Project

General

Profile

Bug #9744

Fuzz relevant bits of Tails Upgrader

Added by intrigeri over 4 years ago. Updated almost 4 years ago.

Status:
Confirmed
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
07/14/2015
Due date:
% Done:

0%

Feature Branch:
Type of work:
Security Audit
Blueprint:
Starter:
Affected tool:
Upgrader

Description

  • tails-iuk-get-target-file: downloads content over plain-text HTTP and verifies it => would be worth fuzzing both the code that handles HTTP, and the code that handles the verification
  • tails-iuk-get-upgrade-description-file: downloads upgrade description over HTTPS from our website, that is assumed to be trusted in the current state of the design+implementation => what is worth fuzzing is whatever happens until the TLS handshake is completed and the remote peer's certificate is verified

The Fuzzing Project has tutorials, and they may want to help us do that, or do it themselves.

History

#1 Updated by intrigeri almost 4 years ago

  • Type of work changed from Audit to Security Audit

Also available in: Atom PDF