Vulnerability Development mailing list archives
Re: x509 cert parsing in web browsers
From: Valdis.Kletnieks () vt edu
Date: Sun, 08 Sep 2002 22:01:46 -0400
On Mon, 09 Sep 2002 13:43:45 +1200, pgut001 () cs auckland ac nz (Peter Gutmann) said:
Actually it's quite sensible, it provides a sane upper limit to check for problems, in the same way that any well-designed protocol (and standard in general, e.g. the C language standard) will provide upper limits to eliminate problems with arbitrary data input (in C's case things like recursive macro expansion).
A lofty and noble goal, but...
program usable again. I never explored it further, but it was obvious that neither of the two were doing any range checking on input, which was kind of worrying for a security-checking application.
This has "Welcome to the real world" written all over it... ;) -- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech
Attachment:
_bin
Description:
Current thread:
- x509 cert parsing in web browsers Michal Zalewski (Sep 08)
- <Possible follow-ups>
- x509 cert parsing in web browsers Administrator Serwera TEK-ART (Sep 08)
- Re: x509 cert parsing in web browsers Fernando J. Pando (Sep 09)
- Re: x509 cert parsing in web browsers Peter Gutmann (Sep 08)
- Re: x509 cert parsing in web browsers Valdis . Kletnieks (Sep 09)