Carsten Bormann <c...@tzi.org> wrote:
>> Or, if it is supported by the language then is it reasonable that
>> implementation SHOULD support it? In which case I think that we might
>> need a second encoding of bits that supports this pathological case.
>> Perhaps an array of 'set' bit positions, or alternatively the union
>> string encoding of bits could be used.
> This could reduce the attack vector by malicious YANG specification,
> but I think an arbitrary limit (such as the 256 mentioned above) should
> work, too. (Except that arbitrary limits always come back to bite you,
> but that’s what we have software maintenance contracts for.)
I think that the YANG knows what the maximum value is.
So I think that anyone generating code from specific YANG definitions could
size their array based upon that value.
If it's a generic decoder for YANG encoded content, then it might need
a hint from the application, or it could have a compile-time arbitrary limit.
--
Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ netmod mailing list netmod@ietf.org https://www.ietf.org/mailman/listinfo/netmod
