kizzycode / asn1_der-rust Goto Github PK
View Code? Open in Web Editor NEWThis library provides a simple ASN.1-DER en-/decoder
This library provides a simple ASN.1-DER en-/decoder
When de-serializing bytes, an arbitrary length of the value can be specified. When building data_buf
here:
https://github.com/KizzyCode/asn1_der/blob/master/src/der/value.rs#L17
This can lead to memory crashes for arbitrary large length values. Perhaps an upper bound is required to prevent crashing applications when de serializing arbitrary byte arrays.
This can be reproduced in the following example:
use asn1_der::{Asn1Der, FromDerObject};
#[derive(Asn1Der)]
struct Test {
inner: String,
}
fn main() {
let bytes = [
157, 247, 157, 157, 157, 157, 157, 157, 157, 157, 157, 157, 157, 157, 157, 67, 157, 1, 0,
0, 0, 157, 157, 157, 157, 157, 157, 157, 157,
];
let _ = Test::deserialize(bytes.iter());
}
The current version on master (https://github.com/KizzyCode/asn1_der-rust/blob/60743ebaebdb621c47ad254b0e5987a9ba8cafde/LICENSE%20BSD%202-CLAUSE.md) appears to diverge in the wording from the online texts I have found of that license.
https://opensource.org/licenses/BSD-2-Clause
https://spdx.org/licenses/BSD-2-Clause.html
In both of the above online sources, in the part where it says:
THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT
The version in this repository says COPYRIGHT OWNER
instead of COPYRIGHT HOLDER
.
I only caught this divergence through a tool I am developing for the legal team at my company. Please bear in mind that I don't have licensing knowledge nor can say if the texts are equivalent, however I do think the license should not be branded as "BSD-2-Clause" if the text is anyhow different from the official one.
Is it possible to parse OIDs using that library?
As a novice both in ASN.1 encoding and Rust, I'd appreciate a dedicated section for installation/usage guide.
I found this project through github search. The README only makes sense if read from crates.io, where the github repo is linked at the top. Maybe put this link at the README forefront or the repo About? https://crates.io/crates/asn1_der
I noticed that all versions older than 0.6.2 have been yanked from crates.io. Is there a particular reason for this? Yanking is meant only to remove packages that have specific breaking issues: https://doc.rust-lang.org/cargo/reference/publishing.html#managing-a-cratesio-based-crate.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.