Bug #9744
Fuzz relevant bits of Tails Upgrader
Start date:
2015-07-14
Due date:
% Done:
0%
Description
tails-iuk-get-target-file
: downloads content over plain-text HTTP and verifies it => would be worth fuzzing both the code that handles HTTP, and the code that handles the verificationtails-iuk-get-upgrade-description-file
: downloads upgrade description over HTTPS from our website, that is assumed to be trusted in the current state of the design+implementation => what is worth fuzzing is whatever happens until the TLS handshake is completed and the remote peer’s certificate is verified
The Fuzzing Project has tutorials, and they may want to help us do that, or do it themselves.
Subtasks
History
#1 Updated by intrigeri 2016-02-19 00:44:41
- Type of work changed from Audit to Security Audit