Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 7 Apr 2015 13:35:48 -0700
From: Seth Arnold <seth.arnold@...onical.com>
To: oss-security@...ts.openwall.com
Subject: Re: Hanno Boeck found Heartbleed using afl + ASan!

On Tue, Apr 07, 2015 at 01:27:40PM -0700, Michal Zalewski wrote:
> this or any comparably serious find. Today, I'm asking myself the same
> question about AFL. Was it too counterintuitive to set this up? Were
> there other barriers to entry? Can I fix this now?

Hanno's trick of storing TLS packets as files is clever, but doesn't
scale far beyond testing handshakes of a handful of protocols, and that
with some effort.

If AFL could grow the ability to mangle socket-based inputs, it would
probably be more applicable to many more services, and beyond just
handshaking.

I realize it's asking for a unicorn when we've already been given a pony,
but there it is.

Thanks

Download attachment "signature.asc" of type "application/pgp-signature" (474 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.