[m-rev.] for review: avoid "poison null" security vulnerabilities
Julien Fischer
juliensf at csse.unimelb.edu.au
Fri Mar 16 02:17:18 AEDT 2007
On Thu, 15 Mar 2007, Simon Taylor wrote:
>
> On 14-Mar-2007, Julien Fischer <juliensf at csse.unimelb.edu.au> wrote:
>> On Mon, 12 Mar 2007, Simon Taylor wrote:
>>> library/string.m:
>>> Throw an exception if null characters are found in
>>> string.from_char_list and string.from_rev_char_list.
>>>
>>> Add string.from_char_list_semidet and
>>> string.from_rev_char_list_semidet
>>> which fail rather throwing an exception. This doesn't match the
>>> normal naming convention, but string.from_{,rev_}char_list are widely
>>> used, so changing their determinism would be a bit too disruptive.
>>
>> I suggest calling them string.semidet_from_char_list and
>> string.semidet_from_rev_char_list which is closer to the normal naming
>> convention. (I think the last time this came up we just ending breaking
>> backwards comptability and sticking with the "correct" naming convention
>> but in this case I agree, it would be too disruptive.)
>
> Done.
>
>>> library/io.m:
>>> Make io.read_line_as_string and io.read_file_as_string fail
>>> if the input file contains a null character.
>>
>> `fail' is not a particularly good word to use in this context.
>
> Fixed.
>
>>> Index: library/char.m
>>> ===================================================================
>>> RCS file: /home/mercury1/repository/mercury/library/char.m,v
>>> retrieving revision 1.56
>>> diff -u -u -r1.56 char.m
>>> --- library/char.m 13 Feb 2007 01:58:52 -0000 1.56
>>> +++ library/char.m 9 Mar 2007 08:36:00 -0000
>>> @@ -43,6 +43,11 @@
>>> % represent characters using Unicode, but store files in an 8-bit
>>> national
>>> % character set.
>>> %
>>> + % Note that '\0' is not accepted as a Mercury character constant.
>>
>> Add:
>>
>> for the null character.
>>
>> to the end of that sentence.
>
> Done.
That looks fine to me.
Julien.
--------------------------------------------------------------------------
mercury-reviews mailing list
Post messages to: mercury-reviews at csse.unimelb.edu.au
Administrative Queries: owner-mercury-reviews at csse.unimelb.edu.au
Subscriptions: mercury-reviews-request at csse.unimelb.edu.au
--------------------------------------------------------------------------
More information about the reviews
mailing list