security patches

[Florian Weimer]

David Shaw <dshaw@jabberwocky.com> writes:

> > And there's a tendency for implementation errors because of the two
> > areas which require rather different treatment.
> 
> True.  The famous ADK bug was from this exact problem.
> 
> It would be nice if the RFC had a note saying something like "Hey
> Buddy - if you want to rely on these subpackets being unchangeable,
> put them in the HASHED section!" :)

This wouldn't have prevented the ADK bug.  Creating packets in the
proper place is not too difficult, but if you don't add an additional
layer of abstraction, you have to check whether a packet is in the
hashed area or not in many places.

-- 
Florian Weimer 	                  Florian.Weimer@RUS.Uni-Stuttgart.DE
University of Stuttgart           http://cert.uni-stuttgart.de/
RUS-CERT                          +49-711-685-5973/fax +49-711-685-5898