[mosh-devel] mosh continuous fuzzing improvement suggestion
Keith Winstein
keithw at cs.stanford.edu
Mon Jun 24 22:36:29 EDT 2019
Hello Yevgeny,
Thanks for getting in touch. We were included in the oss-fuzz repository,
but I'm not sure anybody ever actually did the work of integrating Mosh or
fuzzing it. (People have separately fuzzed the terminal emulator and found
some overcautious assertions that we ended up removing; see
https://github.com/mobile-shell/mosh/issues/667 ). We certainly never heard
anything from them -- if we were supposed to do something on our end beyond
submitting the initial pull request to be included, we didn't do it.
If you want to fuzz Mosh, we'd love to help you. I think you probably want
to fuzz Mosh at several different layers, e.g.:
- raw datagram input
- network input after removing encryption and validation of the integrity
check
- network input after removing encryption, integrity validation, and
compression
- network input to the terminal emulator (e.g. arbitrary actions on the
CompleteTerminal object)
- user keyboard input
Best regards,
Keith
On Sun, Jun 23, 2019 at 8:16 PM Yevgeny Pats <yp at fuzzit.dev> wrote:
> Hi Keith,
>
> I'm Yevgeny Pats, founder of Fuzzit <https://fuzzit.dev/> - a continuous
> fuzzing as a service platform.
>
> We are providing free continuous fuzzing + PR sanity tests to OSS
> projects. I know you are using OSS-fuzz so I wanted to know what the
> current status of the integration and if you need additional resources or
> features.
>
> I'll be happy to help create an integration with Fuzzit. We provide
> continuous fuzzing for projects like systemd, radare, apache.
>
> You can read about systemd-fuzzit case study here
> <https://fuzzit.dev/2019/06/20/continuous-fuzzing-systemd-case-study/> where
> they use our platform in addition to OSS-fuzz.
>
> Also, will be happy to discuss fuzzing in general and share ideas.
>
> Looking forward to hearing from you,
>
> Yevgeny Pats,
> Founder & CEO, Fuzzit
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/mosh-devel/attachments/20190624/a40c186e/attachment.html
More information about the mosh-devel
mailing list