Skip to content

Commit

Permalink
Initial project proposal (#12472)
Browse files Browse the repository at this point in the history 
I am requesting permission to integrate
[libconfig](https://github.com/hyperrealm/libconfig) into OSS-Fuzz. I
believe that this project is a good candidate for OSS-Fuzz integration
as it serves as a preeminent library for parsing and reading
configuration files. The
[Linux](https://github.com/torvalds/linux/blob/master/tools/thermal/thermometer/thermometer.c)
kernel, [Janus WebRTC
Server](https://github.com/meetecho/janus-gateway), and the
[SSLH](https://github.com/yrutschle/sslh) project are just a few
examples of high-impact and security relevant projects that utilize this
library. In addition to the possibility of uncovering edge-cases and
bugs in the parsing of configuration files, there is the possibility of
a malicious actor crafting a corrupted config file for an elevated
service that could be used to perform privilege escalation.

Please see upstream approval for integration
[here](hyperrealm/libconfig#244)
  • Loading branch information
@capuanob
capuanob authored Sep 19, 2024
1 parent e763013 commit 01529fb
Showing 1 changed file with 6 additions and 0 deletions.
6 changes: 6 additions & 0 deletions projects/libconfig/project.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
homepage: "https://hyperrealm.github.io/libconfig/"
language: c
primary_contact: "hyperrealm@gmail.com"
auto_ccs:
- "capuanobailey@gmail.com"
main_repo: "https://github.com/hyperrealm/libconfig.git"

0 comments on commit 01529fb

Please sign in to comment.