Fuzzing Ping(8) … and Finding a 24 Year Old Bug
canopic jug writes:
OpenBSD developer, Florian Obser, has written about fuzzing ping(8) and finding a 24 year old bug. The utility ping(8) is about the simplest networking utility there is and it has been around in one for or another since the early 1980s. Yet some things were hiding which were exposed by running the Afl fuzzer:
Afl uses files to feed data to programs to get them to crash or otherwise misbehave. I had wondered for a few years how I could use afl with things that talk to the network. Because that's what I mostly work on. In hindsight it's quite obvious. You identify the main parsing function, wrap it in a new main() function and Robert is your father's nearest male relative.
The two main takeaways from this are: One, if someone messes up somewhere, go look if you messed up in the same or similar way somewhere else. Two, afl is pretty easy to use, even for network programs. 30 minutes from reading about afl for the first time to finding a bug in a real world program is pretty neat.
Next up, cat(1) ?
Via Undeadly.
Read more of this story at SoylentNews.