[m-rev.] for review: avoid "poison null" security vulnerabilities

Simon Taylor staylr at gmail.com
Wed Mar 14 16:50:51 AEDT 2007

Previous message: [m-rev.] for review: avoid "poison null" security vulnerabilities
Next message: [m-rev.] for review: avoid "poison null" security vulnerabilities
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 14-Mar-2007, Ralph Becket <rafe at csse.unimelb.edu.au> wrote:
> Simon Taylor, Monday, 12 March 2007:
> > Make all functions which create strings from characters throw an exception
> > or fail if the list of characters contains a null character.
> > 
> > This removes a potential source of security vulnerabilities where one
> > part of the program performs checks against the whole of a string passed
> > in by an attacker (processing the string as a list of characters or using 
> > `unsafe_index' to look past the null character), but then passes the string
> > to another part of the program or an operating system call that only sees
> > up to the first null character.  Even if Mercury stored the length with
> > the string, allowing the creation of strings containing nulls would be a
> > bad idea because it would be too easy to pass a string to foreign code
> > without checking (as in the first example link).
> 
> Two things.
> 
> (1) The right solution to this problem is to have separate types for
> strings with different properties, such as null_free_string,
> fully_escaped_string and so forth.

I'd need to see a more concrete design to be convinced this is a good
idea.  What would these separate types look like?  How would you
describe a string with two or more different properties.

Anyway, strings containing nulls are the wrong default, and probably
shouldn't be allowed at all.

Also, string construction code is a large part of the cost of reading
Mercury source files (which is why a lot of it is done in C), so invoking
a general mechanism for every character of Mercury source is going to be
a significant performance hit for the compiler.

Simon.
--------------------------------------------------------------------------
mercury-reviews mailing list
Post messages to:       mercury-reviews at csse.unimelb.edu.au
Administrative Queries: owner-mercury-reviews at csse.unimelb.edu.au
Subscriptions:          mercury-reviews-request at csse.unimelb.edu.au
--------------------------------------------------------------------------

Previous message: [m-rev.] for review: avoid "poison null" security vulnerabilities
Next message: [m-rev.] for review: avoid "poison null" security vulnerabilities
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the reviews mailing list