[m-rev.] for review: avoid "poison null" security vulnerabilities

Julien Fischer juliensf at csse.unimelb.edu.au
Fri Mar 16 02:17:18 AEDT 2007


On Thu, 15 Mar 2007, Simon Taylor wrote:

>
> On 14-Mar-2007, Julien Fischer <juliensf at csse.unimelb.edu.au> wrote:
>> On Mon, 12 Mar 2007, Simon Taylor wrote:
>>> library/string.m:
>>> 	Throw an exception if null characters are found in
>>> 	string.from_char_list and string.from_rev_char_list.
>>>
>>> 	Add string.from_char_list_semidet and
>>> 	string.from_rev_char_list_semidet
>>> 	which fail rather throwing an exception.  This doesn't match the
>>> 	normal naming convention, but string.from_{,rev_}char_list are widely
>>> 	used, so changing their determinism would be a bit too disruptive.
>>
>> I suggest calling them string.semidet_from_char_list and
>> string.semidet_from_rev_char_list which is closer to the normal naming
>> convention.  (I think the last time this came up we just ending breaking
>> backwards comptability and sticking with the "correct" naming convention
>> but in this case I agree, it would be too disruptive.)
>
> Done.
>
>>> library/io.m:
>>> 	Make io.read_line_as_string and io.read_file_as_string fail
>>> 	if the input file contains a null character.
>>
>> `fail' is not a particularly good word to use in this context.
>
> Fixed.
>
>>> Index: library/char.m
>>> ===================================================================
>>> RCS file: /home/mercury1/repository/mercury/library/char.m,v
>>> retrieving revision 1.56
>>> diff -u -u -r1.56 char.m
>>> --- library/char.m	13 Feb 2007 01:58:52 -0000	1.56
>>> +++ library/char.m	9 Mar 2007 08:36:00 -0000
>>> @@ -43,6 +43,11 @@
>>>    % represent characters using Unicode, but store files in an 8-bit
>>>    national
>>>    % character set.
>>>    %
>>> +    % Note that '\0' is not accepted as a Mercury character constant.
>>
>> Add:
>>
>> 	for the null character.
>>
>> to the end of that sentence.
>
> Done.

That looks fine to me.

Julien.
--------------------------------------------------------------------------
mercury-reviews mailing list
Post messages to:       mercury-reviews at csse.unimelb.edu.au
Administrative Queries: owner-mercury-reviews at csse.unimelb.edu.au
Subscriptions:          mercury-reviews-request at csse.unimelb.edu.au
--------------------------------------------------------------------------



More information about the reviews mailing list