Security and Stability
To test protocol stability and memory safety, FlashMQ debug builds include a fuzzing mode. For that, use the --fuzz-file
option to feed a client buffer with a packet and parse it. See –help.
Fuzzing not only helps test memory safety, but also the programmer’s assumptions with good use of assert()
calls.
Here’s afl-fuzz fuzzing the FlashMQ binary:
Because the communication between American Fuzzy Lop and FlashMQ is not through a socket, the scope of what’s tested is a bit limited. But, it’s a great tool, and having the fuzz option is an open invitation for others to attempt fuzzing as well.
You have to compile FlashMQ with the AFL helpers (See AFL documentation), and then run the binary like:
afl-fuzz -m 200 -M primary -i "$INPUTDIR" -o "$OUTPUTDIR" FlashMQ --fuzz-file '@@'
afl-fuzz -m 200 -S secondary01 -i "$INPUTDIR" -o "$OUTPUTDIR" FlashMQ --fuzz-file '@@'
afl-fuzz -m 200 -S secondary02 -i "$INPUTDIR" -o "$OUTPUTDIR" FlashMQ --fuzz-file '@@'
For “$INPUTDIR
“, FlashMQ contains these fuzz tests.
There’s also a fuzz-helper.sh
. It’s set up to fuzz on four CPU cores.