Dailydave mailing list archives
Re: Interesting (?) bug
From: "Rhys Kidd" <rhyskidd () gmail com>
Date: Wed, 30 May 2007 15:52:11 +0800
On 29/05/07, Chris Anley <chris () ngssoftware com> wrote:
In fact, it appears to have been 'revealed' by the fix to this issue in 2005. So I guess maybe I just reviewed vpnd at a propitious time? Then again, 2 years is a while, right? Cheers, -chris.
Apple really haven't managed to lever the value in open source secure code review. I remember their "Open Directory" aka. OpenLDAP was woefully out-of-date with upstream for a number of years. Best example was the assert( 0 ) bug that had been fixed approximately 1.5 years previously in OpenLDAP. I'm sure if some one on this list had a spare week, and simply compared the version from Apple OpenSource and the most up-to-date public release they're be a few easy to spot bugs to garner a claim to fame. I hope Apple's recent hires in Security Engineering can turn the ship around. Rhys BTW: To anyone else who has reviewed the OpenLDAP code, did it also strike you as source code that was hard to follow with their formatting, and likely to contain a few more DoS bugs due to liberal use of assert()'s in non-debug?
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Interesting (?) bug Chris Anley (May 29)
- Re: Interesting (?) bug Kevin Finisterre (lists) (May 29)
- Re: Interesting (?) bug Rhys Kidd (May 30)