> The fix: All buffers should be length prefixed from database, to frontend server, to user interface.
If you think that that is a solution to anything, you must be living in a universe where ASN.1 implementations have not ever had bugs, in particular they must never have had any vulnerabilities.
It's certainly not the universe that I live in.
In that same universe, packet sniffers/protocol disectors probably also never had any vulnerabilities due to blindly trusting length values?
If you think that that is a solution to anything, you must be living in a universe where ASN.1 implementations have not ever had bugs, in particular they must never have had any vulnerabilities.
It's certainly not the universe that I live in.
In that same universe, packet sniffers/protocol disectors probably also never had any vulnerabilities due to blindly trusting length values?