Bugs found by TCP-Fuzz (opensource projects only)
Here I list some of bugs found by TCP-Fuzz for opensource projects.
mTCP
Remove mtcp listener before it is freed.
Validate ip length before using tcp header.
Accept the packet with seq smaller than the last received packet
Fix out of bound read
Check first ack packet to update its timestamp value
Accept packets without timestamp option
Fix 0 mss if we do not receive mss before
Fix NULL pointer if we read before receiving any packet with data
F-Stack
Duplicated packets cause read error?
Some issues of current version FreeBSD
FreeBSD
RFC 5961 is not implemented completely
connections should be closed if a same packet without FIN is received after FIN received
data in syn_ack should be ignored
The ioctl of socket fd should return -1 after listen to avoid misusing.
Should we reject the packet with timestamp if no timestamp in SYN and SYN_ACK?
Should we reject packets with the nonmonotonic timestamp?