<div dir="ltr">Hello Yevgeny,<div><br></div><div>Thanks for getting in touch. We were included in the oss-fuzz repository, but I'm not sure anybody ever actually did the work of integrating Mosh or fuzzing it. (People have separately fuzzed the terminal emulator and found some overcautious assertions that we ended up removing; see <a href="https://github.com/mobile-shell/mosh/issues/667">https://github.com/mobile-shell/mosh/issues/667</a> ). We certainly never heard anything from them -- if we were supposed to do something on our end beyond submitting the initial pull request to be included, we didn't do it.</div><div><br></div><div>If you want to fuzz Mosh, we'd love to help you. I think you probably want to fuzz Mosh at several different layers, e.g.:</div><div><br></div><div>- raw datagram input</div><div>- network input after removing encryption and validation of the integrity check</div><div>- network input after removing encryption, integrity validation, and compression</div><div>- network input to the terminal emulator (e.g. arbitrary actions on the CompleteTerminal object)</div><div>- user keyboard input</div><div><br></div><div>Best regards,</div><div>Keith</div><div><br></div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sun, Jun 23, 2019 at 8:16 PM Yevgeny Pats <<a href="mailto:yp@fuzzit.dev">yp@fuzzit.dev</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hi Keith,<div><br></div><div><div>I'm Yevgeny Pats, founder of <a href="https://fuzzit.dev/" target="_blank">Fuzzit</a> - a continuous fuzzing as a service platform.</div><div><br></div><div>We are providing free continuous fuzzing + PR sanity tests to OSS projects. I know you are using OSS-fuzz so I wanted to know what the current status of the integration and if you need additional resources or features. </div><div><br></div><div>I'll be happy to help create an integration with Fuzzit. We provide continuous fuzzing for projects like systemd, radare, apache.</div><div><br></div><div>You can read about systemd-fuzzit case study <a href="https://fuzzit.dev/2019/06/20/continuous-fuzzing-systemd-case-study/" target="_blank">here</a> where they use our platform in addition to OSS-fuzz.</div><div><br></div><div>Also, will be happy to discuss fuzzing in general and share ideas.</div><div><br></div><div>Looking forward to hearing from you,</div><div><br></div><div>Yevgeny Pats,</div><div>Founder & CEO, Fuzzit</div></div></div>
</blockquote></div>