On Mon, Jul 19, 2021 at 09:30:14AM +0000, Tommy Murphy wrote: > Thanks but I still don't really get it. > > The commands that you mention do not exist in openocd. > And the user is in full control of the scripts passed to openocd so would > have to allow them to contain the null but injection themselves. > > I still don't see how this is necessarily a problem in practice or maybe even > in theory. But maybe others with more knowledge of openocd internals could > comment?
You assume the user is in full control of the scripts, and that's wrong. In many cases, scripts may be provided by third parties, and this issue forces the user to trust the provider. Without the issue, the impact of a malicious/faulty input is restricted to what openocd can do. With it, it's restricted to what the operating system allows the hacked program to do, and without sandboxing, it can basically rm -rf or whatever. -- Richard Braun
