kizzycode / asn1_der-rust Goto Github PK
View Code? Open in Web Editor NEWThis library provides a simple ASN.1-DER en-/decoder
asn1_der-rust's People
Contributors
Stargazers
Watchers
asn1_der-rust's Issues
Installation and usage?
-
As a novice both in ASN.1 encoding and Rust, I'd appreciate a dedicated section for installation/usage guide.
-
I found this project through github search. The README only makes sense if read from crates.io, where the github repo is linked at the top. Maybe put this link at the README forefront or the repo About? https://crates.io/crates/asn1_der
LICENSE BSD 2-CLAUSE contained in this repository is divergent
The current version on master (https://github.com/KizzyCode/asn1_der-rust/blob/60743ebaebdb621c47ad254b0e5987a9ba8cafde/LICENSE%20BSD%202-CLAUSE.md) appears to diverge in the wording from the online texts I have found of that license.
https://opensource.org/licenses/BSD-2-Clause
https://spdx.org/licenses/BSD-2-Clause.html
In both of the above online sources, in the part where it says:
THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT
The version in this repository says COPYRIGHT OWNER instead of COPYRIGHT HOLDER.
I only caught this divergence through a tool I am developing for the legal team at my company. Please bear in mind that I don't have licensing knowledge nor can say if the texts are equivalent, however I do think the license should not be branded as "BSD-2-Clause" if the text is anyhow different from the official one.
Why are older crates.io versions being yanked?
I noticed that all versions older than 0.6.2 have been yanked from crates.io. Is there a particular reason for this? Yanking is meant only to remove packages that have specific breaking issues: https://doc.rust-lang.org/cargo/reference/publishing.html#managing-a-cratesio-based-crate.
Parsing OBJECT IDENTIFIER (OID)
Is it possible to parse OIDs using that library?
Unchecked length can cause memory allocation error.
When de-serializing bytes, an arbitrary length of the value can be specified. When building data_buf here:
https://github.com/KizzyCode/asn1_der/blob/master/src/der/value.rs#L17
This can lead to memory crashes for arbitrary large length values. Perhaps an upper bound is required to prevent crashing applications when de serializing arbitrary byte arrays.
This can be reproduced in the following example:
use asn1_der::{Asn1Der, FromDerObject};
#[derive(Asn1Der)]
struct Test {
inner: String,
}
fn main() {
let bytes = [
157, 247, 157, 157, 157, 157, 157, 157, 157, 157, 157, 157, 157, 157, 157, 67, 157, 1, 0,
0, 0, 157, 157, 157, 157, 157, 157, 157, 157,
];
let _ = Test::deserialize(bytes.iter());
}Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.