Re: Managing exploits

spf-discuss

Re: Managing exploits

2004-10-14 17:23:00

Mark C. Langston wrote:

Please correct me if I'm wrong, but it sounds like you're dancing around
the issue of input validation, to ensure no unexpected data is processed
by the application (and to avoid such things as buffer overflows, etc.).


Would be nice if Microsoft fixed the buffer overflow bug in their DNSAPI.DLL
that the Windows implementations of SPF are using.

(There is a buffer overrun in DNSAPI.DLL when it encounteres an empty
substring in a TXT record or in a domain name).

Roger

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Managing exploits, Commerco WebMaster Re: Managing exploits, Mark Lentczner Re: Managing exploits, Mark C. Langston Re: Managing exploits, Roger Moser <= Re: Managing exploits, wayne RE: Managing exploits, gary

Previous by Date:	SenderID and v=spf1 - Please say NO, william(at)elan.net
Next by Date:	Re: [SPF v1 Draft] Last chance before I submit..., wayne
Previous by Thread:	Re: Managing exploits, Mark C. Langston
Next by Thread:	Re: Managing exploits, wayne
Indexes:	[Date] [Thread] [Top] [All Lists]