Fuzz relevant bits of Tails Upgrader
-
tails-iuk-get-target-file: downloads content over plain-text HTTP and verifies it => would be worth fuzzing both the code that handles HTTP, and the code that handles the verification-
tails-iuk-get-upgrade-description-file: downloads upgrade description over HTTPS from our website, that is assumed to be trusted in the current state of the design+implementation => what is worth fuzzing is whatever happens until the TLS handshake is completed and the remote peer’s certificate is verified
-
The Fuzzing Project has tutorials, and they may want to help us do that, or do it themselves.
Original created by @intrigeri on 9744 (Redmine)