oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: terminal emulators' processing of escape sequences

From: Michal Zalewski <lcamtuf () coredump cx>
Date: Mon, 1 May 2017 14:13:16 -0700
Besides (mis)features, there may also be implementation bugs.


It is perhaps worth noting that guided fuzzing has been used in this
space with good results, too. For example, AFL was credited on at
least the following in rxvt, tmux, screen, and mosh:

http://lists.schmorp.de/pipermail/rxvt-unicode/2015q3/002155.html
http://lists.schmorp.de/pipermail/rxvt-unicode/2015q3/002164.html
https://savannah.gnu.org/bugs/?45715
https://savannah.gnu.org/bugs/?45713
https://savannah.gnu.org/bugs/?45714https://github.com/tmux/tmux/issues/92
https://github.com/tmux/tmux/commit/3219e0314e3d1d39a57db330faa5693ce0264244
https://github.com/mobile-shell/mosh/issues/667

Especially if what's highlighted in this thread can be found with a
simple script, I'm betting there's far more beneath the surface.
Guided fuzzers have the advantage of being able to discover features
that may be undocumented or hard to spot, so a more comprehensive dive
into all the terminal emulators in use today would probably be quite
fruitful.

/mz
Previous By Date Next
Previous By Thread Next

Current thread: