Fuzz relevant bits of Tails Upgrader
Type of work:
tails-iuk-get-target-file: downloads content over plain-text HTTP and verifies it => would be worth fuzzing both the code that handles HTTP, and the code that handles the verification
tails-iuk-get-upgrade-description-file: downloads upgrade description over HTTPS from our website, that is assumed to be trusted in the current state of the design+implementation => what is worth fuzzing is whatever happens until the TLS handshake is completed and the remote peer's certificate is verified
The Fuzzing Project has tutorials, and they may want to help us do that, or do it themselves.