ASN parsing code, in general, does not check for presence of trailing bytes (see... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

ctz on Feb 11, 2015 | parent | context | favorite | on: The Bitcoin Piñata

ASN parsing code, in general, does not check for presence of trailing bytes (see Bleichenbacher's original signature forgery attack, and CVEs passim). Should they? Yes. Do they? No, it is a frequent implementation error.

In NSS, they did check for trailing bytes, but allowed one part of the ASN1 structure to have an arbitrary value (to work around flaws in other implementations).

To be abundantly clear: I am not saying that any of the presented code has an exploitable flaw. I am saying that the way the code is written has frequently been found to be faulty in the past.

hannesm on Feb 11, 2015 [–]

"ASN parsing code, in general"... this sounds like you're a bit stuck in ad-hoc ASN.1 parsers written in C...

We actually use combinators for doing that - this explains our ASN.1 library in more depth: http://openmirage.org/blog/introducing-asn1

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact