Add h2o cve #2

sciencemanx · 2020-06-03T17:07:01Z

Adds

h2o cve
poc test case
improvements to github/docker CI

h2o-cve-2018-0608/README.md

.github/workflows/docker_publish.yml

.github/push.sh

h2o-cve-2018-0608/mayhem/h2o/Mayhemfile

dbrumley · 2020-06-03T19:47:37Z

h2o-cve-2018-0608/mayhem/h2o/Mayhemfile

+version: '1.4'
+project: h2o-cve-2018-0608
+target: h2o
+baseimage: forallsecure/h2o-cve-2018-0608


Please specify a duration (upper bound on what it would take to find, say on demo).

ok haven't found the bug from scratch yet (ran target shortly and verified crash repro) but will update when it is found

h2o-cve-2018-0608/README.md

h2o-cve-2018-0608/Dockerfile

dbrumley · 2020-06-03T19:54:53Z

h2o-cve-2018-0608/README.md

+
+Note: Fuzzing has some degree of non-determinism, so when you run
+yourself you may not get exactly this file.  This is expected; your
+output should still trigger the memory corruption bug.


Pls add how long it takes us to find. Such as:
On our test cluster, given the original seed, it takes about xxx minutes to reproduce the bug.

sciencemanx added 13 commits June 1, 2020 12:37

Add basic h2o mayhem target

7336e67

Add remaining fuzz targets to h2o

d1ab6b2

Add base image name and fix standalone cmd path

c4e07c0

Remove alternate fuzzers (just keep h2o binary)

439d55d

Add starting corpus and crashing poc

1a8c4f2

Simplify dockerfile

0bf53fd

Add readme for h2o

90c3578

Use multistage build for docker image

54eea77

Change mayhemfile baseimage to use forallsecure dockerhub

8675655

Move push logic from docker_publish to external script in .github

cd708a5

Add h2o cve to docker_publish.yml

9228e5e

Add shebang and set ex to push.sh

eb47ebe

Remove now-unused modified CMakeLists.txt

d9f1113

dbrumley requested changes Jun 3, 2020

View reviewed changes

sciencemanx added 8 commits June 3, 2020 14:49

Fix indentation in docker_publish

5db463b

Remove unnecessary env specification in mayhemfile

b18d3ee

Update ubuntu base image to specify version tag

4519c28

Improve readme intro with more detail (thanks david)

86d82b5

Add credit to Marlies Ruck to readme

be1fadc

Update note markdown to match formatting

597a7d3

Remove envtest string from project name in mayhemfile

1adb6e3

Merge branch 'master' into add-h2o-cve

65d4fd9

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Add h2o cve #2

Add h2o cve #2

Uh oh!

sciencemanx commented Jun 3, 2020

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

dbrumley Jun 3, 2020

Uh oh!

sciencemanx Jun 3, 2020

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

dbrumley Jun 3, 2020

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Add h2o cve #2

Are you sure you want to change the base?

Add h2o cve #2

Uh oh!

Conversation

sciencemanx commented Jun 3, 2020

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

dbrumley Jun 3, 2020

Choose a reason for hiding this comment

Uh oh!

sciencemanx Jun 3, 2020

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

dbrumley Jun 3, 2020

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants