From Camp 2011 Public Wiki
Breaking packet-o-matic | |
---|---|
Attempting to illustrate why writing parser code in unsandboxed C is not a Good Idea. Fuzzing fun. | |
Contact | User:Krunch |
People | Krunch |
packet-o-matic is a threaded network packets processor written in C that has modules for a large number of protocols and formats. To the best of my knowledge it has never been seriously audited for security problems in the parsers code. My last attempt at fuzzing it unveiled a memory leak within seconds of starting my test run and I left it at that. During the Camp I expect to spend some time setting up some fuzzing tests against p-o-m and/or p-o-m-ng and make it crash in interesting ways. Attempting once more to prove that you really shouldn't write this kind of code in C.
User:Krunch is responsible for this project. GMsoft is responsible for p-o-m itself and he will be at the Camp, sniffing your network conversations so you can even convert these bugs into instant-gratification exploits (although he claims he will not even have a full box dedicated to the task this year).
We are based in Outer Space, feel free to come around if you want to discuss. Starting at the Italian Embassy, go towards the green van/coffee shop, follow the path behind it to the end until you see the white Piraten Partei flag. We are at the green tent next to the white hexagonal pointy tent. If in doubt, call User:Krunch at 98012.