Coincidentally after my Go Fuzz post yesterday, today I see:
Why Did the OpenSSL Punycode Vulnerability Happen
Buffer overruns aren't a problem with Go (unless you're using unsafe) but the lesson still applies. I should spend more time writing fuzz tests. Especially when the Go tools make it easy.
No comments:
Post a Comment