Re: control characters in BGP shutdown communication(RFC 9003) messages and NETCONF

[Chris Adams via NANOG <nanog () lists nanog org>]

Once upon a time, Job Snijders <job () sobornost net> said:
> If I worked at Juniper/HPE ... I'd use something like strnvis() to
> sanitize the (untrusted) network input contained within a Shutdown
> Communication. See the documentation here https://man.openbsd.org/vis.3

JUNOS already contains some XML encoding code, since essentially day 1
(since they were emitting XML from the backend)... but this makes it
look like the NETCONF code isn't using it.  This could be a security
issue - what if somebody sends '</whatever><then-more-XML>...' in a
message?

-- 
Chris Adams <cma () cmadams net>
_______________________________________________
NANOG mailing list 
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/SHHBCOT6W6TACBKXQ62CTRDZRZPLONMB/