Boost :

Date view	Thread view	Subject view	Author view

Subject: Re: [boost] [beast] Review
From: Phil Endecott (spam_from_boost_dev_at_[hidden])
Date: 2017-07-09 18:57:17

Next message: Vinnie Falco: "Re: [boost] [beast] Review"
Previous message: Phil Endecott: "[boost] My Beast Review"
In reply to: Jens Weller: "[boost] [beast] Review"
Next in thread: Vinnie Falco: "Re: [boost] [beast] Review"
Reply: Vinnie Falco: "Re: [boost] [beast] Review"
Reply: Jens Weller: "Re: [boost] [beast] Review"

Jens Weller wrote:
> Fuzzing. I spend this weekend some time to fuzz beast with libFuzzer.
> The basic_parser and the websocket::stream were fuzzed.
> A bug (buffer overflow) in basic_parser was found, and is already fixed.

*THANK YOU* so much for doing that. I didn't see your message until
after I'd sent my review, and I feel even more justified in my comments
about the over-complex optimisations in the parser, and the security
implications.

I'd be interested to see where the bug was. Was this posted on the list?

Regards, Phil.

Next message: Vinnie Falco: "Re: [boost] [beast] Review"
Previous message: Phil Endecott: "[boost] My Beast Review"
In reply to: Jens Weller: "[boost] [beast] Review"
Next in thread: Vinnie Falco: "Re: [boost] [beast] Review"
Reply: Vinnie Falco: "Re: [boost] [beast] Review"
Reply: Jens Weller: "Re: [boost] [beast] Review"

Date view	Thread view	Subject view	Author view

Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk