Re: [Mod-security-developers] ModSecurity with afl - fuzz
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [Mod-security-developers] ModSecurity with afl - fuzz
|
From: Ervin H. <ai...@gm...> - 2019-04-24 17:21:37
|
Hi Jerald, On Mon, Apr 22, 2019 at 06:33:12PM +0800, Jerald Cheong wrote: > I've been trying to compile ModSecurity with afl-fuzz but been having no > luck after my nginx got upgraded. > > Any guidance would be most appreciated. > > I wanted to see what is the difference with afl-fuzz. what do you want to see, I mean what's your expected result as "difference"? As I know, the afl-fuzz is "just" a test method, but as I see, the implementation in libmodsecurity3 is not final. > Tried both ModSecurity, tag 3.0.3 and ModSecurity Master from github. > > Environment: > CentOS Linux release 7.6.1810 (Core) > SCL devtoolset-7 llvm-toolset-7 -->> For clang 5.0.1 > afl compiled from source: https://github.com/mirrorer/afl/ > > Configure options: ./configure --with-lmdb --enable-parser-generation > --enable-afl-fuzz I think you should skip the --enable-afl-fuzz switch to get a worling instance. And please note, that if you use lmdb as collection backend, the expire var does not work: https://github.com/SpiderLabs/ModSecurity/issues/1803 Regards, a. |
