></H2
><P
> Explain release numbers. major, minor. developer releases. etc.
-
-<P
+ </P
></P
><OL
TYPE="1"
><LI
><P
>Remove any file that was left over. This includes (but is not limited to)
- <P
+ </P
+><P
></P
><UL
><LI
>/usr/doc/privoxy*</P
></LI
></UL
-></P
></LI
><LI
><P
>Remove the rpm. Any error messages? All files removed?</P
></LI
></OL
-></P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
-NAME="TESTING-REPORT"
->5.2. Test reports</A
+NAME="FUZZING"
+>5.2. Fuzzing Privoxy</A
></H2
><P
->Please submit test reports only with the <A
-HREF="http://sourceforge.net/tracker/?func=add&group_id=11118&atid=395005"
-TARGET="_top"
->test form</A
->
-at sourceforge. Three simple steps:
- <P
-></P
-><UL
-><LI
-><P
->Select category: the distribution you test on.</P
-></LI
-><LI
+> To make fuzzing more convenient, Privoxy can be configured
+ with --enable-fuzz which will result in the --fuzz option
+ becoming available.
+ </P
><P
->Select group: the version of <SPAN
-CLASS="APPLICATION"
->Privoxy</SPAN
-> that we are about to release.</P
-></LI
-><LI
-><P
->Fill the Summary and Detailed Description with something
- intelligent (keep it short and precise).</P
-></LI
-></UL
->
- Do not mail to the mailing list (we cannot keep track on issues there).
- </P
+> Example (tested on ElectroBSD):
+ </P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+># Compile Privoxy with instrumentation for afl
+$ export CC=afl-clang
+$ export CFLAGS="-fsanitize=address -ggdb"
+$ export CPPFLAGS=-I/usr/local/include/
+$ export LDFLAGS="-fsanitize=address -L/usr/local/lib"
+$ export AFL_USE_ASAN=1
+$ export AFL_HARDEN=1
+$ ./configure --with-debug --enable-extended-host-patterns --enable-accept-filter --enable-no-gifs --enable-compression --enable-strptime-sanity-checks --enable-external-filters --enable-fuzz
+
+$ ./privoxy --fuzz
+Privoxy version 3.0.24 (http://www.privoxy.org/)
+Usage: ./privoxy [--config-test] [--chroot] [--help] [--no-daemon] [--pidfile pidfile] [--pre-chroot-nslookup hostname] [--user user[.group]] [--version] [configfile]
+ ./privoxy --fuzz fuzz-mode ./path/to/fuzzed/input [--stfu]
+
+Supported fuzz modes and the expected input:
+ action: Text to parse as action file.
+ client-request: Client request to parse. Currently incomplete
+ client-header: Client header to parse.
+ chunked-transfer-encoding: Chunk-encoded data to dechunk.
+ deflate: deflate-compressed data to decompress.
+ filter: Text to parse as filter file.
+ gif: gif to deanimate.
+ gzip: gzip-compressed data to decompress.
+ pcrs-substitute: A pcrs-substitute to compile. Not a whole pcrs job! Example: Bla $1 bla C $3 blah.
+ server-header: Server header to parse.
+ server-response: Server response to parse.
+
+The following fuzz modes read data from stdin if the 'file' is '-'
+ client-request
+ client-header
+ chunked-transfer-encoding
+ deflate
+ gif
+ gzip
+ pcrs-substitute
+ server-header
+ server-response
+
+Aborting
+
+$ export ASAN_OPTIONS='abort_on_error=1'
+$ mkdir input output
+$ echo '$1 bla fasel $2' > input/pcrs
+$ afl-fuzz -i input -o output -m none ~/git/privoxy/privoxy --fuzz pcrs-substitute - --stfu
+
+$ cat >input/pcrs.txt
+FILTER: bla fasel
+s@(.{1})[432](\d+)@$1$2$hostname@UgisT
+
+$ afl-fuzz -i input/ -o output/ -f bla.filter -m none privoxy --fuzz filter bla.filter --stfu</PRE
+></TD
+></TR
+></TABLE
></DIV
></DIV
><DIV
projects / privoxy.git / blobdiff