> I.e., represent a sequence of packets (of a particular type), rather than
representing the raw contents of a file?
> To do that, the generator of the fuzzed data would have to generate a
sequence of bytes in the form of a sequence of {byte count, bytes} blobs,
unless all packets were the same size.
That could be a limitation of this technique. A good sample corpus may
mitigate this issue. But a more intelligent fuzzer (like afl-fuzz or
driller) might be able to work around this.
> That would have to assume the same encapsulation for all packets, e.g.
Ethernet.
That's the plan. I know that it won't have full coverage, but my
understanding is that it makes the fuzzing interface significantly simpler.
I'm not an expert in Wireshark's source code, so I'd rather have something
that can find some bugs next week than to spend months trying to write a
perfect fuzzer. Practically speaking, there's nothing preventing us from
generating libfuzzer interface for each encapsulation type, which would
obviate this issue.
Moshe
On Wed, Dec 21, 2016 at 2:43 PM, Guy Harris <g...@alum.mit.edu> wrote:
> On Dec 21, 2016, at 4:38 AM, Moshe <m...@moshekaplan.com> wrote:
>
> > I apologize for my lack of clarity. Peter is correct, I am interested in
> fuzzing dissectors.
> >
> > My plan is to have the sequence of raw bytes represent a pcap file.
>
> I.e., represent a sequence of packets (of a particular type), rather than
> representing the raw contents of a file?
>
> To do that, the generator of the fuzzed data would have to generate a
> sequence of bytes in the form of a sequence of {byte count, bytes} blobs,
> unless all packets were the same size.
>
> That would have to assume the same encapsulation for all packets, e.g.
> Ethernet.
> ____________________________________________________________
> _______________
> Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org>
> Archives: https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
> mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscr
> ibe
>
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives: https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
