We put everything in a table, and use function pointers, see s2n's at:https://github.com/awslabs/s2n/blob/master/tls/s2n_handshake_io.c#L62 …
-
-
Our goal with tooling is to ensure that we have failsafes beyond code-review. For these state machine type bugs, it actually takes quite a lot! There's a lot more code verifying it than implementing it. It's not surprising that these issues crop up in real world software.
Show this thread -
Anyway, that's it unless you want to AMA. I'll just ask
@threadreaderapp to please unroll this thread!Show this thread
End of conversation
New conversation -
-
-
Thanks you for the explanation and pointers. libssh has integration tests with other impelmentations (openssh, droprbear) using http://cwrap.org , we are also on oss-fuzz, but our fuzzing is still very basic. We are a tiny team with limited resources always looking for help
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.