Hi all,
I'm sorry if this is a bit of a novice question.
I have noticed that in the latest security patch a lot of assertions have been added. If an assertion is not viable then "abort()" is called.
My question is this: Can a malicious user use these assertions to crash an application using the SSL libs? e.g. send a parameter containing a longer than allowed value which will cause the application to call abort and thus exit?
If so then these assertions could be the basis of a denial of service for this application.
Thanking you in advance for your help,
Ori.