[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [bug #28446] No checks are made for unteminated strings in RPC messa
From: |
olafBuddenhagen |
Subject: |
Re: [bug #28446] No checks are made for unteminated strings in RPC messages |
Date: |
Thu, 31 Dec 2009 04:12:21 +0100 |
User-agent: |
Mutt/1.5.19 (2009-01-05) |
Hi,
On Wed, Dec 30, 2009 at 07:42:21PM +0000, Carl Fredrik Hammar wrote:
> Strings in RPCs, such as the filename argument to a dir_lookup, are
> not checked if they are terminated by '\0'. This could lead to the
> server segfaulting if it tries to read the string.
>
> Making MIG check that strings are terminated seems like the proper
> fix.
AIUI, the first step would be implementing actual string support in MiG
at all...
While this should probably be considered a todo item, in the present
situation, if a server doesn't protect against non-terminated strings,
it's a bug *in this server*. If you see any actual instances of this,
could you report them?...
-antrik-
- Re: [bug #28446] No checks are made for unteminated strings in RPC messages,
olafBuddenhagen <=
- Re: [bug #28446] No checks are made for unteminated strings in RPC messages, Samuel Thibault, 2010/01/01
- Re: [bug #28446] No checks are made for unteminated strings in RPC messages, Carl Fredrik Hammar, 2010/01/01
- Re: [bug #28446] No checks are made for unteminated strings in RPC messages, olafBuddenhagen, 2010/01/02
- Re: [bug #28446] No checks are made for unteminated strings in RPC messages, Carl Fredrik Hammar, 2010/01/02
- Re: [bug #28446] No checks are made for unteminated strings in RPC messages, olafBuddenhagen, 2010/01/03
- Re: [bug #28446] No checks are made for unteminated strings in RPC messages, Carl Fredrik Hammar, 2010/01/03
- Re: [bug #28446] No checks are made for unteminated strings in RPC messages, olafBuddenhagen, 2010/01/06
- Re: [bug #28446] No checks are made for unteminated strings in RPC messages, Carl Fredrik Hammar, 2010/01/07
- Re: [bug #28446] No checks are made for unteminated strings in RPC messages, olafBuddenhagen, 2010/01/10