[mosh-devel] mosh continuous fuzzing improvement suggestion

Yevgeny Pats yp at fuzzit.dev
Tue Jun 25 01:13:25 EDT 2019


Hi Keith,

Thanks for the detailed response.

Just to make sure I understood correctly, there are two main steps for
continuous fuzzing integration for Mosh:

1) Writing the appropriate libFuzzer targets.
2) Integrating with Continuous Fuzzing platform that will fuzz those
targets in parallel to the development workflow - Fuzzit Integration.

Actually I thought there are some targets already but now I see there are
no targets yet, so it will require more work.
I'll be happy if someone can help with writing at least one fuzz target so
we can get the ball rolling and I'll write the integration (The additional
step in Travis to compile the target and send to Fuzzit). I can write also
one fuzz target myself but it will take more time since I'm not familiar
yet with the particular code base.

Best,
Yevgeny



On Tue, Jun 25, 2019 at 5:37 AM Keith Winstein <keithw at cs.stanford.edu>
wrote:

> Hello Yevgeny,
>
> Thanks for getting in touch. We were included in the oss-fuzz repository,
> but I'm not sure anybody ever actually did the work of integrating Mosh or
> fuzzing it. (People have separately fuzzed the terminal emulator and found
> some overcautious assertions that we ended up removing; see
> https://github.com/mobile-shell/mosh/issues/667 ). We certainly never
> heard anything from them -- if we were supposed to do something on our end
> beyond submitting the initial pull request to be included, we didn't do it.
>
> If you want to fuzz Mosh, we'd love to help you. I think you probably want
> to fuzz Mosh at several different layers, e.g.:
>
> - raw datagram input
> - network input after removing encryption and validation of the integrity
> check
> - network input after removing encryption, integrity validation, and
> compression
> - network input to the terminal emulator (e.g. arbitrary actions on the
> CompleteTerminal object)
> - user keyboard input
>
> Best regards,
> Keith
>
>
>
> On Sun, Jun 23, 2019 at 8:16 PM Yevgeny Pats <yp at fuzzit.dev> wrote:
>
>> Hi Keith,
>>
>> I'm Yevgeny Pats, founder of Fuzzit <https://fuzzit.dev/> - a continuous
>> fuzzing as a service platform.
>>
>> We are providing free continuous fuzzing + PR sanity tests to OSS
>> projects. I know you are using OSS-fuzz so I wanted to know what the
>> current status of the integration and if you need additional resources or
>> features.
>>
>> I'll be happy to help create an integration with Fuzzit. We provide
>> continuous fuzzing for projects like systemd, radare, apache.
>>
>> You can read about systemd-fuzzit case study here
>> <https://fuzzit.dev/2019/06/20/continuous-fuzzing-systemd-case-study/> where
>> they use our platform in addition to OSS-fuzz.
>>
>> Also, will be happy to discuss fuzzing in general and share ideas.
>>
>> Looking forward to hearing from you,
>>
>> Yevgeny Pats,
>> Founder & CEO, Fuzzit
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/mosh-devel/attachments/20190625/f624900c/attachment.html


More information about the mosh-devel mailing list