|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: iSCSI: Text request/response spanning - security issue?Paul Koning wrote: > > If you crash, you have a bug. > No. Paul, as the draft currently stands, there is no limit on a single assignment "KEY=VALUE" and it can span multiple PDU's -- that is, the specification is faulty (the theorem), _then_ the program crashes (proof doesn't work). That is, a program satisfies the specification and upon a legitimate input it crashes the computer. > Is there a plausible real-world example where > someone will want to send a meaningful negotiation exchange that's > "very large"? Why wouldn't there be? This gets tricky especially if companies add their own variables and allow users to set their values... This way I can send _anything_ over the wire, being a value assignment. -- Luben
Home Last updated: Sat Mar 30 00:18:11 2002 9389 messages in chronological order |