[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message]

Re: Fwd: [e-lang] Protocol implementation errors


protocol implementation

Rich Salz wrote:
> > Are you saying it doesn't make sense to ask why ASN.1 has been
> > vulnerable to long-lived bugs? We are not talking about just one
> > bug in just one implementation.
>
> In every case so far, it's been untested code paths.  As others have
> said, that's not ASN1/[BDPX]ER's fault.


Hm.  Seems to me that untested code paths are at least
_partly_ ASN.1's fault.

You've got the BER, DER, PER, and XER, all of which
perform essentially the same function in different ways.
That right there gives you four times as much code to
verify and test.  I'm not familiar with [DPX]ER, but the
BER is a tag-length-value scheme with variable length tags (!),
variable length length fields (!!), and two different
ways of encoding the length (!!!)

There are eight different ways to encode floating point
numbers.  The IMPLICIT keyword, which causes the tag
part of the TLV triple to be omitted from the presentation
stream, means that you can't just build and verify a
generic BER decoder; in the worst case you have to build,
and verify, separate decoding routines for every complex
data type known to the system.  The list goes on.

Given the number of options, ASN.1 inherently requires
a lot of code to implement, with a lot of code paths
that are never exercised in production.  Devising a
test suite for a code base with that much surface area
has got to be a Herculean task.  It's not surprising
that bugs have been found in untested code paths;
I'd be very surprised if there *weren't* any.


--Joe English

  jenglish@f...


PURCHASE STYLUS STUDIO ONLINE TODAY!

Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced!

Buy Stylus Studio Now

Download The World's Best XML IDE!

Accelerate XML development with our award-winning XML IDE - Download a free trial today!

Don't miss another message! Subscribe to this list today.
Email
First Name
Last Name
Company
Subscribe in XML format
RSS 2.0
Atom 0.3
 

Stylus Studio has published XML-DEV in RSS and ATOM formats, enabling users to easily subcribe to the list from their preferred news reader application.


Stylus Studio Sponsored Links are added links designed to provide related and additional information to the visitors of this website. they were not included by the author in the initial post. To view the content without the Sponsor Links please click here.

Site Map | Privacy Policy | Terms of Use | Trademarks
Free Stylus Studio XML Training:
W3C Member
Stylus Studio® and DataDirect XQuery ™are products from DataDirect Technologies, is a registered trademark of Progress Software Corporation, in the U.S. and other countries. © 2004-2013 All Rights Reserved.