Vulnerability Development mailing list archives

Re: x509 cert parsing in web browsers

From: Valdis.Kletnieks () vt edu
Date: Sun, 08 Sep 2002 22:01:46 -0400

On Mon, 09 Sep 2002 13:43:45 +1200, pgut001 () cs auckland ac nz (Peter Gutmann)  said:

Actually it's quite sensible, it provides a sane upper limit to check for
problems, in the same way that any well-designed protocol (and standard in
general, e.g. the C language standard) will provide upper limits to eliminate
problems with arbitrary data input (in C's case things like recursive macro
expansion).


A lofty and noble goal, but...

program usable again.  I never explored it further, but it was obvious that
neither of the two were doing any range checking on input, which was kind of
worrying for a security-checking application.


This has "Welcome to the real world" written all over it... ;)
-- 
                                Valdis Kletnieks
                                Computer Systems Senior Engineer
                                Virginia Tech

Attachment: _bin
Description:

Current thread:

x509 cert parsing in web browsers Michal Zalewski (Sep 08)
- <Possible follow-ups>
- x509 cert parsing in web browsers Administrator Serwera TEK-ART (Sep 08)
  - Re: x509 cert parsing in web browsers Fernando J. Pando (Sep 09)
- Re: x509 cert parsing in web browsers Peter Gutmann (Sep 08)
  - Re: x509 cert parsing in web browsers Valdis . Kletnieks (Sep 09)