New issue
Advanced search Search tips

Issue 599584 link

Starred by 2 users
Status: Untriaged
Owner: ----
Cc:
asanka@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Bug

Blocking:
issue 599523



Sign in to add a comment

Fuzz auth handlers and tokenizer

Project Member Reported by mmenke@chromium.org, Mar 31 2016 
AuthChallengeTokenizer takes input from untrusted remote sources, as do the 4 AuthHandler subclasses, so we should fuzz them.

Some AuthHandlers, in particular, are reused for multiple rounds of authentication.  Not sure how well we can fuzz their handling of those cases, but seems worth thinking about.
Project Member

Comment 1 by bugdroid1@chromium.org, Sep 9 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/88d2a618f14c4f346bce5ea7c74b6c891a0807f7

commit 88d2a618f14c4f346bce5ea7c74b6c891a0807f7
Author: csharrison <csharrison@chromium.org>
Date: Fri Sep 09 16:58:54 2016

Add simple fuzzer for HttpAuthChallengeTokenizer

BUG=599584

Review-Url: https://codereview.chromium.org/2323913003
Cr-Commit-Position: refs/heads/master@{#417609}

[modify] https://crrev.com/88d2a618f14c4f346bce5ea7c74b6c891a0807f7/net/BUILD.gn
[add] https://crrev.com/88d2a618f14c4f346bce5ea7c74b6c891a0807f7/net/http/http_auth_challenge_tokenizer_fuzzer.cc
Project Member

Comment 2 by sheriffbot@chromium.org, Sep 11 2017

Labels: Hotlist-Recharge-Cold
Status: Untriaged (was: Available)
This issue has been Available for over a year. If it's no longer important or seems unlikely to be fixed, please consider closing it out. If it is important, please re-triage the issue.

Sorry for the inconvenience if the bug really should have been left as Available. If you change it back, also remove the "Hotlist-Recharge-Cold" label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 3 by mmenke@chromium.org, May 30 2018

Labels: Network-Triaged

Sign in to add a comment