9 Jul
2017
9 Jul
'17
6:57 p.m.
Jens Weller wrote:
Fuzzing. I spend this weekend some time to fuzz beast with libFuzzer. The basic_parser and the websocket::stream were fuzzed. A bug (buffer overflow) in basic_parser was found, and is already fixed.
*THANK YOU* so much for doing that. I didn't see your message until after I'd sent my review, and I feel even more justified in my comments about the over-complex optimisations in the parser, and the security implications. I'd be interested to see where the bug was. Was this posted on the list? Regards, Phil.