DOC-BUG: Security considerations for parsing records
2004-09-03 15:47:47
I haven't seen this mentioned in the drafts, but I remember someone
Bellovin bringing this up in a different forum in regards to SPF a few
months ago. Among the two RR formats for Sender-ID, is the TXT format.
As Steve pointed out, parsing any kind of free form data can potentially
lead to security issues if the parsers are not written properly (such as
buffer overruns). Therefore, it might be useful to add a section or just
a few sentences to mention that issue.
Yakov
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- DOC-BUG: Security considerations for parsing records,
Yakov Shafranovich <=
|
|
|