Re: [boost] [beast] Review

9 Jul 2017

...
Gesendet: Sonntag, 09. Juli 2017 um 20:57 Uhr
Von: "Phil Endecott via Boost" 
An: boost@lists.boost.org
Cc: "Phil Endecott" 
Betreff: Re: [boost] [beast] Review
Jens Weller wrote:
...
Fuzzing. I spend this weekend some time to fuzz beast with libFuzzer. 
The basic_parser and the websocket::stream were fuzzed.
A bug (buffer overflow) in basic_parser was found, and is already fixed.
*THANK YOU* so much for doing that.  I didn't see your message until
after I'd sent my review, and I feel even more justified in my comments
about the over-complex optimisations in the parser, and the security
implications.
I'd be interested to see where the bug was.  Was this posted on the list?
I used beast to get into fuzzing with this workshop:
https://github.com/Dor1s/libfuzzer-workshop

Motivation was that in that way I could contribute to the review and learn something non beast related.
TWO things at once! The fuzzer found the bug pretty fast, almost instantly.

I'm not a fuzzing expert, but I as far as I know I got lucky with an oversight in the handling of results in the beast parser, it appears.

I continued the fuzzing of beast after vinnie provided a fix and so I also fuzzed this branch.
Nothing else came up.

thanks,

Jens Weller