Coverage guided fuzzing the Perl interpreter

Perl Fuzzing

Not a lot of slides

• P5P security team
  • Pulled to the P5P conference in amsterdam
  • They wanted him there
  • Bounty program caused people to just send stuff
• Fuzzing tools have gotten easy to use
• Perl definitions of vulnerability is a little weird
  • Parsing code failures is not considered as security flaws
  • Regular expression parse failures are considered
• AFL (fuzzer) is the canonical fuzzer
• AFL++ is more updated
• AFL tools are CLI tools with crazy command line options
• Different commands for different compilers
  • clang
  • g++
  • cmin (identify unique)
  • asan - address sanitizer (msan is a alternate)
    • Must compile 32-bit in order to see all of memory
  • ubsan - undefined behavior checks
  • mostly only recognize on crash (tools to force a crash on a problem)
• JD tools
  • Build scripts to build all te variations
  • Runner scripts to start multiple processes to use the resources of the machine
• Mostly setting up the instrumentation in order to allow it to run on something like Google
• The master process grabs data from the other processes and display
• afl-whatsup gets the results for everything
• The {compiler}-fast versions gives the possibility of re-running instead of restarting each time
• Mutating with dictionaries to give some idea of what syntax we can change
• Also random mutations
• Difficult to make use of these, so it's hard to get them fixed
• Discussion of different ways to explout

We had 8 people attending this month. As always, we'd like to thank Hostgator, LLC for providing the meeting space and food for the group.