Re: x509 cert parsing in web browsers
From: Valdis.Kletnieks@vt.eduDate: 09/09/02
- Previous message: Eric Stevens: "RE: PHP header() CRLF Injection"
- In reply to: Peter Gutmann: "Re: x509 cert parsing in web browsers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: pgut001@cs.auckland.ac.nz (Peter Gutmann) From: Valdis.Kletnieks@vt.edu Date: Sun, 08 Sep 2002 22:01:46 -0400
On Mon, 09 Sep 2002 13:43:45 +1200, pgut001@cs.auckland.ac.nz (Peter Gutmann) said:
> Actually it's quite sensible, it provides a sane upper limit to check for
> problems, in the same way that any well-designed protocol (and standard in
> general, e.g. the C language standard) will provide upper limits to eliminate
> problems with arbitrary data input (in C's case things like recursive macro
> expansion).
A lofty and noble goal, but...
> program usable again. I never explored it further, but it was obvious that
> neither of the two were doing any range checking on input, which was kind of
> worrying for a security-checking application.
This has "Welcome to the real world" written all over it... ;)
-- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech
- application/pgp-signature attachment: stored
- Previous message: Eric Stevens: "RE: PHP header() CRLF Injection"
- In reply to: Peter Gutmann: "Re: x509 cert parsing in web browsers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
