Protocol implementation errors

John Lowry jlowry at bbn.com
Mon Oct 6 07:29:03 EDT 2003 

I agree with Peter.  If we're concerned about security implications of a
particular SW technique then obviously we should ban the C language and all
the string libraries first  ;-)

John
On 10/4/03 1:58, "Peter Gutmann" <pgut001 at cs.auckland.ac.nz> wrote:

> Bill Frantz <frantz at pwpconsult.com> writes:
> 
>> This is the second significant problem I have seen in applications that use
>> ASN.1 data formats.  (The first was in a widely deployed implementation of
>> SNMP.)  Given that good, security conscience programmers have difficultly
>> getting ASN.1 parsing right, we should favor protocols that use easier to
>> parse data formats.
>> 
>> I think this leaves us with SSH.  Are there others?
> 
> I would say the exact opposite: ASN.1 data, because of its TLV encoding, is
> self-describing (c.f. RPC with XDR), which means that it can be submitted to a
> static checker that will guarantee that the ASN.1 is well-formed.  In other
> words it's possible to employ a simple firewall for ASN.1 that isn't possible
> for many other formats (PGP, SSL, ssh, etc etc).  This is exactly what
> cryptlib does, I'd be extremely surprised if anything could get past that.
> Conversely, of all the PDU-parsing code I've written, the stuff that I worry
> about most is that which handles the ad-hoc (a byte here, a unit32 there, a
> string there, ...) formats of PGP, SSH, and SSL.  We've already seen half the
> SSH implementations in existence taken out by the SSH malformed-packet
> vulnerabilities, I can trivially crash programs like pgpdump (my standard PGP
> analysis tool) with malformed PGP packets (I've also crashed quite a number of
> SSH clients with malformed packets while fiddling with my SSH server code),
> and I'm just waiting for someone to do the same thing with SSL packets.  In
> terms of safe PDU formats, ASN.1 is the best one to work with in terms of
> spotting problems.
> 
> Peter.
> 
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list