Hi, On Thu, Feb 18, 2016 at 05:15:50PM +0100, Jacek Wielemborek wrote: > The thing is that in order to fuzz it most efficiently, it would be good > to modify the server to use stdin/stdout (or dev null) for network I/O > and terminate after handling a single connection. Also, we would need to > disable any checksums, compression or encryption.
OpenVPN can be called from inetd, so it can sort of handle "an already
connected socket on stdin/stdout".
"sort of" because the backend refuses most normal options in this case
(it can only handle tap interfaces, and no --ifconfig, because the
assumption is that this only makes sense if you attach to a pre-configured
bridge) - but for fuzzing the network side, this should work.
Of course, if you take out checksumming, encryption and tls-auth, you
take away two layers of hardening against funny packets... - but I'm still
fairly confident that the worst thing our code will do is ASSERT() on
you :-)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany [email protected]
fax: +49-89-35655025 [email protected]
signature.asc
Description: PGP signature
