Open emboss opened 12 years ago
We should write a fuzzer that throws completely random and part random/part hand-crafted data at ASN.1 decode to test for SEGVs/NPEs with regard to malicious data or buffer overflows. The script could be added as an internal test.
Maybe rfuzz or similar gems could save some time.
We should write a fuzzer that throws completely random and part random/part hand-crafted data at ASN.1 decode to test for SEGVs/NPEs with regard to malicious data or buffer overflows. The script could be added as an internal test.