Fuzzing for Stateful Protocol Implementations: Are We There Yet?

Stateful protocols, such as FTP, SIP, and RTSP, play a significant role in computer systems. However, their implementation is prone to security vulnerabilities, which have drawn attention from both industry and academia. Various fuzzing techniques, including the AFLNet fuzzer, have been proposed to test stateful protocol implementations. However, the effectiveness of these existing techniques has not been systematically evaluated, and the understanding of their strengths and weaknesses is limited. To fill this gap, we conducted a comprehensive study to explore the performance of state-of-the-art fuzzing techniques on stateful protocols. In particular, we systematically investigated six state-of-the-art fuzzers on 13 widely used programs using identical seed inputs. Our empirical study revealed the following key findings: (i) State coverage guidance effectively navigates through complex states, although with limitations in directly improving code coverage; (ii) Sequence mutation is pivotal yet requires refinement for effectiveness; (iii) Replacement of asynchronous network socket with synchronous shared memory not only improves test throughput but also improve test efficiency. Finally, based on our findings, we further pinpointed the further research in the broad area of stateful protocol fuzzing.