[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Chicken-hackers] [PATCH] Simplify get-environment-variable and ##sys#ge
From: |
Peter Bex |
Subject: |
[Chicken-hackers] [PATCH] Simplify get-environment-variable and ##sys#get-argument |
Date: |
Fri, 1 Mar 2013 20:47:00 +0100 |
User-agent: |
Mutt/1.4.2.3i |
Hi all,
Remember that when we fixed CVE-2012-6123, I intended to simplify a few
procedures to prevent similar mistakes in the future? Here's a patch
that does this for get-environment-variable and ##sys#get-argument.
I don't know why these were hand-rolled in C; by my reckoning there's
no good reason to do this. By using the FFI instead, we can reduce code
bloat and make it more maintainable, too.
There's exactly one difference that I've noticed: when passing an object
of an invalid type or a string with a NUL byte in it, you no longer get
an condition object with a location property in its "exn" subcondition.
I think this is not a good enough reason to reject the patch; instead
maybe we can try and see if we can improve the FFI to pass the location
to its argument conversion/checking routines. This would be more
generally useful for user code, as well!
But that can be done later.
Cheers,
Peter
--
http://www.more-magic.net
0001-Simplify-sys-get-argument-and-get-environment-variab.patch
Description: Text document
- [Chicken-hackers] [PATCH] Simplify get-environment-variable and ##sys#get-argument,
Peter Bex <=