2016-12-07 2:18 GMT+05:00 Gert Doering <g...@greenie.muc.de>:
> Hi,
>
> On Fri, Dec 02, 2016 at 08:48:29AM +0500, ???????? ?????????????? wrote:
> > https://opensource.googleblog.com/2016/12/announcing-oss-
> fuzz-continuous-fuzzing.html
>
> This is generally interesting, of course.
>
> Fuzzing openvpn "as a whole" is quite complicated, though - we do check
> our input very well, so the last time someone tried to fuzz TLS packets
> to make openvpn "do bad things", all he got was "go away, you stink,
> session destroyed" :-)
>
at least, I recall this commit
https://github.com/OpenVPN/openvpn/commit/0d8da22ae36d5efd03fba36c1d783b907589e321
it used to crash on simple tcp connect (after immediate disconnect), it was
reproducible to running login/password authentication mode
it might have been caught by fuzz testing.
>
> Anyway - so what's necessary to make this google fuzz testing work? Do
> we instrument our code, or just tell them "hey, here's a useful piece
> of software, go figure it out yourself"?
>
we can start with PR to
https://github.com/google/oss-fuzz/tree/master/projects
it must been done by someone from "OpenVPN" github organization.
if google machinery will not figure out anything, it might be long way with
libfuzz-helpers (if we implement such helpers, we can add them to cmoka and
travis-ci)
>
> gert
> --
> USENET is *not* the non-clickable part of WWW!
> //
> www.muc.de/~gert/ <http://www.muc.de/%7Egert/>
> Gert Doering - Munich, Germany
> g...@greenie.muc.de
> fax: +49-89-35655025 g...@net.informatik.tu-
> muenchen.de
>
------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today.http://sdm.link/xeonphi
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
