Integrate FRR in a fuzzing testing suite (Google oss-fuzz) #479

remyleone · 2017-05-08T21:17:19Z

Fuzzing is an efficient way to find various bugs inside a software. Maybe FRR could be integrated into the oss-fuzz google project.

https://github.com/google/oss-fuzz

This project already found relevant issues in various well established software projects:
https://testing.googleblog.com/2017/05/oss-fuzz-five-months-later-and.html

mwinter-osr · 2017-05-09T08:06:39Z

I'll look into this fuzzer. The challenges with many fuzzers are that they are not protocol aware, so as an example, they can fuz things like a BGP open, they can't fuz a BGP update as this would require a valid BGP open first.
We (at NetDEF) use a commercial protocol fuzzer from Spirent (SPS-8000) to do tests like these.

However, always open to add another fuzzer if it makes any sense. I'll look into it and will comment back once I understand more about this specific one and how useful it is.

remyleone · 2017-05-09T08:09:04Z

I've also tested randpkt from the wireshark suite. Very low level but it helped to localize where dissectors failed. Le mar. 9 mai 2017 à 10:06, Martin Winter <notifications@github.com> a écrit :

…

I'll look into this fuzzer. The challenges with many fuzzers are that they are not protocol aware, so as an example, they can fuz things like a BGP open, they can't fuz a BGP update as this would require a valid BGP open first. We (at NetDEF) use a commercial protocol fuzzer from Spirent (SPS-8000) to do tests like these. However, always open to add another fuzzer if it makes any sense. I'll look into it and will comment back once I understand more about this specific one and how useful it is. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#479 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AASXIsVFBFrVN43SGI2zMY_XS1g0s7twks5r4B6RgaJpZM4NUgpN> .

donaldsharp · 2018-03-21T00:50:44Z

We've implemented several ways to allow fuzzing via zebra and bgp. This is an ongoing effort and I don't see a need to keep this issue open at this point in time.

qlyoung · 2021-08-18T17:38:15Z

Just to add a bit of color to this I added fuzz entrypoints some years ago and we integrated into oss-fuzz a few weeks ago. google/oss-fuzz#5749

mwinter-osr self-assigned this May 9, 2017

donaldsharp added the enhancement label May 9, 2017

donaldsharp assigned qlyoung Aug 15, 2017

donaldsharp closed this as completed Mar 21, 2018

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Integrate FRR in a fuzzing testing suite (Google oss-fuzz) #479

Integrate FRR in a fuzzing testing suite (Google oss-fuzz) #479

remyleone commented May 8, 2017 •

edited

mwinter-osr commented May 9, 2017

remyleone commented May 9, 2017 via email

donaldsharp commented Mar 21, 2018

qlyoung commented Aug 18, 2021

Integrate FRR in a fuzzing testing suite (Google oss-fuzz) #479

Integrate FRR in a fuzzing testing suite (Google oss-fuzz) #479

Comments

remyleone commented May 8, 2017 • edited

mwinter-osr commented May 9, 2017

remyleone commented May 9, 2017 via email

donaldsharp commented Mar 21, 2018

qlyoung commented Aug 18, 2021

remyleone commented May 8, 2017 •

edited