[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message]

Re: Fwd: [e-lang] Protocol implementation errors

• To: "xml-dev@l..." <xml-dev@l...>
• Subject: Re: Fwd: [e-lang] Protocol implementation errors
• From: Miles Sabin <miles@m...>
• Date: Sat, 4 Oct 2003 08:07:58 +0100
• In-reply-to: <Pine.LNX.4.44L0.0310032027200.23488-100000@s...>
• References: <Pine.LNX.4.44L0.0310032027200.23488-100000@s...>
• Sender: Miles Sabin <miles@m...>
• User-agent: KMail/1.5.1

Rich Salz wrote,
> Miles Sabin wrote,
> > Blaming a design for the flaws of an aging, bloated and crufty
> > implementation is silly.
>
> Interestingly, the OpenSSL ASN.1 flaws seem to be in both the old
> code (from the SSLeay days), and the fairly new ASN.1 code recently
> released. /r$

Fair enough. But just how "new" is that new ASN.1 code? If it was 
completely original code with no borrowings from SSLeay and still 
reproduced the same or very similar bugs, and those bugs were 
intrinsically related to ASN.1 rather than being, eg., generic integer 
overflows, then that'd be good evidence that there was a general 
problem with ASN.1.

But looking at the recent NISCC advisory, that doesn't appear to be the 
case: the three flaws directly related to the ASN.1 implementation seem 
to be generic C-specific bugs which could just as easily affect an XML 
parser implemented in the same language.

Cheers,


Miles

• Follow-Ups:
  • Re: Fwd: [e-lang] Protocol implementation errors
    • From: Berend de Boer <berend@x...>

• References:
  • Re: Fwd: [e-lang] Protocol implementation errors
    • From: Rich Salz <rsalz@d...>

• Prev by Date: Re: Fwd: [e-lang] Protocol implementation errors
• Next by Date: Re: Ambiguous Content Models
• Previous by thread: Re: Fwd: [e-lang] Protocol implementation errors
• Next by thread: Re: Fwd: [e-lang] Protocol implementation errors
• Index(es):
  • Date
  • Thread