fuzzing SOCKS5 ?

[Gby56]

Hello :) Thanks a lot for the great blog post about the recent CVE ! https://daniel.haxx.se/blog/2023/10/11/how-i-made-a-heap-overflow-in-curl/ Just made me wonder if the SOCKS implementation was fuzzed ?

[cmeister2]

I wouldn't say it's impossible to be fuzzed. We don't have any explicit targets for it, but socks5h:// triggers SOCKS5 behaviour in libcurl, which means that the general fuzzer ought to be testing it. It's possible that something else is preventing it from making progress however.

[bagder]

The oss-fuzz coverage says socks.c has 0% coverage. But I don't know how to figure out why or what we should/can do to fix this. Ideas welcome!

[cmeister2]

I can check it out when I get back off holiday. I thought we'd get it for free because of the socks5:// protocol, but maybe there's other reasons why it won't work.

On Fri, 22 Dec 2023, 09:34 Daniel Stenberg, @.***> wrote:

The oss-fuzz coverage says socks.c has 0% coverage. But I don't know how to figure out why or what we should/can do to fix this. Ideas welcome!

— Reply to this email directly, view it on GitHub https://github.com/curl/curl-fuzzer/issues/79#issuecomment-1867456962, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAPA36NYDTKI7BQNKIEXYTLYKVHZJAVCNFSM6AAAAAA55Q3CZ6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQNRXGQ2TMOJWGI . You are receiving this because you commented.Message ID: @.***>