W dniu 18.02.2016 o 18:03, Gert Doering pisze: > Hi, > > On Thu, Feb 18, 2016 at 05:15:50PM +0100, Jacek Wielemborek wrote: >> The thing is that in order to fuzz it most efficiently, it would be good >> to modify the server to use stdin/stdout (or dev null) for network I/O >> and terminate after handling a single connection. Also, we would need to >> disable any checksums, compression or encryption. > > OpenVPN can be called from inetd, so it can sort of handle "an already > connected socket on stdin/stdout". > > "sort of" because the backend refuses most normal options in this case > (it can only handle tap interfaces, and no --ifconfig, because the > assumption is that this only makes sense if you attach to a pre-configured > bridge) - but for fuzzing the network side, this should work. > > Of course, if you take out checksumming, encryption and tls-auth, you > take away two layers of hardening against funny packets... - but I'm still > fairly confident that the worst thing our code will do is ASSERT() on > you :-) > > gert
Well the attacker could send a funny packet with a valid checksum, encrypted and authenticated, right? This is just to make AFL's genetic algorithm work well. The inetd mode sounds like a perfect start.
signature.asc
Description: OpenPGP digital signature
