|
|
|
|
|
|
by shakna
1863 days ago
|
|
|
> As far as I know, the client is not fuzzed (though I'd be happy to find out I'm wrong). Just touching on this one part, the rest still applies, openssh does use fuzzing. [0][1] Both client and daemon are fuzzed using AFL, though it does seem to be on an ad-hoc basis rather than automated, but it generally happens before a new release. Unfortunately, to run AFL on openssh, they do have to patch it a bit, so what gets fuzzed and what is released isn't 1-to-1. This is because the privilege separations tend to defeat methods of detecting most of those sorts of bugs on their own. [0] https://github.com/djmdjm/openssh-fuzz-cases [1] For example: https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/ke... |
|
|