* * * * *

                 It's always nice when my code doesn't crash

I was reading this article (How I nearly almost saved the Internet, starring
afl-fuzz and dnsmasq » SkullSecurity) [1] (link via Hacker News [2]) about
fuzz testing [3] a DNS (Domain Name Service) server and when I saw that the
problematic packets that caused the program to crash could be downloaded [4],
I figured I would give them a try against my own DNS parsing code [5].

My code did not crash, which is what I expected given that some of the tests
I did included throwing random data. But I might have to install afl-fuzz
(American fuzzy lop) [6] and play around with it. I'd really love to throw
afl-fuzz at the Protocol Stack From Hell™ [7], and while it would be
cathartic, in a way, that's like shooting already dead fish in a wine barrel
with a double barrel shot-gun at point-blank range.

[1] https://blog.skullsecurity.org/2015/how-i-nearly-almost-saved-the-internet-starring-afl-fuzz-and-dnsmasq
[2] https://news.ycombinator.com/item?id=9897159
[3] https://en.wikipedia.org/wiki/Fuzz_testing
[4] https://blogdata.skullsecurity.org/fuzz_dnsmasq.tar.bz2
[5] https://github.com/spc476/SPCDNS
[6] http://lcamtuf.coredump.cx/afl/
[7] gopher://gopher.conman.org/0Phlog:2012/01/30.2

Email author at [email protected]

You are viewing proxied material from gopher.conman.org. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.