OSS-Fuzz Integration Inquiry #244
Comments
|
Sure, feel free to add fuzz tests. |
jonathanmetzman
pushed a commit
to google/oss-fuzz
that referenced
this issue
Sep 19, 2024
I am requesting permission to integrate [libconfig](https://github.com/hyperrealm/libconfig) into OSS-Fuzz. I believe that this project is a good candidate for OSS-Fuzz integration as it serves as a preeminent library for parsing and reading configuration files. The [Linux](https://github.com/torvalds/linux/blob/master/tools/thermal/thermometer/thermometer.c) kernel, [Janus WebRTC Server](https://github.com/meetecho/janus-gateway), and the [SSLH](https://github.com/yrutschle/sslh) project are just a few examples of high-impact and security relevant projects that utilize this library. In addition to the possibility of uncovering edge-cases and bugs in the parsing of configuration files, there is the possibility of a malicious actor crafting a corrupted config file for an elevated service that could be used to perform privilege escalation. Please see upstream approval for integration [here](hyperrealm/libconfig#244)
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
and others
Hello!
I have integrated a few open-sourced projects into OSS-Fuzz, a program sponsored by Google to provide continuous fuzz-testing of impactful open-sourced projects, and am wondering if libconfig's maintainers would approve me undertaking the work to develop a harness to fuzz-test this library and integrate it into OSS-Fuzz.
If you would like more details on what OSS-Fuzz is and what this work would entail, more details can be found here.
Thank you for your consideration and I look forward to working with you all!
The text was updated successfully, but these errors were encountered: