New issue
Advanced search Search tips

Issue 781399 link

Starred by 3 users
Status: Fixed
Owner:
rch@chromium.org
Closed: Dec 2017
Cc:
kcc@chromium.org
mmoroz@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 2
Type: Bug



Sign in to add a comment

Improve fuzzing of QUIC

Project Member Reported by rch@chromium.org, Nov 3 2017 
Recent QUIC bugs have revealed that QUIC would benefit greatly from increased fuzzing.

Comment 1 by nedwilli...@gmail.com, Nov 4 2017 

QUIC stream factory fuzzer is in the works. I also had a quic_stream_sequencer_buffer fuzzer which will hit that area of code more efficiently, but we should still cover it with the stream factory fuzzer.

Another interesting attack surface could be the bidirectional stream.
Project Member

Comment 2 by bugdroid1@chromium.org, Nov 7 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/3d55bbb391a5a2e7ba3dd5c083f46bfdb950adcb

commit 3d55bbb391a5a2e7ba3dd5c083f46bfdb950adcb
Author: Ned Williamson <nedwilliamson@gmail.com>
Date: Tue Nov 07 22:58:13 2017

Add Quic Stream Factory Fuzzer

Adds a fuzzer for QUIC streams using a fuzzed server. In order to
fuzz efficiently, also adds a mock encrypter and decrypter that do
no encryption and do not add/check MACs.

BUG= 781399 

Cq-Include-Trybots: master.tryserver.chromium.android:android_cronet_tester;master.tryserver.chromium.mac:ios-simulator-cronet
Change-Id: Ia6d66671763e69c8cf6449c0a728cd4c0bf48e80
Reviewed-on: https://chromium-review.googlesource.com/753006
Commit-Queue: Max Moroz <mmoroz@chromium.org>
Reviewed-by: Ryan Hamilton <rch@chromium.org>
Reviewed-by: Max Moroz <mmoroz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#514638}
[modify] https://crrev.com/3d55bbb391a5a2e7ba3dd5c083f46bfdb950adcb/AUTHORS
[modify] https://crrev.com/3d55bbb391a5a2e7ba3dd5c083f46bfdb950adcb/net/BUILD.gn
[modify] https://crrev.com/3d55bbb391a5a2e7ba3dd5c083f46bfdb950adcb/net/quic/chromium/mock_crypto_client_stream_factory.cc
[modify] https://crrev.com/3d55bbb391a5a2e7ba3dd5c083f46bfdb950adcb/net/quic/chromium/mock_crypto_client_stream_factory.h
[add] https://crrev.com/3d55bbb391a5a2e7ba3dd5c083f46bfdb950adcb/net/quic/chromium/quic_stream_factory_fuzzer.cc
[modify] https://crrev.com/3d55bbb391a5a2e7ba3dd5c083f46bfdb950adcb/net/quic/test_tools/mock_crypto_client_stream.cc
[modify] https://crrev.com/3d55bbb391a5a2e7ba3dd5c083f46bfdb950adcb/net/quic/test_tools/mock_crypto_client_stream.h
[add] https://crrev.com/3d55bbb391a5a2e7ba3dd5c083f46bfdb950adcb/net/quic/test_tools/mock_decrypter.cc
[add] https://crrev.com/3d55bbb391a5a2e7ba3dd5c083f46bfdb950adcb/net/quic/test_tools/mock_decrypter.h
[add] https://crrev.com/3d55bbb391a5a2e7ba3dd5c083f46bfdb950adcb/net/quic/test_tools/mock_encrypter.cc
[add] https://crrev.com/3d55bbb391a5a2e7ba3dd5c083f46bfdb950adcb/net/quic/test_tools/mock_encrypter.h

Comment 3 by mmoroz@chromium.org, Nov 8 2017

Cc: mmoroz@chromium.org kcc@chromium.org
Components: Internals>Network>QUIC
Labels: -Pri-3 Pri-2
Status: Assigned

Ryan, do you have an owner in mind? :)

Comment 4 by mmoroz@chromium.org, Nov 8 2017

Labels: -Pri-2 Pri-3

Comment 5 by mmenke@chromium.org, Nov 30 2017

Owner: rch@chromium.org
[rch]:  Is this done, or is there more work to do?

Comment 6 by rch@chromium.org, Dec 4 2017

Status: Fixed (was: Assigned)
Fair enough. We're finding enough bugs that I think this is working :)

Comment 7 by rch@chromium.org, Jan 17 2018

Labels: -Pri-3 Pri-2

Sign in to add a comment