Hi, On Fri, Dec 02, 2016 at 08:48:29AM +0500, ???????? ?????????????? wrote: > https://opensource.googleblog.com/2016/12/announcing-oss-fuzz-continuous-fuzzing.html
This is generally interesting, of course. Fuzzing openvpn "as a whole" is quite complicated, though - we do check our input very well, so the last time someone tried to fuzz TLS packets to make openvpn "do bad things", all he got was "go away, you stink, session destroyed" :-) Anyway - so what's necessary to make this google fuzz testing work? Do we instrument our code, or just tell them "hey, here's a useful piece of software, go figure it out yourself"? gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
signature.asc
Description: PGP signature
------------------------------------------------------------------------------ Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today.http://sdm.link/xeonphi
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel