From owner-freebsd-current@FreeBSD.ORG Thu Dec 18 20:21:43 2014 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 452B53F8 for ; Thu, 18 Dec 2014 20:21:43 +0000 (UTC) Received: from mx1.scaleengine.net (beauharnois2.bhs1.scaleengine.net [142.4.218.15]) by mx1.freebsd.org (Postfix) with ESMTP id 1E2371C47 for ; Thu, 18 Dec 2014 20:21:42 +0000 (UTC) Received: from [192.168.1.2] (Seawolf.HML3.ScaleEngine.net [209.51.186.28]) (Authenticated sender: allanjude.freebsd@scaleengine.com) by mx1.scaleengine.net (Postfix) with ESMTPSA id 9073D87E8E for ; Thu, 18 Dec 2014 20:21:41 +0000 (UTC) Message-ID: <54933761.7040209@freebsd.org> Date: Thu, 18 Dec 2014 15:21:53 -0500 From: Allan Jude User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.3.0 MIME-Version: 1.0 To: freebsd-current@freebsd.org Subject: Re: Call for testing: elftoolchain tools References: <5493066F.7080100@FreeBSD.org> In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="2vWQEeqOoQF011GvsevMg4hrVPHH75L5U" X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Dec 2014 20:21:43 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --2vWQEeqOoQF011GvsevMg4hrVPHH75L5U Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 2014-12-18 15:02, Ed Maste wrote: > On 18 December 2014 at 11:53, Pedro Giffuni wrote: >> test the tools with a fuzzer like security/afl >=20 > Yes, a very good idea, especially for strings(1) given the way it is > often used. I've already found a strings crash with afl. > _______________________________________________ > freebsd-current@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.o= rg" >=20 I cam across this not that long ago: http://lcamtuf.blogspot.ca/2014/10/psa-dont-run-strings-on-untrusted-file= s.html Our strings didn't crash with his proof of concept, but there may be other similar bugs --=20 Allan Jude --2vWQEeqOoQF011GvsevMg4hrVPHH75L5U Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQIcBAEBAgAGBQJUkzdkAAoJEJrBFpNRJZKfYosQAIJghKwTxrZcOVyczVZgEq3X fioLJSqk/Xtd14IIIsOH47BDIroh/ZgwMIHon/agllxSe0s4UPxdKhuoA9e6siOc L5QirZvyfJ1Sx23UQ4kpcbE0du0JToi+NTBpzzisz+y8N698cJhCPRLJbJClPWtg wc4ht7CTXh180AaEuwwsd0rdgqdElYsur74fXalZG3Q42ZRe6/OExRG1MnBsxJCt G30DG+qsTNLkFTBoJ5OjwMLZo4vJiW0w8cBw+VLAfD+fR2aQKnn42UtyCxtYk1AW tGfwprYgAR0HtLO89eZRrrK2JIBAKZDJlZU7HYJtCx4HzbWX0UJ3UCUpStBHDBpi EBRJbMmTRvvUstfsuzg3c7cl1DKm43rlMbZ1Ccm0zbmsRIu0TGIUfPPc48cSfrl3 M39YoJlQu0rHR1WftPz/uk4hBA0kkCcP/pyKCCXsfDdJc8vSzyvCRBKJiw9qUApF ueh32SviRtw9t2yZGVnKPAK/H3zeOqdm5Fm9xPnccTO0BGnbz1FjG9maAOJi4f7X ma+GznMleYNS9DQFQfA6mVXNLvP0vUmbFS4jIsHIFq84sBAvw8GpozJnhE2dLznC 6Smmo5t/l1NDCSAewtV2XKLXGoD0EjgEQsFmCGHOOsX5VpFWBu8KoCkVUdzeUnpm 0IfLPnMmDo8sWjEtWP8r =GJek -----END PGP SIGNATURE----- --2vWQEeqOoQF011GvsevMg4hrVPHH75L5U--