oss-sec mailing list archives

Re: [SECURITY ADVISORY] c-ares: single byte out of buffer write

From: Hanno Böck <hanno () hboeck de>
Date: Thu, 29 Sep 2016 17:04:03 +0200

Hi,

Just quick:
This is a very typical bug class that libfuzzer can find very well.
libfuzzer is like afl, but for functions instead of executables.

I have attached a sample code for libfuzzer which shows how this works.
(In case anyone cares: Consider it being public domain / CC0 / whatever
licensing terms you like)

Takes only a few seconds without any starting corpus to find this bug.

-- 
Hanno Böck
https://hboeck.de/

mail/jabber: hanno () hboeck de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42

Attachment: libfuzzer-ares_create_query.cpp
Description:

Attachment: _bin
Description: OpenPGP digital signature

Current thread:

[SECURITY ADVISORY] c-ares: single byte out of buffer write Daniel Stenberg (Sep 29)
- Re: [SECURITY ADVISORY] c-ares: single byte out of buffer write Daniel Stenberg (Sep 29)
- Re: [SECURITY ADVISORY] c-ares: single byte out of buffer write Hanno Böck (Sep 29)