"ISAKMP" flaws?
Steven M. Bellovin
smb at cs.columbia.edu
Fri Nov 18 10:18:09 EST 2005
In message <p062309a8bfa266327e1b@[10.20.30.249]>, Paul Hoffman writes:
>At 11:20 AM +0100 11/17/05, Florian Weimer wrote:
>>These bugs have been uncovered by a PROTOS-style test suite. Such
>>test suites can only reveal missing checks for boundary conditions,
>>leading to out-of-bounds array accesses and things like that. In
>>other words, trivial implementation errors which can be easily avoided
>>using proper programming tools.
>
>Which "proper programming tools" would check for a logic path failure
>when a crafted packet includes Subpacket A that is only supposed to
>be there when Subpacket B is there, but the packet doesn't include
>Subpacket B? There are no programming tools that check for this, or
>for related issues: it has to be the implementer who has enough
>understanding of the protocol and enough time (and program space) to
>code against such issues.
Decent test case generators.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list