[openssl-dev] Testing CVE-2016-6309
Matt Caswell
matt at openssl.org
Tue Apr 18 09:38:16 UTC 2017
On 14/04/17 21:11, Lysoněk Milan wrote:
>
> On 06/04/17 00:25 Matt Caswell wrote:
>> Can you reproduce it using the fuzz corpora added in commit 44f206aa9df,
>> or by running the large message test introduced in 84d5549e69?
>>
>> Matt
>>
>
> Commit 44f206aa9df - All tests from this commit give me:
>
> OSError: [Errno 8] Exec format error
>
> And I dont know, if its because my OS (Ubuntu 16.04 64bit) or I'm doing
> something wrong (I followed instructions from
> https://github.com/openssl/openssl/blob/master/fuzz/README.md )
>
>
> Commit 84d5549e69 - It looks like this test reproduce it (I tried run
> tests with "./config","make" and then "make test")
>
> # Failed test 'running sslapitest'
> # at ../test/recipes/90-test_sslapi.t line 21.
> # Looks like you failed 1 test of 1.
> ../test/recipes/90-test_sslapi.t ........... Dubious, test returned
> 1 (wstat 256, 0x100)
> Failed 1/1 subtests
>
> It fails in 1.1.0a, but at 1.1.0b too, which is weird (also tried it at
> 1.1.0e and here it was ok).
Well that doesn't sound right because that commit is already in 1.1.0b.
In the 1.1.0 tree it appears as commit df7681e46 (which is just a
cherry-pick of 84d5549e69). So you shouldn't need to do anything special
to test this in 1.1.0b - just checkout that version, compile and run the
tests. sslapitest should pass if all is well (it does for me and I don't
believe we had any other reports of problems).
Matt
More information about the openssl-dev
mailing list