Fuzzing ping(8) … and finding a 24 year old bug.

by

Author:
Source

Sponsored:

Atlas of AI: Power, Politics, and the Planetary Costs of Artificial Intelligence - Audiobook

Uncover the true cost of artificial intelligence.

Listen now, and see the system behind the screens before the future listens to you. = > Atlas of AI $0.00 with trial. Read by Larissa Gallagher

Following the recent discovery of a
security issue in FreeBSD‘s ping(8),
OpenBSD developer Florian Obser
(florian@) wanted to know if something similar lurked
in the OpenBSD code as well.

The result of his investigation can be found in the article called
Fuzzing ping(8) … and finding a 24 year old bug., which leads in,

FreeBSD had a security fluctuation in their implementation of ping(8)
the other day. As someone who has done a lot of work on ping(8) in
OpenBSD this tickled my interests.

What about OpenBSD?

ping(8) is ancient:

Read the rest of the article here. It is quite a story, with lessons to be considered by anyone working on code that’s been around a few years or decades.

As Florian mentions in his post, the fix has been committed to the repo (with a subsequent tweak).

Read more

Related Posts: