|
Boost : |
Subject: Re: [boost] [beast] Review
From: Phil Endecott (spam_from_boost_dev_at_[hidden])
Date: 2017-07-09 18:57:17
Jens Weller wrote:
> Fuzzing. I spend this weekend some time to fuzz beast with libFuzzer.
> The basic_parser and the websocket::stream were fuzzed.
> A bug (buffer overflow) in basic_parser was found, and is already fixed.
*THANK YOU* so much for doing that. I didn't see your message until
after I'd sent my review, and I feel even more justified in my comments
about the over-complex optimisations in the parser, and the security
implications.
I'd be interested to see where the bug was. Was this posted on the list?
Regards, Phil.
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk