Fuzzer for ldap?

[personnumber3377]

Hi!

I looked through this and it seems that the fuzzer for ldap is missing. I think the vast majority of the ldap protocol is handled by external libraries, but I think there is some interesting gluecode to be fuzzed in ldap.c . This could lead to vulnerabilities like CVE-2018-1000121 (https://curl.se/docs/CVE-2018-1000121.html) . Are there plans on incorporating it? I can try to implement such a fuzzer for myself.

Thanks in advance!

[cmeister2]

Hey! So yes, the fuzzer for ldap is missing at the moment. Please feel free to give it a go if you like; it was certainly on the list now that I've spent some time switching over to CMake.

[personnumber3377]

Hi!

I managed to start fuzzing ldap via using libdesock to handle the ugly redirection of the sockets to stdin and stdout and now I am able to fuzz it with afl++. I think that curl-fuzzers use libfuzzer, but I don't think that libfuzzer supports dynamic libraries. I basically used libdesock with multipackets enabled (they are disabled by default), and then I used the below code:

#include <curl/curl.h>
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <sanitizer/lsan_interface.h>

#define FUZZ_TIMEOUT_MS 5000L
#define MAX_URL_SIZE 10000

int main(void)
{
  char buf[MAX_URL_SIZE + 1] = {0};  // Null-terminated buffer
  size_t len = fread(buf, 1, MAX_URL_SIZE, stdin);

  // If input has no null terminator or seems empty, bail out
  if (len == 0 || memchr(buf, '\0', len) == NULL) {
    return 0;
  }

  CURL *curl = curl_easy_init();
  if (!curl) return 1;

  curl_easy_setopt(curl, CURLOPT_URL, buf);
  curl_easy_setopt(curl, CURLOPT_TIMEOUT_MS, FUZZ_TIMEOUT_MS);
  curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);
  curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L);
  // curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L);

  while (__AFL_LOOP(1000)) {
    __lsan_do_leak_check();
    curl_easy_perform(curl);
    __lsan_do_leak_check();
  }

  curl_easy_cleanup(curl);
  return 0;
}

the code basically populates the url field with data taken from the fuzz buffer and then uses libdesock to send the inputs to the socket.

I faced a number of problems with afl. There was a bug in the compiler or something itself which caused false positive crashes, so I had to change to a slightly older version. To compile curl I just used:

make clean
LDFLAGS="-fsanitize=address,undefined" CC=afl-clang-fast CXX=afl-clang-fast++ CFLAGS="-O3 -fsanitize=address,undefined" CXXFLAGS="-O3 -fsanitize=address,undefined" ./configure --prefix=$HOME/curl_build_other --with-ldap --disable-shared --with-openssl --without-libpsl
make clean
LDFLAGS="-fsanitize=address,undefined" CC=afl-clang-fast CXX=afl-clang-fast++ CFLAGS="-O3 -fsanitize=address,undefined" CXXFLAGS="-O3 -fsanitize=address,undefined" make -j8
LDFLAGS="-fsanitize=address,undefined" CC=afl-clang-fast CXX=afl-clang-fast++ CFLAGS="-O3 -fsanitize=address,undefined" CXXFLAGS="-O3 -fsanitize=address,undefined" make install

and to build libdesock I used:

rm -fr ./build
meson setup ./build
cd build
meson configure -Ddebug_desock=true -Ddesock_client=true -Ddesock_server=false -Dmultiple_requests=true
meson compile
cp libdesock.so ~/curlsocksfuzzer/libdesock.so

In addition, I also added a custom mutator in mutator.py which repeats strings in the input buffer to find vulnerabilities which require repeated strings (like https://hackerone.com/reports/1826048). I think that such a mutator would find these more easily than traditional mutations.

I think that using libfuzzer instead of afl++ should be the way to go in the end, but I do not know if libfuzzer supports reading from stdin. libdesock redirects sockets to stdin and stdout for fuzzing purposes: https://github.com/fkie-cad/libdesock . I uploaded all of my files here: https://github.com/personnumber3377/curlfuzzing . That repo contains a dump of all the files which I used.

I am able to get coverage:

I didn't find any crashes, but I found some hangs. I assume that these hangs which hang for roughly 5 seconds are in the lookup of the url or something and not really dangerous, but I removed these from the repository to be safe.

I can try to modify this code in this curl-fuzzer repository, but my fuzzer which uses afl++ instead of libfuzzer should do for now in the meantime.

I will try to implement a proper fuzzer using libfuzzer, but I won't promise anything.

[cmeister2]

Thanks for the investigation! We would certainly be looking for something that fit within the rest of the framework and that ossfuzz can fuzz - unsure whether that applies here.

[personnumber3377]

Hi!

I looked through the curl-fuzzer codebase and there does actually appear to be a fuzzer for ldap:

#ifdef FUZZ_PROTOCOLS_LDAP
  allowed_protocols = "ldap,ldaps";
#endif

so I am thinking that there was some plans to incorporate it, but which were then abandoned. The CMakeLists.txt file did not contain the ldap fuzzer for somewhat reason and the scripts/

during compiling I am getting this error:

checking for dirent.h... yes
checking for opendir... yes
checking convert -I options to -isystem... yes
checking whether to enable verbose strings... yes
checking whether to enable SSPI support (Windows native builds only)... no
checking whether to enable basic authentication method... yes
checking whether to enable bearer authentication method... yes
checking whether to enable digest authentication method... yes
checking whether to enable kerberos authentication method... yes
checking whether to enable negotiate authentication method... yes
checking whether to enable aws sig methods... yes
checking whether to support NTLM... yes
checking whether to enable TLS-SRP authentication... yes
checking whether to enable Unix domain sockets... auto
checking for struct sockaddr_un.sun_path... yes
checking whether to support cookies... yes
checking whether to support socketpair... yes
checking whether to support HTTP authentication... yes
checking whether to support DoH... yes
checking whether to support the MIME API... yes
checking whether to support binding connections locally... yes
checking whether to support the form API... yes
checking whether to support date parsing... yes
checking whether to support netrc parsing... yes
checking whether to support progress-meter... yes
checking whether to support the SHA-512/256 hash algorithm... yes
checking whether to support DNS shuffling... yes
checking whether to support curl_easy_option*... yes
checking whether to support alt-svc... yes
checking whether to support headers-api... yes
checking whether to support HSTS... yes
checking whether to enable HTTPS-RR support... no
checking for SSL_set0_wbio... yes
checking whether to support WebSockets... yes
checking whether hiding of library internal symbols will actually happen... no
checking if this build supports HTTPS-proxy... yes
checking that generated files are newer than configure... done
configure: creating ./config.status
config.status: creating Makefile
config.status: creating docs/Makefile
config.status: creating docs/examples/Makefile
config.status: creating docs/libcurl/Makefile
config.status: creating docs/libcurl/opts/Makefile
config.status: creating docs/cmdline-opts/Makefile
config.status: creating include/Makefile
config.status: creating include/curl/Makefile
config.status: creating src/Makefile
config.status: creating lib/Makefile
config.status: creating scripts/Makefile
config.status: creating lib/libcurl.vers
config.status: creating tests/Makefile
config.status: creating tests/config
config.status: creating tests/configurehelp.pm
config.status: creating tests/certs/Makefile
config.status: creating tests/data/Makefile
config.status: creating tests/server/Makefile
config.status: creating tests/libtest/Makefile
config.status: creating tests/unit/Makefile
config.status: creating tests/tunit/Makefile
config.status: creating tests/client/Makefile
config.status: creating tests/http/config.ini
config.status: creating tests/http/Makefile
config.status: creating packages/Makefile
config.status: creating packages/vms/Makefile
config.status: creating curl-config
config.status: creating libcurl.pc
config.status: creating lib/curl_config.h
config.status: lib/curl_config.h is unchanged
config.status: executing depfiles commands
config.status: executing libtool commands
configure: WARNING: unrecognized options: --with-random
configure: Configured to build curl/libcurl:

  Host setup:       x86_64-pc-linux-gnu
  Install prefix:   /home/oof/curl-fuzzer/build/curl-install
  Compiler:         clang
   CFLAGS:          -fsanitize=address,fuzzer-no-link -Qunused-arguments -Werror-implicit-function-declaration -g -O0 -pedantic -Wall -Wextra -Wpointer-arith -Wwrite-strings -Wshadow -Wnested-externs -Wmissing-declarations -Wmissing-prototypes -Wno-long-long -Wfloat-equal -Wsign-compare -Wno-multichar -Wundef -Wno-format-nonliteral -Wendif-labels -Wstrict-prototypes -Wdeclaration-after-statement -Wcast-align -Wno-system-headers -Wshorten-64-to-32 -Wunused -Waddress -Wattributes -Wbad-function-cast -Wconversion -Wdiv-by-zero -Wformat-security -Wempty-body -Wmissing-field-initializers -Wmissing-noreturn -Wold-style-definition -Wredundant-decls -Wtype-limits -Wunreachable-code -Wunused-parameter -Wignored-qualifiers -Wvla -Wno-sign-conversion -Wshift-sign-overflow -Wcast-qual -Wlanguage-extension-token -Wformat=2 -Wenum-conversion -Wsometimes-uninitialized -Wmissing-variable-declarations -Wheader-guard -Wunused-const-variable -Wpragmas -Wdouble-promotion -Wcomma -Wassign-enum -Wextra-semi-stmt -Wimplicit-fallthrough -Wxor-used-as-pow
   CFLAGS extras:
   CPPFLAGS:        -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -D_GNU_SOURCE -isystem /home/oof/curl-fuzzer/build/zlib-install/include -isystem /home/oof/curl-fuzzer/build/zstd-install/include -isystem /home/oof/curl-fuzzer/build/openssl-install/include -isystem /home/oof/curl-fuzzer/build/libidn2-install/include -isystem /home/oof/curl-fuzzer/build/nghttp2-install/include
   LDFLAGS:         -L/home/oof/curl-fuzzer/build/zlib-install/lib -L/home/oof/curl-fuzzer/build/zstd-install/lib -L/home/oof/curl-fuzzer/build/openssl-install/lib -L/home/oof/curl-fuzzer/build/libidn2-install/lib -L/home/oof/curl-fuzzer/build/nghttp2-install/lib
     curl-config:   -L/home/oof/curl-fuzzer/build/zstd-install/lib -L/home/oof/curl-fuzzer/build/openssl-install/lib -L/home/oof/curl-fuzzer/build/libidn2-install/lib -L/home/oof/curl-fuzzer/build/nghttp2-install/lib
   LIBS:            -lnghttp2 -lidn2 -lssl -lcrypto -lssl -lcrypto -lldap -llber -lzstd -lzstd -lbrotlidec -lz

  curl version:     8.15.0-DEV
  SSL:              enabled (OpenSSL v3+)
  SSH:              no      (--with-{libssh,libssh2})
  zlib:             enabled
  brotli:           enabled (libbrotlidec)
  zstd:             enabled (libzstd)
  GSS-API:          no      (--with-gssapi)
  GSASL:            no      (libgsasl not found)
  TLS-SRP:          enabled
  resolver:         POSIX threaded
  IPv6:             enabled
  Unix sockets:     enabled
  IDN:              enabled (libidn2)
  Build docs:       no
  Build libcurl:    Shared=no, Static=yes
  Built-in manual:  no      (--enable-manual)
  --libcurl option: enabled (--disable-libcurl-option)
  Verbose errors:   enabled (--disable-verbose)
  Code coverage:    disabled
  SSPI:             no      (--enable-sspi)
  ca cert bundle:   /etc/ssl/certs/ca-certificates.crt
  ca cert path:     /etc/ssl/certs
  ca cert embed:    no
  ca fallback:      no
  LDAP:             enabled (OpenLDAP)
  LDAPS:            enabled
  IPFS/IPNS:        enabled
  RTSP:             enabled
  RTMP:             no      (--with-librtmp)
  PSL:              no      (--with-libpsl)
  Alt-svc:          enabled (--disable-alt-svc)
  Headers API:      enabled (--disable-headers-api)
  HSTS:             enabled (--disable-hsts)
  HTTP1:            enabled (internal)
  HTTP2:            enabled (nghttp2)
  HTTP3:            no      (--with-ngtcp2 --with-nghttp3, --with-quiche, --with-openssl-quic, --with-msh3)
  ECH:              no      (--enable-ech)
  HTTPS RR:         no      (--enable-httpsrr)
  SSLS-EXPORT:      no      (--enable-ssls-export)
  Protocols:        dict file ftp ftps gopher gophers http https imap imaps ipfs ipns ldap ldaps mqtt pop3 pop3s rtsp smb smbs smtp smtps telnet tftp ws wss
  Features:         alt-svc AsynchDNS brotli Debug HSTS HTTP2 HTTPS-proxy IDN IPv6 Largefile libz NTLM SSL threadsafe TLS-SRP TrackMemory UnixSockets zstd

[ 40%] Performing build step for 'curl_external'
Making all in lib
  RUN      checksrc
Making all in docs
Making all in .
Making all in cmdline-opts
Making all in libcurl
Making all in opts
Making all in src
  RUN      checksrc
Making all in scripts
[ 41%] Performing install step for 'curl_external'
Making install in lib
  RUN      checksrc
 /usr/bin/mkdir -p '/home/oof/curl-fuzzer/build/curl-install/lib'
 /bin/bash ../libtool   --mode=install /usr/bin/install -c   libcurl.la '/home/oof/curl-fuzzer/build/curl-install/lib'
Usage: /home/oof/curl-fuzzer/build/curl/src/curl_external/libtool [OPTION]... [MODE-ARG]...
Try 'libtool --help' for more information.
libtool:   error: 'libcurl.la' is not a valid libtool archive
gmake[6]: *** [Makefile:1712: install-libLTLIBRARIES] Error 1
gmake[5]: *** [Makefile:5031: install-am] Error 2
gmake[4]: *** [Makefile:624: install-recursive] Error 1
gmake[3]: *** [CMakeFiles/curl_external.dir/build.make:103: curl/src/curl_external-stamp/curl_external-install] Error 2
gmake[2]: *** [CMakeFiles/Makefile2:298: CMakeFiles/curl_external.dir/all] Error 2
gmake[1]: *** [CMakeFiles/Makefile2:950: CMakeFiles/fuzz.dir/rule] Error 2
gmake: *** [Makefile:462: fuzz] Error 2
oof@elskun-lppri:~/curl-fuzzer$ find . | grep libcurl.la
./build/curl-install/lib/libcurl.la
./build/curl/src/curl_external/lib/libcurl_la-asyn-thrdd.o

the files seems to actually exist:

oof@elskun-lppri:~/curl-fuzzer$ find . | grep "libcurl\.la"
./build/curl-install/lib/libcurl.la
./build/curl/src/curl_external/lib/.libs/libcurl.la
./build/curl/src/curl_external/lib/.libs/libcurl.lai
./build/curl/src/curl_external/lib/libcurl.la
oof@elskun-lppri:~/curl-fuzzer$
```

but they are empty:

```
./build/curl/src/curl_external/lib/libcurl_la-http2.o
oof@elskun-lppri:~/curl-fuzzer$ find . | grep "libcurl\.la"
./build/curl-install/lib/libcurl.la
./build/curl/src/curl_external/lib/.libs/libcurl.la
./build/curl/src/curl_external/lib/.libs/libcurl.lai
./build/curl/src/curl_external/lib/libcurl.la
oof@elskun-lppri:~/curl-fuzzer$ file ./build/curl-install/lib/libcurl.la
./build/curl-install/lib/libcurl.la: empty
oof@elskun-lppri:~/curl-fuzzer$ file ./build/curl/src/curl_external/lib/.libs/libcurl.la
./build/curl/src/curl_external/lib/.libs/libcurl.la: symbolic link to ../libcurl.la
oof@elskun-lppri:~/curl-fuzzer$ file ./build/curl/src/curl_external/lib/libcurl.la
./build/curl/src/curl_external/lib/libcurl.la: empty
oof@elskun-lppri:~/curl-fuzzer$
```

EDIT: Ok, so the errors were due to an interrupted build. Nothing to be worried about really.

I updated the CMakeLists.txt file and included the ldap protocol and I am going to update you on how this goes.

[personnumber3377]

Now I am getting this error here:

/javapath:/mnt/c/WINDOWS/system32:/mnt/c/WINDOWS:/mnt/c/WINDOWS/System32/Wbem:/mnt/c/WINDOWS/System32/WindowsPowerShell/v1.0/:/mnt/c/WINDOWS/System32/OpenSSH/:/mnt/c/Program Files/dotnet/:/mnt/c/Program Files/MATLAB/R2024b/runtime/win64:/mnt/c/Program Files/MATLAB/R2024b/bin:/mnt/c/Program Files/Git/cmd:/mnt/c/Program Files (x86)/Windows Kits/10/Windows Performance Toolkit/:/mnt/c/Program Files/Go/bin:/mnt/c/Users/elsku/.cargo/bin:/mnt/c/Users/elsku/AppData/Local/Microsoft/WindowsApps:/mnt/c/Program Files/JetBrains/IntelliJ IDEA 2024.2.3/bin:/mnt/c/Users/elsku/AppData/Local/Muse Hub/lib:/mnt/c/MinGW/bin:/mnt/c/Users/elsku/.dotnet/tools:/mnt/c/Users/elsku/runtime/.dotnet/:/mnt/c/Users/elsku/AppData/Local/Keybase/:/mnt/c/Users/elsku/go/bin:/snap/bin:/home/oof/.dotnet/tools:/home/oof/.rvm/bin:/sbin" ldconfig -n /home/oof/curl-fuzzer/build/curl-install/lib
----------------------------------------------------------------------
Libraries have been installed in:
   /home/oof/curl-fuzzer/build/curl-install/lib

If you ever happen to want to link against installed libraries
in a given directory, LIBDIR, you must either use libtool, and
specify the full pathname of the library, or use the '-LLIBDIR'
flag during linking and do at least one of the following:
   - add LIBDIR to the 'LD_LIBRARY_PATH' environment variable
     during execution
   - add LIBDIR to the 'LD_RUN_PATH' environment variable
     during linking
   - use the '-Wl,-rpath -Wl,LIBDIR' linker flag
   - have your system administrator add LIBDIR to '/etc/ld.so.conf'

See any operating system documentation about shared libraries for
more information, such as the ld(1) and ld.so(8) manual pages.
----------------------------------------------------------------------
Making install in docs
Making install in .
Making install in cmdline-opts
Making install in libcurl
Making install in opts
 /usr/bin/mkdir -p '/home/oof/curl-fuzzer/build/curl-install/share/aclocal'
 /usr/bin/install -c -m 644 libcurl.m4 '/home/oof/curl-fuzzer/build/curl-install/share/aclocal'
Making install in src
  RUN      checksrc
 /usr/bin/mkdir -p '/home/oof/curl-fuzzer/build/curl-install/bin'
  /bin/bash ../libtool   --mode=install /usr/bin/install -c curl '/home/oof/curl-fuzzer/build/curl-install/bin'
libtool: install: /usr/bin/install -c curl /home/oof/curl-fuzzer/build/curl-install/bin/curl
Making install in scripts
 /usr/bin/mkdir -p '/home/oof/curl-fuzzer/build/curl-install/bin'
 /usr/bin/install -c wcurl '/home/oof/curl-fuzzer/build/curl-install/bin'
 /usr/bin/mkdir -p '/home/oof/curl-fuzzer/build/curl-install/bin'
 /usr/bin/mkdir -p '/home/oof/curl-fuzzer/build/curl-install/lib/pkgconfig'
 /usr/bin/install -c -m 644 libcurl.pc '/home/oof/curl-fuzzer/build/curl-install/lib/pkgconfig'
 /usr/bin/install -c curl-config '/home/oof/curl-fuzzer/build/curl-install/bin'
Making install in curl
  RUN      checksrc
 /usr/bin/mkdir -p '/home/oof/curl-fuzzer/build/curl-install/include/curl'
 /usr/bin/install -c -m 644 curl.h curlver.h easy.h mprintf.h stdcheaders.h multi.h typecheck-gcc.h system.h urlapi.h options.h header.h websockets.h '/home/oof/curl-fuzzer/build/curl-install/include/curl'
Making install in .
Making install in cmdline-opts
Making install in libcurl
Making install in opts
 /usr/bin/mkdir -p '/home/oof/curl-fuzzer/build/curl-install/share/aclocal'
 /usr/bin/install -c -m 644 libcurl.m4 '/home/oof/curl-fuzzer/build/curl-install/share/aclocal'
[ 39%] Completed 'curl_external'
[ 41%] Built target curl_external
[ 42%] Linking CXX executable curl_fuzzer_fnmatch
[ 44%] Linking CXX executable curl_fuzzer_file
[ 44%] Linking CXX executable curl_fuzzer
[ 45%] Linking CXX executable curl_fuzzer_dict
/usr/bin/ld: libstandaloneengine.a(standalone_fuzz_target_runner.cc.o): in function `main':
standalone_fuzz_target_runner.cc:(.text.main[main]+0x1b6): undefined reference to `LLVMFuzzerTestOneInput'
/usr/bin/ld: libstandaloneengine.a(standalone_fuzz_target_runner.cc.o): in function `main':
standalone_fuzz_target_runner.cc:(.text.main[main]+0x1b6): undefined reference to `LLVMFuzzerTestOneInput'
/usr/bin/ld: libstandaloneengine.a(standalone_fuzz_target_runner.cc.o): in function `main':
standalone_fuzz_target_runner.cc:(.text.main[main]+0x1b6): undefined reference to `LLVMFuzzerTestOneInput'
/usr/bin/ld: libstandaloneengine.a(standalone_fuzz_target_runner.cc.o): in function `main':
standalone_fuzz_target_runner.cc:(.text.main[main]+0x1b6): undefined reference to `LLVMFuzzerTestOneInput'
clang++: error: linker command failed with exit code 1 (use -v to see invocation)
clang++: error: linker command failed with exit code 1 (use -v to see invocation)
clang++: error: linker command failed with exit code 1 (use -v to see invocation)
clang++: error: linker command failed with exit code 1 (use -v to see invocation)
gmake[3]: *** [CMakeFiles/curl_fuzzer_fnmatch.dir/build.make:105: curl_fuzzer_fnmatch] Error 1
gmake[2]: *** [CMakeFiles/Makefile2:934: CMakeFiles/curl_fuzzer_fnmatch.dir/all] Error 2
gmake[2]: *** Waiting for unfinished jobs....
gmake[3]: *** [CMakeFiles/curl_fuzzer_dict.dir/build.make:137: curl_fuzzer_dict] Error 1
gmake[3]: *** [CMakeFiles/curl_fuzzer_file.dir/build.make:137: curl_fuzzer_file] Error 1
gmake[2]: *** [CMakeFiles/Makefile2:390: CMakeFiles/curl_fuzzer_dict.dir/all] Error 2
gmake[2]: *** [CMakeFiles/Makefile2:422: CMakeFiles/curl_fuzzer_file.dir/all] Error 2
gmake[3]: *** [CMakeFiles/curl_fuzzer.dir/build.make:137: curl_fuzzer] Error 1
gmake[2]: *** [CMakeFiles/Makefile2:358: CMakeFiles/curl_fuzzer.dir/all] Error 2
gmake[1]: *** [CMakeFiles/Makefile2:985: CMakeFiles/fuzz.dir/rule] Error 2
gmake: *** [Makefile:475: fuzz] Error 2
oof@elskun-lppri:~/curl-fuzzer$ cat mainline.sh
#!/bin/bash

[personnumber3377]

I think there was another similar issue a while back: #38 , so it seems that that issue has resurfaced for me...

[personnumber3377]

Hi!

I have tried to fix this compiler bug for a while, but I didn't get it working. Can you help me a bit? Also should I open a separate issue for that compiler error complaining about LLVMFuzzerTestOneInput?

Thanks in advance!

[cmeister2]

I'm afraid I don't have the mental bandwidth at the moment to support you on this. The code works in CI, oss-fuzz, and in Ubuntu WSL, so I expect your setup is doing something nonstandard.

If you want to open an issue then feel free to (to have a place for discussion), but I'm not able to walk you through your build issues.

[personnumber3377]

Okay, so I had to downgrade to clang-14 and I had to do some modifications to CMakeLists.txt for it to compile. I don't really care since I just want something working for now. I now have a curl_fuzzer_ldap file. How can I only add link libraries to the final executable? The ldap fuzzer needs the -lldap and -llber flags. I solved this by just doing CFLAGS="-lldap -llber" but this of course links it to every single executable even though it is not needed. Is there any documentation on the TLV format the fuzzer uses? I tried reading the source, but it didn't really shed that much light. I know that tlv is short for type length value, but a more in depth explanation would be appreciated. I think that adding LDAP specific TLV things should do some good too. I have plenty of free time, so maybe I can try adding such? I can also share my current fork of this repo with you if you like.

Thanks in advance again!

[cmeister2]

I've had chance to look at this myself and I've written the portions that are needed for LDAP fuzzing locally. As far as I know there are no LDAP specific CURLOPT options so extra TLVs are not required here.

I ran the fuzzer overnight and hit no issues. My code depends on a fix I've pushed to the main curl repo, however, so is dependent on that getting in.

[personnumber3377]

Hi!

Do you mind sharing your fork? I looked through your profile but couldn't find it. I was a bit useless here since you managed to make one first, but I guess I can try to improve it further.

Thanks in advance!