Wan-Teh Chang wrote:
Lev Walkin wrote:
You might consider trying the open source ASN.1 compiler: http://lionet.info/asn1c
Cool! I will try to take a look at it.
Does the compiler generate a custom encoder and decoder for each ASN.1 type it compiles? Your documentation mentions a generic BER parser and decoder.
It does generate custom ones. In addition to that, the asn1c distribution also includes generic BER to XML convertor (and another one, for the opposite XML to BER conversion).
Recently ASN.1 decoders have been a source of buffer overflow vulnerabilities because many of them were not originally written to handle (maliciously constructed) invalid encoded data.
Historically, they were always sources of security problems.
Could you say something about your decoders in this respect?
The compiler was written specifically to address security concerns while provide streaming decoding capabilities.
I'll pay you $500 should you find a buffer overflow.
P.S. The code passes the NISCC test suite.
-- Lev Walkin [EMAIL PROTECTED] _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
