On Thu, Mar 16, 2017 at 1:29 PM, Daniel P. Berrange <berra...@redhat.com> wrote:
> On Tue, Mar 07, 2017 at 12:27:58AM -0500, D L wrote: > > On Sun, Mar 5, 2017 at 2:47 AM, Michal Privoznik <mpriv...@redhat.com> > wrote: > > Regarding fuzzing, I think we can try several fuzzing tools to run in > > parallel, as different > > fuzzers tend to find different kinds of bugs. Thus, AFL (American Fuzz > > Lop) [1], > > which is a coverage-guided mutation-based fuzzer with genetic algorithm, > > can > > take hand-crafted xml seed to fuzz our libvert target. Alternatively, we > > could > > develop generation-based grammar module in AFL (which is definitely > > non-trivial); > > so far I have not seen active development in AFL community on xml format > > grammar generation. Another option could be clang-libfuzzer [2]. > > > > Several related articles show examples of fuzzing are using AFL to > generate > > SQL [3], llvm-afl [4], and hexml fuzzing with AFL [5]. In combination > with > > lcov, we > > could compare different fuzzers and guide our fuzzing tuning. > > FYI, I would very much like to see it use a fuzzer that is open source, > because > I'd like the end result of the project to ideally produce some test suite > or > test framework that we can put in to our CI system and run daily to > validate > future changes. > > > Hi Daniel, Yes, I am definitely focusing on open source fuzzers. I have been having a question for quite a while. I thought mostly behind the scenes of each established open sources projects should have a security team working on security testing on a regular basis. Accordingly they also have the tool chains and standardized procedures to find, report and fix security vulnerabilities. They may or may not work with or collaborate with the Developer teams. It is also possible that some of those exploitable bugs were purely discovered just by interested individuals as their side project/work. And some of them got CVE assigned eventually. I was hoping to find some record of how such bugs were discovered; i.e., there'd be some tutorial-like documentations describing how to work on a large scale industrial fuzzing project. I primarily got most of the impressions from the following links about libxml2 AFL fuzzing bug report: https://bugzilla.gnome.org/show_bug.cgi?id=744980 https://bugzilla.gnome.org/show_bug.cgi?id=756263 https://bugzilla.gnome.org/show_bug.cgi?id=759020 https://bugzilla.gnome.org/show_bug.cgi?id=759671 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7115 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7116 Not only at libvirt community, is libxml2's situations also similar to other major open source projects? Dan Regards, > Daniel > -- > |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ > :| > |: http://libvirt.org -o- http://virt-manager.org > :| > |: http://entangle-photo.org -o- http://search.cpan.org/~danberr/ > :| >
-- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list