-
Notifications
You must be signed in to change notification settings - Fork 0
/
IDEAS
54 lines (38 loc) · 1.48 KB
/
IDEAS
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
Reuse existing libraries and projects
=====================================
* http://www.nongnu.org/failmalloc/
Ideas to crash programs
=======================
* Don't create stdin, stdout or stderr to check if first open file gets file descriptor #0
* Continue to analyze gettext :-)
* write C library to inject errors in libc calls (eg. malloc() failure)
* Generate [http://michael-prokop.at/blog/2007/06/12/error-handling-enospc/ ENOSPC] errors?
* file: open(), close(), read(), write()
* directory: opendir(), chdir()
* memory: malloc(), realloc(), calloc()
* network: socket(), setsockopt()
* time: time(), gettimeofday()
http://software.inl.fr/trac/trac.cgi/wiki/Macfly
* network socket proxy fuzzer
Signals
-------
Send signals like SIGINT, SIGTERM, SIGSTOP, SIGUSR1, SIGUSR2.
Old bugs:
* broken pipe (SIGPIPE)
https://bugzilla.mindrot.org/show_bug.cgi?id=85
* libc deadlock
http://sourceware.org/bugzilla/show_bug.cgi?id=838
* openssh pre-authentification denial of service
https://bugzilla.mindrot.org/show_bug.cgi?id=1129
Score
=====
* Code coverage:
* gcov: http://gcc.gnu.org/onlinedocs/gcc/Gcov.html
* Valgrind: http://www.valgrind.org/ Valgrind
* DynamoRio: http://www.cag.lcs.mit.edu/dynamorio/
* Check invalid use of memory using Valgrind (or any memory checker tool)
* increment score if one of these function is called:
- fgets(), memcpy(), strcpy()
- input comes from user (?)
- bytes read by the program
- memory usage