|
|
Boost : |
Subject: Re: [boost] [beast] Review
From: Jens Weller (JensWeller_at_[hidden])
Date: 2017-07-09 19:21:36
> Gesendet: Sonntag, 09. Juli 2017 um 20:57 Uhr
> Von: "Phil Endecott via Boost" <boost_at_[hidden]>
> An: boost_at_[hidden]
> Cc: "Phil Endecott" <spam_from_boost_dev_at_[hidden]>
> Betreff: Re: [boost] [beast] Review
>
> Jens Weller wrote:
> > Fuzzing. I spend this weekend some time to fuzz beast with libFuzzer.
> > The basic_parser and the websocket::stream were fuzzed.
> > A bug (buffer overflow) in basic_parser was found, and is already fixed.
>
> *THANK YOU* so much for doing that. I didn't see your message until
> after I'd sent my review, and I feel even more justified in my comments
> about the over-complex optimisations in the parser, and the security
> implications.
>
> I'd be interested to see where the bug was. Was this posted on the list?
I used beast to get into fuzzing with this workshop:
https://github.com/Dor1s/libfuzzer-workshop
Motivation was that in that way I could contribute to the review and learn something non beast related.
TWO things at once! The fuzzer found the bug pretty fast, almost instantly.
I'm not a fuzzing expert, but I as far as I know I got lucky with an oversight in the handling of results in the beast parser, it appears.
I continued the fuzzing of beast after vinnie provided a fix and so I also fuzzed this branch.
Nothing else came up.
thanks,
Jens Weller
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk