Wireshark mailing list archives
Re: Fuzzing Wireshark with oss-fuzz
From: Moshe <me () moshekaplan com>
Date: Wed, 21 Dec 2016 07:38:09 -0500
I apologize for my lack of clarity. Peter is correct, I am interested in fuzzing dissectors. My plan is to have the sequence of raw bytes represent a pcap file. There can be many packets in a single pcap, which would allow testing state interactions. Moshe On Dec 21, 2016 6:19 AM, "Guy Harris" <guy () alum mit edu> wrote: On Dec 21, 2016, at 2:12 AM, Peter Wu <peter () lekensteyn nl> wrote:
From the efforts that I have seen, Moshe seems to be targeting the dissectors functions. Since these may appear over the network, it is probably one of the more interesting parts to tackle first.
Then I'm not sure how well
The second step is to create a fuzzing interface. The fuzzing interface
needs to have the following signature:
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { DoSomethingInterestingWithMyAPI(Data, Size); return 0; // Non-zero return values are reserved for future use. }
matches the way it works. If you have a program called "rednose", that takes a JPEG image, looks for noses, and colors them red, you could have an API that takes a pointer to an array of bytes containing a JPEG image, and a size_t giving the total number of bytes in the image, and call the nose-detector-and-colorer API (although, given that the argument is a const pointer, it'd have to provide some output buffer). I guess you *could* have an API that takes a *single* blob of data and hands it to the frame dissector, with enough metadata to have it interpreted as an Ethernet frame, and that would catch *some* issues. It wouldn't catch any issues that would only show up with a sequence of packets. Is there some way to fuzz code that's *not* stateless, and that takes a *sequence* of bits of input, in order? ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Fuzzing Wireshark with oss-fuzz Moshe (Dec 20)
- Re: Fuzzing Wireshark with oss-fuzz Guy Harris (Dec 20)
- Re: Fuzzing Wireshark with oss-fuzz Peter Wu (Dec 21)
- Re: Fuzzing Wireshark with oss-fuzz Guy Harris (Dec 21)
- Re: Fuzzing Wireshark with oss-fuzz Moshe (Dec 21)
- Re: Fuzzing Wireshark with oss-fuzz Alexis La Goutte (Dec 21)
- Re: Fuzzing Wireshark with oss-fuzz Guy Harris (Dec 21)
- Re: Fuzzing Wireshark with oss-fuzz Moshe (Dec 21)
- Re: Fuzzing Wireshark with oss-fuzz Peter Wu (Dec 21)
- Re: Fuzzing Wireshark with oss-fuzz Guy Harris (Dec 20)