New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
test: add Mayhem and basic fuzzer #306
base: master
Are you sure you want to change the base?
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@jeff-hiner I'm gonna leave this to you. Is there anything in particular you really want to see fuzzing on? I can imagine that noise might be a great candidate for fuzzing.
tags: ${{ steps.meta.outputs.tags }} | ||
labels: ${{ steps.meta.outputs.labels }} | ||
|
||
#- name: Start analysis for check_tun_name |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What's the reason this is commented out?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm pretty sure that fuzz target was removed by the original author after the initial PR (possibly due to failing to build). However, the code still exists under boringtun/fuzz/fuzz_targets/check_tun_name.rs
. I can remove it entirely if you'd prefer a cleaner merge.
The base crypto stuff is now all external now, but yeah it would be good to get fuzzing on packet inputs to My expectation is that trying to decapsulate random data on an established handshake should virtually always return an error (if you can get aead to collide in this scenario please write a paper). Encapsulating is a bit more complicated, but essentially if you pass it a valid IPv4/IPv6 packet within the MTU bounds you should get something reasonable out the other end. |
00f78ed
to
19468ce
Compare
b75c424
to
0105b58
Compare
Co-authored-by: xansec <76011430+xansec@users.noreply.github.com>
Hi! My name's Alex from ForAllSecure, and I'm opening this PR on behalf of one of the many "heroes'' who has integrated Mayhem fuzz testing into your project. The "Heroes" program involves integrating fuzz testing to open source projects, in order to help secure the world's software. These integrations generally (but not always) include:
In this target, it looks like we've also added a couple of new Cargo files to lock in dependencies and easily build the fuzz targets. You can take a look at the status of the latest fuzzing results here: https://mayhem.forallsecure.com/mayhemheroes/boringtun?coverage_target=new-mac
Let me know if you have any questions about this PR!