[ovs-dev] [ovs-security] RFC: Adding OvS to fuzzer test suite

Ben Pfaff blp at ovn.org
Fri Aug 18 17:53:53 UTC 2017


I also support this idea.  Thanks!

On Wed, Aug 16, 2017 at 07:55:51PM -0700, Bhargava Shastry wrote:
> Hi Justin,
> 
> Nice to hear. I have CC ed Dev ml.
> 
> Regards
> Bhargava
> 
> 
> On August 16, 2017 5:18:58 PM PDT, Justin Pettit <jpettit at ovn.org> wrote:
> >Hi, Bhargava.  This seems like a great idea to me.  Unless there's
> >something sensitive, I'd suggest we discuss it on the
> >dev at openvswitch.org mailing list.  The security mailing list is good
> >for discussing potential OVS vulnerabilities, but this seems like a
> >good topic for the general community.  And thanks for all your
> >contributions to making OVS more secure!
> >
> >--Justin
> >
> >
> >> On Aug 16, 2017, at 4:17 PM, Bhargava Shastry
> ><bshastry at sec.t-labs.tu-berlin.de> wrote:
> >> 
> >> Dear Ben, Sec at OvS,
> >> 
> >> We have had reasonable success fuzzing OvS so far. It turns out there
> >is
> >> a security initiative led by Google that enables open-source projects
> >to
> >> benefit from continuous fuzzing [1]. I was wondering if you'd be
> >> interested. If you are, I can help integrate OvS into their framework
> >> over a two-staged effort.
> >> 
> >> First, I write a test case for the remote code execution bug and
> >> integrate it into the fuzzer test suite [2] which is basically a
> >> framework for fuzzer evaluation.
> >> 
> >> Second, I try to integrate OvS into OSS-fuzz, Google's initiative.
> >Let
> >> me know what you think.
> >> 
> >> [1]: https://github.com/google/oss-fuzz
> >> [2]: https://github.com/google/fuzzer-test-suite
> >> 
> >> Regards,
> >> Bhargava
> >> 
> >> -- 
> >> Bhargava Shastry <bshastry at sec.t-labs.tu-berlin.de>
> >> Security in Telecommunications
> >> TU Berlin / Telekom Innovation Laboratories
> >> Ernst-Reuter-Platz 7, Sekr TEL 17 / D - 10587 Berlin, Germany
> >> phone: +49 30 8353 58235
> >> Keybase: https://keybase.io/bshastry
> >> _______________________________________________
> >> security mailing list
> >> security at openvswitch.org
> >> https://mail.openvswitch.org/mailman/listinfo/ovs-security
> 
> -- 
> Sent from my Android device with K-9 Mail. Please excuse my brevity.

> _______________________________________________
> security mailing list
> security at openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-security



More information about the dev mailing list