|
|
|
|
|
|
by lvh
2573 days ago
|
|
|
Same points I made before: if more than one library has a flaw, it’s a design flaw and not a one-off implementation flaw, and if you’re trusting the header before you validate (which is necessary!), then it is not meaningfully protecting anything, which is why those bugs work. And, finally: we’ve put together an extensive list of recommendations, repeatedly, both in general and in the articles on this thread. |
|
|