From owner-freebsd-audit  Mon Jul 31  4:10: 2 2000
Delivered-To: freebsd-audit@freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
	by hub.freebsd.org (Postfix) with ESMTP id 8B83537BC6A
	for <audit@freebsd.org>; Mon, 31 Jul 2000 04:09:59 -0700 (PDT)
	(envelope-from kris@FreeBSD.org)
Received: from localhost (kris@localhost)
	by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id EAA02659
	for <audit@freebsd.org>; Mon, 31 Jul 2000 04:09:59 -0700 (PDT)
	(envelope-from kris@FreeBSD.org)
X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs
Date: Mon, 31 Jul 2000 04:09:59 -0700 (PDT)
From: Kris Kennaway <kris@FreeBSD.org>
To: audit@freebsd.org
Subject: Re: Fuzz testing
In-Reply-To: <Pine.BSF.4.21.0007310404180.633-100000@freefall.freebsd.org>
Message-ID: <Pine.BSF.4.21.0007310408460.633-100000@freefall.freebsd.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-audit@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Mon, 31 Jul 2000, Kris Kennaway wrote:

> Well, if anyone is looking for something to do, this came up on bugtraq:
> 
> ftp://grilled.cs.wisc.edu/fuzz/
> 
> basically it's a set of tools which stuff random input into command-line
> utils to look for bugs. There are probably a few easy targets here (well,
> I know there are)..if you find one, check with OpenBSD to see if they've
> already fixed it to save yourself some work.

For example:

a2p.core as.core csh.core flex++.core flex.core sh.core

:-)

Other bugs this can expose are data dependent infinite loops.

Kris

--
In God we Trust -- all others must submit an X.509 certificate.
    -- Charles Forsythe <forsythe@alum.mit.edu>



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message