On Monday, 2002-09-23 at 11:11:02 -0400, darren chamberlain wrote:
> * Michael McLagan <[EMAIL PROTECTED]> [2002-09-21 11:45]:
> > There is a bug in Apache::Cookie. It doesn't handle a cookie with
> > zero bytes in it!
> This is because Apache::Cookie is implemented in C, and C uses NULL as
> the end of string terminator.
No quite accurate. C has no concept of a string. There are a number of
library functions for string handling that use '\0' as the string
terminator.
If somebody rewrites Apache::Cookie to replace those functions, it will
be able to handle such cookies.
> This is probably something that needs to be done in Perl, since I doubt
> there's a way to check for "embedded" NULLs in a string in C...
/* We assume there will always a '\0' to be found. */
char *
find_nul(char *str)
{
while (*str) {
str++;
}
return str;
}
What interests me much more is *why* a cookie should be able to contain
*any* control character. If you want binary data in a cookie, you should
encode it somehow.
If the '\0' was a '\n', things would be much more interesting ...
Lupe Christoph
--
| [EMAIL PROTECTED] | http://www.lupe-christoph.de/ |
| Big Misunderstandings #6398: The Titanic was not supposed to be |
| unsinkable. The designer had a speech impediment. He said: "I have |
| thith great unthinkable conthept ..." |
