There is also a few people who can be found on search engines, who forked ucspi-tcp, who might be willing and able to help this cause.
[quote=“HulaHoop, post:4, topic:363”]I assume TAILS uses it because that security enhancement for ControlPort Filter was discussed and implemented by them first.
It was about limiting the characters allowed to 128, which is good, but has no relation to ucspi-tcp.
If they have nothing to do with it then I would like to be of assistance in auditing/fuzzing this package with your assistance.
1. compile ucspi from source with the correct debugging hooks so Valgrind can use it:
I'll be happy to send the logs as I would have no idea whats in them or how to fix it , but the Debian guys will.
2. Import the source code that I got from Debian repos in to Git so I can sign onto Coverity and run a check.
Maintainer: Gerrit Pape <email@example.com>
Getting it from git is better than apt-get source, but anyway. The Vcs-Git link is currently offline. Please tell Gerrit Pape about it.
If there is no reply, we need to open a bug against Debian. But let’s not expect the worst.
3. Check with PeachFuzzer by following this guide: http://www.flinkd.org/2011/07/fuzzing-with-peach-part-1/