search

curl / curl-fuzzer

Quality assurance testing for the curl project
MIT License
85 stars 30 forks source link

fuzzing protocols not supported in the build #96

Closed bagder closed 8 months ago

bagder commented 9 months ago

Currently we build a set of different fuzzers for different protocols and we build a generic one for "all" protocols.

We build several specific ones for protocols that can't be fuzzed because our build does not build with necessary third party libraries:

Maybe we should just disable those or add additional libraries to the build?

The generic curl_fuzzer builds and specify "all" protocols:

  allowed_protocols =
    "dict,file,ftp,ftps,gopher,gophers,http,https,imap,imaps,"
    "ldap,ldaps,mqtt,pop3,pop3s,rtmp,rtmpe,rtmps,rtmpt,rtmpte,rtmpts,"
    "rtsp,scp,sftp,smb,smbs,smtp,smtps,tftp";

But this also means that it will try a lot of protocols that are not supported in the build as listed above. Should we perhaps remove those unsupported protocols from the list?

cmeister2 commented 9 months ago

iirc openldap was a PITA to build from source, though I was probably trying to do a static build or something. In practice I'm happy to disable protocols that we can't support, though the preference is to try and build those libraries. Might be worth hacking on it to see how hard it would be.

On Fri, 22 Dec 2023, 09:39 Daniel Stenberg, @.***> wrote:

Currently we build a set of different fuzzers for different protocols and we build a generic one for "all" protocols.

We build several specific ones for protocols that can't be fuzzed because our build does not build with necessary third party libraries:

  • the rtmp* ones need librtmp
  • scp and sftp need a SSH library
  • ldap(s) need OpenLDAP

Maybe we should just disable those or add additional libraries to the build?

The generic curl_fuzzer builds and specify "all" protocols:

allowed_protocols = "dict,file,ftp,ftps,gopher,gophers,http,https,imap,imaps," "ldap,ldaps,mqtt,pop3,pop3s,rtmp,rtmpe,rtmps,rtmpt,rtmpte,rtmpts," "rtsp,scp,sftp,smb,smbs,smtp,smtps,tftp";

But this also means that it will try a lot of protocols that are not supported in the build as listed above. Should we perhaps remove those unsupported protocols from the list?

— Reply to this email directly, view it on GitHub https://github.com/curl/curl-fuzzer/issues/96, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAPA36JUOEGWZDXOYPJ7ZN3YKVIMRAVCNFSM6AAAAABA7SWRUOVHI2DSMVQWIX3LMV43ASLTON2WKOZSGA2TGNRVGE2DGNY . You are receiving this because you are subscribed to this thread.Message ID: @.***>