ASN.1, the toxic gift that keeps on giving...
Simo
simo at samba.org
Tue May 3 20:05:34 UTC 2016
On Tue, 2016-05-03 at 12:08 -0700, Jeremy Allison wrote:
> Nice to know it's not only us who can never get
> ASN.1 right...
>
> https://www.openssl.org/news/secadv/20160503.txt
>
> "ASN.1 encoding the value zero
> represented as a negative integer can cause a buffer underflow
> with an out-of-bounds write in i2c_ASN1_INTEGER."
>
> WHY WOULD YOU CREATE A PROTOCOL THAT ALLOWS ZERO
> ENCODED AS A NEGATIVE INTEGER ?!?!?!?!?!?!?
>
> Never mind, another 40+ years and *maybe* the
> ASN.1 parsers will be secure.
I have to say, even with all these nasty gifts, I like ASN.1 better
then the alternatives.
There I said it, I am ready for the Asylum :-)
Simo.
More information about the samba-technical
mailing list