ASN.1, the toxic gift that keeps on giving...
Jeremy Allison
jra at samba.org
Tue May 3 19:08:48 UTC 2016
Nice to know it's not only us who can never get
ASN.1 right...
https://www.openssl.org/news/secadv/20160503.txt
"ASN.1 encoding the value zero
represented as a negative integer can cause a buffer underflow
with an out-of-bounds write in i2c_ASN1_INTEGER."
WHY WOULD YOU CREATE A PROTOCOL THAT ALLOWS ZERO
ENCODED AS A NEGATIVE INTEGER ?!?!?!?!?!?!?
Never mind, another 40+ years and *maybe* the
ASN.1 parsers will be secure.
More information about the samba-technical
mailing list