Bug #9744

Fuzz relevant bits of Tails Upgrader

Added by intrigeri 2015-07-14 10:39:11 . Updated 2016-02-19 00:44:41 .

Status:
Confirmed
Priority:
Normal
Assignee:
Category:
Target version:
Start date:
2015-07-14
Due date:
% Done:

0%

Feature Branch:
Type of work:
Security Audit
Blueprint:

Starter:
Affected tool:
Upgrader
Deliverable for:

Description

  • tails-iuk-get-target-file: downloads content over plain-text HTTP and verifies it => would be worth fuzzing both the code that handles HTTP, and the code that handles the verification
  • tails-iuk-get-upgrade-description-file: downloads upgrade description over HTTPS from our website, that is assumed to be trusted in the current state of the design+implementation => what is worth fuzzing is whatever happens until the TLS handshake is completed and the remote peer’s certificate is verified

The Fuzzing Project has tutorials, and they may want to help us do that, or do it themselves.


Subtasks


History

#1 Updated by intrigeri 2016-02-19 00:44:41

  • Type of work changed from Audit to Security Audit