/plushcap/analysis/cloudflare/dns-parser-meet-go-fuzzer

DNS parser, meet Go fuzzer

What's this blog post about?

CloudFlare has been using the github.com/miekg/dns Go DNS library heavily and contributing to its development as much as possible. When Dmitry Vyukov published go-fuzz, a tool that applies fuzzing technique to Go programs, they decided to use it on their DNS library. Fuzzing is the process of testing software by continuously feeding it inputs that are automatically mutated. The go-fuzz tool uses source coverage to judge which mutations pushed the program into new paths and eventually hit many rarely-tested branches. By using go-fuzz, CloudFlare was able to find and fix several bugs in their DNS library, including a potential Denial of Service vulnerability related to handling empty names. They also used go-fuzz for other applications such as checking output validation by adding crashing assertions to the Fuzz() function and comparing the behavior of two different versions or implementations of the same functionality. The use of go-fuzz allowed CloudFlare to improve the robustness and security of their DNS library, which serves 43 billion queries per day. They are currently hiring in London, San Francisco, and Singapore for positions related to this work.

Company
Cloudflare

Date published
Aug. 6, 2015

Author(s)
Filippo Valsorda

Word count
2034

Language
English

Hacker News points
165


By Matt Makai. 2021-2024.