Background These are some results of my recent efforts of fuzzing IRC-related software. CVE-2017-14727 in Weechat From the Weechat security page: Date/time conversion specifiers are expanded after replacing buffer local variables in name of log files. In some cases, this can lead to an error in function strftime and a crash caused by the use of an uninitialized buffer. Workaround: Unload the logger plugin: /plugin unload logger Mitre CVE PageRead More
While fuzzing osquery using afl, I encountered a bug in SQLite.
The bug was reproducible using
printf "select * from routes where destination ;VACUUM '::1';\n" | osqueryi. Using osquery binaries compiled with ASan, I got a heap-use-after-free report when running the osqueryi program as demonstrated in the previous sentence.
While fuzzing irssi’s config file parser using afl, I encountered a bug that I reported and became issue #563 for irssi on GitHub. I am going to perform an analysis of the bug and my solution to the bug.
All I had to do to build irssi with afl was add
CC=/path/to/afl/afl-gcc to the configure script invocation. After building irssi, I started running
irssi --config file.cfg with afl, allowing afl to pass in the configuration file it generates in place of file.cfg. All that can be done by following a guide that covers how to use afl.
I got a new laptop. It is the HP Pavilion 15t. The model number is 15t-ab100 and the SKU is L8V46AV.
I got the i5 processor with 8 GB RAM and 1 TB HDD. It was a big upgrade over my old laptop, because I had a first gen i3 in the old one and this has a Skylake processor.Read More
This article assumes familiarity with the Bitcoin block format.
Namecoin blocks starting with block 19200 may have some extra data in them. These blocks with extra data are called AuxPOW blocks for Auxiliary Proof of Work. The extra data appears between the nonce and txn_count. This extra data appears when a block has been merged-mined for both the Bitcoin and Namecoin networks.Read More
I recently installed the program nmcontrol. Doing so was non-trivial, so I am documenting the process I took here.
For those that don’t know, nmcontrol is a daemon that communicates with namecoind and provides services. In particular, I wanted to use the DNS service it provides for accessing .bit domain names. The .bit TLD is used by Namecoin. Namecoin is a decentalized key-value store and among its uses is decentalized DNS.Read More
I got my first package uploaded to Debian this week. That package is winetricks. It was orphaned and I adopted it. Now the lastest version (0.0+20140818+svn1202) is available in sid and should migrate to testing in nine days.Read More
Debconf14 was the first Debconf I attended. It was an awesome experience.
Debconf14 started with a Meet and Greet before the Welcome Talk. I got to meet people and find out what they do for Debian. I also got to meet other GSoC students that I had only previously interacted with online. During the Meet and Greet I also met one of my mentors for GSoC, Zack. Later in the conference I met another of my mentors, Piotr. Previously I only interacted with Zack and Piotr online.Read More