Fuzzing ping(8) … and finding a 24 year old bug.

by
from OpenBSD Journal on (#66MFG)
Following the recent discovery of asecurity issue in FreeBSD's ping(8),OpenBSD developer Florian Obser(florian@) wanted to know if something similar lurkedin the OpenBSD code as well.

The result of his investigation can be found in the article calledFuzzing ping(8) ... and finding a 24 year old bug., which leads in,

FreeBSD had a security fluctuation in their implementation of ping(8)the other day. As someone who has done a lot of work on ping(8) inOpenBSD this tickled my interests.

What about OpenBSD?

ping(8) is ancient:

Read the rest of the article here. It is quite a story, with lessons to be considered by anyone working on code that's been around a few years or decades.

As Florian mentions in his post, the fix has been committed to the repo (with a subsequent tweak).

External Content
Source RSS or Atom Feed
Feed Location http://undeadly.org/cgi?action=rss
Feed Title OpenBSD Journal
Feed Link http://undeadly.org/
Reply 0 comments