Am Samstag, 15. August 2015, 23:08:03 schrieb Jacek Wielemborek: > W dniu 15.08.2015 o 22:23, Tim Rühsen pisze: > > Am Samstag, 15. August 2015, 12:29:45 schrieb Jacek Wielemborek: > >> Hello, > >> > >> I was looking into fuzzing wget with afl-fuzz [1]. While I hadn't > >> managed to crash it yet, I found a lot of code paths so far with the > >> > >> following input: > >>> HTTP/1.1 200 OK > >>> Server: nginx > >>> Date: Mon, 10 Aug 2015 20:31:38 GMT > >>> Content-Type: text/html; charset=utf-8 > >>> Content-Length: 283087 > >>> Connection: keep-alive > >>> Vary: Accept-Encoding > >>> cache-control: no-cache > >>> > >>> > >>> qwe > > > > Hi Jacek, > > > > what exactly did you find ? > > > > Maybe you can give us an example wget command line that produces > > unexpected > > behavior. Or better, give us a pointer to the code that fails. > > We highly appreciate patches to wget (non-trivial patches needs an FSF > > copyright assignment by you). > > > > Looking forward to hear from you. > > > > Tim > > Hello, > > I found nothing because I was only testing it under a netbook so far, > but I wanted to know if it was tested before and if not, encourage you > people to do that by giving some pointers on how this can be achieved. > I'll let you know once I find anything.
I am not sure how afl-fuzz handles bidirectional communication resp. how the input files have to look like. Try to simulate/test a FTP connection - this is a sequence of input and output. If you get this working, --mirror resp. -r should be straight forward. There are examples (including HTML documents) in tests/ and testenv/ directories. Tim
signature.asc
Description: This is a digitally signed message part.