Testing CVE-2016-6309

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Testing CVE-2016-6309

Lysoněk Milan
Hello,
I'd like to make test for CVE-2016-6309  
https://www.openssl.org/news/secadv/20160926.txt in tlsfuzzer. I tried  
combining and sending different lengths (from small lengths to large)  
of application data and padding, but I could not trigger this issue on  
mentioned OpenSSL 1.1.0a.

Is there any way, how can I test it and if yes, then how?


Thanks,
Milan.

--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Reply | Threaded
Open this post in threaded view
|

Re: Testing CVE-2016-6309

Matt Caswell-2


On 05/04/17 19:24, Lysoněk Milan wrote:
> Hello,
> I'd like to make test for CVE-2016-6309
> https://www.openssl.org/news/secadv/20160926.txt in tlsfuzzer. I tried
> combining and sending different lengths (from small lengths to large) of
> application data and padding, but I could not trigger this issue on
> mentioned OpenSSL 1.1.0a.
>
> Is there any way, how can I test it and if yes, then how?

Can you reproduce it using the fuzz corpora added in commit 44f206aa9df,
or by running the large message test introduced in 84d5549e69?

Matt

--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Reply | Threaded
Open this post in threaded view
|

Re: Testing CVE-2016-6309

Lysoněk Milan

On 06/04/17 00:25 Matt Caswell wrote:
Can you reproduce it using the fuzz corpora added in commit 44f206aa9df,
or by running the large message test introduced in 84d5549e69?

Matt


Commit 44f206aa9df - All tests from this commit give me:
OSError: [Errno 8] Exec format error
And I dont know, if its because my OS (Ubuntu 16.04 64bit) or I'm doing something wrong (I followed instructions from https://github.com/openssl/openssl/blob/master/fuzz/README.md )


Commit 84d5549e69 - It looks like this test reproduce it (I tried run tests with "./config","make" and then "make test")
#   Failed test 'running sslapitest'
#   at ../test/recipes/90-test_sslapi.t line 21.
# Looks like you failed 1 test of 1.
../test/recipes/90-test_sslapi.t ........... Dubious, test returned 1 (wstat 256, 0x100)
Failed 1/1 subtests
It fails in 1.1.0a, but at 1.1.0b too, which is weird (also tried it at 1.1.0e and here it was ok).


I'm not sure if I have done everything correctly in running these tests. I'm a newbie, so I apologize if I made any mistake.



Milan.

--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Reply | Threaded
Open this post in threaded view
|

Re: Testing CVE-2016-6309

Matt Caswell-2


On 14/04/17 21:11, Lysoněk Milan wrote:

>
> On 06/04/17 00:25 Matt Caswell wrote:
>> Can you reproduce it using the fuzz corpora added in commit 44f206aa9df,
>> or by running the large message test introduced in 84d5549e69?
>>
>> Matt
>>
>
> Commit 44f206aa9df - All tests from this commit give me:
>
>     OSError: [Errno 8] Exec format error
>
> And I dont know, if its because my OS (Ubuntu 16.04 64bit) or I'm doing
> something wrong (I followed instructions from
> https://github.com/openssl/openssl/blob/master/fuzz/README.md )
>
>
> Commit 84d5549e69 - It looks like this test reproduce it (I tried run
> tests with "./config","make" and then "make test")
>
>     #   Failed test 'running sslapitest'
>     #   at ../test/recipes/90-test_sslapi.t line 21.
>     # Looks like you failed 1 test of 1.
>     ../test/recipes/90-test_sslapi.t ........... Dubious, test returned
>     1 (wstat 256, 0x100)
>     Failed 1/1 subtests
>
> It fails in 1.1.0a, but at 1.1.0b too, which is weird (also tried it at
> 1.1.0e and here it was ok).

Well that doesn't sound right because that commit is already in 1.1.0b.
In the 1.1.0 tree it appears as commit df7681e46 (which is just a
cherry-pick of 84d5549e69). So you shouldn't need to do anything special
to test this in 1.1.0b - just checkout that version, compile and run the
tests. sslapitest should pass if all is well (it does for me and I don't
believe we had any other reports of problems).

Matt

--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev