Willy, Am 21.04.20 um 16:58 schrieb Willy Tarreau: >> I would also be interested in how Felix Wilhelm performed the fuzzing, >> do you happen to have details about that? > > No, I only got the information that was just made public. But do not > hesitate to contact Felix about this, I'm sure he will happily share some > extra information to help us improve our side. >
I did and received a reply: https://bugs.chromium.org/p/project-zero/issues/detail?id=2023#c6 Felix Wilhelm used contrib/hpack/decode.c as the basis for the fuzz driver, like I did for my first CVE. The difference to my understanding is that his version is more efficient, because it's not fork+exec()ing new processes all the time and instead just uses function calls. Best regards Tim Düsterhus