On Tue, Dec 20, 2016 at 09:36:33PM -0800, Guy Harris wrote:
> On Dec 20, 2016, at 8:31 PM, Moshe <me@xxxxxxxxxxxxxxx> wrote:
>
> > I've been working on adding Wireshark to Google's oss-fuzz project
>
> What do you mean by "Wireshark"?
>
> There are at least two parts of Wireshark that deal with externally-supplied data and can be fuzz-tested:
>
> 1) the libwiretap library, which reads capture files, and has to deal with potentially-malformed file formats;
>
> 2) the libwireshark library, which is handed blobs of raw packet data and packet metadata including (but not limited to) the link-layer header type of the packet data - that data usually comes from a capture file read by libwiretap, but it doesn't *have* to.
>From the efforts that I have seen, Moshe seems to be targeting the
dissectors functions. Since these may appear over the network, it is
probably one of the more interesting parts to tackle first.
--
Kind regards,
Peter Wu
https://lekensteyn.nl