Subject: Re: [boost] [beast] Review
From: Phil Endecott (spam_from_boost_dev_at_[hidden])
Date: 2017-07-09 18:57:17

• Next message: Vinnie Falco: "Re: [boost] [beast] Review"
• Previous message: Phil Endecott: "[boost] My Beast Review"
• In reply to: Jens Weller: "[boost] [beast] Review"
• Next in thread: Vinnie Falco: "Re: [boost] [beast] Review"
• Reply: Vinnie Falco: "Re: [boost] [beast] Review"
• Reply: Jens Weller: "Re: [boost] [beast] Review"

Jens Weller wrote:
> Fuzzing. I spend this weekend some time to fuzz beast with libFuzzer.
> The basic_parser and the websocket::stream were fuzzed.
> A bug (buffer overflow) in basic_parser was found, and is already fixed.

*THANK YOU* so much for doing that. I didn't see your message until
after I'd sent my review, and I feel even more justified in my comments
about the over-complex optimisations in the parser, and the security
implications.

I'd be interested to see where the bug was. Was this posted on the list?

Regards, Phil.

• Next message: Vinnie Falco: "Re: [boost] [beast] Review"
• Previous message: Phil Endecott: "[boost] My Beast Review"
• In reply to: Jens Weller: "[boost] [beast] Review"
• Next in thread: Vinnie Falco: "Re: [boost] [beast] Review"
• Reply: Vinnie Falco: "Re: [boost] [beast] Review"
• Reply: Jens Weller: "Re: [boost] [beast] Review"