Any ASN.1 parsers written completely in managed code & safe from buffer overflows
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
ASN.1 is a data format used on HTTPS certificates, and various other critical pieces of infrastructure.
I need to analyze some potentially hostile ASN.1 data, and want to ensure my code is safe from any programmer error. I think the best way to do this is to use a managed language that does not use unsafe code.
Are there any managed implementations (C#) of an ASN.1 parser that is well tested and safe from buffer overflows. Even better if there was a way to detect such an overflow to begin with.
Solution
Please take a look at http://www.itu.int/ITU-T/asn1/links/index.htm which has an excellent list of ASN.1 tools (some commercial, some free), some of which are widely used in critical infrastructure around the world.
One of these vendors (who I work for) is OSS Nokalva (http://www.oss.com) where you can find ASN.1 Tools for C, C++, C# and Java for which you can download free trials.
Please note that just using a language like C# or Java is no guarantee against maliciously formed ASN.1 encoded messages. Well written code and thorough enough testing can ensure that code is solid. The wide deployment of ASN.1 software in many critical applications is a testament to how well written some ASN.1 engines are. Note that you are more likely to find robust code from a widely used commercial ASN.1 Tool (which includes technical support) than from some of the free ASN.1 Tools which are available.
