
coverage per wall-clock hour (which is important for this kind of
fuzzing).

Ideally, we could enable some kind of basic coverage for both methods
-- stdin and network-based. This would more closely model the actual
threat landscape and attackers' capabilities.

But between the two, stdin would be the best bang for the buck.

Royce


More information about the devel mailing list