|
Aka The FFW honggfuzz patch.
This proposed patch for honggfuzz is used by the fuzzing for worms (FFW) framework available here: github.com/dobin/ffw
This patch makes it possible to use honggfuzz as a code coverage tool for long-living (network-) servers.
It provides the following functionality:
* A socket interface for an external fuzzer
* Support for code coverage of long living processes
The socket interface supports the following messages:
* Honggfuzz -> Fuzzer: "Fuzz": Send fuzz data to target
* Honggfuzz -> Fuzzer: "Cras": Target crashed
* Honggfuzz -> Fuzzer: "New!": New basic block reached
* Fuzzer -> Honggfuzz: "okay": Fuzzer sent his stuff to target
* Fuzzer -> Honggfuzz: "bad!": The server is unreachable
Honggfuzz will implement the following tasks:
* Start the target
* Restart the target if it crashes
* Restart the target if a crash/hang is detected by the fuzzer
* Provide code coverage information about new basic blocks
An example vulnerable server plus tests have been provided in the
`socketfuzzer/` directory.
|
