Wireshark-dev: Re: [Wireshark-dev] Fuzzing Wireshark with oss-fuzz
From: Moshe <me@xxxxxxxxxxxxxxx>
Date: Wed, 21 Dec 2016 20:41:54 -0500
> I.e., represent a sequence of packets (of a particular type), rather than representing the raw contents of a file?
> To do that, the generator of the fuzzed data would have to generate a sequence of bytes in the form of a sequence of {byte count, bytes} blobs, unless all packets were the same size.

That could be a limitation of this technique. A good sample corpus may mitigate this issue. But a more intelligent fuzzer (like afl-fuzz or driller) might be able to work around this.

> That would have to assume the same encapsulation for all packets, e.g. Ethernet.

That's the plan. I know that it won't have full coverage, but my understanding is that it makes the fuzzing interface significantly simpler. I'm not an expert in Wireshark's source code, so I'd rather have something that can find some bugs next week than to spend months trying to write a perfect fuzzer. Practically speaking, there's nothing preventing us from generating libfuzzer interface for each encapsulation type, which would obviate this issue.

Moshe

On Wed, Dec 21, 2016 at 2:43 PM, Guy Harris <guy@xxxxxxxxxxxx> wrote:
On Dec 21, 2016, at 4:38 AM, Moshe <me@xxxxxxxxxxxxxxx> wrote:

> I apologize for my lack of clarity. Peter is correct, I am interested in fuzzing dissectors.
>
> My plan is to have the sequence of raw bytes represent a pcap file.

I.e., represent a sequence of packets (of a particular type), rather than representing the raw contents of a file?

To do that, the generator of the fuzzed data would have to generate a sequence of bytes in the form of a sequence of {byte count, bytes} blobs, unless all packets were the same size.

That would have to assume the same encapsulation for all packets, e.g. Ethernet.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@wireshark.org?subject=unsubscribe