Wireshark mailing list archives
Re: Fuzzing Wireshark with oss-fuzz
From: Moshe <me () moshekaplan com>
Date: Wed, 21 Dec 2016 20:41:54 -0500
I.e., represent a sequence of packets (of a particular type), rather than
representing the raw contents of a file?
To do that, the generator of the fuzzed data would have to generate a
sequence of bytes in the form of a sequence of {byte count, bytes} blobs, unless all packets were the same size. That could be a limitation of this technique. A good sample corpus may mitigate this issue. But a more intelligent fuzzer (like afl-fuzz or driller) might be able to work around this.
That would have to assume the same encapsulation for all packets, e.g.
Ethernet. That's the plan. I know that it won't have full coverage, but my understanding is that it makes the fuzzing interface significantly simpler. I'm not an expert in Wireshark's source code, so I'd rather have something that can find some bugs next week than to spend months trying to write a perfect fuzzer. Practically speaking, there's nothing preventing us from generating libfuzzer interface for each encapsulation type, which would obviate this issue. Moshe On Wed, Dec 21, 2016 at 2:43 PM, Guy Harris <guy () alum mit edu> wrote:
On Dec 21, 2016, at 4:38 AM, Moshe <me () moshekaplan com> wrote:I apologize for my lack of clarity. Peter is correct, I am interested infuzzing dissectors.My plan is to have the sequence of raw bytes represent a pcap file.I.e., represent a sequence of packets (of a particular type), rather than representing the raw contents of a file? To do that, the generator of the fuzzed data would have to generate a sequence of bytes in the form of a sequence of {byte count, bytes} blobs, unless all packets were the same size. That would have to assume the same encapsulation for all packets, e.g. Ethernet. ____________________________________________________________ _______________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscr ibe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Fuzzing Wireshark with oss-fuzz Moshe (Dec 20)
- Re: Fuzzing Wireshark with oss-fuzz Guy Harris (Dec 20)
- Re: Fuzzing Wireshark with oss-fuzz Peter Wu (Dec 21)
- Re: Fuzzing Wireshark with oss-fuzz Guy Harris (Dec 21)
- Re: Fuzzing Wireshark with oss-fuzz Moshe (Dec 21)
- Re: Fuzzing Wireshark with oss-fuzz Alexis La Goutte (Dec 21)
- Re: Fuzzing Wireshark with oss-fuzz Guy Harris (Dec 21)
- Re: Fuzzing Wireshark with oss-fuzz Moshe (Dec 21)
- Re: Fuzzing Wireshark with oss-fuzz Peter Wu (Dec 21)
- Re: Fuzzing Wireshark with oss-fuzz Guy Harris (Dec 20)