Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 5 Jul 2015 10:37:09 +0300
From: Solar Designer <>
Subject: Re: more robustness

Hi Kai,

On Sun, Jul 05, 2015 at 09:45:33AM +0800, Kai Zhao wrote:
> >
> What do you think with this '--fuzz' ? Does it meat your idea ?

So I just did:

git clone -b fuzz_option fuzz_option
git diff 970f01a068caf544e5f7843d23520e5d24934d75

which I think shows your entire work on this.

This partially meets my idea.

I'd have the fuzzing work from the test vectors, not an external file -
although supporting this as an option would be fine.  It isn't
immediately clear to me from your code whether the external file is
required or optional.  The syntax here implies it's optional:

+       puts("--fuzz[=DICTFILE]         fuzz formats' perpare(), valid() and split()");

BTW, you have a typo here: s/perpare/prepare/

And I'd test further format methods as well, perhaps those the loader
would use.  So don't proceed to crypt_all(), but do test everything
leading up to it.

Please don't add your new code to bench.[ch] and formats.[ch] - instead,
please create new source files fuzz.[ch], with proper copyright and
license statements. is misattributed to me, just like some other revisions of
that Perl script that you posted in here.  While it is important to give
credit where it's due, it's also important to avoid misattributing your
changes to other people.  We'll need to add proper copyright statements
and a license statement to this file.

Is the only remaining use for the Perl script to split the workload
across multiple processes?  If so, why does it accept a format name as
an argument?  I think the splitting only works by format, thus only when
fuzzing multiple formats at once.  The way it currently is, it makes no
sense to me.

> As Frank said, I think I also should add option '--dump' to reproduce
> the bugs. --dump=[1,100] means dump from the 1 fuzzed case to the
> 100 fuzzed case to file. --fuzz will save the fuzzed case ID to file, and
> when bugs are found, we can get the last ID. Then, use
> --dump=[ID-10, ID] to save the latest fuzzed cases to reproduce.

If an option like this needs to be introduced, please call it
"--fuzz-dump" rather than simply "--dump".



Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ