[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] Re: Fwd: [e-lang] Protocol implementation errors
Rich Salz wrote, > Miles Sabin wrote, > > Blaming a design for the flaws of an aging, bloated and crufty > > implementation is silly. > > Interestingly, the OpenSSL ASN.1 flaws seem to be in both the old > code (from the SSLeay days), and the fairly new ASN.1 code recently > released. /r$ Fair enough. But just how "new" is that new ASN.1 code? If it was completely original code with no borrowings from SSLeay and still reproduced the same or very similar bugs, and those bugs were intrinsically related to ASN.1 rather than being, eg., generic integer overflows, then that'd be good evidence that there was a general problem with ASN.1. But looking at the recent NISCC advisory, that doesn't appear to be the case: the three flaws directly related to the ASN.1 implementation seem to be generic C-specific bugs which could just as easily affect an XML parser implemented in the same language. Cheers, Miles
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|