[36071] in bugtraq
Re: Windows doesn't verify digital signature of CRL files
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Tue Aug 10 19:38:36 2004
Message-Id: <200408101807.i7AI7NYG006839@turing-police.cc.vt.edu>
To: Thomas Walpuski <thomas-bugtraq@unproved.org>
Cc: Faro Poplar <faropoplar@yahoo.com>, bugtraq@securityfocus.com
In-Reply-To: Your message of "Tue, 10 Aug 2004 07:32:40 -0000."
<20040810073239.GB5926@unproved.org>
From: Valdis.Kletnieks@vt.edu
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="==_Exmh_-158048533P";
micalg=pgp-sha1; protocol="application/pgp-signature"
Content-Transfer-Encoding: 7bit
Date: Tue, 10 Aug 2004 14:07:23 -0400
--==_Exmh_-158048533P
Content-Type: text/plain; charset=us-ascii
On Tue, 10 Aug 2004 07:32:40 -0000, Thomas Walpuski said:
> Sane use of CertGetCRLFromStore makes sure only ....
Yes.. and sane checking of subscripts prevents buffer overflows.
What's wrong with this picture? :)
--==_Exmh_-158048533P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFBGQ7acC3lWbTT17ARAlplAJ9YgvCDvneesfkcv4cz6wJyHH/SCwCfQqYW
xbA2c5kXUOIzdeqwkFuifj8=
=lFvX
-----END PGP SIGNATURE-----
--==_Exmh_-158048533P--
